Windows Analysis Report
JJs Waste & Recycling.doc

Overview

General Information

Sample name: JJs Waste & Recycling.doc
Analysis ID: 1436591
MD5: fc4ae8d539452c1ac780fa59a105a310
SHA1: 6460cdf4fc1098395e440bfb0ecbd31ecfce1e7e
SHA256: 80e265cd36ac5e9fc29d646db99958d76267be95c1e6581ae6f996da5617ac96
Infos:

Detection

Score: 3
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Stores files to the Windows start menu directory

Classification

Source: unknown HTTPS traffic detected: 40.126.29.14:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49786 version: TLS 1.2
Source: winword.exe Memory has grown: Private usage: 10MB later: 82MB
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.17.3.184 104.17.3.184
Source: Joe Sandbox View IP Address: 151.101.194.137 151.101.194.137
Source: Joe Sandbox View IP Address: 18.64.174.31 18.64.174.31
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.14
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.14
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.14
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.14
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.14
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.14
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.14
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.14
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.14
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.14
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.14
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.29.14
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 23.223.28.197
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gSGAFRYXWyOVluY&MD=V2mVHG4Y HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gSGAFRYXWyOVluY&MD=V2mVHG4Y HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /section/0day/ HTTP/1.1Host: www.0daykingz.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.0daykingz.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.0daykingz.org/section/0day/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /hQgYr/ HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.0daykingz.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://owdl.ontrical.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://owdl.ontrical.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/g/d0ff3ebede6b/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://owdl.ontrical.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3wsn6/0x4AAAAAAAY7eqgAq_T9P7B3/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://owdl.ontrical.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3wsn6/0x4AAAAAAAY7eqgAq_T9P7B3/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87f5e044bf2c0355 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3wsn6/0x4AAAAAAAY7eqgAq_T9P7B3/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://owdl.ontrical.com/hQgYr/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InUwaTQwdHpXZ2srRy9zb1RjZHZrZlE9PSIsInZhbHVlIjoiTXQwNmxzVGhUd3dza1gyRmNGREs1Z0JJNy80Vk9TOWFzcEJCbXJLQ0E3UnozMnB4QmV5MG1DbEVnYzJITmVnN3F2VmRsQWV3NEpJZjhYbWtVQkZQZ1g4WXVsM3ZiOXhZdUhMd3dKL283RjA0TFRYa2dlb0owbHZ5YlczQXZRZDciLCJtYWMiOiJlYWUyMmUxY2IzMDQxMTBmYjc5ZjM5YzZjZTkzNGY5ZTcyMDVhMjE3MDk5NTQzMjUyYTg0ODZlMzk0ZjRkZjJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjNoK25BNERKWnpIRFN6OC9tTy8yaGc9PSIsInZhbHVlIjoiaDEwWERERGlzN2srbkNLTHZHV21ySzNlOWtaME11a0FCT2JEQXNsdGd5Q3FIMGdVN2ppSVFEaGR3dGxwZFpHdGF3WmkxK2VPd0FwUXQ3dTlNcVRoLzlrR0RaVEg2Vm9pYTVwWWhkVkNJYk1WbnBZb0FYZHdUNzk5bWdMWWs1d0MiLCJtYWMiOiJjYjE5ZDEyNGYzMmM0MDBiMGFmMjRjMmY0MzM2ZDc2YzI4NzE4ZTNhMTYyZTFiMTcxNDljMzRkZTU5YTcxMzg2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/87f5e044bf2c0355/1714966064410/WhOFPpOehK32phk HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3wsn6/0x4AAAAAAAY7eqgAq_T9P7B3/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/87f5e044bf2c0355/1714966064410/931b17d7fe15bd138c54421169163a2bc0343e6e504687671bb3931ac3b96d1c/zZOVK9JLkf2c3ZT HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3wsn6/0x4AAAAAAAY7eqgAq_T9P7B3/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /hQgYr/ HTTP/1.1Host: owdl.ontrical.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://owdl.ontrical.com/hQgYr/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlE5dWp5aGJHamxENkJKSjNjU0RJOUE9PSIsInZhbHVlIjoieTZwTFhXOHl4QkQwRzlaeElxOWk3S2pJZHRNS1BaR3Z2RExSYjh4dTNBajFSc3psbW5oZlRVcS9ZOHE2VHNvb05lVlpiWkdNdFRWVmo2MW9pZE44dDRoOFArWDkxMkZVUDJTS1VXamt0elpBYmZxQVhTbWpLZFhiZFZWTGFYbzUiLCJtYWMiOiIwNjI1MTQyZTZlZDY4ZTEwMjFiNDk0NTVhNWIzZTEyNmJjNmJkYzk0NGFmZjQwYWNjMzlhM2E5ZjFiMDVlMWY0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikg0a2hYS3NmWW41Rm1pb05nVWM4dVE9PSIsInZhbHVlIjoidjFmZnRZcnpXSHlWeG1aeTlHN0ljTjdMZm0zaHRYVjZyZHJXM2NkYW1QQkJiaXhMbWdQS05VQk82OCtFcG9ZaVNvWXdNRTdkdjN4NmtwdERPUy9kNlo3alZQNGd1L1c5alFIOTVxbWFDcUZmRWkwSyt0Z1I3ek5XWXQyYkZSeHgiLCJtYWMiOiI5ZWUxZDVmNWVlNDQwNmNiZTRkYjRmNzIxYmRhMjFkNzllYjA5NzY4OGM2MWNkMDY5N2IyOTdmNWU2MzJkOTg2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /hQgYr/?y HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://owdl.ontrical.com/hQgYr/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InBHSDZsUTQ1Rml3d2dlWFp4T29qVGc9PSIsInZhbHVlIjoiUnhWRTV2SURWbWlzaktVdmtNT05TZDZEWllEeUdkd2t5Z3ZiK1VmRUlmU09taUdwdnFMV0taR3NLZGljY0tMMzJnR0YyT1diZ1VjbkhLc2JTemFHVzJkMzZvNkFQcFB6VFY0K0NucFBQVVk2akdYd3pQeGduVHU2QXRxaTBtdzkiLCJtYWMiOiI1N2U4NGQ4NmMzYzRjYTZkNmI2YTRkMzBjODgyMTVhNDJiNzVjMWM1NGI0NTcxNTI4ZGZhNTVjMjEzMzM4ZjFkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhPNnJXRW51RVhqaXo1NEdGallJekE9PSIsInZhbHVlIjoickcvNWZGekpzTzh5UUIrMGhBeVR1UTBlcjJvMkkrcGczZFdTQTNSVTNTWWZiZWZBMlpHU2dwV2tmN3lHajFoS3pmTllGaDdGVDRBWFU4MmF4V21zQVNPRExUQ0Y1OFdVWkZ5ZXliTlEzV3k5eFliQ3pjU1FOYXY5ZzA2c3FiRHYiLCJtYWMiOiI5OTMxZmVjNmRmYmQyNWIyODFiYjc5ZTE5YWM1ZTRkNDE0ZWJmMDVlZWZjMjdjMjEyMGIyOWMzYjhhMzUzOGQ3IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQ HTTP/1.1Host: owdl.ontrical.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://owdl.ontrical.com/hQgYr/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlFkZlBnT2pXV0EwN3lsYWZrOGU5bEE9PSIsInZhbHVlIjoiWUJJdEhMcE5nTXpjSlNQdFFsVk1ydmxreU5KNzNoSVhzQ0JDSzl2NjVuTmdXK2h1ekF3MlM5SWl0L294ZjRJaDdTNGlCZkZ0UVNkWGVRRVExS2JvUHBGbmcvY01xREtocWRsZ09wZWpTRi9LbUpuS1ZYZjMzZWl1cUt5cmVONDciLCJtYWMiOiI2MjYwNTBmNjY2MzA4YzRiMGZiYjZhNzIzNWI0MzY0ODFlYmVjNmMwNjBhOTJjYTM5N2E4NzEwOGI3MTMyZThhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktGV29wYlJwVWUyaEpIQWRNOWVrbWc9PSIsInZhbHVlIjoiRVZOeG45TzJxQXZhdnBydHJXczU4b2wvcWkya2wwNnR1Vno1SzhTSXF3R0xiaHlodXZqTXZ4S2wzbmhwd1ZkU3UyblVodzJ1bFhIMmhPdE0xcndLUXE0aXFzNUVVc3dOOStSc05mUXMrV0pPckNPNjg3R29XcDdjKzkwYXBSaHMiLCJtYWMiOiI2ZjBhYTcyM2UzNjM2MWIzNWQyYWZmYjJmMGM4MThjMzM2NGMwMjdjNzQ4ZTMzZDhkZjY5MGIyMzZkODRhMTIwIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /56jbyWygy4pHv7Gxy1Btn6713 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /xysaMqODztQrsZ0cd26 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /pqP0mxJ6S9dlZ90GVve34ugEkwx31 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://owdl.ontrical.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /yzAATeKnE2yhKkUZ56RsHnaqr48 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://owdl.ontrical.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /90ZDX0kwrIpJ3uOBeR23Fh2uTst52 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://owdl.ontrical.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /23FUdLFmv794uEGLJ90K0CoOmuvw66 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://owdl.ontrical.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://owdl.ontrical.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://owdl.ontrical.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /89QGTJxyJYyA40vgI12DB0P76PDab80 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://owdl.ontrical.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /eflsMx8ccuDx2I78WDwj6cynfqVmn100 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://owdl.ontrical.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /56zkieDpvpc7tWgR4lZ96BFY53T1kl2NSgfFfewtQdkll89110 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /kl2DtgirVQiK8jIHwf6dkrbLCks4Niwtpqrq58oLJe15HBljqdBTcAJnHA38Fyz228 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: owdl.ontrical.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://owdl.ontrical.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3DSec-WebSocket-Key: +B+KDajdZCNN/n9DFdmGQg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /mnr849V6qfba3cuL7rf7CeTuqGboN56iFcLFW5HJSEsZPdHnrfWfaHfWuv220 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvrkYhoWNCFzTdn9bTyelia6yOpMopgiNict3nNBBB6BO12130 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /qrvi0Uv1KX22eaRjvPwmnhQ0QTizEC4K04DUqsg67136 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /mneSnXQI2oAnjKN6XnOC4kjCBIHx0P7HVl4uvbqS0NbSpLUnwDQtLV90150 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik1sUlMwQVFkRHVzeWozK2syWWM0SVE9PSIsInZhbHVlIjoick1jQUdjT0tPWE8zemZNNkQ3akZNWitPeWpycmVqVit0N3lyRFVlN0xaZkZRNjJ5czdtRlBPU1JEN05BN2hZN2MvVERzYkR5Uk9NUFFsanJFMk1ad2U4b1ZIbUtSTTJsOC9UY1NaVk5vSEhUeHpVTWFOM3B1MC92OWNRTVJiRVMiLCJtYWMiOiI2MzkyNjAyNzM2MTY1YjIyM2NhN2Q0MWQyZGYzZmE2YjRmNGYyZTMxZDAzZWM4ZWYzNTc3OTRlNDQ1NjNiMTkyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhIbW1VR0pPM3EyL0M1T2hvcW9mQkE9PSIsInZhbHVlIjoiQ2FXL1JpVnB6UVVMK0o2c1JGdStaUFJnTnhIdkdwblpGYkpOSnNGVnVpSDFRTlg3T05NR2RKdGdxQUt4cFlybTAwK2plWEZHZW9Pa2VhOXFvNnpBVzRvQWsxdGdzQ3loenVMZmxPaDRKQzlGaEVLMm5KSTRXbVFwb0NERUZoeTUiLCJtYWMiOiI1Mjk2MGExY2EyMGNjMjYyZmY4ZjIzODY0NTNjYWQ5ZTQ2YzhiYjIzNWIwZGI1YzEzYWE3NTg0MzBmYzAwMDNkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijCTiuFQG76QIseSaEEGcklmXyJnKIcddJ3PrAH6AC5Llcqo3k8ta3aXYF78166 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhCaDBxeHRvUE9nNE14cGYvcCs0WFE9PSIsInZhbHVlIjoidGxyNjV6dm1wTEo1OUdMN2dNTnc2WXZTMmxydzZzcENhR0RVMFRqR3prTTlRVVNqaEtjRmt1NyszRjNpZFM4dmR0ajRMS3RkN20rZkpGY0RscDI0aEhYNFN0dy9pM3p2c1VEZEcxUDhQNm5IRnltNmx2dmFBb0s4QlVBcHlZSEYiLCJtYWMiOiJkM2U5ZGY1MWNhNjk0Y2ZkZjAxNzhlYzRmM2FjZjZkYjU1MTk3NjAxN2RkMDViZWVmNjY4NThmY2EwYmQ2MWNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhTTW95NHVMTmRabmVVSTAwbXV5alE9PSIsInZhbHVlIjoiZS93QTJ6enFxc3ZLRVBabGp6R0hRZk8yWEFtZ0RoWkQzTjk5QkFXU1QzcnVRWUVoOVJUK0h1MnlaSEhUbGZHNFIwNU1SbXZtSFE2ZGYrcnVleThPcERSNnFQcDg4eXRGdFl6ZWlYNk00eTg1U0c5ZjJYRVBkalZtdVA1VmF3NG4iLCJtYWMiOiJkZTUxN2I4MGVlNGZlNTIwNjc2NDNiN2YzODU3YWVkNzJhZGVmMzEzYWU0YmMxZDIxMmFmYzZkODkwMmVhOTU5IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /yzW31nB97jLyIuZu9TUcbvfnW0N7cursOEAN6TNzlJkNQsRWHjab180 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhCaDBxeHRvUE9nNE14cGYvcCs0WFE9PSIsInZhbHVlIjoidGxyNjV6dm1wTEo1OUdMN2dNTnc2WXZTMmxydzZzcENhR0RVMFRqR3prTTlRVVNqaEtjRmt1NyszRjNpZFM4dmR0ajRMS3RkN20rZkpGY0RscDI0aEhYNFN0dy9pM3p2c1VEZEcxUDhQNm5IRnltNmx2dmFBb0s4QlVBcHlZSEYiLCJtYWMiOiJkM2U5ZGY1MWNhNjk0Y2ZkZjAxNzhlYzRmM2FjZjZkYjU1MTk3NjAxN2RkMDViZWVmNjY4NThmY2EwYmQ2MWNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhTTW95NHVMTmRabmVVSTAwbXV5alE9PSIsInZhbHVlIjoiZS93QTJ6enFxc3ZLRVBabGp6R0hRZk8yWEFtZ0RoWkQzTjk5QkFXU1QzcnVRWUVoOVJUK0h1MnlaSEhUbGZHNFIwNU1SbXZtSFE2ZGYrcnVleThPcERSNnFQcDg4eXRGdFl6ZWlYNk00eTg1U0c5ZjJYRVBkalZtdVA1VmF3NG4iLCJtYWMiOiJkZTUxN2I4MGVlNGZlNTIwNjc2NDNiN2YzODU3YWVkNzJhZGVmMzEzYWU0YmMxZDIxMmFmYzZkODkwMmVhOTU5IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /rsZzTrsjVtxEO9QOYCwvYh5AJuvNUvcCnvM39x37YgAG3eperfv6dX4LTcd200 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhCaDBxeHRvUE9nNE14cGYvcCs0WFE9PSIsInZhbHVlIjoidGxyNjV6dm1wTEo1OUdMN2dNTnc2WXZTMmxydzZzcENhR0RVMFRqR3prTTlRVVNqaEtjRmt1NyszRjNpZFM4dmR0ajRMS3RkN20rZkpGY0RscDI0aEhYNFN0dy9pM3p2c1VEZEcxUDhQNm5IRnltNmx2dmFBb0s4QlVBcHlZSEYiLCJtYWMiOiJkM2U5ZGY1MWNhNjk0Y2ZkZjAxNzhlYzRmM2FjZjZkYjU1MTk3NjAxN2RkMDViZWVmNjY4NThmY2EwYmQ2MWNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhTTW95NHVMTmRabmVVSTAwbXV5alE9PSIsInZhbHVlIjoiZS93QTJ6enFxc3ZLRVBabGp6R0hRZk8yWEFtZ0RoWkQzTjk5QkFXU1QzcnVRWUVoOVJUK0h1MnlaSEhUbGZHNFIwNU1SbXZtSFE2ZGYrcnVleThPcERSNnFQcDg4eXRGdFl6ZWlYNk00eTg1U0c5ZjJYRVBkalZtdVA1VmF3NG4iLCJtYWMiOiJkZTUxN2I4MGVlNGZlNTIwNjc2NDNiN2YzODU3YWVkNzJhZGVmMzEzYWU0YmMxZDIxMmFmYzZkODkwMmVhOTU5IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ghdo3xjAZylxx7OtkiTRg3H8F8b3FjduqsbNmjdNmn2tlGC8gZVNlvIOuO7TGj4y2Ogrtkef210 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhCaDBxeHRvUE9nNE14cGYvcCs0WFE9PSIsInZhbHVlIjoidGxyNjV6dm1wTEo1OUdMN2dNTnc2WXZTMmxydzZzcENhR0RVMFRqR3prTTlRVVNqaEtjRmt1NyszRjNpZFM4dmR0ajRMS3RkN20rZkpGY0RscDI0aEhYNFN0dy9pM3p2c1VEZEcxUDhQNm5IRnltNmx2dmFBb0s4QlVBcHlZSEYiLCJtYWMiOiJkM2U5ZGY1MWNhNjk0Y2ZkZjAxNzhlYzRmM2FjZjZkYjU1MTk3NjAxN2RkMDViZWVmNjY4NThmY2EwYmQ2MWNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhTTW95NHVMTmRabmVVSTAwbXV5alE9PSIsInZhbHVlIjoiZS93QTJ6enFxc3ZLRVBabGp6R0hRZk8yWEFtZ0RoWkQzTjk5QkFXU1QzcnVRWUVoOVJUK0h1MnlaSEhUbGZHNFIwNU1SbXZtSFE2ZGYrcnVleThPcERSNnFQcDg4eXRGdFl6ZWlYNk00eTg1U0c5ZjJYRVBkalZtdVA1VmF3NG4iLCJtYWMiOiJkZTUxN2I4MGVlNGZlNTIwNjc2NDNiN2YzODU3YWVkNzJhZGVmMzEzYWU0YmMxZDIxMmFmYzZkODkwMmVhOTU5IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /opdyuRSA87frIgXH3lvMwzopZ1Up36zkJmgDObI4WoJsrINstQPvfO6vhtuolwEsJEJeuef240 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhCaDBxeHRvUE9nNE14cGYvcCs0WFE9PSIsInZhbHVlIjoidGxyNjV6dm1wTEo1OUdMN2dNTnc2WXZTMmxydzZzcENhR0RVMFRqR3prTTlRVVNqaEtjRmt1NyszRjNpZFM4dmR0ajRMS3RkN20rZkpGY0RscDI0aEhYNFN0dy9pM3p2c1VEZEcxUDhQNm5IRnltNmx2dmFBb0s4QlVBcHlZSEYiLCJtYWMiOiJkM2U5ZGY1MWNhNjk0Y2ZkZjAxNzhlYzRmM2FjZjZkYjU1MTk3NjAxN2RkMDViZWVmNjY4NThmY2EwYmQ2MWNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhTTW95NHVMTmRabmVVSTAwbXV5alE9PSIsInZhbHVlIjoiZS93QTJ6enFxc3ZLRVBabGp6R0hRZk8yWEFtZ0RoWkQzTjk5QkFXU1QzcnVRWUVoOVJUK0h1MnlaSEhUbGZHNFIwNU1SbXZtSFE2ZGYrcnVleThPcERSNnFQcDg4eXRGdFl6ZWlYNk00eTg1U0c5ZjJYRVBkalZtdVA1VmF3NG4iLCJtYWMiOiJkZTUxN2I4MGVlNGZlNTIwNjc2NDNiN2YzODU3YWVkNzJhZGVmMzEzYWU0YmMxZDIxMmFmYzZkODkwMmVhOTU5IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvWCnpEolOeOqJFLvvy4Lx7osI2oPAp9jymnxy0f2fn0LnwFTGfVUWPcsUsk2E0uHPlef258 HTTP/1.1Host: owdl.ontrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhCaDBxeHRvUE9nNE14cGYvcCs0WFE9PSIsInZhbHVlIjoidGxyNjV6dm1wTEo1OUdMN2dNTnc2WXZTMmxydzZzcENhR0RVMFRqR3prTTlRVVNqaEtjRmt1NyszRjNpZFM4dmR0ajRMS3RkN20rZkpGY0RscDI0aEhYNFN0dy9pM3p2c1VEZEcxUDhQNm5IRnltNmx2dmFBb0s4QlVBcHlZSEYiLCJtYWMiOiJkM2U5ZGY1MWNhNjk0Y2ZkZjAxNzhlYzRmM2FjZjZkYjU1MTk3NjAxN2RkMDViZWVmNjY4NThmY2EwYmQ2MWNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhTTW95NHVMTmRabmVVSTAwbXV5alE9PSIsInZhbHVlIjoiZS93QTJ6enFxc3ZLRVBabGp6R0hRZk8yWEFtZ0RoWkQzTjk5QkFXU1QzcnVRWUVoOVJUK0h1MnlaSEhUbGZHNFIwNU1SbXZtSFE2ZGYrcnVleThPcERSNnFQcDg4eXRGdFl6ZWlYNk00eTg1U0c5ZjJYRVBkalZtdVA1VmF3NG4iLCJtYWMiOiJkZTUxN2I4MGVlNGZlNTIwNjc2NDNiN2YzODU3YWVkNzJhZGVmMzEzYWU0YmMxZDIxMmFmYzZkODkwMmVhOTU5IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: owdl.ontrical.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://owdl.ontrical.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhCaDBxeHRvUE9nNE14cGYvcCs0WFE9PSIsInZhbHVlIjoidGxyNjV6dm1wTEo1OUdMN2dNTnc2WXZTMmxydzZzcENhR0RVMFRqR3prTTlRVVNqaEtjRmt1NyszRjNpZFM4dmR0ajRMS3RkN20rZkpGY0RscDI0aEhYNFN0dy9pM3p2c1VEZEcxUDhQNm5IRnltNmx2dmFBb0s4QlVBcHlZSEYiLCJtYWMiOiJkM2U5ZGY1MWNhNjk0Y2ZkZjAxNzhlYzRmM2FjZjZkYjU1MTk3NjAxN2RkMDViZWVmNjY4NThmY2EwYmQ2MWNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhTTW95NHVMTmRabmVVSTAwbXV5alE9PSIsInZhbHVlIjoiZS93QTJ6enFxc3ZLRVBabGp6R0hRZk8yWEFtZ0RoWkQzTjk5QkFXU1QzcnVRWUVoOVJUK0h1MnlaSEhUbGZHNFIwNU1SbXZtSFE2ZGYrcnVleThPcERSNnFQcDg4eXRGdFl6ZWlYNk00eTg1U0c5ZjJYRVBkalZtdVA1VmF3NG4iLCJtYWMiOiJkZTUxN2I4MGVlNGZlNTIwNjc2NDNiN2YzODU3YWVkNzJhZGVmMzEzYWU0YmMxZDIxMmFmYzZkODkwMmVhOTU5IiwidGFnIjoiIn0%3DSec-WebSocket-Key: GaywNMsJm1jZ3CjRAC2u0w==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: owdl.ontrical.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://owdl.ontrical.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhCaDBxeHRvUE9nNE14cGYvcCs0WFE9PSIsInZhbHVlIjoidGxyNjV6dm1wTEo1OUdMN2dNTnc2WXZTMmxydzZzcENhR0RVMFRqR3prTTlRVVNqaEtjRmt1NyszRjNpZFM4dmR0ajRMS3RkN20rZkpGY0RscDI0aEhYNFN0dy9pM3p2c1VEZEcxUDhQNm5IRnltNmx2dmFBb0s4QlVBcHlZSEYiLCJtYWMiOiJkM2U5ZGY1MWNhNjk0Y2ZkZjAxNzhlYzRmM2FjZjZkYjU1MTk3NjAxN2RkMDViZWVmNjY4NThmY2EwYmQ2MWNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhTTW95NHVMTmRabmVVSTAwbXV5alE9PSIsInZhbHVlIjoiZS93QTJ6enFxc3ZLRVBabGp6R0hRZk8yWEFtZ0RoWkQzTjk5QkFXU1QzcnVRWUVoOVJUK0h1MnlaSEhUbGZHNFIwNU1SbXZtSFE2ZGYrcnVleThPcERSNnFQcDg4eXRGdFl6ZWlYNk00eTg1U0c5ZjJYRVBkalZtdVA1VmF3NG4iLCJtYWMiOiJkZTUxN2I4MGVlNGZlNTIwNjc2NDNiN2YzODU3YWVkNzJhZGVmMzEzYWU0YmMxZDIxMmFmYzZkODkwMmVhOTU5IiwidGFnIjoiIn0%3DSec-WebSocket-Key: l+MYgcwmZH79y6BvhDnP4A==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: owdl.ontrical.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://owdl.ontrical.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlhCaDBxeHRvUE9nNE14cGYvcCs0WFE9PSIsInZhbHVlIjoidGxyNjV6dm1wTEo1OUdMN2dNTnc2WXZTMmxydzZzcENhR0RVMFRqR3prTTlRVVNqaEtjRmt1NyszRjNpZFM4dmR0ajRMS3RkN20rZkpGY0RscDI0aEhYNFN0dy9pM3p2c1VEZEcxUDhQNm5IRnltNmx2dmFBb0s4QlVBcHlZSEYiLCJtYWMiOiJkM2U5ZGY1MWNhNjk0Y2ZkZjAxNzhlYzRmM2FjZjZkYjU1MTk3NjAxN2RkMDViZWVmNjY4NThmY2EwYmQ2MWNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhTTW95NHVMTmRabmVVSTAwbXV5alE9PSIsInZhbHVlIjoiZS93QTJ6enFxc3ZLRVBabGp6R0hRZk8yWEFtZ0RoWkQzTjk5QkFXU1QzcnVRWUVoOVJUK0h1MnlaSEhUbGZHNFIwNU1SbXZtSFE2ZGYrcnVleThPcERSNnFQcDg4eXRGdFl6ZWlYNk00eTg1U0c5ZjJYRVBkalZtdVA1VmF3NG4iLCJtYWMiOiJkZTUxN2I4MGVlNGZlNTIwNjc2NDNiN2YzODU3YWVkNzJhZGVmMzEzYWU0YmMxZDIxMmFmYzZkODkwMmVhOTU5IiwidGFnIjoiIn0%3DSec-WebSocket-Key: TAS3K0GIHY4j7fPtuhaJjw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic HTTP traffic detected: GET /section/0day HTTP/1.1Host: www.0daykingz.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://www.bing.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /section/0day/ HTTP/1.1Host: www.0daykingz.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://www.bing.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: apis.google.com
Source: global traffic DNS traffic detected: DNS query: www.0daykingz.org
Source: global traffic DNS traffic detected: DNS query: owdl.ontrical.com
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: cdn.socket.io
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4722Host: login.live.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachecontent-length: 1249date: Mon, 06 May 2024 03:27:35 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"connection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 06 May 2024 03:27:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YOwR%2FGjXnyPazTF1eT8nhxnxKt4IJuTq686mM6mn3w%2F6d%2BOVlv7yl67d5CpgFIHziweTEX2oIBAESj8mFjr3IlC7e%2F5O5Rjn6CzGFjWdHDbxz3s2dBoOoE%2F3pD4UYQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400CF-Cache-Status: MISSServer: cloudflareCF-RAY: 87f5e04b88e5a54e-MIA
Source: chromecache_307.13.dr String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_307.13.dr String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_307.13.dr String found in binary or memory: https://apis.google.com
Source: chromecache_307.13.dr String found in binary or memory: https://clients6.google.com
Source: chromecache_307.13.dr String found in binary or memory: https://content.googleapis.com
Source: chromecache_307.13.dr String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_307.13.dr String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_306.13.dr String found in binary or memory: https://owdl.ontrical.com/hQgYr
Source: chromecache_307.13.dr String found in binary or memory: https://plus.google.com
Source: chromecache_307.13.dr String found in binary or memory: https://plus.googleapis.com
Source: JJs Waste & Recycling.doc String found in binary or memory: https://support.acorns.com/
Source: chromecache_307.13.dr String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_307.13.dr String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_307.13.dr String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown HTTPS traffic detected: 40.126.29.14:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49786 version: TLS 1.2
Document contains embedded VBA macros
Source: iso690.xsl.0.dr OLE indicator, VBA macros: true
Source: sist02.xsl.0.dr OLE indicator, VBA macros: true
Source: APASixthEditionOfficeOnline.xsl.0.dr OLE indicator, VBA macros: true
Source: gosttitle.xsl.0.dr OLE indicator, VBA macros: true
Source: gostname.xsl.0.dr OLE indicator, VBA macros: true
Source: ieee2006officeonline.xsl.0.dr OLE indicator, VBA macros: true
Source: gb.xsl.0.dr OLE indicator, VBA macros: true
Source: iso690nmerical.xsl.0.dr OLE indicator, VBA macros: true
Source: turabian.xsl.0.dr OLE indicator, VBA macros: true
Source: chicago.xsl.0.dr OLE indicator, VBA macros: true
Source: mlaseventheditionofficeonline.xsl.0.dr OLE indicator, VBA macros: true
Source: harvardanglia2008officeonline.xsl.0.dr OLE indicator, VBA macros: true
Document embeds suspicious OLE2 link
Source: JJs Waste & Recycling.doc Stream path 'Data' : https://www.bing.com/ck/a?!&&p=ddaabb77cc71063cJmltdHM9MTcxNDUyMTYwMCZpZ3VpZD0yYWJlMmVlOS00OGM2LTYzMTAtMmQ4ZC0zZDFkNDkxMjYyODcmaW5zaWQ9NTE1Ng&ptn=3&ver=2&hsh=3&fclid=2abe2ee9-48c6-6310-2d8d-3d1d49126287&psq=site%3a%220daykingz.org%22&u=a1aHR0cDovL3d3dy4wZGF5a2luZ3oub3JnL3NlY3Rpb24vMGRheQ&ntb=1K$L$$If!vh5#v:VVt6,5/B2,224T^K$L$$If!vh5#v:VVt6,5B4T^K$L$$If!vh5#v:VVt6,5B4T^K$L$$If!vh5#v:VVt6,5B4TK$L$$If!vh5$#v$:VVt6,5/B2X224T^K$L$$If!vh5$#v$:VVt6,5B4TgK$L$$If!vh5$#v$:VVt6,5%B24TuK$L$$If!vh5$#v$:VVt6,5%/B24TuK$L$$If!vh5$#v$:VVt6,5%/B2
Source: JJs Waste & Recycling.doc Stream path 'WordDocument' : https://www.bing.com/ck/a?!&&p=ddaabb77cc71063cJmltdHM9MTcxNDUyMTYwMCZpZ3VpZD0yYWJlMmVlOS00OGM2LTYzMTAtMmQ4ZC0zZDFkNDkxMjYyODcmaW5zaWQ9NTE1Ng&ptn=3&ver=2&hsh=3&fclid=2abe2ee9-48c6-6310-2d8d-3d1d49126287&psq=site%3a%220daykingz.org%22&u=a1aHR0cDovL3d3dy4wZGF5a2luZ3oub3JnL3NlY3Rpb24vMGRheQ&ntb=1"!Download EFT/Wire Transfer Receipt ( 06.8 kb)Thankyou!The exchange-traded funds (ETFs) in your Acorns account recently published new materials. ETFs contain a mix of securities, such as stocks and bonds. Similar to a stock, ETFs trade on an exchange, like the Nasdaq and New York Stock Exchange, but give investors broader exposure than investing in just one stock.Expiration Pending: This document will expire in 24 hours. HYPERLINK "https://support.acorns.com/"!Do not share this email+This email contains a secured link to DocuSign. Please do not share this email link or access code with others-About DocuSign+sign documents electronically in just minutes it's safe, secure and legally binding
Document misses a certain OLE stream usually present in this Microsoft Office document type
Source: iso690.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: sist02.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: APASixthEditionOfficeOnline.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gosttitle.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gostname.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ieee2006officeonline.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gb.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690nmerical.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: turabian.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: chicago.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: mlaseventheditionofficeonline.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: harvardanglia2008officeonline.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engine Classification label: clean3.winDOC@38/317@22/11
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Roaming\Microsoft\Office Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\{3C5D83C6-CDB5-4805-9E9D-93E477C0C09D} - OProcSessId.dat Jump to behavior
Source: JJs Waste & Recycling.doc OLE indicator, Word Document stream: true
Source: Element design set.dotx.0.dr OLE indicator, Word Document stream: true
Source: Equations.dotx.0.dr OLE indicator, Word Document stream: true
Source: Insight design set.dotx.0.dr OLE indicator, Word Document stream: true
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr OLE indicator, Word Document stream: true
Source: JJs Waste & Recycling.doc OLE document summary: author field not present or empty
Source: JJs Waste & Recycling.doc OLE document summary: edited time not present or 0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\JJs Waste & Recycling.doc" /o ""
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1948,i,9416647261188791292,15165100078885737676,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1948,i,9416647261188791292,15165100078885737676,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: JJs Waste & Recycling.LNK.0.dr LNK file: ..\..\..\..\..\Desktop\JJs Waste & Recycling.doc
Source: Google Drive.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.12.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/document.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = customXml/item2.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = [trash]/0000.dat
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/document.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = customXml/item2.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = [trash]/0000.dat
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/media/image2.jpg
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/document.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/media/image10.jpeg
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = customXml/item2.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = [trash]/0000.dat
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = docProps/custom.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/theme/_rels/theme1.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/document.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/item2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/itemProps3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/item3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/_rels/item3.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = [trash]/0000.dat
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = docProps/custom.xml
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Source: JJs Waste & Recycling.doc Initial sample: OLE summary codepage = 1200
Source: JJs Waste & Recycling.doc Initial sample: OLE document summary codepagedoc = 1200
Source: JJs Waste & Recycling.doc Initial sample: OLE indicators vbamacros = False
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information queried: ProcessInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1436591 Sample: JJs Waste & Recycling.doc Startdate: 06/05/2024 Architecture: WINDOWS Score: 3 5 chrome.exe 8 2->5         started        8 WINWORD.EXE 137 459 2->8         started        dnsIp3 13 192.168.2.16, 138, 443, 49265 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 d2vgu95hoyrpkh.cloudfront.net 18.64.174.31, 443, 49830 MIT-GATEWAYSUS United States 10->17 19 www.google.com 142.250.217.164, 443, 49771, 49773 GOOGLEUS United States 10->19 21 10 other IPs or domains 10->21
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.17.23
 owdl.ontrical.com United States
13335 CLOUDFLARENETUS false
104.17.3.184
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
142.250.217.164
 www.google.com United States
15169 GOOGLEUS false
151.101.194.137
 code.jquery.com United States
54113 FASTLYUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
18.64.174.31
 d2vgu95hoyrpkh.cloudfront.net United States
3 MIT-GATEWAYSUS false
142.250.217.174
 plus.l.google.com United States
15169 GOOGLEUS false
170.64.230.178
 0daykingz.org United States
16761 FEDMOG-ASN-01US false
142.250.217.196
 unknown United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
a.nel.cloudflare.com 35.190.80.1 true
plus.l.google.com 142.250.217.174 true
code.jquery.com 151.101.194.137 true
d2vgu95hoyrpkh.cloudfront.net 18.64.174.31 true
0daykingz.org 170.64.230.178 true
owdl.ontrical.com 104.21.17.23 true
challenges.cloudflare.com 104.17.3.184 true
www.google.com 142.250.217.164 true
www.0daykingz.org unknown unknown
cdn.socket.io unknown unknown
apis.google.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw false
    		high
    https://code.jquery.com/jquery-3.6.0.min.js false
      		high
      https://owdl.ontrical.com/yzW31nB97jLyIuZu9TUcbvfnW0N7cursOEAN6TNzlJkNQsRWHjab180 false
      • Avira URL Cloud: safe
      		 unknown
      https://www.0daykingz.org/favicon.ico false
      • Avira URL Cloud: safe
      		 unknown
      https://owdl.ontrical.com/qrvi0Uv1KX22eaRjvPwmnhQ0QTizEC4K04DUqsg67136 false
      • Avira URL Cloud: safe
      		 unknown
      https://owdl.ontrical.com/opdyuRSA87frIgXH3lvMwzopZ1Up36zkJmgDObI4WoJsrINstQPvfO6vhtuolwEsJEJeuef240 false
      • Avira URL Cloud: safe
      		 unknown
      https://owdl.ontrical.com/56jbyWygy4pHv7Gxy1Btn6713 false
      • Avira URL Cloud: safe
      		 unknown
      https://owdl.ontrical.com/uvrkYhoWNCFzTdn9bTyelia6yOpMopgiNict3nNBBB6BO12130 false
      • Avira URL Cloud: safe
      		 unknown
      https://owdl.ontrical.com/kl2DtgirVQiK8jIHwf6dkrbLCks4Niwtpqrq58oLJe15HBljqdBTcAJnHA38Fyz228 false
      • Avira URL Cloud: safe
      		 unknown
      http://www.0daykingz.org/section/0day false
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		 unknown
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/87f5e044bf2c0355/1714966064410/931b17d7fe15bd138c54421169163a2bc0343e6e504687671bb3931ac3b96d1c/zZOVK9JLkf2c3ZT false
        		high
        https://owdl.ontrical.com/uvWCnpEolOeOqJFLvvy4Lx7osI2oPAp9jymnxy0f2fn0LnwFTGfVUWPcsUsk2E0uHPlef258 false
        • Avira URL Cloud: safe
        		 unknown
        https://owdl.ontrical.com/90ZDX0kwrIpJ3uOBeR23Fh2uTst52 false
        • Avira URL Cloud: safe
        		 unknown
        https://owdl.ontrical.com/pqP0mxJ6S9dlZ90GVve34ugEkwx31 false
        • Avira URL Cloud: safe
        		 unknown
        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3wsn6/0x4AAAAAAAY7eqgAq_T9P7B3/auto/normal false
          		high
          https://owdl.ontrical.com/rsZzTrsjVtxEO9QOYCwvYh5AJuvNUvcCnvM39x37YgAG3eperfv6dX4LTcd200 false
          • Avira URL Cloud: safe
          		 unknown
          https://owdl.ontrical.com/89QGTJxyJYyA40vgI12DB0P76PDab80 false
          • Avira URL Cloud: safe
          		 unknown
          https://www.google.com/recaptcha/api.js false
            		high
            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D false
              		high
              https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0 false
                		high
                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87f5e044bf2c0355 false
                  		high
                  https://owdl.ontrical.com/23FUdLFmv794uEGLJ90K0CoOmuvw66 false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://owdl.ontrical.com/rmsRf5o0wxf2nX1dIO8uCx5WFlb4H0wg false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://owdl.ontrical.com/hQgYr/ false
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		 unknown
                  https://www.0daykingz.org/section/0day/ false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://www.google.com/async/newtab_promos false
                    		high
                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87f5e044bf2c0355/1714966064410/WhOFPpOehK32phk false
                      		high
                      https://owdl.ontrical.com/mnr849V6qfba3cuL7rf7CeTuqGboN56iFcLFW5HJSEsZPdHnrfWfaHfWuv220 false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://owdl.ontrical.com/web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://owdl.ontrical.com/vMXIBwRqfwPGujaGJthxybheRJFTHHCFQXVVAGAPDCVTHQORZPYZJBDUDACIDTGU?ftSjhZbECpThqjMeitIsqUGgSEXSBYBZJLWEODWQVRTWHUKIDRJZMDKFKGIIQ false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://owdl.ontrical.com/xysaMqODztQrsZ0cd26 false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw false
                        		high
                        http://www.0daykingz.org/section/0day/ false
                        • Avira URL Cloud: safe
                        		 unknown
                        https://www.google.com/async/ddljson?async=ntp:2 false
                          		high
                          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw false
                            		high
                            https://cdn.socket.io/4.6.0/socket.io.min.js false
                              		high
                              https://owdl.ontrical.com/56zkieDpvpc7tWgR4lZ96BFY53T1kl2NSgfFfewtQdkll89110 false
                              • Avira URL Cloud: safe
                              		 unknown
                              https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 false
                                		high
                                https://owdl.ontrical.com/ghdo3xjAZylxx7OtkiTRg3H8F8b3FjduqsbNmjdNmn2tlGC8gZVNlvIOuO7TGj4y2Ogrtkef210 false
                                • Avira URL Cloud: safe
                                		 unknown
                                https://owdl.ontrical.com/yzAATeKnE2yhKkUZ56RsHnaqr48 false
                                • Avira URL Cloud: safe
                                		 unknown
                                https://owdl.ontrical.com/ijCTiuFQG76QIseSaEEGcklmXyJnKIcddJ3PrAH6AC5Llcqo3k8ta3aXYF78166 false
                                • Avira URL Cloud: safe
                                		 unknown
                                https://owdl.ontrical.com/hQgYr/?y false
                                • Avira URL Cloud: safe
                                		 unknown
                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1369893591:1714962889:d6s5WU-se-BZkFsNbHvFG_8IKzStcsyrTjyMVdTrlRA/87f5e044bf2c0355/2fdeedf8fe85e46 false
                                  		high
                                  https://owdl.ontrical.com/eflsMx8ccuDx2I78WDwj6cynfqVmn100 false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  https://owdl.ontrical.com/favicon.ico false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  https://owdl.ontrical.com/mneSnXQI2oAnjKN6XnOC4kjCBIHx0P7HVl4uvbqS0NbSpLUnwDQtLV90150 false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  https://challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js false
                                    		high
                                    https://owdl.ontrical.com/ioFF5Xjki3gkjQAfUzOj8rT2s9eDCW0Ph7CK0iTN1XnDIoN5oXCDNfcsUr0el false
                                    • Avira URL Cloud: safe
                                    		 unknown
                                    https://a.nel.cloudflare.com/report/v4?s=YOwR%2FGjXnyPazTF1eT8nhxnxKt4IJuTq686mM6mn3w%2F6d%2BOVlv7yl67d5CpgFIHziweTEX2oIBAESj8mFjr3IlC7e%2F5O5Rjn6CzGFjWdHDbxz3s2dBoOoE%2F3pD4UYQ%3D%3D false
                                      		high