Edit tour

Windows Analysis Report
https://us-east-2.protection.sophos.com/?d=getresponse.com&u=aHR0cHM6Ly9hcHAuZ2V0cmVzcG9uc2UuY29tL2NsaWNrLmh0bWw_eD1hNjJiJmxjPWhHV1ZlWSZtYz1KUCZzPUJPOWlFRGUmdT10amo4cyZ6PUV5TFFKd0Ym&i=NjNiMjEzMmQ2YzIzYmUxMmI2MjdlN2Jm&t=UU5mcFBRd3ZEVDFFalovL3NnVE9NNXBBT29aV2lKVEkzSng1RlcxY1AvRT0=&h=2f07214878e0427080

Overview

General Information

Sample URL:	https://us-east-2.protection.sophos.com/?d=getresponse.com&u=aHR0cHM6Ly9hcHAuZ2V0cmVzcG9uc2UuY29tL2NsaWNrLmh0bWw_eD1hNjJiJmxjPWhHV1ZlWSZtYz1KUCZzPUJPOWlFRGUmdT10amo4cyZ6PUV5TFFKd0Ym&i=NjNiMjEzMmQ2YzIz
Analysis ID:	1298969
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Antivirus detection for URL or domain

Phishing site detected (based on logo match)

Phishing site detected (based on image similarity)

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

Invalid 'forgot password' link found

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 916 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

chrome.exe (PID: 1744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1872,i,13108684092173635626,2710792282603254976,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

chrome.exe (PID: 2968 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us-east-2.protection.sophos.com/?d=getresponse.com&u=aHR0cHM6Ly9hcHAuZ2V0cmVzcG9uc2UuY29tL2NsaWNrLmh0bWw_eD1hNjJiJmxjPWhHV1ZlWSZtYz1KUCZzPUJPOWlFRGUmdT10amo4cyZ6PUV5TFFKd0Ym&i=NjNiMjEzMmQ2YzIzYmUxMmI2MjdlN2Jm&t=UU5mcFBRd3ZEVDFFalovL3NnVE9NNXBBT29aV2lKVEkzSng1RlcxY1AvRT0=&h=2f07214878e0427080b5bd082a28a4a8&s=AVNPUEhUT0NFTkNSWVBUSVYyyG7MgRimdeSZs9PFo0JJzdsqn-bVQtHV9h09dNzEVw MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_200	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=Dvrtrktau_uydMvoGc1_xfN2ULJBRPHxz6q2oM2aufczSxk8Cchv3g2jlLVO-eHXlJ_BwPi1P-zYcjdR9AuTyG10jrJ2AzQ7yL8SBUliEafdzZn70Pmm-r8GrPXaz7LFgctn_yZRHpJXI09tbP_WroWCmYwT_a7Fwj8gHnQ5nbY; AEC=Ad49MVGGktvnyMQBXjxfVM4VyQMgBORLkDWV_5bpQs3oS50vEqIAFgkFMBQ; CONSENT=PENDING+008; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDMtMF9SQzIaAmRlIAEaBgiA0dCmBg; __Secure-ENID=14.SE=ASWfeSSVBcK3LyggZgGhgI5yIs3Z2wYpfR6yuK81LiYU6I0bFs937AKcakQoHnJkxVLloWnpVW_r8Ar2dupLdGHUm260SY6_u_8bKbtIVuC2UT3_Sjp3_6n5MjyjVSOfngggQke4VZle0rxsEtTK1UwAzXaROx3bb_2_jH9Xta1jpoaREw

Source: classification engine

Classification label: mal72.phis.win@25/29@20/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1872,i,13108684092173635626,2710792282603254976,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us-east-2.protection.sophos.com/?d=getresponse.com&u=aHR0cHM6Ly9hcHAuZ2V0cmVzcG9uc2UuY29tL2NsaWNrLmh0bWw_eD1hNjJiJmxjPWhHV1ZlWSZtYz1KUCZzPUJPOWlFRGUmdT10amo4cyZ6PUV5TFFKd0Ym&i=NjNiMjEzMmQ2YzIzYmUxMmI2MjdlN2Jm&t=UU5mcFBRd3ZEVDFFalovL3NnVE9NNXBBT29aV2lKVEkzSng1RlcxY1AvRT0=&h=2f07214878e0427080b5bd082a28a4a8&s=AVNPUEhUT0NFTkNSWVBUSVYyyG7MgRimdeSZs9PFo0JJzdsqn-bVQtHV9h09dNzEVw
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1872,i,13108684092173635626,2710792282603254976,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\chrome_BITS_916_1082347263

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_916_1082347263	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894\LICENSE.txt	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894\Filtering Rules	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894\LICENSE.txt

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://us-east-2.protection.sophos.com/?d=getresponse.com&u=aHR0cHM6Ly9hcHAuZ2V0cmVzcG9uc2UuY29tL2NsaWNrLmh0bWw_eD1hNjJiJmxjPWhHV1ZlWSZtYz1KUCZzPUJPOWlFRGUmdT10amo4cyZ6PUV5TFFKd0Ym&i=NjNiMjEzMmQ2YzIzYmUxMmI2MjdlN2Jm&t=UU5mcFBRd3ZEVDFFalovL3NnVE9NNXBBT29aV2lKVEkzSng1RlcxY1AvRT0=&h=2f07214878e0427080b5bd082a28a4a8&s=AVNPUEhUT0NFTkNSWVBUSVYyyG7MgRimdeSZs9PFo0JJzdsqn-bVQtHV9h09dNzEVw	1%	Virustotal		Browse
https://us-east-2.protection.sophos.com/?d=getresponse.com&u=aHR0cHM6Ly9hcHAuZ2V0cmVzcG9uc2UuY29tL2NsaWNrLmh0bWw_eD1hNjJiJmxjPWhHV1ZlWSZtYz1KUCZzPUJPOWlFRGUmdT10amo4cyZ6PUV5TFFKd0Ym&i=NjNiMjEzMmQ2YzIzYmUxMmI2MjdlN2Jm&t=UU5mcFBRd3ZEVDFFalovL3NnVE9NNXBBT29aV2lKVEkzSng1RlcxY1AvRT0=&h=2f07214878e0427080b5bd082a28a4a8&s=AVNPUEhUT0NFTkNSWVBUSVYyyG7MgRimdeSZs9PFo0JJzdsqn-bVQtHV9h09dNzEVw	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://fra1.digitaloceanspaces.com/gdpdppdpfsss/microsoftonline.htm	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://fra1.digitaloceanspaces.com/gdpdppdpfsss/microsoftonline.htm#	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://aadcdn.msftauth.net/ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.s	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.s	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_96f69d0cefd8a8ba623a182c351ccc64.png	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_5bc252567ef56db648207d9c36a9d004.p	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
d1nhsro6ypf0az.cloudfront.net	18.165.183.84	true	false	high
cs1100.wpc.omegacdn.net	152.199.23.37	true	false	unknown
accounts.google.com	142.251.36.237	true	false	high
fra1.digitaloceanspaces.com	5.101.109.44	true	false	high
code.jquery.com	69.16.175.10	true	false	high
cdnjs.cloudflare.com	104.17.25.14	true	false	high
www.google.com	172.217.16.164	true	false	high
app.getresponse.com	104.160.64.9	true	false	high
clients.l.google.com	172.217.16.174	true	false	high
clients2.google.com	unknown	unknown	false	high
us-east-2.protection.sophos.com	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aadcdn.msftauth.net/ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg	false	URL Reputation: safe	unknown
https://app.getresponse.com/click.html?x=a62b&lc=hGWVeY&mc=JP&s=BO9iEDe&u=tjj8s&z=EyLQJwF&	false		high
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	URL Reputation: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://us-east-2.protection.sophos.com/?d=getresponse.com&u=aHR0cHM6Ly9hcHAuZ2V0cmVzcG9uc2UuY29tL2NsaWNrLmh0bWw_eD1hNjJiJmxjPWhHV1ZlWSZtYz1KUCZzPUJPOWlFRGUmdT10amo4cyZ6PUV5TFFKd0Ym&i=NjNiMjEzMmQ2YzIzYmUxMmI2MjdlN2Jm&t=UU5mcFBRd3ZEVDFFalovL3NnVE9NNXBBT29aV2lKVEkzSng1RlcxY1AvRT0=&h=2f07214878e0427080b5bd082a28a4a8&s=AVNPUEhUT0NFTkNSWVBUSVYyyG7MgRimdeSZs9PFo0JJzdsqn-bVQtHV9h09dNzEVw	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg	false	URL Reputation: safe URL Reputation: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg	false	URL Reputation: safe URL Reputation: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg	false	URL Reputation: safe	unknown
https://fra1.digitaloceanspaces.com/gdpdppdpfsss/microsoftonline.htm#	false	SlashNext: Credential Stealing type: Phishing & Social Engineering	high
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://fra1.digitaloceanspaces.com/gdpdppdpfsss/microsoftonline.htm	false	SlashNext: Credential Stealing type: Phishing & Social Engineering	high
https://fra1.digitaloceanspaces.com/gdpdppdpfsss/microsoftonline.htm	false	SlashNext: Credential Stealing type: Phishing & Social Engineering	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	chromecache_216.1.dr	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s	chromecache_200.1.dr	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44	chromecache_200.1.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://easylist.to/)	LICENSE.txt.0.dr	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.s	chromecache_200.1.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://creativecommons.org/compatiblelicenses	LICENSE.txt.0.dr	false		high
http://fontawesome.io/license	chromecache_216.1.dr	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343	chromecache_200.1.dr	false	URL Reputation: safe	unknown
https://github.com/easylist)	LICENSE.txt.0.dr	false		high
https://creativecommons.org/.	LICENSE.txt.0.dr	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.	chromecache_200.1.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_96f69d0cefd8a8ba623a182c351ccc64.png	chromecache_200.1.dr	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_5bc252567ef56db648207d9c36a9d004.p	chromecache_200.1.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.36.237	accounts.google.com	United States	15169	GOOGLEUS	false
104.160.64.9	app.getresponse.com	United States	46469	GETRESPONSE-IMPLIXUS	false
18.165.183.84	d1nhsro6ypf0az.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
69.16.175.10	code.jquery.com	United States	20446	HIGHWINDS3US	false
152.199.23.37	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
172.217.16.174	clients.l.google.com	United States	15169	GOOGLEUS	false
5.101.109.44	fra1.digitaloceanspaces.com	Netherlands	14061	DIGITALOCEAN-ASNUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
172.217.16.164	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1298969
Start date and time:	2023-08-28 20:04:45 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://us-east-2.protection.sophos.com/?d=getresponse.com&u=aHR0cHM6Ly9hcHAuZ2V0cmVzcG9uc2UuY29tL2NsaWNrLmh0bWw_eD1hNjJiJmxjPWhHV1ZlWSZtYz1KUCZzPUJPOWlFRGUmdT10amo4cyZ6PUV5TFFKd0Ym&i=NjNiMjEzMmQ2YzIzYmUxMmI2MjdlN2Jm&t=UU5mcFBRd3ZEVDFFalovL3NnVE9NNXBBT29aV2lKVEkzSng1RlcxY1AvRT0=&h=2f07214878e0427080b5bd082a28a4a8&s=AVNPUEhUT0NFTkNSWVBUSVYyyG7MgRimdeSZs9PFo0JJzdsqn-bVQtHV9h09dNzEVw
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@25/29@20/11
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 142.251.37.3, 34.104.35.123, 142.251.37.10, 172.217.16.170, 142.251.36.170, 142.251.36.202, 142.251.36.234, 172.217.16.163
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, eudb.ris.api.iris.microsoft.com, update.googleapis.com, clientservices.googleapis.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	75272
Entropy (8bit):	5.53696123058262
Encrypted:	false
SSDEEP:	1536:F7qv8gxoXIEWyFbBSFAxkf2B9xSUlZmmw4ui1Zlj+E0TNzxxB8fNe5P:Yv8g8vpFbBWAxHB9gI1nbvlj+E0hzxHv
MD5:	7B330DB988A4963F2398D29BD2EB3EBE
SHA1:	0B17173D66FE3F5D792DBE750E5D93FCC774753B
SHA-256:	05BEB51FB0596AB0FB46C6692AB8031D3C017EBB7924F92A52142039D654F9C6
SHA-512:	DE6C2B8C0258030FB3B7D6C8B0466EB1C6FEB7B536F7B83C12A0545CF2291BAC08E18F592F9553C146B5842CA1100C155EC6DE4277D47AECC5E6B81A097D8DD4
Malicious:	false
Reputation:	low
Preview:	............0.8.@.R.-728x90...........0.8.@.R.adtdp.com^..........0.8.@.R.sdbvveonb1.com^..........0.8.@.R.yomeno.xyz^.:...........adcore.com.au.....adcore.ch..0.8.@.R./adcore_..........0.8.@.R.yellowblue.io^..........0.8.@.R.viagengarr.com^..........0.8.@.R.ad999.biz^..........0.8.@.R._468_60..3........0.8.@.R#/wp-content/plugins/wp-super-popup/..........0.8.@.R..adbutler-..........0.8.@.R.adrecover.com^..........0.8.@.R.hdbcode.com^.-...........konograma.com..0.8.@.R./adserver..............vk.com0.8.@.R.vk.me/css/al/ads.css."......0.8.@.R./plugins/cactus-ads/.,........0.8.@.R.mysmth.net/nForum//ADAgent_..........0.8.@.R.indoleads.com^.%......0.8.@.R.discordapp.com/banners/.E...........daum.net0.8.@.R)daumcdn.net/adfit/static/ad-native.min.js.(........0.8.@.R.looker.com/api/internal/.#........0.8.@.R.broadstreetads.com^..........0.8.@.R./banner.cgi?..............thefreedictionary.com...downloads.codefi.re...windows7themes.net...smallseotools.com...tampermonkey.net...global

Source: https://fra1.digitaloceanspaces.com/gdpdppdpfsss/microsoftonline.htm	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://fra1.digitaloceanspaces.com/gdpdppdpfsss/microsoftonline.htm#	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Source: https://fra1.digitaloceanspaces.com	Matcher: Template: microsoft matched with high similarity
Source: https://fra1.digitaloceanspaces.com/gdpdppdpfsss/microsoftonline.htm	Matcher: Template: microsoft matched with high similarity
Source: https://fra1.digitaloceanspaces.com/gdpdppdpfsss/microsoftonline.htm#	Matcher: Template: microsoft matched with high similarity

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_200, type: DROPPED

Source: https://fra1.digitaloceanspaces.com/gdpdppdpfsss/microsoftonline.htm	Matcher: Template: microsoft matched
Source: https://fra1.digitaloceanspaces.com/gdpdppdpfsss/microsoftonline.htm#	Matcher: Template: microsoft matched

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-115.0.5790.171Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?d=getresponse.com&u=aHR0cHM6Ly9hcHAuZ2V0cmVzcG9uc2UuY29tL2NsaWNrLmh0bWw_eD1hNjJiJmxjPWhHV1ZlWSZtYz1KUCZzPUJPOWlFRGUmdT10amo4cyZ6PUV5TFFKd0Ym&i=NjNiMjEzMmQ2YzIzYmUxMmI2MjdlN2Jm&t=UU5mcFBRd3ZEVDFFalovL3NnVE9NNXBBT29aV2lKVEkzSng1RlcxY1AvRT0=&h=2f07214878e0427080b5bd082a28a4a8&s=AVNPUEhUT0NFTkNSWVBUSVYyyG7MgRimdeSZs9PFo0JJzdsqn-bVQtHV9h09dNzEVw HTTP/1.1Host: us-east-2.protection.sophos.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /click.html?x=a62b&lc=hGWVeY&mc=JP&s=BO9iEDe&u=tjj8s&z=EyLQJwF& HTTP/1.1Host: app.getresponse.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gdpdppdpfsss/microsoftonline.htm HTTP/1.1Host: fra1.digitaloceanspaces.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"Origin: https://fra1.digitaloceanspaces.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://fra1.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fra1.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fra1.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fra1.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fra1.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fra1.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fra1.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fra1.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fra1.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fra1.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fra1.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fra1.digitaloceanspaces.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_216.1.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_216.1.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_200.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
Source: chromecache_200.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Source: chromecache_200.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
Source: chromecache_200.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
Source: chromecache_200.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_96f69d0cefd8a8ba623a182c351ccc64.png
Source: chromecache_200.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.s
Source: chromecache_200.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_5bc252567ef56db648207d9c36a9d004.p
Source: chromecache_200.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_200.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.
Source: chromecache_200.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44
Source: chromecache_200.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343
Source: chromecache_200.1.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
Source: chromecache_200.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Source: chromecache_200.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2023 20:05:42.029408932 CEST	60422	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:42.029788971 CEST	64219	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:42.030272007 CEST	55252	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:42.030726910 CEST	64997	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:42.049227953 CEST	53	60422	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:42.049920082 CEST	53	55252	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:42.057719946 CEST	53	64219	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:42.059926987 CEST	53	53183	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:42.098917961 CEST	53	64997	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:42.330641985 CEST	53	51019	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:43.512953043 CEST	56634	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:43.513432026 CEST	57619	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:43.555186033 CEST	53	56634	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:43.563221931 CEST	53	57619	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:44.499845028 CEST	56046	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:44.500504971 CEST	51513	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:44.520395041 CEST	53	51513	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:44.528969049 CEST	53	56046	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:45.082752943 CEST	56852	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:45.084081888 CEST	54947	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:45.104334116 CEST	53	54947	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:45.108426094 CEST	53	56852	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:45.467529058 CEST	52465	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:45.468317986 CEST	50106	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:45.503271103 CEST	53	50106	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:45.507340908 CEST	53	52465	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:45.507518053 CEST	52947	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:45.508320093 CEST	53460	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:45.528378010 CEST	53	53460	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:45.540292978 CEST	53	52947	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:45.762582064 CEST	63275	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:45.763225079 CEST	57156	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:45.777153015 CEST	53	63275	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:45.777367115 CEST	53	57156	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:45.797620058 CEST	59551	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:45.798196077 CEST	63616	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:45.812505960 CEST	53	63616	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:45.831947088 CEST	53	59551	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:46.806853056 CEST	53	63240	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:48.344799995 CEST	56751	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:48.345437050 CEST	56646	53	192.168.2.5	8.8.8.8
Aug 28, 2023 20:05:48.365384102 CEST	53	56646	8.8.8.8	192.168.2.5
Aug 28, 2023 20:05:48.373788118 CEST	53	56751	8.8.8.8	192.168.2.5
Aug 28, 2023 20:06:41.007816076 CEST	53	51660	8.8.8.8	192.168.2.5

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:42 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=Dvrtrktau_uydMvoGc1_xfN2ULJBRPHxz6q2oM2aufczSxk8Cchv3g2jlLVO-eHXlJ_BwPi1P-zYcjdR9AuTyG10jrJ2AzQ7yL8SBUliEafdzZn70Pmm-r8GrPXaz7LFgctn_yZRHpJXI09tbP_WroWCmYwT_a7Fwj8gHnQ5nbY; AEC=Ad49MVGGktvnyMQBXjxfVM4VyQMgBORLkDWV_5bpQs3oS50vEqIAFgkFMBQ; CONSENT=PENDING+008; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDMtMF9SQzIaAmRlIAEaBgiA0dCmBg; __Secure-ENID=14.SE=ASWfeSSVBcK3LyggZgGhgI5yIs3Z2wYpfR6yuK81LiYU6I0bFs937AKcakQoHnJkxVLloWnpVW_r8Ar2dupLdGHUm260SY6_u_8bKbtIVuC2UT3_Sjp3_6n5MjyjVSOfngggQke4VZle0rxsEtTK1UwAzXaROx3bb_2_jH9Xta1jpoaREw
2023-08-28 18:05:42 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-08-28 18:05:42 UTC	1	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 28 Aug 2023 18:05:42 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-tbwuSEKLZIaIQuKSVLskDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-08-28 18:05:42 UTC	3	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-08-28 18:05:42 UTC	3	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:42 UTC	1	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-115.0.5790.171 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:42 UTC	3	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-EcG9eC4hWH2I_WZ52DdNkQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 28 Aug 2023 18:05:42 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6083 X-Daystart: 39942 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-08-28 18:05:42 UTC	4	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 30 38 33 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 39 39 34 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6083" elapsed_seconds="39942"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-08-28 18:05:42 UTC	4	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-08-28 18:05:42 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:46 UTC	177	OUT	GET /ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fra1.digitaloceanspaces.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:46 UTC	272	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Cache-Control: public, max-age=604800 Content-MD5: ykuOnMaTo0vw2Gx/ZceiPg== Content-Type: image/svg+xml Date: Mon, 28 Aug 2023 18:05:46 GMT Etag: 0x8D6410153A20B4B Last-Modified: Fri, 02 Nov 2018 20:25:27 GMT Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Vary: Accept-Encoding x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 821c0649-501e-00ba-34da-d92277000000 x-ms-version: 2009-09-19 Content-Length: 222 Connection: close
2023-08-28 18:05:46 UTC	273	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 63 69 72 63 6c 65 20 63 78 3d 22 32 34 22 20 63 79 3d 22 32 34 22 20 72 3d 22 32 34 22 20 66 69 6c 6c 3d 22 23 65 36 65 36 65 36 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 32 35 2c 32 33 48 33 36 76 32 48 32 35 56 33 36 48 32 33 56 32 35 48 31 32 56 32 33 48 32 33 56 31 32 68 32 5a 22 20 66 69 6c 6c 3d 22 23 34 30 34 30 34 30 22 2f 3e 3c 2f 73 76 67 3e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M25,23H36v2H25V36H23V25H12V23H23V12h2Z" fill="#404040"/></svg>

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:46 UTC	177	OUT	GET /ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fra1.digitaloceanspaces.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:46 UTC	179	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 594786 Cache-Control: public, max-age=604800 Content-MD5: TjUQkZ0p0Y7rbj6LJofS9Q== Content-Type: image/svg+xml Date: Mon, 28 Aug 2023 18:05:46 GMT Etag: 0x8D6410144A4CB90 Last-Modified: Fri, 02 Nov 2018 20:25:02 GMT Server: ECAcc (muc/335D) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: ceadad38-701e-0000-6b71-d45a26000000 x-ms-version: 2009-09-19 Content-Length: 513 Connection: close
2023-08-28 18:05:46 UTC	180	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 32 34 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 31 38 2c 31 31 2e 35 37 38 76 2e 38 34 34 48 37 2e 36 31 37 6c 33 2e 39 32 31 2c 33 2e 39 32 38 2d 2e 35 39 34 2e 35 39 34 4c 36 2c 31 32 6c 34 2e 39 34 34 2d 34 2e 39 34 34 2e 35 39 34 2e 35 39 34 4c 37 2e 36 31 37 2c 31 31 2e 35 37 38 5a 22 20 66 69 6c 6c 3d 22 23 34 30 34 30 34 30 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 31 30 2e 39 34 34 2c 37 2e 30 35 36 6c 2e 35 39 34 2e 35 39 34 4c 37 2e 36 31 37 2c 31 31 2e 35 37 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.57

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:46 UTC	178	OUT	GET /ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fra1.digitaloceanspaces.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:46 UTC	270	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Cache-Control: public, max-age=604800 Content-MD5: GapJ5vNFgRzr6JUAPI/Pxw== Content-Type: image/svg+xml Date: Mon, 28 Aug 2023 18:05:45 GMT Etag: 0x8D641014BCAFCCD Last-Modified: Fri, 02 Nov 2018 20:25:14 GMT Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 Vary: Accept-Encoding x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 6f7062bf-e01e-0045-21da-d90e3d000000 x-ms-version: 2009-09-19 Content-Length: 900 Connection: close
2023-08-28 18:05:46 UTC	271	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 31 2e 31 34 33 2c 36 2e 38 35 37 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2c 2e 34 34 36 2e 30 38 39 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2c 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2c 30 2c 2e 38 39 33 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2d 2e 34 34 36 2e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:46 UTC	178	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://fra1.digitaloceanspaces.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:46 UTC	180	IN	HTTP/1.1 200 OK Date: Mon, 28 Aug 2023 18:05:46 GMT Connection: close Content-Length: 86709 Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 20 Aug 2021 17:47:53 GMT Accept-Ranges: bytes Server: nginx ETag: W/"611feac9-152b5" Cache-Control: max-age=315360000 Cache-Control: public Access-Control-Allow-Origin: * Vary: Accept-Encoding X-HW: 1693245945.dop013.ml1.t,1693245946.cds223.ml1.shn,1693245946.dop013.ml1.t,1693245946.cds204.ml1.c
2023-08-28 18:05:46 UTC	181	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2023-08-28 18:05:46 UTC	197	IN	Data Raw: 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 74 26 26 28 73 26 26 28 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6b 5b 61 5d 3d 5b 77 2c 74 5d 29 2c 6d 3d 3d 3d 62 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 74 2d 3d 65 2c 74 3d 3d 3d 64 7c 7c 74 25 64 3d 3d 3d 30 26 26 74 2f 64 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 3d 64 2e 70 73 65 75 64 6f 73 5b 61 5d 7c 7c 64 2e 73 65 74 46 69 6c 74 65 72 73 5b 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 67 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 61 29 3b 72 65 74 Data Ascii: ===m.nodeType)&&++t&&(s&&(l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d\|\|t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]\|\|d.setFilters[a.toLowerCase()]\|\|ga.error("unsupported pseudo: "+a);ret
2023-08-28 18:05:46 UTC	213	IN	Data Raw: 64 3d 31 2c 55 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 62 7c 7c 28 62 3d 7b 7d 2c 54 28 61 29 26 26 28 61 2e 6e 6f 64 65 54 79 70 65 3f 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 62 3a 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 7b 76 61 6c 75 65 3a 62 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 29 29 2c 62 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 3d 74 68 69 73 2e 63 61 63 68 65 28 61 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 29 65 5b 72 2e 63 61 6d 65 6c 43 61 73 65 Data Ascii: d=1,U.prototype={cache:function(a){var b=a[this.expando];return b\|\|(b={},T(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase
2023-08-28 18:05:46 UTC	229	IN	Data Raw: 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 61 29 7d 29 7d 2c 6e 75 6c 6c 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 31 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 62 3d 44 61 28 74 68 69 73 2c 61 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 Data Ascii: e&&9!==this.nodeType\|\|(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType\|\|11===this.nodeType\|\|9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(
2023-08-28 18:05:46 UTC	245	IN	Data Raw: 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 62 26 26 28 62 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 29 7d 7d 29 2c 72 2e 65 61 63 68 28 5b 22 74 61 62 49 6e 64 65 78 22 2c 22 72 65 61 64 4f 6e 6c 79 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 2c 22 63 65 6c 6c 53 70 61 63 Data Ascii: s.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpac
2023-08-28 18:05:46 UTC	261	IN	Data Raw: 3d 62 2e 6a 73 6f 6e 70 21 3d 3d 21 31 26 26 28 52 62 2e 74 65 73 74 28 62 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 26 26 30 3d 3d 3d 28 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 52 62 2e 74 65 73 74 28 62 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 68 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 65 3d 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 Data Ascii: =b.jsonp!==!1&&(Rb.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Rb.test(b.data)&&"data");if(h\|\|"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallb

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:46 UTC	213	OUT	GET /ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fra1.digitaloceanspaces.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:46 UTC	266	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 9666679 Cache-Control: public, max-age=31536000 Content-MD5: DhdidjYrlCeaRJJRG/y9mA== Content-Type: image/svg+xml Date: Mon, 28 Aug 2023 18:05:46 GMT Etag: 0x8D7B029B6833F84 Last-Modified: Thu, 13 Feb 2020 02:09:09 GMT Server: ECAcc (muc/3348) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 089b9416-101e-0001-49ef-812088000000 x-ms-version: 2009-09-19 Content-Length: 1864 Connection: close
2023-08-28 18:05:46 UTC	266	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 34 30 31 2e 36 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:46 UTC	268	OUT	GET /ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fra1.digitaloceanspaces.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:46 UTC	269	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 442693 Cache-Control: public, max-age=604800 Content-MD5: /a3y/mpA+HRaVAiPACrsog== Content-Type: image/svg+xml Date: Mon, 28 Aug 2023 18:05:46 GMT Etag: 0x8D641014C1EFD89 Last-Modified: Fri, 02 Nov 2018 20:25:14 GMT Server: ECAcc (muc/3367) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 26c9254e-101e-00ea-4ed3-d54144000000 x-ms-version: 2009-09-19 Content-Length: 915 Connection: close
2023-08-28 18:05:46 UTC	270	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 37 37 37 37 37 37 22 20 64 3d 22 4d 31 2e 31 34 33 2c 36 2e 38 35 37 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2c 2e 34 34 36 2e 30 38 39 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2c 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2c 30 2c 2e 38 39 33 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:47 UTC	273	OUT	GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fra1.digitaloceanspaces.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:47 UTC	273	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 523153 Cache-Control: public, max-age=604800 Content-MD5: EuPayFgGHQiAI7K9SOL6lg== Content-Type: image/x-icon Date: Mon, 28 Aug 2023 18:05:47 GMT Etag: 0x8D641014D44D8FD Last-Modified: Fri, 02 Nov 2018 20:25:16 GMT Server: ECAcc (muc/335B) X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 684ee005-a01e-00ad-6f18-d5435b000000 x-ms-version: 2009-09-19 Content-Length: 17174 Connection: close
2023-08-28 18:05:47 UTC	274	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2023-08-28 18:05:47 UTC	290	IN	Data Raw: 01 80 00 00 01 80 00 28 00 00 00 18 00 00 00 30 00 00 00 01 00 04 00 00 00 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 22 22 22 22 22 20 33 33 33 33 33 30 Data Ascii: (0"P""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330""""" 333330

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:48 UTC	291	OUT	GET /ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:48 UTC	292	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 5306989 Cache-Control: public, max-age=31536000 Content-MD5: izYzcDfP+Iw98gO7c9WOQQ== Content-Type: image/png Date: Mon, 28 Aug 2023 18:05:48 GMT Etag: 0x8D7B008E3889D50 Last-Modified: Wed, 12 Feb 2020 22:14:11 GMT Server: ECAcc (muc/3308) X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 6a22c2a8-e01e-001e-6795-a9a043000000 x-ms-version: 2009-09-19 Content-Length: 5139 Connection: close
2023-08-28 18:05:48 UTC	292	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 56 00 00 00 48 08 06 00 00 00 ad 04 dd dc 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 25 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 38 20 37 39 2e 31 36 34 30 33 36 2c 20 32 30 31 39 2f 30 38 2f 31 33 2d 30 31 3a 30 36 3a 35 37 20 20 Data Ascii: PNGIHDRVHtEXtSoftwareAdobe ImageReadyqe<%iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:48 UTC	291	OUT	GET /ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:48 UTC	297	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 499354 Cache-Control: public, max-age=604800 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Mon, 28 Aug 2023 18:05:48 GMT Etag: 0x8D64101507E84BD Last-Modified: Fri, 02 Nov 2018 20:25:22 GMT Server: ECAcc (muc/3369) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 2881d840-c01e-0097-194f-d56c5f000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2023-08-28 18:05:48 UTC	298	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:43 UTC	4	OUT	GET /?d=getresponse.com&u=aHR0cHM6Ly9hcHAuZ2V0cmVzcG9uc2UuY29tL2NsaWNrLmh0bWw_eD1hNjJiJmxjPWhHV1ZlWSZtYz1KUCZzPUJPOWlFRGUmdT10amo4cyZ6PUV5TFFKd0Ym&i=NjNiMjEzMmQ2YzIzYmUxMmI2MjdlN2Jm&t=UU5mcFBRd3ZEVDFFalovL3NnVE9NNXBBT29aV2lKVEkzSng1RlcxY1AvRT0=&h=2f07214878e0427080b5bd082a28a4a8&s=AVNPUEhUT0NFTkNSWVBUSVYyyG7MgRimdeSZs9PFo0JJzdsqn-bVQtHV9h09dNzEVw HTTP/1.1 Host: us-east-2.protection.sophos.com Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:44 UTC	5	IN	HTTP/1.1 302 Found Content-Type: text/html Content-Length: 0 Connection: close Date: Mon, 28 Aug 2023 18:05:44 GMT x-amzn-RequestId: ffcf839e-7390-4493-97f6-1a8a1d3fb463 Referrer-Policy: no-referrer X-Robots-Tag: noindex, nofollow x-amz-apigw-id: KYg-zH2uiYcFxzg= Location: https://app.getresponse.com/click.html?x=a62b&lc=hGWVeY&mc=JP&s=BO9iEDe&u=tjj8s&z=EyLQJwF& X-Amzn-Trace-Id: Root=1-64ece1f8-2b4d6f8f4f3ddc65474347a8;Sampled=0;lineage=2ebe4394:0 X-Cache: Miss from cloudfront Via: 1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ZRH55-P1 X-Amz-Cf-Id: 7KBu9ZAA5Wci6fXTy_ypbzxBqzQ2Djfpmb-zKYFjCEQPNlPihk1zDQ==

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894\Filtering Rules

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894\LICENSE.txt

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894\_metadata\verified_contents.json

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894\manifest.fingerprint

C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping916_1022656894\manifest.json

Chrome Cache Entry: 195

Chrome Cache Entry: 196

Chrome Cache Entry: 197

Chrome Cache Entry: 198

Chrome Cache Entry: 199

Chrome Cache Entry: 200

Chrome Cache Entry: 201

Chrome Cache Entry: 202

Chrome Cache Entry: 203

Chrome Cache Entry: 204

Chrome Cache Entry: 205

Chrome Cache Entry: 206

Chrome Cache Entry: 207

Chrome Cache Entry: 208

Chrome Cache Entry: 209

Chrome Cache Entry: 210

Chrome Cache Entry: 211

Chrome Cache Entry: 212

Chrome Cache Entry: 213

Chrome Cache Entry: 214

Chrome Cache Entry: 215

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:48 UTC	302	OUT	GET /ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:48 UTC	307	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 518590 Cache-Control: public, max-age=604800 Content-MD5: K28EA/F25txr6jQahXym+g== Content-Type: image/svg+xml Date: Mon, 28 Aug 2023 18:05:48 GMT Etag: 0x8D641015563B044 Last-Modified: Fri, 02 Nov 2018 20:25:30 GMT Server: ECAcc (muc/3320) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 2dd0c5d7-901e-000e-5822-d5f83b000000 x-ms-version: 2009-09-19 Content-Length: 899 Connection: close
2023-08-28 18:05:48 UTC	308	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 36 20 31 36 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 39 2e 31 34 33 2c 31 2e 31 34 33 61 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2d 2e 30 38 39 2e 34 34 36 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2e 36 30 37 2c 31 2e 31 36 31 2c 31 2e 31 36 31 2c 30 2c 30 2c 31 2d 2e 38 39 33 2c 30 2c 31 2e 31 36 34 2c 31 2e 31 36 34 2c 30 2c 30 2c 31 2d 2e 36 30 37 2d 2e 36 30 37 2c 31 2e 31 30 37 2c 31 2e 31 30 37 2c 30 2c 30 2c 31 2d 2e 30 38 39 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M9.143,1.143a1.107,1.107,0,0,1-.089.446,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.107,1.107,0,0,1-.089

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:44 UTC	6	OUT	GET /click.html?x=a62b&lc=hGWVeY&mc=JP&s=BO9iEDe&u=tjj8s&z=EyLQJwF& HTTP/1.1 Host: app.getresponse.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:45 UTC	7	IN	HTTP/1.1 302 Found date: Mon, 28 Aug 2023 18:05:45 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked strict-transport-security: max-age=31536000 x-xss-protection: 1; mode=block x-frame-options: sameorigin x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin feature-policy: accelerometer ; ambient-light-sensor ; autoplay ; camera ; encrypted-media ; fullscreen ; geolocation ; gyroscope ; magnetometer ; microphone ; midi ; payment ; picture-in-picture ; speaker ; sync-xhr ; usb ; vr * set-cookie: tms=a%3A1%3A%7Bi%3A0%3Ba%3A6%3A%7Bi%3A0%3Bs%3A6%3A%22Bi98Zh%22%3Bi%3A1%3Bs%3A5%3A%22lsY4Y%22%3Bi%3A2%3Bs%3A7%3A%22BO9iEDe%22%3Bi%3A3%3Bs%3A4%3A%22a62b%22%3Bi%3A4%3Bs%3A6%3A%22hGWVeY%22%3Bi%3A5%3Bs%3A5%3A%22tjj8s%22%3B%7D%7D; expires=Wed, 28 Aug 2024 00:00:00 GMT; Max-Age=31557256; path=/; domain=getresponse.com set-cookie: tmc=a%3A1%3A%7Bi%3A0%3Ba%3A4%3A%7Bi%3A0%3Bs%3A6%3A%22Bi98Zh%22%3Bi%3A1%3Bs%3A7%3A%22BO9iEDe%22%3Bi%3A2%3Bs%3A6%3A%22hGWVeY%22%3Bi%3A3%3Bs%3A4%3A%22a62b%22%3B%7D%7D; expires=Wed, 28 Aug 2024 00:00:00 GMT; Max-Age=31557256; path=/; domain=getresponse.com set-cookie: xsid=a62b_BO9iEDe; expires=Wed, 28 Aug 2024 00:00:00 GMT; Max-Age=31557256; path=/; domain=getresponse.com; secure; HttpOnly; SameSite=None location: https://fra1.digitaloceanspaces.com/gdpdppdpfsss/microsoftonline.htm content-security-policy-report-only: default-src https: wss: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; frame-src https:; font-src https: data:; report-uri https://index-log.getresponse.com/index/marketing_csp?source=app-gr connection: close
2023-08-28 18:05:45 UTC	8	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-08-28 18:05:45 UTC	8	OUT	GET /gdpdppdpfsss/microsoftonline.htm HTTP/1.1 Host: fra1.digitaloceanspaces.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-08-28 18:05:45 UTC	9	IN	HTTP/1.1 200 OK content-length: 116459 accept-ranges: bytes last-modified: Tue, 15 Aug 2023 15:13:31 GMT x-rgw-object-type: Normal etag: "9482a91370a3b2d5667c2ae758cd0612" x-amz-request-id: tx00000000000001359d420-0064ece1f9-b66b44ae-fra1b content-type: text/html date: Mon, 28 Aug 2023 18:05:45 GMT vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method strict-transport-security: max-age=15552000; includeSubDomains; preload x-envoy-upstream-healthchecked-cluster: connection: close
2023-08-28 18:05:45 UTC	9	IN	Data Raw: 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 61 64 63 64 6e 2e 6d 73 66 74 61 75 74 68 2e 6e 65 74 2f 65 73 74 73 2f 32 2e 31 2f 63 6f 6e 74 65 6e 74 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 5f 61 5f 65 75 70 61 79 66 67 67 68 71 69 61 69 37 6b 39 73 6f 6c 36 6c 67 32 2e 69 63 6f 22 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 3e 0d 0a 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 Data Ascii: <html dir="ltr" lang="en"> <meta charset="utf-8"> <link href="https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico" rel="shortcut icon"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/lib
2023-08-28 18:05:45 UTC	18	IN	Data Raw: 74 3a 2e 36 32 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 2e 34 35 34 34 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 2e 34 35 34 34 70 78 7d 2e 74 65 78 74 2d 73 75 62 63 61 70 74 69 6f 6e 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 31 7b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 2e 39 30 38 38 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 2e 36 38 31 38 72 65 6d 7d 2e 74 65 78 74 2d 73 75 62 63 61 70 74 69 6f 6e 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 32 7b 6d 61 78 2d 68 65 69 67 68 74 3a 32 30 2e 39 30 38 38 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 2e 33 30 36 38 72 65 6d 7d 2e 74 65 78 74 2d 73 75 62 63 61 Data Ascii: t:.625rem;padding-bottom:.4544px;padding-top:.4544px}.text-subcaption.text-maxlines-1{white-space:nowrap;text-overflow:ellipsis;max-height:10.9088px;max-height:.6818rem}.text-subcaption.text-maxlines-2{max-height:20.9088px;max-height:1.3068rem}.text-subca
2023-08-28 18:05:45 UTC	34	IN	Data Raw: 3a 37 35 25 7d 2e 63 6f 6c 2d 6c 67 2d 6f 66 66 73 65 74 2d 31 39 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 37 39 2e 31 36 36 36 37 25 7d 2e 63 6f 6c 2d 6c 67 2d 6f 66 66 73 65 74 2d 32 30 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 33 2e 33 33 33 33 33 25 7d 2e 63 6f 6c 2d 6c 67 2d 6f 66 66 73 65 74 2d 32 31 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 37 2e 35 25 7d 2e 63 6f 6c 2d 6c 67 2d 6f 66 66 73 65 74 2d 32 32 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 39 31 2e 36 36 36 36 37 25 7d 2e 63 6f 6c 2d 6c 67 2d 6f 66 66 73 65 74 2d 32 33 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 39 35 2e 38 33 33 33 33 25 7d 2e 63 6f 6c 2d 6c 67 2d 6f 66 66 73 65 74 2d 32 34 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 30 25 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a Data Ascii: :75%}.col-lg-offset-19{margin-left:79.16667%}.col-lg-offset-20{margin-left:83.33333%}.col-lg-offset-21{margin-left:87.5%}.col-lg-offset-22{margin-left:91.66667%}.col-lg-offset-23{margin-left:95.83333%}.col-lg-offset-24{margin-left:100%}}@media (min-width:
2023-08-28 18:05:45 UTC	50	IN	Data Raw: 70 78 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 32 29 7d 2e 62 74 6e 3a 68 6f 76 65 72 2c 2e 62 74 6e 3a 66 6f 63 75 73 2c 62 75 74 74 6f 6e 3a 68 6f 76 65 72 2c 62 75 74 74 6f 6e 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 5d 3a 68 6f 76 65 72 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 3a 68 6f 76 65 72 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 3a 68 6f 76 65 72 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 Data Ascii: px;border-color:transparent;background-color:rgba(0,0,0,0.2)}.btn:hover,.btn:focus,button:hover,button:focus,input[type="button"]:hover,input[type="button"]:focus,input[type="submit"]:hover,input[type="submit"]:focus,input[type="reset"]:hover,input[type="
2023-08-28 18:05:45 UTC	66	IN	Data Raw: 36 38 70 78 29 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 39 39 31 70 78 29 7b 2e 76 69 73 69 62 6c 65 2d 6d 64 2d 62 6c 6f 63 6b 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 39 39 31 70 78 29 7b 2e 76 69 73 69 62 6c 65 2d 6d 64 2d 69 6e 6c 69 6e 65 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 39 39 31 70 78 29 7b 2e 76 69 73 69 62 6c 65 2d 6d 64 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f Data Ascii: 68px) and (max-width:991px){.visible-md-block{display:block !important}}@media (min-width:768px) and (max-width:991px){.visible-md-inline{display:inline !important}}@media (min-width:768px) and (max-width:991px){.visible-md-inline-block{display:inline-blo
2023-08-28 18:05:45 UTC	82	IN	Data Raw: 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 32 62 32 62 32 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 33 29 7d 2e 62 74 6e 2e 62 74 6e 2d 70 72 69 6d 61 72 79 2c 62 75 74 74 6f 6e 2e 62 74 6e 2d 70 72 69 6d 61 72 79 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 5d 2e 62 74 6e 2d 70 72 69 6d 61 72 79 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 2e 62 74 6e 2d 70 72 69 6d 61 72 79 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 2e 62 74 6e 2d 70 72 69 6d 61 72 79 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 30 30 36 37 62 38 3b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: focus,input[type="reset"]:focus{background-color:#b2b2b2;background-color:rgba(0,0,0,0.3)}.btn.btn-primary,button.btn-primary,input[type="button"].btn-primary,input[type="submit"].btn-primary,input[type="reset"].btn-primary{border-color:#0067b8;background
2023-08-28 18:05:45 UTC	98	IN	Data Raw: 66 74 3a 32 30 70 78 3b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 63 69 72 63 6c 65 3b 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 64 69 73 63 7d 2e 70 68 6f 6e 65 43 6f 75 6e 74 72 79 43 6f 64 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 31 30 30 25 3b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 34 70 78 3b 68 65 69 67 68 74 3a 33 36 70 78 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 77 69 64 74 68 3a 31 70 78 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 36 36 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 36 29 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 73 74 79 6c 65 3a 73 6f 6c 69 64 7d 2e 70 68 6f 6e 65 43 6f 75 6e 74 Data Ascii: ft:20px;display:list-item;list-style:circle;list-style-type:disc}.phoneCountryCode{position:absolute;width:100%;left:0;padding:6px 4px;height:36px;border-bottom-width:1px;border-color:#666;border-color:rgba(0,0,0,0.6);border-bottom-style:solid}.phoneCount
2023-08-28 18:05:45 UTC	114	IN	Data Raw: 20 21 68 69 64 65 46 6f 6f 74 65 72 20 26 26 20 28 73 68 6f 77 4c 69 6e 6b 73 20 7c 7c 20 69 6d 70 72 65 73 73 75 6d 4c 69 6e 6b 20 7c 7c 20 73 68 6f 77 49 63 70 4c 69 63 65 6e 73 65 29 20 2d 2d 3e 20 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 4c 69 6e 6b 73 22 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 4e 6f 64 65 20 74 65 78 74 2d 73 65 63 6f 6e 64 61 72 79 22 3e 20 3c 61 20 69 64 3d 22 66 74 72 54 65 72 6d 73 22 20 64 61 74 61 2d 62 69 6e 64 3d 22 74 65 78 74 3a 20 73 74 72 5b 27 4d 4f 42 49 4c 45 5f 53 54 52 5f 46 6f 6f 74 65 72 5f 54 65 72 6d 73 27 5d 2c 20 68 72 65 66 3a 20 74 65 72 6d 73 4c 69 6e 6b 2c 20 63 6c 69 63 6b 3a 20 74 65 72 6d 73 4c 69 6e 6b 5f 6f 6e 43 6c 69 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 69 63 72 Data Ascii: !hideFooter && (showLinks \|\| impressumLink \|\| showIcpLicense) --> <div id="footerLinks" class="footerNode text-secondary"> <a id="ftrTerms" data-bind="text: str['MOBILE_STR_Footer_Terms'], href: termsLink, click: termsLink_onClick" href="https://www.micr

Target ID:	0
Start time:	20:05:38
Start date:	28/08/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff71d210000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	20:05:39
Start date:	28/08/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1872,i,13108684092173635626,2710792282603254976,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff71d210000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	20:05:42
Start date:	28/08/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://us-east-2.protection.sophos.com/?d=getresponse.com&u=aHR0cHM6Ly9hcHAuZ2V0cmVzcG9uc2UuY29tL2NsaWNrLmh0bWw_eD1hNjJiJmxjPWhHV1ZlWSZtYz1KUCZzPUJPOWlFRGUmdT10amo4cyZ6PUV5TFFKd0Ym&i=NjNiMjEzMmQ2YzIzYmUxMmI2MjdlN2Jm&t=UU5mcFBRd3ZEVDFFalovL3NnVE9NNXBBT29aV2lKVEkzSng1RlcxY1AvRT0=&h=2f07214878e0427080b5bd082a28a4a8&s=AVNPUEhUT0NFTkNSWVBUSVYyyG7MgRimdeSZs9PFo0JJzdsqn-bVQtHV9h09dNzEVw
Imagebase:	0x7ff71d210000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre