Edit tour

Windows Analysis Report
Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf

Overview

General Information

Sample name:	Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf renamed because original name is a hash value
Original sample name:	Invitation de proposition - bnisterie PTM.pdf
Analysis ID:	1665735
MD5:	ceca877007b8622fa7d7a17170e409eb
SHA1:	d0e575d67901af25d1014a386581a6fd52e33e33
SHA256:	c8db07cb6bb26d0ac8792e973d3962168ab9675ff98dadee9a8eb37ea146db04
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Yara detected HtmlPhish54

AI detected landing page (webpage, office document or email)

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML page contains obfuscated script src

HTML title does not match URL

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 6988 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6148 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6372 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2236 --field-trial-handle=1576,i,6969129164730021865,5789522965333232760,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 7416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ptm66534.otsproductions.ca//@ MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,13975828022003771642,293067518181252376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ptm66534.otsproductions.ca//@ MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.1..script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.10..script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
1.3.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.4.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
2.6.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly93d3cub2ZmaWNlLmNvbS9sb2dpbiM=	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1d0daql8my9m71a_2aaxzg2.js	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_XZWzmNsf-98_A243D7S65Q2.js	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec7.js	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/?eojocwpo	Avira URL Cloud: Label: phishing
Source: https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://thedownthe1stg.wpenginepowered.com/bid.html

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The URL 'thedownthe1stg.wpenginepowered.com' does not match the legitimate domain for Microsoft., The URL contains 'wpenginepowered.com', which is a hosting service, not directly associated with Microsoft., The presence of 'thedownthe1stg' as a subdomain is suspicious and not related to Microsoft., The use of a hosting service domain with unrelated subdomains is a common tactic in phishing attempts. DOM: 0.1.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 1.1..script.csv, type: HTML
Source: Yara match	File source: 2.10..script.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: PDF document	Joe Sandbox AI: Page contains button: 'View Pdf' Source: 'PDF document'
Source: PDF document	Joe Sandbox AI: PDF document contains prominent button: 'view pdf'
Source: https://thedownthe1stg.wpenginepowered.com/bid.html	Joe Sandbox AI: Page contains button: 'View PDF' Source: '0.0.pages.csv'

Source: https://thedownthe1stg.wpenginepowered.com/bid.html	HTTP Parser: Number of links: 0
Source: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSD...	HTTP Parser: Number of links: 0

Source: https://thedownthe1stg.wpenginepowered.com/bid.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSD...

HTTP Parser: Base64 decoded: 2a1ce2a1-161b-4157-8a9f-14e839b301337c9569cd-c6db-4fe3-aec6-bed07d7dbc88

Source: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZy	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gY3VzdG9tRnVuY3Rpb24oKSB7CiAgICBpZiAoIWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIi5jdXN0b20tY2xhc3MiKSB8fCAhZG9jdW1lbnQucXVlcnlTZWxlY3RvcigiLnJvdGF0ZS1jbGFzcyIpKSB7CiAgICAgICAgdmFyIG5ld0RpdiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbn
Source: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZy	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gY3VzdG9tRnVuY3Rpb24oKSB7CiAgICBpZiAoIWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIi5jdXN0b20tY2xhc3MiKSB8fCAhZG9jdW1lbnQucXVlcnlTZWxlY3RvcigiLnJvdGF0ZS1jbGFzcyIpKSB7CiAgICAgICAgdmFyIG5ld0RpdiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbn
Source: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZy	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gY3VzdG9tRnVuY3Rpb24oKSB7CiAgICBpZiAoIWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIi5jdXN0b20tY2xhc3MiKSB8fCAhZG9jdW1lbnQucXVlcnlTZWxlY3RvcigiLnJvdGF0ZS1jbGFzcyIpKSB7CiAgICAgICAgdmFyIG5ld0RpdiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbn

Source: https://thedownthe1stg.wpenginepowered.com/bid.html	HTTP Parser: Title: Protected File does not match URL
Source: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSD...	HTTP Parser: Title: MOD-oic68x2z does not match URL

HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3

Source: https://thedownthe1stg.wpenginepowered.com/bid.html

HTTP Parser: <input type="password" .../> found

Source: https://thedownthe1stg.wpenginepowered.com/bid.html	HTTP Parser: No favicon
Source: https://thedownthe1stg.wpenginepowered.com/bid.html	HTTP Parser: No favicon
Source: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSD...	HTTP Parser: No favicon

Source: https://thedownthe1stg.wpenginepowered.com/bid.html	HTTP Parser: No <meta name="author".. found
Source: https://thedownthe1stg.wpenginepowered.com/bid.html	HTTP Parser: No <meta name="author".. found
Source: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSD	HTTP Parser: No <meta name="author".. found
Source: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSD	HTTP Parser: No <meta name="author".. found

Source: https://thedownthe1stg.wpenginepowered.com/bid.html	HTTP Parser: No <meta name="copyright".. found
Source: https://thedownthe1stg.wpenginepowered.com/bid.html	HTTP Parser: No <meta name="copyright".. found
Source: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSD...	HTTP Parser: No <meta name="copyright".. found
Source: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSD...	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 51.222.174.97:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.222.174.97:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.222.174.97:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 141.193.213.10:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 141.193.213.11:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.138.103:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.208.108.179:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.208.108.179:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.33.12:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.208.108.179:443 -> 192.168.2.16:49764 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 38MB

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: ptm66534.otsproductions.ca to https://thedownthe1stg.wpenginepowered.com/bid.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: ptm66534.otsproductions.ca to https://thedownthe1stg.wpenginepowered.com/bid.html

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 64.233.185.94
Source: unknown	TCP traffic detected without corresponding DNS query: 64.233.185.94
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	TCP traffic detected without corresponding DNS query: 51.222.174.97
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 23.4.43.62
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 23.4.43.62
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global traffic	HTTP traffic detected: GET //@ HTTP/1.1Host: ptm66534.otsproductions.caConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /@ HTTP/1.1Host: ptm66534.otsproductions.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /@ HTTP/1.1Host: ptm66534.otsproductions.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bid.html HTTP/1.1Host: thedownthe1stg.wpenginepowered.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: thedownthe1stg.wpenginepowered.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://thedownthe1stg.wpenginepowered.com/bid.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: thedownthe1stg.wpenginepowered.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?eojocwpo HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://thedownthe1stg.wpenginepowered.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: neolect.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://thedownthe1stg.wpenginepowered.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM
Source: global traffic	HTTP traffic detected: GET /?m0nid4uex=aHR0cHM6Ly93d3cub2ZmaWNlLmNvbS9sb2dpbiM= HTTP/1.1Host: neolect.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://thedownthe1stg.wpenginepowered.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; fpc=ApRUrsrnLe5AqKy55nDm2T0; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE6Akd-c485wq4E4QZV6Safd95d7wJQSL--IapwZqAUIt3c11ALHCpzeFkSKiC8Ycvf8Mmg88HzJxfxABo91DVVv4BilkfqlD4hVVl2ysRlC0y9AwK8PNZFsc2eQhwS4AP6KyPPC7xbysg6pPKAhf7swIvSgNQnknxdlOKMOLOo1QgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA== HTTP/1.1Host: neolect.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://thedownthe1stg.wpenginepowered.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; fpc=ApRUrsrnLe5AqKy55nDm2T0; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE6Akd-c485wq4E4QZV6Safd95d7wJQSL--IapwZqAUIt3c11ALHCpzeFkSKiC8Ycvf8Mmg88HzJxfxABo91DVVv4BilkfqlD4hVVl2ysRlC0y9AwK8PNZFsc2eQhwS4AP6KyPPC7xbysg6pPKAhf7swIvSgNQnknxdlOKMOLOo1QgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; fpc=ApRUrsrnLe5AqKy55nDm2T0; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE6Akd-c485wq4E4QZV6Safd95d7wJQSL--IapwZqAUIt3c11ALHCpzeFkSKiC8Ycvf8Mmg88HzJxfxABo91DVVv4BilkfqlD4hVVl2ysRlC0y9AwK8PNZFsc2eQhwS4AP6KyPPC7xbysg6pPKAhf7swIvSgNQnknxdlOKMOLOo1QgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA
Source: global traffic	HTTP traffic detected: GET /?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=true HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; fpc=ApRUrsrnLe
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; fpc=ApRUrsrnLe5AqKy55nDm2T0; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQE6Akd-c485wq4E4QZV6Safd95d7wJQSL--IapwZqAUIt3c11ALHCpzeFkSKiC8Ycvf8Mmg88HzJxfxABo91DVVv4BilkfqlD4hVVl2ysRlC0y9AwK8PNZFsc2eQhwS4AP6KyPPC7xbysg6pPKAhf7swIvSgNQnknxdlOKMOLOo1QgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb3uZcqbplY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE-V
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_XZWzmNsf-98_A243D7S65Q2.js HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb3uZcqbplY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE-Vt3NsuK3Pkx0ID0oXZU1IUF_
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1d0daql8my9m71a_2aaxzg2.js HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb3uZcqbplY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE-Vt3Ns
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb3uZcqbplY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE-Vt3NsuK3Pkx0ID0oXZU1IUF_8XyjOXzGrzk7jmcJ3Q
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb3uZcqbplY=AQA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec7.js HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb3uZcqbplY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; es
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec7.js HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb3uZcqbplY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE-V
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: neolect.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb3uZcqbplY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE-Vt3NsuK3Pkx0ID0oXZU1IUF_8XyjOXzGrzk7jmcJ3QF0vt0L8aa04J45O2QE9WdlUP4kViYgCiN8pdCPsnI7pCpB2BJwxKyVi71nCKdMIcF9eODIt-hDjLi7xnTUSe34gX4k1qHROuEcsz5r5_1WyAA; fpc=ApRUrsrnLe5AqKy55nDm2T28Ae7AAQAAABaSkN8OAAAA; ak_bmsc=ED87B0ED8639908A1AB169ECD0739377~000000000000000000000000000000~YAAQ7RghF4w+gSOWAQAABduNOhttp/tP0jyVyBtAde6Ks54NX3JoXhdCHsBfuLhMCXT7dVdSFVIgMMRNFAmtxG07eOC2pARyJ1oVwsGrDW8HW/lG5+Lciq6+0RrWxdNStW+6igroTgz7DUlF7voX9wUX31ozNn8vfi9b5vDFiQc+9m/fnMfbQeXsbeBSdY/aV+FJlQRhnD890K2VFYds9rssedX4CZLDXXpnPnkgrtF13ThQl6zN46KGltC5mdcqj8RVSgSO43jFuPa/Bh8Uq55nAALZiFIoCFw/OZvS061UU2v2wMPviMMQEJvHw0UGUWqVi+O60PBsGv169TK4Xw2zYz3ysS/acuxF7MIe; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-t
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb3uZcqbplY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE-V
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: neolect.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb3uZcqbplY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE-Vt3NsuK3Pkx0ID0oXZU1IUF_8XyjOXzGrzk7jmcJ3QF0vt0L8aa04J45O2QE9WdlUP4kViYgCiN8pdCPsnI7pCpB2BJwxKyVi71nCKdMIcF9eODIt-hDjLi7xnTUSe34gX4k1qHROuEcsz5r5_1WyAA; fpc=ApRUrsrnLe5AqKy55nDm2T28Ae7AAQAAABaSkN8OAAAA; ak_bmsc=ED87B0ED8639908A1AB169ECD0739377~000000000000000000000000000000~YAAQ7RghF4w+gSOWAQAABduNOhttp/tP0jyVyBtAde6Ks54NX3JoXhdCHsBfuLhMCXT7dVdSFVIgMMRNFAmtxG07eOC2pARyJ1oVwsGrDW8HW/lG5+Lciq6+0RrWxdNStW+6igroTgz7DUlF7voX9wUX31ozNn8vfi9b5vDFiQc+9m/fnMfbQeXsbeBSdY/aV+FJlQRhnD890K2VFYds9rssedX4CZLDXXpnPnkgrtF13ThQl6zN46KGltC5mdcqj8RVSgSO43jFuPa/Bh8Uq55nAALZiFIoCFw/OZvS061UU2v2wMPviMMQEJvHw0UGUWqVi+O60PBsGv169TK4Xw2zYz3ysS/acuxF7MIe; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; es
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: neolect.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb3uZcqbplY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE-Vt3NsuK3Pkx0ID0oXZU1IUF_8XyjOXzGrzk7jmcJ3QF0vt0L8aa04J45O2QE9WdlUP4kViYgCiN8pdCPsnI7pCpB2BJwxKyVi71nCKdMIcF9eODIt-hDjLi7xnTUSe34gX4k1qHROuEcsz5r5_1WyAA; fpc=ApRUrsrnLe5AqKy55nDm2T28Ae7AAQAAABaSkN8OAAAA; ak_bmsc=ED87B0ED8639908A1AB169ECD0739377~000000000000000000000000000000~YAAQ7RghF4w+gSOWAQAABduNOhttp/tP0jyVyBtAde6Ks54NX3JoXhdCHsBfuLhMCXT7dVdSFVIgMMRNFAmtxG07eOC2pARyJ1oVwsGrDW8HW/lG5+Lciq6+0RrWxdNStW+6igroTgz7DUlF7voX9wUX31ozNn8vfi9b5vDFiQc+9m/fnMfbQeXsbeBSdY/aV+FJlQRhnD890K2VFYds9rssedX4CZLDXXpnPnkgrtF13ThQl6zN46KGltC5mdcqj8RVSgSO43jFuPa/Bh8Uq55nAALZiFIoCFw/OZvS061UU2v2wMPviMMQEJvHw0UGUWqVi+O60PBsGv169TK4Xw2zYz3ysS/acuxF7MIe; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-tb3uZcqbplY=AQABCQEAAABVrSpeuWamRam2jAF1XRQE-Vt3
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: neolect.caConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://neolect.ca/?m0nid4uex=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvdjIuMC9hdXRob3JpemU/Y2xpZW50X2lkPTQ3NjU0NDViLTMyYzYtNDliMC04M2U2LTFkOTM3NjUyNzZjYSZyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRmxhbmRpbmd2MiZyZXNwb25zZV90eXBlPWNvZGUlMjBpZF90b2tlbiZzY29wZT1vcGVuaWQlMjBwcm9maWxlJTIwaHR0cHMlM0ElMkYlMkZ3d3cub2ZmaWNlLmNvbSUyRnYyJTJGT2ZmaWNlSG9tZS5BbGwmcmVzcG9uc2VfbW9kZT1mb3JtX3Bvc3Qmbm9uY2U9NjM4ODAzMzU4OTIyNjQyNjk5Lk1tRXhZMlV5WVRFdE1UWXhZaTAwTVRVM0xUaGhPV1l0TVRSbE9ETTVZak13TVRNek4yTTVOVFk1WTJRdFl6WmtZaTAwWm1VekxXRmxZell0WW1Wa01EZGtOMlJpWXpnNCZ1aV9sb2NhbGVzPWVuLVVTJm1rdD1lbi1VUyZjbGllbnQtcmVxdWVzdC1pZD0zNGI0YmNhMS02MDgyLTQ0Y2YtOTVmMC0xYmE1NWJlYzhjYmQmc3RhdGU9Uk82TTN0Yk5VdC15Mk9FSlNMWU5aUTZ0dnZfckhremdmXy00aFZkWmZYU1hGVzBVQ3NITXhMWXhhdy1FajNWTHdDYTdaSlM2Ynp5M2NDWktxNkMzMW8xYndfNlpMNThQTFBfNUc2MVI0dEpSb0hlS21Bbnd0UU5KejNtWWtNYzR3a0Qyd203UXBSXzc4OEw4Y0VHV0c4WV9CQzdvaW1hRktYdnpIYzFkSjFyWkVSS0VKckdMZHg4aHpZLWJtT0otU04xT05OM1h0Y2FoU1dYVzQ1ZkNfTFJxam5NdWJaRWxiQTRsMEFHUjg2VjRHbzkxSDBTNGF5TXhHUFQ1SnlCOVczbk1XUDgySVVKTjVLMUwyd0tOUFEmeC1jbGllbnQtU0tVPUlEX05FVDhfMCZ4LWNsaWVudC12ZXI9OC41LjAuMA==&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=loKzyZIHgFNa; qPdM.sig=4xg-PpXrk3EZTMxwfoQqDMfUtFM; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; OH.FLID=f5ff9bcc-2ea3-49aa-99e3-cae22396c400; .AspNetCore.OpenIdConnect.Nonce.yJMPUqQzsW1e_Da5eMLwXhcEOQSJDKhhDZ2UVirgFTe-sGKnMMhATbWRmkwA5BXpct1dAEb14ZvzxWxyLNngLp_yDmM8ckHENZRMZoLUfucu6phX0sQ7fxVLEyEAGHAllftuga1fbe1jHFg-xq7B2304UhWXkbNRmHruOsog-bjTXFOFhdUAFqMNoZPduL_sOrK9udYZGgotzN5dL1UQrSoMuMWZP48ZqZAT5J0LA_cnWVbcFiUljNLD2F5ZHH47=N; .AspNetCore.Correlation.TZACjB_Pi15j9c5LC64w_wuyEgrjBlpTk3meYY-eGj4=N; esctx-zZcGchvs7j4=AQABCQEAAABVrSpeuWamRam2jAF1XRQEFJ3-2FzLZDd82mXUaIUqeFTbfqlZWBR2zBWAVDbF2SBjsHBUGqj237jAZwe6Kg_HXWEaykonXnJJGx3MpSUeZ30G8KdPqPtDB4YQaFzd5oLj6SASR3MaWNFBpVvs6qgtHKZo-uohu0Pp4XeXulu5SiAA; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAAIAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE_j6ILJnZR0w-ZLdLWytZiU2MovtejU7rKKbOaAVH6OWaIFpq7IBDyPdbeKhOaKE5OxpVhDxvHsnrC7HrJEJbtmO-3jF0Yeda5BoR_IBQ3UQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEUhz-aQHRS3veTs7MTx8am_WylJNIRBA_k6AbCMjoptUvTbxAWNqkKZfDzG7w3Osf4zQWutaalxwBXpnEhVDFbioRNDotWLbHmn4wEV3ejz5HOEnoGxXSDTl_9wNRH5iC6aAzQPF8MIr9KxgsNcuMArbkA-Uvncfotw1xbSsz0UwgAA; esctx-t

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: thedownthe1stg.wpenginepowered.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: neolect.ca
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: e4fcfd72-5590-4e31-8888-b1315efa0900x-ms-ests-server: 2.1.20465.4 - NCUS ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originContent-Security-Policy-Report-Only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-Dc3XA1iTsUigYThA4BdhGg' 'unsafe-inline' 'unsafe-eval' https://.msauth.net https://.msftauth.net https://.msftauthimages.net https://.msauthimages.net https://.msidentity.com https://.microsoftonline-p.com https://.microsoftazuread-sso.com https://.azureedge.net https://.outlook.com https://.office.com https://.office365.com https://.microsoft.com https://.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-AllDate: Tue, 15 Apr 2025 17:44:54 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 1125Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: 09659e89-901e-005f-142c-aee0f2000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: Date: Tue, 15 Apr 2025 17:44:57 GMTConnection: closeAkamai-GRN: 0.ed182117.1744739097.a7e65f5cSet-Cookie: ak_bmsc=ED87B0ED8639908A1AB169ECD0739377~000000000000000000000000000000~YAAQ7RghF4w+gSOWAQAABduNOhttp/tP0jyVyBtAde6Ks54NX3JoXhdCHsBfuLhMCXT7dVdSFVIgMMRNFAmtxG07eOC2pARyJ1oVwsGrDW8HW/lG5+Lciq6+0RrWxdNStW+6igroTgz7DUlF7voX9wUX31ozNn8vfi9b5vDFiQc+9m/fnMfbQeXsbeBSdY/aV+FJlQRhnD890K2VFYds9rssedX4CZLDXXpnPnkgrtF13ThQl6zN46KGltC5mdcqj8RVSgSO43jFuPa/Bh8Uq55nAALZiFIoCFw/OZvS061UU2v2wMPviMMQEJvHw0UGUWqVi+O60PBsGv169TK4Xw2zYz3ysS/acuxF7MIe; Domain=neolect.ca; Path=/; Expires=Tue, 15 Apr 2025 19:44:57 GMT; Max-Age=7200; SameSite=None; SecureContent-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 1125Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: 57126ed2-d01e-00f9-502d-ae8245000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: Date: Tue, 15 Apr 2025 17:44:58 GMTConnection: closeAkamai-GRN: 0.ed182117.1744739098.a7e678c7Content-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 1125Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: b7fa503f-b01e-003a-7a2c-ae4eb6000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: Date: Tue, 15 Apr 2025 17:44:58 GMTConnection: closeAkamai-GRN: 0.ed182117.1744739098.a7e679a6Content-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 1125Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: 1a70f327-801e-0088-2f2d-aeb1c7000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: Date: Tue, 15 Apr 2025 17:44:58 GMTConnection: closeAkamai-GRN: 0.ed182117.1744739098.a7e6931fContent-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 1125Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: c13d8a12-d01e-0061-122d-ae778d000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: Date: Tue, 15 Apr 2025 17:44:59 GMTConnection: closeAkamai-GRN: 0.ed182117.1744739099.a7e6aaeaContent-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 1125Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: b7fa503f-b01e-003a-7a2c-ae4eb6000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: Date: Tue, 15 Apr 2025 17:45:00 GMTConnection: closeAkamai-GRN: 0.e4182117.1744739100.7900ad08Content-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 1125Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: abf44113-601e-0061-5e2d-aee96f000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: Date: Tue, 15 Apr 2025 17:45:00 GMTConnection: closeAkamai-GRN: 0.e4182117.1744739100.7900af5eContent-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-length: 1125Content-Type: text/htmlx-ms-error-code: WebContentNotFoundx-ms-request-id: 5abba74a-101e-00d2-562d-ae49c2000000x-ms-version: 2018-03-28Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,x-ms-error-code,x-ms-request-id,x-ms-versionAccess-Control-Allow-Origin: Date: Tue, 15 Apr 2025 17:45:09 GMTConnection: closeAkamai-GRN: 0.ed182117.1744739109.a7e81b3bSet-Cookie: bm_sv=0B5DC67F6F95DBD1186D6B5F51F2BC1D~YAAQ7RghF31DgSOWAQAAUwuOOhsRWuM9BFR8lO1rZGBzmPMEH0saKG4hRf5p4yb+sqSsNoBFLO7a/GkDhI45UiLFIDAUoedvyqHF7hKwNFoEK1aZlEEa4vpBqL2XXg3Q6IteGU+FRj8Us/qT21IvJwF0OzNHO1vRcoiSADyzN544kz/nhQgnAXRMbAxbTMK7IAY0henJohChqvXl2fNYL6b21OZa+1HoVZY/+8qRN9V6N0Knq62iu9LxY9qTlSOq5Cs=~1; Domain=neolect.ca; Path=/; Expires=Tue, 15 Apr 2025 19:45:09 GMT; Max-Age=7200; SameSite=None; SecureContent-Security-Policy: default-src data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 51.222.174.97:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.222.174.97:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.222.174.97:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 141.193.213.10:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 141.193.213.11:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 74.125.138.103:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.208.108.179:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.208.108.179:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.33.12:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 85.208.108.179:443 -> 192.168.2.16:49764 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.winPDF@44/56@13/154

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-15 13-43-20-017.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2236 --field-trial-handle=1576,i,6969129164730021865,5789522965333232760,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding C7EC34385020458A65EB4F10036795DD
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2236 --field-trial-handle=1576,i,6969129164730021865,5789522965333232760,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ptm66534.otsproductions.ca//@
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ptm66534.otsproductions.ca//@
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,13975828022003771642,293067518181252376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ptm66534.otsproductions.ca//@
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ptm66534.otsproductions.ca//@
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1900,i,13975828022003771642,293067518181252376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf	Initial sample: PDF keyword /JS count = 0
Source: Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label
https://ptm66534.otsproductions.ca//@	0%	Avira URL Cloud	safe
https://ptm66534.otsproductions.ca/@	0%	Avira URL Cloud	safe
https://thedownthe1stg.wpenginepowered.com/favicon.ico	0%	Avira URL Cloud	safe
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	100%	Avira URL Cloud	phishing
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	100%	Avira URL Cloud	phishing
https://neolect.ca/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css	100%	Avira URL Cloud	phishing
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js	100%	Avira URL Cloud	phishing
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js	100%	Avira URL Cloud	phishing
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	100%	Avira URL Cloud	phishing
https://neolect.ca/?m0nid4uex=aHR0cHM6Ly93d3cub2ZmaWNlLmNvbS9sb2dpbiM=	100%	Avira URL Cloud	phishing
https://neolect.ca/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1d0daql8my9m71a_2aaxzg2.js	100%	Avira URL Cloud	phishing
https://neolect.ca/	100%	Avira URL Cloud	phishing
https://neolect.ca/favicon.ico	100%	Avira URL Cloud	phishing
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif	100%	Avira URL Cloud	phishing
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_XZWzmNsf-98_A243D7S65Q2.js	100%	Avira URL Cloud	phishing
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec7.js	100%	Avira URL Cloud	phishing
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif	100%	Avira URL Cloud	phishing
https://neolect.ca/?eojocwpo	100%	Avira URL Cloud	phishing
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
bg.microsoft.map.fastly.net	199.232.214.172	true	false	high
e329293.dscd.akamaiedge.net	23.1.33.12	true	false	high
e8652.dscx.akamaiedge.net	23.55.253.31	true	false	high
thedownthe1stg.wpenginepowered.com	141.193.213.10	true	true	unknown
s-part-0013.t-0009.t-msedge.net	13.107.246.41	true	false	high
www.google.com	74.125.138.103	true	false	high
neolect.ca	85.208.108.179	true	false	unknown
x1.i.lencr.org	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	true	Avira URL Cloud: phishing	unknown
http://x1.i.lencr.org/	false		high
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	true	Avira URL Cloud: phishing	unknown
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	true	Avira URL Cloud: phishing	unknown
https://neolect.ca/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css	true	Avira URL Cloud: phishing	unknown
https://neolect.ca/	true	Avira URL Cloud: phishing	unknown
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js	true	Avira URL Cloud: phishing	unknown
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js	true	Avira URL Cloud: phishing	unknown
https://neolect.ca/?m0nid4uex=aHR0cHM6Ly93d3cub2ZmaWNlLmNvbS9sb2dpbiM=	true	Avira URL Cloud: phishing	unknown
https://neolect.ca/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1d0daql8my9m71a_2aaxzg2.js	true	Avira URL Cloud: phishing	unknown
https://thedownthe1stg.wpenginepowered.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://neolect.ca/favicon.ico	true	Avira URL Cloud: phishing	unknown
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif	true	Avira URL Cloud: phishing	unknown
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg	true	Avira URL Cloud: phishing	unknown
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_XZWzmNsf-98_A243D7S65Q2.js	true	Avira URL Cloud: phishing	unknown
https://thedownthe1stg.wpenginepowered.com/bid.html	true		unknown
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_ae573f441ee1cf781ec7.js	true	Avira URL Cloud: phishing	unknown
https://ptm66534.otsproductions.ca/@	false	Avira URL Cloud: safe	unknown
https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif	true	Avira URL Cloud: phishing	unknown
https://neolect.ca/?eojocwpo	true	Avira URL Cloud: phishing	unknown
https://ptm66534.otsproductions.ca//@	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.215.100	unknown	United States	15169	GOOGLEUS	false
13.107.246.40	s-part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
51.222.174.97	unknown	France	16276	OVHFR	false
184.31.48.185	unknown	United States	16625	AKAMAI-ASUS	false
173.194.219.94	unknown	United States	15169	GOOGLEUS	false
173.194.219.95	unknown	United States	15169	GOOGLEUS	false
50.16.47.176	unknown	United States	14618	AMAZON-AESUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
184.31.60.185	unknown	United States	16625	AKAMAI-ASUS	false
199.232.214.172	bg.microsoft.map.fastly.net	United States	54113	FASTLYUS	false
20.190.135.19	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
74.125.138.103	www.google.com	United States	15169	GOOGLEUS	false
23.1.33.12	e329293.dscd.akamaiedge.net	United States	20940	AKAMAI-ASN1EU	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
74.125.136.95	unknown	United States	15169	GOOGLEUS	false
142.250.9.138	unknown	United States	15169	GOOGLEUS	false
64.233.176.84	unknown	United States	15169	GOOGLEUS	false
85.208.108.179	neolect.ca	Netherlands	18978	ENZUINC-US	false
23.55.253.31	e8652.dscx.akamaiedge.net	United States	20940	AKAMAI-ASN1EU	false
172.253.124.94	unknown	United States	15169	GOOGLEUS	false
141.193.213.10	thedownthe1stg.wpenginepowered.com	United States	396845	DV-PRIMARY-ASN1US	true
141.193.213.11	unknown	United States	396845	DV-PRIMARY-ASN1US	false
20.190.157.3	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
64.233.185.94	unknown	United States	15169	GOOGLEUS	false
64.233.185.95	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1665735
Start date and time:	2025-04-15 19:42:41 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf renamed because original name is a hash value
Original Sample Name:	Invitation de proposition - bnisterie PTM.pdf
Detection:	MAL
Classification:	mal68.phis.winPDF@44/56@13/154
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.31.60.185, 50.16.47.176, 34.237.241.83, 18.213.11.84, 54.224.241.105, 162.159.61.3, 172.64.41.3, 20.109.210.53
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: thedownthe1stg.wpenginepowered.com

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.189975612033405
Encrypted:	false
SSDEEP:
MD5:	DF2EECDC67F8FE5F3DC1D90BE92CF5B3
SHA1:	58059B42F148A032151CD26D88AEE628997F299D
SHA-256:	ED05EFFA386F209161A58F25B0814651D5C5BB4F596394EE2E60776D63118358
SHA-512:	F7C8D9464849D8FF91B717D2FE44BEDB597A2CB1C8D84DF826593DCA3D762EEA1D5A0FBD391E58CC4FF30C6586F155676107CD9F0DC4B62B174AC8D394E6CFC1
Malicious:	false
Reputation:	unknown
Preview:	2025/04/15-13:43:18.524 ac0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/15-13:43:18.527 ac0 Recovering log #3.2025/04/15-13:43:18.527 ac0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (808)
Category:	downloaded
Size (bytes):	1125
Entropy (8bit):	5.8062427399263195
Encrypted:	false
SSDEEP:
MD5:	2CF58496067DCBDF8620810EF6F57DAC
SHA1:	8C51DD964102D90C0C10D4C65CEF538D945189CA
SHA-256:	58DD819B788E965E0A25071B2C4FF23E6241EC1ABF166442192DD9411378033D
SHA-512:	269C62CD28D45613A2F54DCB7EF3427A49B14EA26AF8667C822840C02BEE4DFB25CFB4860BE08C1690FBA745875DDE4867645A476234F819F4F1D044947FDA2B
Malicious:	false
Reputation:	unknown
URL:	https://neolect.ca/aadcdn.msftauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif
Preview:	<!DOCTYPE html><html><head>.<script src="data:text/javascript;base64,ZnVuY3Rpb24gY3VzdG9tRnVuY3Rpb24oKSB7CiAgICBpZiAoIWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoIi5jdXN0b20tY2xhc3MiKSB8fCAhZG9jdW1lbnQucXVlcnlTZWxlY3RvcigiLnJvdGF0ZS1jbGFzcyIpKSB7CiAgICAgICAgdmFyIG5ld0RpdiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoImRpdiIpOwogICAgICAgIG5ld0Rpdi5jbGFzc0xpc3QuYWRkKCJjdXN0b20tY2xhc3MiKTsKICAgICAgICBkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKG5ld0Rpvik7CiAgICAgICAgCiAgICAgICAgZG9jdW1lbnQuYm9keS5zdHlsZS50cmFuc2Zvcm0gPSAicm90YXRlKDVkZWcpIjsKICAgICAgICAKICAgICAgICB2YXIgcm90YXRlRGl2ID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iik7CiAgICAgICAgcm90YXRlRGl2LmNsYXNzTGlzdC5hZGQoInJvdGF0ZS1jbGFzcyIpOwogICAgICAgIGRvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQocm90YXRlRGl2KTsKICAgICAgICAKICAgICAgICBzZXRUaW1lb3V0KGN1c3RvbUZ1bmN0aW9uLCAyMDAwKTsKICAgIH0KfQpjdXN0b21GdW5jdGlvbigpOw=="></script>.<title>MOD-y8pnp7h7</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>

File type:	PDF document, version 2.0 (zip deflate encoded)
Entropy (8bit):	7.948144921845337
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf
File size:	715'991 bytes
MD5:	ceca877007b8622fa7d7a17170e409eb
SHA1:	d0e575d67901af25d1014a386581a6fd52e33e33
SHA256:	c8db07cb6bb26d0ac8792e973d3962168ab9675ff98dadee9a8eb37ea146db04
SHA512:	3cd888ecd1ac2737fed1a70c00ecb16111c235429077ceaebedeed215d0c357955656470ecda7e90e02406ac02461b832d798b2ea6f886a458d13ec034fa04c5
SSDEEP:	12288:3cJe6wOnpPlB/vEUzJl/1npUb8kLF/DlTFzVLO7gPAlXPs9rtQTT8hjDT+a:c2kdBvLybnsg4l/Azn
TLSH:	3AE4235F9299073BF97568B0534CF691D9A2EF06881D99233CFC340DAFBB1992B0A449
File Content Preview:	%PDF-2.0.%.....6 0 obj<</Linearized 1/L 715991/O 11/E 712642/N 1/T 715695/H [ 1393 300]>>.endobj. .7 0 obj<</Root 8 0 R/Info 4 0 R/ID[<30A3

General
Header:	%PDF-2.0
Total Entropy:	7.948145
Total Bytes:	715991
Stream Entropy:	7.948890
Stream Bytes:	712402
Entropy outside Streams:	4.640946
Bytes outside Streams:	3589
Number of EOF found:	2
Bytes after EOF:

Name	Count
obj	22
endobj	22
stream	19
endstream	19
xref	0
trailer	0
startxref	2
/Page	1
/Encrypt	0
/ObjStm	3
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

ID	DHASH	MD5
12	a4aa454545053536	89852798cb2980725d44defa33bdfe97
13	0040222d29244000	8ad5af333dfb69e27d91b181f317f122
18	e4aa454545053436	39bb1b4af42c52884d71fc9e9deddb88
19	0050000d2b004000	d37200f9c9258f60304f04f86015d532

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4284faa1-5676-4bed-991f-b4481a80a1c5.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250415174322Z-177.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSIf4de1.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-15 13-43-20-017.log

Windows Analysis Report
Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf