Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Play_VM-Now(eric.basil)VWAV.xhtml

Overview

General Information

Sample name:Play_VM-Now(eric.basil)VWAV.xhtml
Analysis ID:1640846
MD5:7a48a3b6212af545e52c1e17757b6a06
SHA1:3e4614156d063a51c7e0b627041e38b1f48d47b6
SHA256:c35b745bdba2d906d2664c59e8cd8857408ea2c669f4dc0524fecdd517ab572c
Infos:

Detection

HTMLPhisher
Score:72
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish10
AI detected suspicious Javascript
HTML IFrame injector detected
HTML Script injector detected
HTML document with suspicious name
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
HTML body contains low number of good links
HTML body contains password input but no form action
Invalid 'forgot password' link found
No HTML title found
None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 2076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Play_VM-Now(eric.basil)VWAV.xhtml MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 4720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,994535548555163040,7254081891195227111,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.4.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    0.5.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      AI detected phishing page
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlJoe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.5.pages.csv
      Yara detected HtmlPhish10
      Source: Yara matchFile source: 0.4.pages.csv, type: HTML
      Source: Yara matchFile source: 0.5.pages.csv, type: HTML
      AI detected suspicious Javascript
      Source: 0.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/Play_VM-Now(eric.b... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated URLs. It creates an iframe, loads a script from a suspicious domain, and passes a user email address as a parameter. These behaviors are highly indicative of malicious intent, such as phishing or credential theft.
      HTML IFrame injector detected
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: New IFrame
      HTML Script injector detected
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: New script tag found
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: New script tag found
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: New script tag found
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: New script tag found
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: Number of links: 0
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: <input type="password" .../> found but no <form action="...
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: Invalid link: Forgot Password?
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: HTML title missing
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: HTML title missing
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: Has password / email / username input fields
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: <input type="password" .../> found
      Source: Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: No <meta name="copyright".. found
      Source: file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtmlHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.17:49695 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.17:49698 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.17:49696 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.17:49697 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.17:49699 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.17:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.17:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.17:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.17:49750 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.17:49760 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.17:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.196:443 -> 192.168.2.17:49776 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.17:49787 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.17:49786 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.17:49794 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.17:49796 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.17:49854 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.17:49855 version: TLS 1.2
      Source: chrome.exeMemory has grown: Private usage: 1MB later: 36MB
      Source: global trafficTCP traffic: 192.168.2.17:49852 -> 185.174.100.76:8224
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.76
      Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /cuk/xls/c1u2k.js?uid=eric.basil@rhodespharma.com HTTP/1.1Host: office.avcbtech.storeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: sender.linxcoded.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
      Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
      Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
      Source: global trafficDNS traffic detected: DNS query: office.avcbtech.store
      Source: global trafficDNS traffic detected: DNS query: sender.linxcoded.top
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: code.jquery.com
      Source: global trafficDNS traffic detected: DNS query: i.imgur.com
      Source: global trafficDNS traffic detected: DNS query: server1.linxcoded.top
      Source: global trafficDNS traffic detected: DNS query: _8224._https.server1.linxcoded.top
      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
      Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
      Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
      Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49677
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
      Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownHTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.17:49695 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.17:49698 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.17:49696 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.17:49697 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.76:443 -> 192.168.2.17:49699 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.17:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.17:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.17:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.17:49750 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.17:49760 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.17:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.16.196:443 -> 192.168.2.17:49776 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.17:49787 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.17:49786 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.17:49794 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.17:49796 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.17:49854 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.17:49855 version: TLS 1.2

      System Summary

      barindex
      HTML document with suspicious name
      Source: Name includes: Play_VM-Now(eric.basil)VWAV.xhtmlInitial sample: play
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir2076_2062604839
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir2076_2062604839
      Source: classification engineClassification label: mal72.phis.winXHTML@19/9@18/184
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Play_VM-Now(eric.basil)VWAV.xhtml
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,994535548555163040,7254081891195227111,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2020,i,994535548555163040,7254081891195227111,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Browser Extensions      		1
      Process Injection      		1
      Masquerading      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Extra Window Memory Injection      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Standard Port      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      File Deletion      		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Extra Window Memory Injection      		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsInternet Connection DiscoverySSHKeylogging1
      Ingress Tool Transfer      		Scheduled TransferData Encrypted for Impact

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://otelrules.svc.static.microsoft/rules/rule703751v0s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule703001v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule701301v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule700751v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule702901v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule702550v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule702250v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule703601v0s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule700901v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule702151v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule703000v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule703450v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule703750v0s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule703701v0s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule702150v1s19.xml0%Avira URL Cloudsafe
      https://i.imgur.com/0HdPsKK.png0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule702650v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule703100v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule701350v1s19.xml0%Avira URL Cloudsafe
      https://sender.linxcoded.top/start/xls/includes/css6.css0%Avira URL Cloudsafe
      https://i.imgur.com/KAb5SEy.png0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule702651v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule703101v1s19.xml0%Avira URL Cloudsafe
      https://office.avcbtech.store/cuk/xls/c1u2k.js?uid=eric.basil@rhodespharma.com0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule703600v0s19.xml0%Avira URL Cloudsafe
      file:///C:/Users/user/Desktop/Play_VM-Now(eric.basil)VWAV.xhtml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule702900v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule701351v1s19.xml0%Avira URL Cloudsafe
      https://otelrules.svc.static.microsoft/rules/rule700900v1s19.xml0%Avira URL Cloudsafe
      https://api.ipify.org/?format=json0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      office.avcbtech.store
      		139.28.36.38
      		truefalse
        		unknown
        code.jquery.com
        		151.101.130.137
        		truefalse
          		high
          server1.linxcoded.top
          		185.174.100.76
          		truefalse
            		unknown
            www.google.com
            		172.217.16.196
            		truefalse
              		high
              api.ipify.org
              		104.26.13.205
              		truefalse
                		high
                s-part-0032.t-0009.t-msedge.net
                		13.107.246.60
                		truefalse
                  		high
                  sender.linxcoded.top
                  		185.174.100.20
                  		truefalse
                    		unknown
                    ipv4.imgur.map.fastly.net
                    		199.232.196.193
                    		truefalse
                      		high
                      i.imgur.com
                      		unknown
                      		unknownfalse
                        		high
                        _8224._https.server1.linxcoded.top
                        		unknown
                        		unknownfalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://otelrules.svc.static.microsoft/rules/rule703001v1s19.xmlfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://otelrules.svc.static.microsoft/rules/rule704001v0s19.xmlfalse
                            		high
                            https://otelrules.svc.static.microsoft/rules/rule702151v1s19.xmlfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://otelrules.svc.static.microsoft/rules/rule700151v1s19.xmlfalse
                              		high
                              https://otelrules.svc.static.microsoft/rules/rule703451v1s19.xmlfalse
                                		high
                                https://otelrules.svc.static.microsoft/rules/rule703151v1s19.xmlfalse
                                  		high
                                  https://otelrules.svc.static.microsoft/rules/rule704151v0s19.xmlfalse
                                    		high
                                    https://otelrules.svc.static.microsoft/rules/rule702001v1s19.xmlfalse
                                      		high
                                      https://otelrules.svc.static.microsoft/rules/rule700451v1s19.xmlfalse
                                        		high
                                        https://otelrules.svc.static.microsoft/rules/rule702451v1s19.xmlfalse
                                          		high
                                          https://otelrules.svc.static.microsoft/rules/rule703301v0s19.xmlfalse
                                            		high
                                            https://otelrules.svc.static.microsoft/rules/rule700001v2s19.xmlfalse
                                              		high
                                              https://otelrules.svc.static.microsoft/rules/rule701751v1s19.xmlfalse
                                                		high
                                                https://otelrules.svc.static.microsoft/rules/rule703751v0s19.xmlfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://otelrules.svc.static.microsoft/rules/rule701301v1s19.xmlfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://otelrules.svc.static.microsoft/rules/rule702601v1s19.xmlfalse
                                                  		high
                                                  https://otelrules.svc.static.microsoft/rules/rule703601v0s19.xmlfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://otelrules.svc.static.microsoft/rules/rule700751v1s19.xmlfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://otelrules.svc.static.microsoft/rules/rule700301v1s19.xmlfalse
                                                    		high
                                                    https://otelrules.svc.static.microsoft/rules/rule701550v1s19.xmlfalse
                                                      		high
                                                      https://otelrules.svc.static.microsoft/rules/rule700100v1s19.xmlfalse
                                                        		high
                                                        https://otelrules.svc.static.microsoft/rules/rule702550v1s19.xmlfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://otelrules.svc.static.microsoft/rules/rule700550v1s19.xmlfalse
                                                          		high
                                                          https://otelrules.svc.static.microsoft/rules/rule700901v1s19.xmlfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://otelrules.svc.static.microsoft/rules/rule701100v1s19.xmlfalse
                                                            		high
                                                            https://otelrules.svc.static.microsoft/rules/rule701901v1s19.xmlfalse
                                                              		high
                                                              https://otelrules.svc.static.microsoft/rules/rule702250v1s19.xmlfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://otelrules.svc.static.microsoft/rules/rule703850v0s19.xmlfalse
                                                                		high
                                                                https://otelrules.svc.static.microsoft/rules/rule702901v1s19.xmlfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://otelrules.svc.static.microsoft/rules/rule703000v1s19.xmlfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://otelrules.svc.static.microsoft/rules/rule703250v1s19.xmlfalse
                                                                  		high
                                                                  https://otelrules.svc.static.microsoft/rules/rule703450v1s19.xmlfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://otelrules.svc.static.microsoft/rules/rule700700v1s19.xmlfalse
                                                                    		high
                                                                    https://otelrules.svc.static.microsoft/rules/rule702000v1s19.xmlfalse
                                                                      		high
                                                                      https://otelrules.svc.static.microsoft/rules/rule702450v1s19.xmlfalse
                                                                        		high
                                                                        https://otelrules.svc.static.microsoft/rules/rule703750v0s19.xmlfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://otelrules.svc.static.microsoft/rules/rule703300v0s19.xmlfalse
                                                                          		high
                                                                          https://otelrules.svc.static.microsoft/rules/rule700450v1s19.xmlfalse
                                                                            		high
                                                                            https://otelrules.svc.static.microsoft/rules/rule701700v1s19.xmlfalse
                                                                              		high
                                                                              https://otelrules.svc.static.microsoft/rules/rule702700v1s19.xmlfalse
                                                                                		high
                                                                                https://otelrules.svc.static.microsoft/rules/rule700851v1s19.xmlfalse
                                                                                  		high
                                                                                  https://otelrules.svc.static.microsoft/rules/rule703701v0s19.xmlfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://otelrules.svc.static.microsoft/rules/rule701851v1s19.xmlfalse
                                                                                    		high
                                                                                    https://otelrules.svc.static.microsoft/rules/rule703851v0s19.xmlfalse
                                                                                      		high
                                                                                      https://otelrules.svc.static.microsoft/rules/rule702851v1s19.xmlfalse
                                                                                        		high
                                                                                        https://otelrules.svc.static.microsoft/rules/rule700600v1s19.xmlfalse
                                                                                          		high
                                                                                          https://otelrules.svc.static.microsoft/rules/rule700300v1s19.xmlfalse
                                                                                            		high
                                                                                            https://otelrules.svc.static.microsoft/rules/rule702600v1s19.xmlfalse
                                                                                              		high
                                                                                              https://otelrules.svc.static.microsoft/rules/rule704000v0s19.xmlfalse
                                                                                                		high
                                                                                                https://otelrules.svc.static.microsoft/rules/rule224900v0s19.xmlfalse
                                                                                                  		high
                                                                                                  https://otelrules.svc.static.microsoft/rules/rule702150v1s19.xmlfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://otelrules.svc.static.microsoft/rules/rule703100v1s19.xmlfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://otelrules.svc.static.microsoft/rules/rule704100v0s19.xmlfalse
                                                                                                    		high
                                                                                                    https://otelrules.svc.static.microsoft/rules/rule700250v1s19.xmlfalse
                                                                                                      		high
                                                                                                      https://otelrules.svc.static.microsoft/rules/rule702100v1s19.xmlfalse
                                                                                                        		high
                                                                                                        https://otelrules.svc.static.microsoft/rules/rule703150v1s19.xmlfalse
                                                                                                          		high
                                                                                                          https://otelrules.svc.static.microsoft/rules/rule703651v0s19.xmlfalse
                                                                                                            		high
                                                                                                            https://otelrules.svc.static.microsoft/rules/rule701400v1s19.xmlfalse
                                                                                                              		high
                                                                                                              https://otelrules.svc.static.microsoft/rules/rule120128v0s19.xmlfalse
                                                                                                                		high
                                                                                                                https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                                                                                                                  		high
                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule700150v1s19.xmlfalse
                                                                                                                    		high
                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule702400v1s19.xmlfalse
                                                                                                                      		high
                                                                                                                      https://i.imgur.com/0HdPsKK.pngfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule703551v0s19.xmlfalse
                                                                                                                        		high
                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule703051v3s19.xmlfalse
                                                                                                                          		high
                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule701300v1s19.xmlfalse
                                                                                                                            		high
                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule701951v1s19.xmlfalse
                                                                                                                              		high
                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule703801v0s19.xmlfalse
                                                                                                                                		high
                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule700951v1s19.xmlfalse
                                                                                                                                  		high
                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule702050v1s19.xmlfalse
                                                                                                                                    		high
                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule704200v0s19.xmlfalse
                                                                                                                                      		high
                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule701350v1s19.xmlfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule704050v0s19.xmlfalse
                                                                                                                                        		high
                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule703200v1s19.xmlfalse
                                                                                                                                          		high
                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule702650v1s19.xmlfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule703650v0s19.xmlfalse
                                                                                                                                            		high
                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule703050v3s19.xmlfalse
                                                                                                                                              		high
                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule700650v1s19.xmlfalse
                                                                                                                                                		high
                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule703950v0s19.xmlfalse
                                                                                                                                                  		high
                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule701650v1s19.xmlfalse
                                                                                                                                                    		high
                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule700950v1s19.xmlfalse
                                                                                                                                                      		high
                                                                                                                                                      https://sender.linxcoded.top/start/xls/includes/css6.cssfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule701950v1s19.xmlfalse
                                                                                                                                                        		high
                                                                                                                                                        https://office.avcbtech.store/cuk/xls/c1u2k.js?uid=eric.basil@rhodespharma.comfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule120119v0s19.xmlfalse
                                                                                                                                                          		high
                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule702651v1s19.xmlfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule703201v1s19.xmlfalse
                                                                                                                                                            		high
                                                                                                                                                            https://i.imgur.com/KAb5SEy.pngfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule703951v0s19.xmlfalse
                                                                                                                                                              		high
                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule700651v1s19.xmlfalse
                                                                                                                                                                		high
                                                                                                                                                                https://otelrules.svc.static.microsoft/rules/rule701651v1s19.xmlfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://api.ipify.org/?format=jsonfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://otelrules.svc.static.microsoft/rules/rule704051v0s19.xmlfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://otelrules.svc.static.microsoft/rules/rule702101v1s19.xmlfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule703101v1s19.xmlfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://otelrules.svc.static.microsoft/rules/rule700551v1s19.xmlfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://otelrules.svc.static.microsoft/rules/rule700101v1s19.xmlfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://otelrules.svc.static.microsoft/rules/rule701551v1s19.xmlfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://otelrules.svc.static.microsoft/rules/rule701101v1s19.xmlfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://otelrules.svc.static.microsoft/rules/rule702701v1s19.xmlfalse
                                                                                                                                                                                		high

                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                Public IPs

                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                142.250.184.195
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                142.250.185.99
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                142.250.185.206
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                1.1.1.1
                                                                                                                                                                                		unknownAustralia
                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                185.174.100.20
                                                                                                                                                                                		sender.linxcoded.topUkraine
                                                                                                                                                                                		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                                                                                                                199.232.192.193
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		54113FASTLYUSfalse
                                                                                                                                                                                142.250.185.234
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                139.28.36.38
                                                                                                                                                                                		office.avcbtech.storeUkraine
                                                                                                                                                                                		42331FREEHOSTUAfalse
                                                                                                                                                                                199.232.196.193
                                                                                                                                                                                		ipv4.imgur.map.fastly.netUnited States
                                                                                                                                                                                		54113FASTLYUSfalse
                                                                                                                                                                                13.107.246.60
                                                                                                                                                                                		s-part-0032.t-0009.t-msedge.netUnited States
                                                                                                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                142.250.185.238
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                151.101.130.137
                                                                                                                                                                                		code.jquery.comUnited States
                                                                                                                                                                                		54113FASTLYUSfalse
                                                                                                                                                                                142.251.173.84
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                185.174.100.76
                                                                                                                                                                                		server1.linxcoded.topUkraine
                                                                                                                                                                                		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                                                                                                                216.58.206.46
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                104.26.13.205
                                                                                                                                                                                		api.ipify.orgUnited States
                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                172.217.16.196
                                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                172.217.16.195
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                172.67.74.152
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                Private

                                                                                                                                                                                IP
                                                                                                                                                                                192.168.2.17
                                                                                                                                                                                192.168.2.5

                                                                                                                                                                                General Information

                                                                                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                Analysis ID:1640846
                                                                                                                                                                                Start date and time:2025-03-17 19:23:27 +01:00
                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                Overall analysis duration:
                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                Report type:full
                                                                                                                                                                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                Number of analysed new started processes analysed:14
                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                Technologies:
                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                Analysis Mode:stream
                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                Sample name:Play_VM-Now(eric.basil)VWAV.xhtml
                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                Classification:mal72.phis.winXHTML@19/9@18/184
                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                • Found application associated with file extension: .xhtml

                                                                                                                                                                                Warnings

                                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 216.58.206.46, 142.250.184.195, 142.250.185.206, 142.251.173.84, 142.250.184.206, 142.250.185.174, 142.250.185.78, 142.250.185.234, 13.107.246.60
                                                                                                                                                                                • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, clientservices.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, aadcdn.msauth.net, clients.l.google.com, firstparty-azurefd-prod.trafficmanager.net
                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                • VT rate limit hit for: office.avcbtech.store

                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                Chrome Cache Entry: 57

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):17174
                                                                                                                                                                                Entropy (8bit):2.9129715116732746
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:12E3DAC858061D088023B2BD48E2FA96
                                                                                                                                                                                SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                                                                                                                                                                SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                                                                                                                                                                SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                                                                                                                                                                Chrome Cache Entry: 58

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                Size (bytes):68421
                                                                                                                                                                                Entropy (8bit):4.894520164764652
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:A68FF68C2FDA866F55A34B3206029925
                                                                                                                                                                                SHA1:A21F1181B2430C848F2CD8A12582A907544FEAC5
                                                                                                                                                                                SHA-256:4DCD19E769720413DDD6D1A2497B0567B96FF93F31781EC87585C4B813507035
                                                                                                                                                                                SHA-512:962AD8FF7D1641B4378A4CB010DE90B7A221E87CBD4F53F30DDB2E79A74C0983B308749432E616C58AA0B497C970525E90198D385F1401C37F35666366F73F05
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                URL:https://office.avcbtech.store/cuk/xls/c1u2k.js?uid=eric.basil@rhodespharma.com
                                                                                                                                                                                Preview:function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disabled','ajax','text','An\x20error\x20occurred\x20while\x20verifying\x20the\x20code.\x20Please\x20try\x20again.','#msg-2fa','Enter\x20your\x20email\x20address\x20or\x20phone\x20number.','#co','href','pointer-events','querySelector','input','div4','now','button:not(#dummy-bot-trap)','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2220px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-16px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x22ep\x22\x20class=\

                                                                                                                                                                                Chrome Cache Entry: 60

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                File Type:PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):48869
                                                                                                                                                                                Entropy (8bit):7.958559093833488
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:8AA14660517F5460156FCCC2199CF83C
                                                                                                                                                                                SHA1:1B49B45651E812973D69A13CFCD137E0521B6DE6
                                                                                                                                                                                SHA-256:F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
                                                                                                                                                                                SHA-512:7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview:.PNG........IHDR.......>.......4.....IDATx..w|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+***++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}|||.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.*}~||.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

                                                                                                                                                                                Chrome Cache Entry: 61

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                File Type:PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                Size (bytes):5579
                                                                                                                                                                                Entropy (8bit):7.91798195010819
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:28A8812C3AAF8AF83BA5C83C58750528
                                                                                                                                                                                SHA1:38DFA889438C48D89DE0551F90C782E5CB5D7587
                                                                                                                                                                                SHA-256:A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
                                                                                                                                                                                SHA-512:113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                URL:https://i.imgur.com/0HdPsKK.png
                                                                                                                                                                                Preview:.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

                                                                                                                                                                                Chrome Cache Entry: 63

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):21
                                                                                                                                                                                Entropy (8bit):3.594465636961452
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:909AD59B6307B0CD8BFE7961D4B98778
                                                                                                                                                                                SHA1:49F8111D613317EA86C6A45CD608DC96B1C8451B
                                                                                                                                                                                SHA-256:FBCEC43F243A7B7F955E498B7FC37CB5EDF615156529AB8A039BBBCFA52C1829
                                                                                                                                                                                SHA-512:8FDFFFB73C90ACDC732A0F29257CACEEDAAA28FCAF8E779C5390BDEA9CDE4DE3C8BD005BBEC9B3B7972C787E233D8D8E218D45B6EB2C3AD40EB5E3A2A1EAC3B8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                Preview:{"ip":"8.46.123.189"}

                                                                                                                                                                                Chrome Cache Entry: 64

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                Size (bytes):258966
                                                                                                                                                                                Entropy (8bit):4.694760038815572
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:D22C8D1F87B47309F3C2A05D2905A762
                                                                                                                                                                                SHA1:2DA99CB33FCB4294336D73F2D538ED2D5EC3E3C1
                                                                                                                                                                                SHA-256:CA4586C1819D057F7396D917087FE3E650A9466DE644278DC3A8DDA5C3CA71FD
                                                                                                                                                                                SHA-512:F96C4580DEDBCA6B830EB4959E45831D3B87231F54F8B4EFE825615E88335550ABD42EBDF8FCCF40631047B0321D0EA8E0D5438F65B7B6E06FEB5253355F4F20
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                URL:https://sender.linxcoded.top/start/xls/includes/css6.css
                                                                                                                                                                                Preview: /*!.. * Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

                                                                                                                                                                                Chrome Cache Entry: 65

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                File Type:ASCII text, with very long lines (32065)
                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                Size (bytes):85578
                                                                                                                                                                                Entropy (8bit):5.366055229017455
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:2F6B11A7E914718E0290410E85366FE9
                                                                                                                                                                                SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                                                                                                                                                                                SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                                                                                                                                                                                SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                URL:https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
                                                                                                                                                                                Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

                                                                                                                                                                                Chrome Cache Entry: 67

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                File Type:ASCII text, with very long lines (32030)
                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                Size (bytes):86709
                                                                                                                                                                                Entropy (8bit):5.367391365596119
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:E071ABDA8FE61194711CFC2AB99FE104
                                                                                                                                                                                SHA1:F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
                                                                                                                                                                                SHA-256:85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
                                                                                                                                                                                SHA-512:53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                URL:https://code.jquery.com/jquery-3.1.1.min.js
                                                                                                                                                                                Preview:/*! jQuery v3.1.1 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

                                                                                                                                                                                Chrome Cache Entry: 68

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
                                                                                                                                                                                Category:downloaded
                                                                                                                                                                                Size (bytes):2407
                                                                                                                                                                                Entropy (8bit):7.900400471609788
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                MD5:9D372E951D45A26EDE2DC8B417AAE4F8
                                                                                                                                                                                SHA1:84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
                                                                                                                                                                                SHA-256:4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
                                                                                                                                                                                SHA-512:78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:unknown
                                                                                                                                                                                URL:https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
                                                                                                                                                                                Preview:...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx|............|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

                                                                                                                                                                                Static File Info

                                                                                                                                                                                General

                                                                                                                                                                                File type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                Entropy (8bit):4.8688356539555455
                                                                                                                                                                                TrID:
                                                                                                                                                                                • HyperText Markup Language (15004/1) 83.32%
                                                                                                                                                                                • Text - UTF-8 encoded (3003/1) 16.68%
                                                                                                                                                                                File name:Play_VM-Now(eric.basil)VWAV.xhtml
                                                                                                                                                                                File size:3'454 bytes
                                                                                                                                                                                MD5:7a48a3b6212af545e52c1e17757b6a06
                                                                                                                                                                                SHA1:3e4614156d063a51c7e0b627041e38b1f48d47b6
                                                                                                                                                                                SHA256:c35b745bdba2d906d2664c59e8cd8857408ea2c669f4dc0524fecdd517ab572c
                                                                                                                                                                                SHA512:13639b20a7135a2844d7583c3c7d325837bfe9e5ab62b94a489dc705a4c022e7b54b04f6e4bd12563511975b8d107cd20130bbb0167ec86114c809eb91a75120
                                                                                                                                                                                SSDEEP:48:3VmIAqyIFwQYgzUttDJQ0fI8V0Z2ZELe6h4ldUf+w+bak:VAmerS0lV0MzX7
                                                                                                                                                                                TLSH:4D61446918958830853681939BABF75AFF01415B3318C248BBDCFB071F72E10C8A36D8
                                                                                                                                                                                File Content Preview:...<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN".. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-

                                                                                                                                                                                File Icon

                                                                                                                                                                                Icon Hash:173149cccc490307

                                                                                                                                                                                Static OLE Info

                                                                                                                                                                                General

                                                                                                                                                                                Document Type:Text
                                                                                                                                                                                Number of OLE Files:1

                                                                                                                                                                                OLE File "Play_VM-Now(eric.basil)VWAV.xhtml"

                                                                                                                                                                                Indicators
                                                                                                                                                                                Has Summary Info:
                                                                                                                                                                                Application Name:
                                                                                                                                                                                Encrypted Document:False
                                                                                                                                                                                Contains Word Document Stream:False
                                                                                                                                                                                Contains Workbook/Book Stream:False
                                                                                                                                                                                Contains PowerPoint Document Stream:False
                                                                                                                                                                                Contains Visio Document Stream:False
                                                                                                                                                                                Contains ObjectPool Stream:False
                                                                                                                                                                                Flash Objects Count:0
                                                                                                                                                                                Contains VBA Macros:True