Windows Analysis Report
https://protect-us.mimecast.com/s/sMiVC687o9CPGJB2XupfJF5g12L

Overview

General Information

Sample URL:	https://protect-us.mimecast.com/s/sMiVC687o9CPGJB2XupfJF5g12L
Analysis ID:	1544003
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body contains low number of good links

Stores files to the Windows start menu directory

Classification

Signatures

HTML body contains low number of good links

Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf

HTTP Parser: Number of links: 0

Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="author".. found
Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="author".. found
Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="author".. found
Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="author".. found

Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="copyright".. found
Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="copyright".. found
Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="copyright".. found
Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.18:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.18:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.177:443 -> 192.168.2.18:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.18:49784 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136

Source: global traffic	HTTP traffic detected: GET /s/sMiVC687o9CPGJB2XupfJF5g12L HTTP/1.1Host: protect-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/entypo/font/entypo.css HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/font-awesome/css/font-awesome.css HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/mimecast-icons/css/mimecast-icons.css HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /libs/galindo.js HTTP/1.1Host: static.srcspot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure-portal.login-us.mimecast.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /libs/galindo.js HTTP/1.1Host: static.srcspot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/cache.4d1a22494c68b269520ec72ef3757433.login-lib.js HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/cache.1b1f06688bfbb8673528c177626fe897.login.js HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/cache.1b1f06688bfbb8673528c177626fe897.login.js HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /agent/static/0600cd7b-e6b2-4ba9-4249-ab1342c3631b/pendo.js HTTP/1.1Host: cdn.pendo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure-portal.login-us.mimecast.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/cache.4d1a22494c68b269520ec72ef3757433.login-lib.js HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/assets/languages/en.json?ver=1.12.0 HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/app-version.jsp HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/images/mimecast-logo.png HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/app-version.jsp HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/images/mimecast-logo.png HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/assets/languages/en.json?ver=1.12.0 HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /agent/static/0600cd7b-e6b2-4ba9-4249-ab1342c3631b/pendo.js HTTP/1.1Host: cdn.pendo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/ptm.gif/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?v=2.252.0_prod&ct=1730134096240&jzb=eJztlVmPo8gShf8LI82Tl2QzUFKp5Y0qYxuzemE0QizJYlYnCTa06r93ump6dJ_6dXSlfsuME3EIwfnEX98p3NeQeqEKiD1qRPmoujcQuTgtSJUWWECzHJBmDEuPqC5tUlwhNw3JgKut1dXBtdyq9heSbUbVHhCDFuVETDCum5fptIFBi-C4rhD28klexWk5bptJQdwDr8GToCqm7fSzPv0WY-_1a-BPnJWv7CRL5V45VrTcMuwwqH4r4EhmnVRc3KphqaEkQFeeyfYwHbRV5m60aqvuH2ayuq1jia9vkcJeZbyO4O4uh8IYBOogHdtH4YdWNNvkXVHvmlU6QI-LAiXbx7R4ul1RL-AenNG7wk9isND5CFrBxskX4LE2aWMZzv_4WvhbAZvGi-ErVGv1Ssu7-zC3jU7alUmIwdVQEy4Z5MRkGuv9Td-YuloGw0nS9koCetEf-5Z9igQx4HmWi1fsOYpDuUq1um_qrpVbiT7p2eztwoS9cqB3hghl_xF07vtB22SW1jMqL3blubYGiASPVULUy_qsNI5AD-fzU7SAvic_fCxGMcarlHMwO-gr-a2_HHTWyHod7HI7HDTZ12QOG8BmLtVj80Cxbh3MdS9x77PlPdm3Qm4dT8pqZSXt9lbfs4cR6426hE5tG6farnV7fHXS011a3Mf-ntftqFqqgEXJRTc5xZYgm9OSyx2gjkpB2oXl9i3bAwUYRWsNt90-yPLInXnrjWPCrePG5_RtEw_F9QDFeijXen4qTD_tdtubLcqX2Vg8DMhMgqMTxlAw-Edgh2cjIsmrUVU31Mv3nzF9Hn-V1Nwr45Z8P9IBS9c2qY8R5QVB1ZaYjJJL7SFY4vn_lkIPP_sZcUqDKQMYjvh0EDVpVT7LE4ZnJsAlm4RPty8Dy_M3ZI2yzfMRhb8uVNR120U5q-hbq3Y2dohPhLwCforAdM64n7O9wb9fYcgTsSFZIw_5lE1V3UbZJb5fs_WSvx8-5VsLy4DsBgjDPYbkRUiC9DH6l--88sJf8s3-5vs33_8XfD-j_DPAgBHFCf8fsUZ-if-wJs7Yj79_AJk_coE HTTP/1.1Host: app.pendo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure-portal.login-us.mimecast.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/guide.js/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?id=12&jzb=eJx9kluvqkgQhf8Lk5yno3JV2MnOiYooCEhzEfWFcGkucrVpFHqy__txz0km8zRvVV-tVdVJr7-pZ9EXuEVqQn1QgbUz5VPgBm0XbSTPSVuDpn5SA6rewxzjrv9YLHoYDwjOuhbhsJpXbVY0s6Gf10UN47DH87itF8PiH774leHw84_hBy6bT25eFsqknVtGGViOEDMaVjhVuFshbh4t2Vooj9FdYEsDFsSSy0C12qNpjE4uP3aZJHSPVOPuCt6lUH8pyWpGxyaRzsNYR4mbLtXqWXd6LxcEhnwaa6WRMaL_uKNphSf6gg6aMM_oDRBS6MbqrdrQ485h7G2y_uvPg3_VsO_DDH5CszPvjKK_yNqzn5Le5Amm77aZ8zlRcoft3cMeqA4wm5j4kmVoOT2J0SxyPT9dibEgcHwmc5c0S5S2sLqp756DMkiMD8rl_somk3ZidFuESjTGz-BwstTStSbWFMRnc-lcAtEq5LQETQpYNvaZBsl67acbGIXKGGExzTCWC_6GOQJkZT9dT4CzywnQeuUlxFIiS-GxTXvstR3VEWXAPTm7SeIPy-0rN4ZV5Z59TZbdfDg-ulc52hnozS28dZ7td14HvNn9VvgvafOaRYYAvLTdmjSH8itweM2TIFcxUsCfIEDNStKT5rgvDVqj7XpwyUM34rJKg2W4U28OPN6C7FLs1YzU9xMUO9LsQOXXTlQ89ePDE5XrciaeCHLy-HxLMriyhTH2koudvpNXQxwmIQ6pj3-D-l0W_xPWKmyy4f2FbwVsAs-hvn5SYRy3Q4Pf1nfThQg2eP1f9D7xrWfFBUMvWJrl33ueEPVF23zjOSuwczroUJtQX1-_ARPgFLk&v=2.252.0_prod&ct=1730134096242 HTTP/1.1Host: app.pendo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure-portal.login-us.mimecast.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/guide.gif/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1730134096243&v=2.252.0_prod HTTP/1.1Host: app.pendo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure-portal.login-us.mimecast.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/images/ccm_flavicon.ico HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/guide.gif/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1730134096243&v=2.252.0_prod HTTP/1.1Host: app.pendo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/ptm.gif/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?v=2.252.0_prod&ct=1730134096240&jzb=eJztlVmPo8gShf8LI82Tl2QzUFKp5Y0qYxuzemE0QizJYlYnCTa06r93ump6dJ_6dXSlfsuME3EIwfnEX98p3NeQeqEKiD1qRPmoujcQuTgtSJUWWECzHJBmDEuPqC5tUlwhNw3JgKut1dXBtdyq9heSbUbVHhCDFuVETDCum5fptIFBi-C4rhD28klexWk5bptJQdwDr8GToCqm7fSzPv0WY-_1a-BPnJWv7CRL5V45VrTcMuwwqH4r4EhmnVRc3KphqaEkQFeeyfYwHbRV5m60aqvuH2ayuq1jia9vkcJeZbyO4O4uh8IYBOogHdtH4YdWNNvkXVHvmlU6QI-LAiXbx7R4ul1RL-AenNG7wk9isND5CFrBxskX4LE2aWMZzv_4WvhbAZvGi-ErVGv1Ssu7-zC3jU7alUmIwdVQEy4Z5MRkGuv9Td-YuloGw0nS9koCetEf-5Z9igQx4HmWi1fsOYpDuUq1um_qrpVbiT7p2eztwoS9cqB3hghl_xF07vtB22SW1jMqL3blubYGiASPVULUy_qsNI5AD-fzU7SAvic_fCxGMcarlHMwO-gr-a2_HHTWyHod7HI7HDTZ12QOG8BmLtVj80Cxbh3MdS9x77PlPdm3Qm4dT8pqZSXt9lbfs4cR6426hE5tG6farnV7fHXS011a3Mf-ntftqFqqgEXJRTc5xZYgm9OSyx2gjkpB2oXl9i3bAwUYRWsNt90-yPLInXnrjWPCrePG5_RtEw_F9QDFeijXen4qTD_tdtubLcqX2Vg8DMhMgqMTxlAw-Edgh2cjIsmrUVU31Mv3nzF9Hn-V1Nwr45Z8P9IBS9c2qY8R5QVB1ZaYjJJL7SFY4vn_lkIPP_sZcUqDKQMYjvh0EDVpVT7LE4ZnJsAlm4RPty8Dy_M3ZI2yzfMRhb8uVNR120U5q-hbq3Y2dohPhLwCforAdM64n7O9wb9fYcgTsSFZIw_5lE1V3UbZJb5fs_WSvx8-5VsLy4DsBgjDPYbkRUiC9DH6l--88sJf8s3-5vs33_8XfD-j_DPAgBHFCf8fsUZ-if-wJs7Yj79_AJk_coE HTTP/1.1Host: app.pendo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/guide.js/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?id=12&jzb=eJx9kluvqkgQhf8Lk5yno3JV2MnOiYooCEhzEfWFcGkucrVpFHqy__txz0km8zRvVV-tVdVJr7-pZ9EXuEVqQn1QgbUz5VPgBm0XbSTPSVuDpn5SA6rewxzjrv9YLHoYDwjOuhbhsJpXbVY0s6Gf10UN47DH87itF8PiH774leHw84_hBy6bT25eFsqknVtGGViOEDMaVjhVuFshbh4t2Vooj9FdYEsDFsSSy0C12qNpjE4uP3aZJHSPVOPuCt6lUH8pyWpGxyaRzsNYR4mbLtXqWXd6LxcEhnwaa6WRMaL_uKNphSf6gg6aMM_oDRBS6MbqrdrQ485h7G2y_uvPg3_VsO_DDH5CszPvjKK_yNqzn5Le5Amm77aZ8zlRcoft3cMeqA4wm5j4kmVoOT2J0SxyPT9dibEgcHwmc5c0S5S2sLqp756DMkiMD8rl_somk3ZidFuESjTGz-BwstTStSbWFMRnc-lcAtEq5LQETQpYNvaZBsl67acbGIXKGGExzTCWC_6GOQJkZT9dT4CzywnQeuUlxFIiS-GxTXvstR3VEWXAPTm7SeIPy-0rN4ZV5Z59TZbdfDg-ulc52hnozS28dZ7td14HvNn9VvgvafOaRYYAvLTdmjSH8itweM2TIFcxUsCfIEDNStKT5rgvDVqj7XpwyUM34rJKg2W4U28OPN6C7FLs1YzU9xMUO9LsQOXXTlQ89ePDE5XrciaeCHLy-HxLMriyhTH2koudvpNXQxwmIQ6pj3-D-l0W_xPWKmyy4f2FbwVsAs-hvn5SYRy3Q4Pf1nfThQg2eP1f9D7xrWfFBUMvWJrl33ueEPVF23zjOSuwczroUJtQX1-_ARPgFLk&v=2.252.0_prod&ct=1730134096242 HTTP/1.1Host: app.pendo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/images/ccm_flavicon.ico HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=625blHBBocdSL7D&MD=5nDxeLNw HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A410900B03DX-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAQFNb5VyJSLhm3Tvu356Ps0ZCU%2BvIUDxXxYTv/R5hoE62bggRuycH9ZTMtSc8RhAAmBnskeYoen%2Bs4pNxi8fLp4y/2q/0KXSLl9YDW6ug9fFt9A3j8kh/GAPZi%2BM6rOZ5KX4mzlJsLik375/ZNsjvx0bf1RebnGT/RV1mQ1TAXWUB0qRTSNr5Hq7pyNtqTSAg50SGEgR2epO/aiQylxRxzrIErPeANz9ZXgWmH6%2B/NKvkdFfPw3KrnkAR8qUNs7BpQuJyuDPy3pENAjWoIJBhgEkx%2BDCpD6Kx2X4flhxq3s7n1mp%2BjACAGL0ZeSyowrZeH4clSbeOo7/6f2tF8U3bXMQZgAAEIfbxNIJIN85iiV1GQrbOdOwAQJnzaYVM3zF9SUYdyBaCLg%2Bv4YJm1F56tgjzqy99XxEgY2jvcRJ18lIzoSNcrMGrylsSMIzmQxxZSjgrJcPd2sHg0VFdkxSf70bcnIxfrGtRh9rcAUP%2BJd5cSEQD8Nm8h%2BI2gbahvkYhn/m8U/BB3V54LUHbAKqJ2ZyNlzhYJoE0574a0FvJTojSIJCZKRcQzJ6sncs47fKivPrqav5yE6ymc93BbKzG648QlDbjHdVAGdRG9Jr/8CeovGDFLSc/bL9w6njwYokQpCbwPiZUgNCz4Akk0rNu2%2BqnaXVrCI4eEUZNIj3i0I0%2B9phCVqXwm4JJMN31V0ECPo/%2BmAySA6IZiQ5xG8NtfrM28kryelbbbPN2iOeRnVGtxKA0gIN/Iyx8sM2kJ0jOmNNs0HKq/4KHSY1vqRZ9WTuOVovZ0aSwqvR%2BLMCWNAvJwJr%2BlOTqpiqFoOl%2BBhgW87ijc6erHUBpigihj%2BeJRpQKfsY2n3YRsct0YbdDYjPf5EojF5nEbl709Q1FqINLxQcrzTUgg6%2BEDIPsUBZD1Cj4ZIo0j7Av/GgwKNrCCzuSafJrtWoFNoB%26p%3DX-Agent-DeviceId: 01000A410900B03DX-BM-CBT: 1730134124User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 31D016147A4547BE8D2E1D11755C8674X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=B4BB39E5F80E411D94C438C0FA7ACF94&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; ANON=A=680C1B1A649CBD64DD40EBFCFFFFFFFF; MUID=BC76BB0020D345C1A049A4820CB4C03C; MUIDB=BC76BB0020D345C1A049A4820CB4C03C
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=625blHBBocdSL7D&MD=5nDxeLNw HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: protect-us.mimecast.com
Source: global traffic	DNS traffic detected: DNS query: secure-portal.login-us.mimecast.com
Source: global traffic	DNS traffic detected: DNS query: static.srcspot.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.pendo.io
Source: global traffic	DNS traffic detected: DNS query: app.pendo.io

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: chromecache_165.1.dr	String found in binary or memory: http://daneden.me/animate
Source: chromecache_118.1.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_118.1.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_165.1.dr	String found in binary or memory: http://janstevens.github.io/angular-growl-2
Source: chromecache_165.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_165.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_165.1.dr	String found in binary or memory: http://www.mimecast.com/
Source: chromecache_165.1.dr	String found in binary or memory: http://www.mimecast.com/Customers/Support/Contact-support/
Source: chromecache_165.1.dr	String found in binary or memory: http://www.opensource.org/licenses/MIT
Source: chromecache_127.1.dr, chromecache_128.1.dr	String found in binary or memory: https://agent.pendo.io/licenses
Source: chromecache_127.1.dr, chromecache_128.1.dr	String found in binary or memory: https://api.feedback.us.pendo.io
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://app.dmarcanalyzer.com/register?utm_medium=pendo&utm_source=adcon&utm_campaign=7013l000001JNB
Source: chromecache_165.1.dr	String found in binary or memory: https://cdn.pendo.io/agent/static/
Source: chromecache_165.1.dr	String found in binary or memory: https://community.mimecast.com/community/knowledge-base/secure-messaging
Source: chromecache_165.1.dr	String found in binary or memory: https://community.mimecast.com/docs/DOC-1183
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/cybergraph-cybergraph-1-0-configuration-settings
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/cybergraph-cybergraph-2-0-configuration-settings
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/email-security-cloud-gateway-configuring-url-protection
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/email-security-cloud-gateway-continuity-guides
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/email-security-cloud-gateway-secure-messaging-getting-start
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/email-security-cloud-gateway-targeted-threat-protection-int
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/email-security-cloud-gateway-ttp-attachment-protect-configu
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/email-security-cloud-gateway-ttp-impersonation-protection-g
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/end-user-applications-large-file-send-getting-started
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://community.mimecast.com/s/education-free-courses?utm_medium=pendo&utm_source=adcon&utm_campai
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-api-and-integrations
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-awareness-training
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-brand-exploit-protect
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-case-review-application
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-dmarc-analyzer
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-email-security-cg
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-supervision
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-sync-and-recover
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-web-security
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://community.mimecast.com/s/mimecast-education?utm_medium=pendo&utm_source=adcon&utm_campaign=7
Source: chromecache_127.1.dr, chromecache_128.1.dr	String found in binary or memory: https://feedback.us.pendo.io
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_165.1.dr	String found in binary or memory: https://github.com/dbtek/angular-aside
Source: chromecache_165.1.dr	String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: chromecache_165.1.dr	String found in binary or memory: https://github.com/mgcrea/angular-motion
Source: chromecache_165.1.dr	String found in binary or memory: https://github.com/nickpettit/glide
Source: chromecache_165.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://info.mimecast.com/AT-IEP-Demo.html?utm_medium=pendo&utm_source=adcon&utm_campaign=7013l00000
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://info.mimecast.com/Continuity-and-Recovery-Demo-.html?utm_medium=pendo&utm_source=adcon&utm_c
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://info.mimecast.com/Safe_Phish_Demo.html?utm_medium=pendo&utm_source=adcon&utm_campaign=7013l0
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://info.mimecast.com/SolutionFrameworkRequest?utm_medium=pendo&utm_source=adcon&utm_campaign=70
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://info.mimecast.com/Web-Security-Service.html?utm_medium=pendo&utm_source=adcon&utm_campaign=7
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://info.mimecast.com/security-awareness-remote-resources.html?utm_medium=pendo&utm_source=adcon
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://login-alpha.mimecast.com/administration/app/#/l/accountassessment
Source: chromecache_127.1.dr, chromecache_128.1.dr	String found in binary or memory: https://pendo-io-static.storage.googleapis.com/agent/static/0600cd7b-e6b2-4ba9-4249-ab1342c3631b/pen
Source: chromecache_127.1.dr, chromecache_128.1.dr	String found in binary or memory: https://pendo-static-5707797427912704.storage.googleapis.com
Source: chromecache_132.1.dr	String found in binary or memory: https://play.vidyard.com/LE2oaRu3qApZkgaw4JjwZM.jpg
Source: chromecache_132.1.dr	String found in binary or memory: https://play.vidyard.com/embed/v4.js
Source: chromecache_165.1.dr	String found in binary or memory: https://static.srcspot.com/libs/galindo.js
Source: chromecache_165.1.dr	String found in binary or memory: https://summernote.org
Source: chromecache_165.1.dr	String found in binary or memory: https://us-api.mimecast.com
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://www.mimecast.com/coronavirus/?utm_medium=pendo&utm_source=adcon&utm_campaign=7013l000001JNBI
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://www.mimecast.com/state-of-email-security/download-hub/?utm_medium=pendo&utm_source=adcon&utm

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.18:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.18:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.177:443 -> 192.168.2.18:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.18:49784 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/107@20/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1932,i,16414200054814140303,7306942213891831198,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://protect-us.mimecast.com/s/sMiVC687o9CPGJB2XupfJF5g12L"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1932,i,16414200054814140303,7306942213891831198,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.107.204.85	app.pendo.io	United States	15169	GOOGLEUS	false
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
205.139.110.112	secure-portal.login-us.mimecast.com	United States	30031	MIMECAST-US	false
35.190.8.230	static.srcspot.com	United States	15169	GOOGLEUS	false
34.36.213.229	cdn.pendo.io	United States	2686	ATGS-MMD-ASUS	false
207.211.31.113	protect-us.mimecast.com	United States	14135	NAVISITE-EAST-2US	false
207.211.31.121	unknown	United States	14135	NAVISITE-EAST-2US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.17
192.168.2.18

Contacted Domains

Name	IP	Active
protect-us.mimecast.com	207.211.31.113	true
app.pendo.io	34.107.204.85	true
cdn.pendo.io	34.36.213.229	true
static.srcspot.com	35.190.8.230	true
www.google.com	142.250.185.228	true
secure-portal.login-us.mimecast.com	205.139.110.112	true

Contacted URLs

Name	Malicious	Reputation
https://app.pendo.io/data/ptm.gif/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?v=2.252.0_prod&ct=1730134096240&jzb=eJztlVmPo8gShf8LI82Tl2QzUFKp5Y0qYxuzemE0QizJYlYnCTa06r93ump6dJ_6dXSlfsuME3EIwfnEX98p3NeQeqEKiD1qRPmoujcQuTgtSJUWWECzHJBmDEuPqC5tUlwhNw3JgKut1dXBtdyq9heSbUbVHhCDFuVETDCum5fptIFBi-C4rhD28klexWk5bptJQdwDr8GToCqm7fSzPv0WY-_1a-BPnJWv7CRL5V45VrTcMuwwqH4r4EhmnVRc3KphqaEkQFeeyfYwHbRV5m60aqvuH2ayuq1jia9vkcJeZbyO4O4uh8IYBOogHdtH4YdWNNvkXVHvmlU6QI-LAiXbx7R4ul1RL-AenNG7wk9isND5CFrBxskX4LE2aWMZzv_4WvhbAZvGi-ErVGv1Ssu7-zC3jU7alUmIwdVQEy4Z5MRkGuv9Td-YuloGw0nS9koCetEf-5Z9igQx4HmWi1fsOYpDuUq1um_qrpVbiT7p2eztwoS9cqB3hghl_xF07vtB22SW1jMqL3blubYGiASPVULUy_qsNI5AD-fzU7SAvic_fCxGMcarlHMwO-gr-a2_HHTWyHod7HI7HDTZ12QOG8BmLtVj80Cxbh3MdS9x77PlPdm3Qm4dT8pqZSXt9lbfs4cR6426hE5tG6farnV7fHXS011a3Mf-ntftqFqqgEXJRTc5xZYgm9OSyx2gjkpB2oXl9i3bAwUYRWsNt90-yPLInXnrjWPCrePG5_RtEw_F9QDFeijXen4qTD_tdtubLcqX2Vg8DMhMgqMTxlAw-Edgh2cjIsmrUVU31Mv3nzF9Hn-V1Nwr45Z8P9IBS9c2qY8R5QVB1ZaYjJJL7SFY4vn_lkIPP_sZcUqDKQMYjvh0EDVpVT7LE4ZnJsAlm4RPty8Dy_M3ZI2yzfMRhb8uVNR120U5q-hbq3Y2dohPhLwCforAdM64n7O9wb9fYcgTsSFZIw_5lE1V3UbZJb5fs_WSvx8-5VsLy4DsBgjDPYbkRUiC9DH6l--88sJf8s3-5vs33_8XfD-j_DPAgBHFCf8fsUZ-if-wJs7Yj79_AJk_coE	false	unknown
https://secure-portal.login-us.mimecast.com/u/assets/entypo/font/entypo.css	false	unknown
https://protect-us.mimecast.com/s/sMiVC687o9CPGJB2XupfJF5g12L	false	unknown
https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA	false	unknown
https://secure-portal.login-us.mimecast.com/u/assets/font-awesome/css/font-awesome.css	false	unknown
https://secure-portal.login-us.mimecast.com/u/assets/images/ccm_flavicon.ico	false	unknown
https://app.pendo.io/data/guide.gif/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1730134096243&v=2.252.0_prod	false	unknown
https://cdn.pendo.io/agent/static/0600cd7b-e6b2-4ba9-4249-ab1342c3631b/pendo.js	false	unknown
https://secure-portal.login-us.mimecast.com/u/login/cache.4d1a22494c68b269520ec72ef3757433.login-lib.js	false	unknown
https://secure-portal.login-us.mimecast.com/u/login/app-version.jsp	false	unknown
https://secure-portal.login-us.mimecast.com/u/assets/mimecast-icons/css/mimecast-icons.css	false	unknown
https://secure-portal.login-us.mimecast.com/u/login/cache.1b1f06688bfbb8673528c177626fe897.login.js	false	unknown
https://secure-portal.login-us.mimecast.com/u/assets/images/mimecast-logo.png	false	unknown
https://secure-portal.login-us.mimecast.com/u/login/assets/languages/en.json?ver=1.12.0	false	unknown
https://static.srcspot.com/libs/galindo.js	false	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 15:48:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	1BCF0A5F080822960C42F5E7091392C3	CE83360F55F5408013201BFB986A62D265588BBD	9D3A5FA217DE0BB1EA012A91FE85D9219CBAEBCB8BF812E02CBC0389BFA2BE3C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 15:48:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	0D283D563D9610EDB2867B1EB7A1B9FF	2ADE255049106B09A7FD5905CA530B215F73D35D	CDD6658E649D31B558545A036408AAF9BC52941A03667E13BBE489FF2C346549
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	25169BA56BE3FCE172B63501EE391CCD	CA19D4295C5D40DF30616D39E9AC782D26579A5C	92FD62A56A904A0B7A4BAB9BEFD23EC0009A66C997D51D6668D8A57B6F298999
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 15:48:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	BA1F45CB654BB3AAA6949393F2B36B3E	4EE6A59606C3BE22EB353EBA6CEABFABB8A77AF9	97EF391076F929C275F984A1E33C3878C5A2F0D3902A76208637F51073AA026F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 15:48:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	1EADC2AE25BAFB1F94D29B4EF3C321E2	3CC150609B135AD67328F23570C4A529B7C7090E	A187071B55615F9A5EB1EBE3AD54DB1CFE5A49064325BE37EFEF44E20DE35B54
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 15:48:05 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	8B7A6BBF6B6E59CFF7400ED855428C52	9511CBC1E79FDAB1E1737597B364653EFD9643A0	A81BF818B75DBE14B6EEFF0B5D7287D959E1E1222E5821251F7C8081AC8F9157
Chrome Cache Entry: 103	ASCII text	D801E9936920D12430A41C6621827EDB	A2AB5AA117B8475F21908751E0EFF6D25D862EED	5A2D85276F3BB00A21502841E1591699056969A7066B92A9ECEDF9820872DBF3
Chrome Cache Entry: 104	ASCII text	AB66811282F00C53FF9ABD92A24E6655	349FB68EFF39DEFEE85AFAC1884E61DA8F1D0A61	F65864633E442C4DEBDEEA61EAC07877311038061C4EB43964AF0910CB7387D1
Chrome Cache Entry: 105	Unicode text, UTF-8 text, with very long lines (6047), with no line terminators	9F74E2798D0C1A85A6D7A6896B5E2664	E2D1D7ECDAE24AB0404F10A74396E7C00F46E8DC	26448ABFF144D0A5F6B0FD015E99B85229995030E9F760E88F137773E0D28CDC
Chrome Cache Entry: 106	JSON data	8AF5A74DA0C5F6A2C1C06447E7B3F2C4	44FC82C67522F2235998AEFC30C7D4A48586D547	E61CAED68F0B89CA101E92995F9D4BA066BCD7920389312543D220D2D550A3B4
Chrome Cache Entry: 107	Unicode text, UTF-8 text, with very long lines (65534), with no line terminators	4D1A22494C68B269520EC72EF3757433	014E5BA4D1234023B2B0107EF075041D03DF0065	534E7A6A0CBE0DD38B307481315A21EA29B250C5ADCA39E4A1CB245064E35A9F
Chrome Cache Entry: 108	Unicode text, UTF-8 text, with very long lines (4840), with no line terminators	B3C2773ADC59068A69AB1A0CFABD07F6	067F4F2F22E701887E50D6465818559DF65CD2F6	D5C34C8ACEAA2678CA7995B83D5197F04AF6F7F8C8E4C39C973F54180322984F
Chrome Cache Entry: 109	gzip compressed data, from Unix, original size modulo 2^32 104132	B4264ECAC00918CE9C3A97A700455666	B4DFE9403D7809396F567EDDC01AFE29B0EB5619	AE2938D596CD4F3C0463C21C087D8AFDD1897254FD86FCD4C0E011E7541E921E
Chrome Cache Entry: 110	gzip compressed data, from Unix, original size modulo 2^32 104132	B4264ECAC00918CE9C3A97A700455666	B4DFE9403D7809396F567EDDC01AFE29B0EB5619	AE2938D596CD4F3C0463C21C087D8AFDD1897254FD86FCD4C0E011E7541E921E
Chrome Cache Entry: 111	Unicode text, UTF-8 text, with very long lines (9993), with no line terminators	CE57F775E9B8B93C0B7ACF14CE55E4DA	2EECA68A929A65E6C23B4306579232F070F83A0B	7EDB256461CD2277C3DAC240A59820133B69D74E0176FDEFAEA63AEEA065612A
Chrome Cache Entry: 112	ASCII text	AB66811282F00C53FF9ABD92A24E6655	349FB68EFF39DEFEE85AFAC1884E61DA8F1D0A61	F65864633E442C4DEBDEEA61EAC07877311038061C4EB43964AF0910CB7387D1
Chrome Cache Entry: 113	Unicode text, UTF-8 text, with very long lines (4861), with no line terminators	80EDF9CD99FDB7178493BEE1FA666B36	54ABE77B13CBE6E1B5F2111894E30B8445987072	A82C54AF99B3BA94F8876D4146E2E9841D949565ADEBCCBF674684977CFA056F
Chrome Cache Entry: 114	ASCII text	E9BF123819AFFFB58D76A3AC2F76EDAD	31C223790B0F69796A90876D0E34A45152FDCEF6	0CA43B2A5253B9298C0D8DDDCD4F7339BCBFDEA5F70BBA91344640FD66B6CA6A
Chrome Cache Entry: 115	Unicode text, UTF-8 text, with very long lines (10509), with no line terminators	24EDEE4A678B8296B37CD740A5BD8B2F	FA95FDB0538398CC2FDA8174181D70E6208521DC	65664B0046C8C3815E49DA3A00843E3B7922C48B60A42E8808B21D17F302445D
Chrome Cache Entry: 116	Unicode text, UTF-8 text, with very long lines (30828), with no line terminators	3011C5DC1B9095F48E82813238C6F29E	C4C280AF0C6B39B1DF10858AC94464598059B4C3	509EA5F4043E25B0B89E3861D1B585036092268D00D882980C63445398D4B526
Chrome Cache Entry: 117	Unicode text, UTF-8 text, with very long lines (4838), with no line terminators	0F42BFA972368D57F112B97695C1E8F0	82CC7D4C86D192BE68492841A08261B077214DEB	959C55A33DAFCC2ECE2B32FBC93C4F516667C46AA1C3ED83782AE78C98876A44
Chrome Cache Entry: 118	troff or preprocessor input, ASCII text, with very long lines (372)	3F05A51A1E5260F4179DB8CA65307A6A	2148B3DDDCA54F413E8BA50AA48B53B400BD99B8	C374EFBA54279628793F04E10EBF5D0C1B4DBC36B3F4132D9235F01D64CA5C8E
Chrome Cache Entry: 119	PNG image data, 308 x 120, 8-bit/color RGBA, non-interlaced	DE8531BB5CB6311E365540E8CEE132DF	A693059E2ACFDD00116C416BAED5A44F991A514E	F6DD06562D16C1AE9DBD19B0C954FCDBE70A06FDC8EB341D415CF6EB26591DCA
Chrome Cache Entry: 120	Unicode text, UTF-8 text, with very long lines (14829), with no line terminators	980BD70C0616A68A9B3999ED160F6EB6	E449CD48D79635CE3420B4F4C3696EFA2F0F31C6	014735A9D87C9EC56B6D26130B79629FF6A004AB926FAFC95FE10424BA03D120
Chrome Cache Entry: 121	ASCII text, with very long lines (65536), with no line terminators	1B1F06688BFBB8673528C177626FE897	E1288F7600C457D3C4BE1A8CB42E92ECE9936990	CFF56061167261D91CF14B044B0BE33535A236DA40CC7F1293E552B7BD13D0A4
Chrome Cache Entry: 122	Unicode text, UTF-8 text, with very long lines (6113), with no line terminators	B336B078040D2597051DC33E6EFDDC22	D85B023436098873BCE47C2FF963A621C810CEE3	45F430983D367678F09F03FA6C4EC3244C67C38D4DFCE13C4E276C7EC74AE534
Chrome Cache Entry: 123	HTML document, ASCII text, with very long lines (6078)	49C919C25491F1B4ADA6C5B31DFD7FFE	BE79C350272A7EC36E0415888DDE297028BED97E	62839581180212340C11586D3C3A57B93AECF10F89D9664228AE09E2219B3FB9
Chrome Cache Entry: 124	ASCII text, with no line terminators	D2E61F6827D8B10F14F87FF8BEE62ED6	3B09457372F998DF935D48F192747B007AA76B24	41B744FADDAD62E6057F29B5A168B01909A22A48AFCB749DCCC094796CDA6988
Chrome Cache Entry: 125	PNG image data, 308 x 120, 8-bit/color RGBA, non-interlaced	DE8531BB5CB6311E365540E8CEE132DF	A693059E2ACFDD00116C416BAED5A44F991A514E	F6DD06562D16C1AE9DBD19B0C954FCDBE70A06FDC8EB341D415CF6EB26591DCA
Chrome Cache Entry: 126	ASCII text	E9BF123819AFFFB58D76A3AC2F76EDAD	31C223790B0F69796A90876D0E34A45152FDCEF6	0CA43B2A5253B9298C0D8DDDCD4F7339BCBFDEA5F70BBA91344640FD66B6CA6A
Chrome Cache Entry: 127	ASCII text, with very long lines (65310)	5E3315496F2B3AC44F04E3A7B82BDD50	04A182B56485B1E568F3477DEBAC90718D819517	B3CBF48317F059019085C1B1E3FC81C1B25C31EB6019C12C5D14C8855E6D59AD
Chrome Cache Entry: 128	ASCII text, with very long lines (65310)	5E3315496F2B3AC44F04E3A7B82BDD50	04A182B56485B1E568F3477DEBAC90718D819517	B3CBF48317F059019085C1B1E3FC81C1B25C31EB6019C12C5D14C8855E6D59AD
Chrome Cache Entry: 129	HTML document, ASCII text, with very long lines (1455)	A8DA88F6108339D352D26AA5D18136C5	A14EEF4747A49E6614B3E6C8702DC310EF400AD0	677C4E3485A7F300DDC2E729E4EA2922B524CA13849C2E2E0EA82EC0210B1966
Chrome Cache Entry: 130	exported SGML document, ASCII text, with very long lines (6598)	2C9BE078A704FCD270C1873C5DE3EEFE	5B94B76B58CEC330424DFCA823409E62523C0B97	F998F2A38636FB230DCF2ED79677465BFAD0F0F1F8AD60ADF4DF663A4A42FA55
Chrome Cache Entry: 131	HTML document, ASCII text, with very long lines (705)	7B4DCBD935D09A368BE6A0EEEDA7E2E4	43A5DB8071C893615357C268E8E71CD54807E412	5B57952971C85ACC68C811AD332B9A2CAB8175784F815C5B4D6112838AD4B5C9
Chrome Cache Entry: 132	HTML document, ASCII text, with very long lines (705)	7B4DCBD935D09A368BE6A0EEEDA7E2E4	43A5DB8071C893615357C268E8E71CD54807E412	5B57952971C85ACC68C811AD332B9A2CAB8175784F815C5B4D6112838AD4B5C9
Chrome Cache Entry: 133	ASCII text	D58F30FFAC767060B52827A51F71AF2F	6C9C800BCFE16FF7A4C81B631D747811981CE22E	46A7155334AB24474F5AA34B9CA50B0DE97988A3961552D845C87E1A47A61A0B
Chrome Cache Entry: 134	Unicode text, UTF-8 text	AB05F838C4DABF2FF308E3589972DDCC	2299D89D1CAB2F864AEB5B8DE7C01089C3EE02F6	7A24726189EC811CBF06E22AAABFFBB801AC7053AB29639DB0BE79D4F1806C1D
Chrome Cache Entry: 135	Unicode text, UTF-8 text, with very long lines (6113), with no line terminators	B336B078040D2597051DC33E6EFDDC22	D85B023436098873BCE47C2FF963A621C810CEE3	45F430983D367678F09F03FA6C4EC3244C67C38D4DFCE13C4E276C7EC74AE534
Chrome Cache Entry: 136	Unicode text, UTF-8 text, with very long lines (9260), with no line terminators	810A40E10BF86F4BD47A2648E8A92EA5	78B62DD50E3FB34A8005AA9F96E31094176D2295	736D7FC9019380865078BF6A839878485A4DE0615892F70BF03F774BF912FA46
Chrome Cache Entry: 137	ASCII text	D58F30FFAC767060B52827A51F71AF2F	6C9C800BCFE16FF7A4C81B631D747811981CE22E	46A7155334AB24474F5AA34B9CA50B0DE97988A3961552D845C87E1A47A61A0B
Chrome Cache Entry: 138	Unicode text, UTF-8 text, with very long lines (12421), with no line terminators	01CA7C0CDF758987E8B88D4FBDDCF27C	2BEF6ECCF1B3C61F010C03F1F579AD186A301E6D	AEFC214BAE8A6500E426B53A770AD80CB05FA6FE689BA0E0A20FDE6180DC3A9C
Chrome Cache Entry: 139	Unicode text, UTF-8 text, with very long lines (6047), with no line terminators	9F74E2798D0C1A85A6D7A6896B5E2664	E2D1D7ECDAE24AB0404F10A74396E7C00F46E8DC	26448ABFF144D0A5F6B0FD015E99B85229995030E9F760E88F137773E0D28CDC
Chrome Cache Entry: 140	HTML document, ASCII text, with very long lines (1455)	A8DA88F6108339D352D26AA5D18136C5	A14EEF4747A49E6614B3E6C8702DC310EF400AD0	677C4E3485A7F300DDC2E729E4EA2922B524CA13849C2E2E0EA82EC0210B1966
Chrome Cache Entry: 141	Unicode text, UTF-8 text, with very long lines (4838), with no line terminators	0F42BFA972368D57F112B97695C1E8F0	82CC7D4C86D192BE68492841A08261B077214DEB	959C55A33DAFCC2ECE2B32FBC93C4F516667C46AA1C3ED83782AE78C98876A44
Chrome Cache Entry: 142	ASCII text, with very long lines (1572)	76246C36F20ABA470361EDB688FAFBAD	3E2FBA1219E7ACF5F6A1A21658CC2A917B67159C	AB1DC4BDCD239CD0D211870064F9481CAEA7191FEBF67AA4301671D64EC6E8D4
Chrome Cache Entry: 143	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0	015C126A3520C9A8F6A27979D0266E96	2ACF956561D44434A6D84204670CF849D3215D5F	3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
Chrome Cache Entry: 144	Unicode text, UTF-8 text, with very long lines (30828), with no line terminators	3011C5DC1B9095F48E82813238C6F29E	C4C280AF0C6B39B1DF10858AC94464598059B4C3	509EA5F4043E25B0B89E3861D1B585036092268D00D882980C63445398D4B526
Chrome Cache Entry: 145	HTML document, ASCII text, with very long lines (6078)	49C919C25491F1B4ADA6C5B31DFD7FFE	BE79C350272A7EC36E0415888DDE297028BED97E	62839581180212340C11586D3C3A57B93AECF10F89D9664228AE09E2219B3FB9
Chrome Cache Entry: 146	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	2F727AF8F782A4C4D05706E3E4AC3CEE	2E5E911BBF48512C8515FC383076748B50B8C864	AB321AEACFB6E961C4D0FE9B61C5C7200BBE0D0FF301AC5161A8A3E11D32539D
Chrome Cache Entry: 147	Unicode text, UTF-8 text, with very long lines (6036), with no line terminators	089BC2F072F8E97870B05848D01EBE79	DBADA24FCCFBCE4C193E3BC6C374072D2276150D	A671A4DC537788601F7A2C5ABCE4B612D4C63C2778C0245F3F5A0CE030846062
Chrome Cache Entry: 148	Unicode text, UTF-8 text, with very long lines (9260), with no line terminators	810A40E10BF86F4BD47A2648E8A92EA5	78B62DD50E3FB34A8005AA9F96E31094176D2295	736D7FC9019380865078BF6A839878485A4DE0615892F70BF03F774BF912FA46
Chrome Cache Entry: 149	Unicode text, UTF-8 text, with very long lines (6036), with no line terminators	089BC2F072F8E97870B05848D01EBE79	DBADA24FCCFBCE4C193E3BC6C374072D2276150D	A671A4DC537788601F7A2C5ABCE4B612D4C63C2778C0245F3F5A0CE030846062
Chrome Cache Entry: 150	ASCII text, with very long lines (65536), with no line terminators	1B1F06688BFBB8673528C177626FE897	E1288F7600C457D3C4BE1A8CB42E92ECE9936990	CFF56061167261D91CF14B044B0BE33535A236DA40CC7F1293E552B7BD13D0A4
Chrome Cache Entry: 151	Unicode text, UTF-8 text, with very long lines (14829), with no line terminators	980BD70C0616A68A9B3999ED160F6EB6	E449CD48D79635CE3420B4F4C3696EFA2F0F31C6	014735A9D87C9EC56B6D26130B79629FF6A004AB926FAFC95FE10424BA03D120
Chrome Cache Entry: 152	Unicode text, UTF-8 text, with very long lines (4840), with no line terminators	B3C2773ADC59068A69AB1A0CFABD07F6	067F4F2F22E701887E50D6465818559DF65CD2F6	D5C34C8ACEAA2678CA7995B83D5197F04AF6F7F8C8E4C39C973F54180322984F
Chrome Cache Entry: 153	Unicode text, UTF-8 text, with very long lines (5583), with no line terminators	AFDAC86597A88D414642BBD3CCA47AFB	14EB5ABF084A0CB2C59A17716A7833D049F06373	6CB52B343D39DEEDE7DD3406912CADA0C33C30AE6731BBE700A503B6207D1D79
Chrome Cache Entry: 154	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	2F727AF8F782A4C4D05706E3E4AC3CEE	2E5E911BBF48512C8515FC383076748B50B8C864	AB321AEACFB6E961C4D0FE9B61C5C7200BBE0D0FF301AC5161A8A3E11D32539D
Chrome Cache Entry: 155	Unicode text, UTF-8 text, with very long lines (10509), with no line terminators	24EDEE4A678B8296B37CD740A5BD8B2F	FA95FDB0538398CC2FDA8174181D70E6208521DC	65664B0046C8C3815E49DA3A00843E3B7922C48B60A42E8808B21D17F302445D
Chrome Cache Entry: 156	Unicode text, UTF-8 text, with very long lines (4861), with no line terminators	80EDF9CD99FDB7178493BEE1FA666B36	54ABE77B13CBE6E1B5F2111894E30B8445987072	A82C54AF99B3BA94F8876D4146E2E9841D949565ADEBCCBF674684977CFA056F
Chrome Cache Entry: 157	ASCII text, with very long lines (7791), with no line terminators	9FD26042A4F3720A30F3F2ED60A50208	FA432C356F04E720B65DFFE34BDF49DC92F794B0	62D936C2CB4E04CCD14F393B3C46C66FF5294CD720BF57EF0156D20C6A3094BE
Chrome Cache Entry: 158	ASCII text, with very long lines (7791), with no line terminators	9FD26042A4F3720A30F3F2ED60A50208	FA432C356F04E720B65DFFE34BDF49DC92F794B0	62D936C2CB4E04CCD14F393B3C46C66FF5294CD720BF57EF0156D20C6A3094BE
Chrome Cache Entry: 159	Unicode text, UTF-8 text	4C5D6667334CBBF164D9F4B0CBB2F45F	AE1EC8886F5108CEC11EAD768B91812EF4AC2626	A1D33188074B02E6B9BE49187407105B4205FEDFFAE6444AFCE0850CE8196AFB
Chrome Cache Entry: 160	Unicode text, UTF-8 text, with very long lines (9993), with no line terminators	CE57F775E9B8B93C0B7ACF14CE55E4DA	2EECA68A929A65E6C23B4306579232F070F83A0B	7EDB256461CD2277C3DAC240A59820133B69D74E0176FDEFAEA63AEEA065612A
Chrome Cache Entry: 161	JSON data	8AF5A74DA0C5F6A2C1C06447E7B3F2C4	44FC82C67522F2235998AEFC30C7D4A48586D547	E61CAED68F0B89CA101E92995F9D4BA066BCD7920389312543D220D2D550A3B4
Chrome Cache Entry: 162	exported SGML document, ASCII text, with very long lines (6598)	2C9BE078A704FCD270C1873C5DE3EEFE	5B94B76B58CEC330424DFCA823409E62523C0B97	F998F2A38636FB230DCF2ED79677465BFAD0F0F1F8AD60ADF4DF663A4A42FA55
Chrome Cache Entry: 163	Unicode text, UTF-8 text, with very long lines (5583), with no line terminators	AFDAC86597A88D414642BBD3CCA47AFB	14EB5ABF084A0CB2C59A17716A7833D049F06373	6CB52B343D39DEEDE7DD3406912CADA0C33C30AE6731BBE700A503B6207D1D79
Chrome Cache Entry: 164	Unicode text, UTF-8 text, with very long lines (65534), with no line terminators	4D1A22494C68B269520EC72EF3757433	014E5BA4D1234023B2B0107EF075041D03DF0065	534E7A6A0CBE0DD38B307481315A21EA29B250C5ADCA39E4A1CB245064E35A9F
Chrome Cache Entry: 165	HTML document, ASCII text, with very long lines (540)	394E7F9C7EA52344510466CD59BF9EF9	950110C9D9A56ED43DEB3C328F302998AADA79D6	8C8F8A5FAF73BA64D49D937862C6F5F841AA1F6B337FF8955E6DC7AF98D295E1
Chrome Cache Entry: 166	ASCII text	D801E9936920D12430A41C6621827EDB	A2AB5AA117B8475F21908751E0EFF6D25D862EED	5A2D85276F3BB00A21502841E1591699056969A7066B92A9ECEDF9820872DBF3
Chrome Cache Entry: 167	Unicode text, UTF-8 text, with very long lines (12421), with no line terminators	01CA7C0CDF758987E8B88D4FBDDCF27C	2BEF6ECCF1B3C61F010C03F1F579AD186A301E6D	AEFC214BAE8A6500E426B53A770AD80CB05FA6FE689BA0E0A20FDE6180DC3A9C

HTML body contains low number of good links

HTTP Parser: Number of links: 0

Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="author".. found
Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="author".. found
Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="author".. found
Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="author".. found

Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="copyright".. found
Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="copyright".. found
Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="copyright".. found
Source: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA#/login?message=eNpNj1FLwzAURv9Lnhdt0jRNh4hzFhS2sTHGQISQNnczW9PMJh0y8b-bTUWf78c5534gD3XfgdFoiPpyspvuFu91WQk6GY2dyJO1LR8eFbxcv_HOPIkTPy2N58vnXpTzer7a3JdryFQ6nRV0QdAAWfBebaFxbt8fgttDi4Zt3zQDFGyYOQ3RkyQ0LlUdzPFbPF4tR0U2YoxIxrgQTOSEy94H6CwhMu7lTVWJDDThuKqpwkxRgQsNCeZpURWpUpQU-jZiWw9Bw-bM5QUfoCN03rhYQS4JU9e3l19_4OeQrn79LdnKGkM0J0RmuTzqLMcklf_6aEIZSeKZ_gXiGIgzmjOe8pznEQlWmSbivLKqU8FY6-8OzrShcVZdge7R5xcUdXRf	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.18:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.18:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.177:443 -> 192.168.2.18:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.18:49784 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136

Source: global traffic	HTTP traffic detected: GET /s/sMiVC687o9CPGJB2XupfJF5g12L HTTP/1.1Host: protect-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdA HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/entypo/font/entypo.css HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/font-awesome/css/font-awesome.css HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/mimecast-icons/css/mimecast-icons.css HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /libs/galindo.js HTTP/1.1Host: static.srcspot.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure-portal.login-us.mimecast.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /libs/galindo.js HTTP/1.1Host: static.srcspot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/cache.4d1a22494c68b269520ec72ef3757433.login-lib.js HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/cache.1b1f06688bfbb8673528c177626fe897.login.js HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/cache.1b1f06688bfbb8673528c177626fe897.login.js HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /agent/static/0600cd7b-e6b2-4ba9-4249-ab1342c3631b/pendo.js HTTP/1.1Host: cdn.pendo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure-portal.login-us.mimecast.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/cache.4d1a22494c68b269520ec72ef3757433.login-lib.js HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/assets/languages/en.json?ver=1.12.0 HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/app-version.jsp HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/images/mimecast-logo.png HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/app-version.jsp HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/images/mimecast-logo.png HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/login/assets/languages/en.json?ver=1.12.0 HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /agent/static/0600cd7b-e6b2-4ba9-4249-ab1342c3631b/pendo.js HTTP/1.1Host: cdn.pendo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/ptm.gif/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?v=2.252.0_prod&ct=1730134096240&jzb=eJztlVmPo8gShf8LI82Tl2QzUFKp5Y0qYxuzemE0QizJYlYnCTa06r93ump6dJ_6dXSlfsuME3EIwfnEX98p3NeQeqEKiD1qRPmoujcQuTgtSJUWWECzHJBmDEuPqC5tUlwhNw3JgKut1dXBtdyq9heSbUbVHhCDFuVETDCum5fptIFBi-C4rhD28klexWk5bptJQdwDr8GToCqm7fSzPv0WY-_1a-BPnJWv7CRL5V45VrTcMuwwqH4r4EhmnVRc3KphqaEkQFeeyfYwHbRV5m60aqvuH2ayuq1jia9vkcJeZbyO4O4uh8IYBOogHdtH4YdWNNvkXVHvmlU6QI-LAiXbx7R4ul1RL-AenNG7wk9isND5CFrBxskX4LE2aWMZzv_4WvhbAZvGi-ErVGv1Ssu7-zC3jU7alUmIwdVQEy4Z5MRkGuv9Td-YuloGw0nS9koCetEf-5Z9igQx4HmWi1fsOYpDuUq1um_qrpVbiT7p2eztwoS9cqB3hghl_xF07vtB22SW1jMqL3blubYGiASPVULUy_qsNI5AD-fzU7SAvic_fCxGMcarlHMwO-gr-a2_HHTWyHod7HI7HDTZ12QOG8BmLtVj80Cxbh3MdS9x77PlPdm3Qm4dT8pqZSXt9lbfs4cR6426hE5tG6farnV7fHXS011a3Mf-ntftqFqqgEXJRTc5xZYgm9OSyx2gjkpB2oXl9i3bAwUYRWsNt90-yPLInXnrjWPCrePG5_RtEw_F9QDFeijXen4qTD_tdtubLcqX2Vg8DMhMgqMTxlAw-Edgh2cjIsmrUVU31Mv3nzF9Hn-V1Nwr45Z8P9IBS9c2qY8R5QVB1ZaYjJJL7SFY4vn_lkIPP_sZcUqDKQMYjvh0EDVpVT7LE4ZnJsAlm4RPty8Dy_M3ZI2yzfMRhb8uVNR120U5q-hbq3Y2dohPhLwCforAdM64n7O9wb9fYcgTsSFZIw_5lE1V3UbZJb5fs_WSvx8-5VsLy4DsBgjDPYbkRUiC9DH6l--88sJf8s3-5vs33_8XfD-j_DPAgBHFCf8fsUZ-if-wJs7Yj79_AJk_coE HTTP/1.1Host: app.pendo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure-portal.login-us.mimecast.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/guide.js/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?id=12&jzb=eJx9kluvqkgQhf8Lk5yno3JV2MnOiYooCEhzEfWFcGkucrVpFHqy__txz0km8zRvVV-tVdVJr7-pZ9EXuEVqQn1QgbUz5VPgBm0XbSTPSVuDpn5SA6rewxzjrv9YLHoYDwjOuhbhsJpXbVY0s6Gf10UN47DH87itF8PiH774leHw84_hBy6bT25eFsqknVtGGViOEDMaVjhVuFshbh4t2Vooj9FdYEsDFsSSy0C12qNpjE4uP3aZJHSPVOPuCt6lUH8pyWpGxyaRzsNYR4mbLtXqWXd6LxcEhnwaa6WRMaL_uKNphSf6gg6aMM_oDRBS6MbqrdrQ485h7G2y_uvPg3_VsO_DDH5CszPvjKK_yNqzn5Le5Amm77aZ8zlRcoft3cMeqA4wm5j4kmVoOT2J0SxyPT9dibEgcHwmc5c0S5S2sLqp756DMkiMD8rl_somk3ZidFuESjTGz-BwstTStSbWFMRnc-lcAtEq5LQETQpYNvaZBsl67acbGIXKGGExzTCWC_6GOQJkZT9dT4CzywnQeuUlxFIiS-GxTXvstR3VEWXAPTm7SeIPy-0rN4ZV5Z59TZbdfDg-ulc52hnozS28dZ7td14HvNn9VvgvafOaRYYAvLTdmjSH8itweM2TIFcxUsCfIEDNStKT5rgvDVqj7XpwyUM34rJKg2W4U28OPN6C7FLs1YzU9xMUO9LsQOXXTlQ89ePDE5XrciaeCHLy-HxLMriyhTH2koudvpNXQxwmIQ6pj3-D-l0W_xPWKmyy4f2FbwVsAs-hvn5SYRy3Q4Pf1nfThQg2eP1f9D7xrWfFBUMvWJrl33ueEPVF23zjOSuwczroUJtQX1-_ARPgFLk&v=2.252.0_prod&ct=1730134096242 HTTP/1.1Host: app.pendo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secure-portal.login-us.mimecast.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/guide.gif/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1730134096243&v=2.252.0_prod HTTP/1.1Host: app.pendo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure-portal.login-us.mimecast.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/images/ccm_flavicon.ico HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secure-portal.login-us.mimecast.com/u/login/?gta=secure&tkn=3.kiFyJVo1Fu23zzNbu7tfF3Zi8BqozCPrhcrj52kMeizPDk_IPoKNMxShDqEg95pqfJ3jFtEfeLwFd7-0cNz9VuxmbdTf6IlvmpLsDizea4fcJkMg18Wqjry7ty0XrHJ5.g0BQ5feTcIZlB0xES1RCdAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/guide.gif/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1730134096243&v=2.252.0_prod HTTP/1.1Host: app.pendo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/ptm.gif/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?v=2.252.0_prod&ct=1730134096240&jzb=eJztlVmPo8gShf8LI82Tl2QzUFKp5Y0qYxuzemE0QizJYlYnCTa06r93ump6dJ_6dXSlfsuME3EIwfnEX98p3NeQeqEKiD1qRPmoujcQuTgtSJUWWECzHJBmDEuPqC5tUlwhNw3JgKut1dXBtdyq9heSbUbVHhCDFuVETDCum5fptIFBi-C4rhD28klexWk5bptJQdwDr8GToCqm7fSzPv0WY-_1a-BPnJWv7CRL5V45VrTcMuwwqH4r4EhmnVRc3KphqaEkQFeeyfYwHbRV5m60aqvuH2ayuq1jia9vkcJeZbyO4O4uh8IYBOogHdtH4YdWNNvkXVHvmlU6QI-LAiXbx7R4ul1RL-AenNG7wk9isND5CFrBxskX4LE2aWMZzv_4WvhbAZvGi-ErVGv1Ssu7-zC3jU7alUmIwdVQEy4Z5MRkGuv9Td-YuloGw0nS9koCetEf-5Z9igQx4HmWi1fsOYpDuUq1um_qrpVbiT7p2eztwoS9cqB3hghl_xF07vtB22SW1jMqL3blubYGiASPVULUy_qsNI5AD-fzU7SAvic_fCxGMcarlHMwO-gr-a2_HHTWyHod7HI7HDTZ12QOG8BmLtVj80Cxbh3MdS9x77PlPdm3Qm4dT8pqZSXt9lbfs4cR6426hE5tG6farnV7fHXS011a3Mf-ntftqFqqgEXJRTc5xZYgm9OSyx2gjkpB2oXl9i3bAwUYRWsNt90-yPLInXnrjWPCrePG5_RtEw_F9QDFeijXen4qTD_tdtubLcqX2Vg8DMhMgqMTxlAw-Edgh2cjIsmrUVU31Mv3nzF9Hn-V1Nwr45Z8P9IBS9c2qY8R5QVB1ZaYjJJL7SFY4vn_lkIPP_sZcUqDKQMYjvh0EDVpVT7LE4ZnJsAlm4RPty8Dy_M3ZI2yzfMRhb8uVNR120U5q-hbq3Y2dohPhLwCforAdM64n7O9wb9fYcgTsSFZIw_5lE1V3UbZJb5fs_WSvx8-5VsLy4DsBgjDPYbkRUiC9DH6l--88sJf8s3-5vs33_8XfD-j_DPAgBHFCf8fsUZ-if-wJs7Yj79_AJk_coE HTTP/1.1Host: app.pendo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /data/guide.js/0600cd7b-e6b2-4ba9-4249-ab1342c3631b?id=12&jzb=eJx9kluvqkgQhf8Lk5yno3JV2MnOiYooCEhzEfWFcGkucrVpFHqy__txz0km8zRvVV-tVdVJr7-pZ9EXuEVqQn1QgbUz5VPgBm0XbSTPSVuDpn5SA6rewxzjrv9YLHoYDwjOuhbhsJpXbVY0s6Gf10UN47DH87itF8PiH774leHw84_hBy6bT25eFsqknVtGGViOEDMaVjhVuFshbh4t2Vooj9FdYEsDFsSSy0C12qNpjE4uP3aZJHSPVOPuCt6lUH8pyWpGxyaRzsNYR4mbLtXqWXd6LxcEhnwaa6WRMaL_uKNphSf6gg6aMM_oDRBS6MbqrdrQ485h7G2y_uvPg3_VsO_DDH5CszPvjKK_yNqzn5Le5Amm77aZ8zlRcoft3cMeqA4wm5j4kmVoOT2J0SxyPT9dibEgcHwmc5c0S5S2sLqp756DMkiMD8rl_somk3ZidFuESjTGz-BwstTStSbWFMRnc-lcAtEq5LQETQpYNvaZBsl67acbGIXKGGExzTCWC_6GOQJkZT9dT4CzywnQeuUlxFIiS-GxTXvstR3VEWXAPTm7SeIPy-0rN4ZV5Z59TZbdfDg-ulc52hnozS28dZ7td14HvNn9VvgvafOaRYYAvLTdmjSH8itweM2TIFcxUsCfIEDNStKT5rgvDVqj7XpwyUM34rJKg2W4U28OPN6C7FLs1YzU9xMUO9LsQOXXTlQ89ePDE5XrciaeCHLy-HxLMriyhTH2koudvpNXQxwmIQ6pj3-D-l0W_xPWKmyy4f2FbwVsAs-hvn5SYRy3Q4Pf1nfThQg2eP1f9D7xrWfFBUMvWJrl33ueEPVF23zjOSuwczroUJtQX1-_ARPgFLk&v=2.252.0_prod&ct=1730134096242 HTTP/1.1Host: app.pendo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /u/assets/images/ccm_flavicon.ico HTTP/1.1Host: secure-portal.login-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=625blHBBocdSL7D&MD=5nDxeLNw HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A410900B03DX-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAQFNb5VyJSLhm3Tvu356Ps0ZCU%2BvIUDxXxYTv/R5hoE62bggRuycH9ZTMtSc8RhAAmBnskeYoen%2Bs4pNxi8fLp4y/2q/0KXSLl9YDW6ug9fFt9A3j8kh/GAPZi%2BM6rOZ5KX4mzlJsLik375/ZNsjvx0bf1RebnGT/RV1mQ1TAXWUB0qRTSNr5Hq7pyNtqTSAg50SGEgR2epO/aiQylxRxzrIErPeANz9ZXgWmH6%2B/NKvkdFfPw3KrnkAR8qUNs7BpQuJyuDPy3pENAjWoIJBhgEkx%2BDCpD6Kx2X4flhxq3s7n1mp%2BjACAGL0ZeSyowrZeH4clSbeOo7/6f2tF8U3bXMQZgAAEIfbxNIJIN85iiV1GQrbOdOwAQJnzaYVM3zF9SUYdyBaCLg%2Bv4YJm1F56tgjzqy99XxEgY2jvcRJ18lIzoSNcrMGrylsSMIzmQxxZSjgrJcPd2sHg0VFdkxSf70bcnIxfrGtRh9rcAUP%2BJd5cSEQD8Nm8h%2BI2gbahvkYhn/m8U/BB3V54LUHbAKqJ2ZyNlzhYJoE0574a0FvJTojSIJCZKRcQzJ6sncs47fKivPrqav5yE6ymc93BbKzG648QlDbjHdVAGdRG9Jr/8CeovGDFLSc/bL9w6njwYokQpCbwPiZUgNCz4Akk0rNu2%2BqnaXVrCI4eEUZNIj3i0I0%2B9phCVqXwm4JJMN31V0ECPo/%2BmAySA6IZiQ5xG8NtfrM28kryelbbbPN2iOeRnVGtxKA0gIN/Iyx8sM2kJ0jOmNNs0HKq/4KHSY1vqRZ9WTuOVovZ0aSwqvR%2BLMCWNAvJwJr%2BlOTqpiqFoOl%2BBhgW87ijc6erHUBpigihj%2BeJRpQKfsY2n3YRsct0YbdDYjPf5EojF5nEbl709Q1FqINLxQcrzTUgg6%2BEDIPsUBZD1Cj4ZIo0j7Av/GgwKNrCCzuSafJrtWoFNoB%26p%3DX-Agent-DeviceId: 01000A410900B03DX-BM-CBT: 1730134124User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 31D016147A4547BE8D2E1D11755C8674X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=B4BB39E5F80E411D94C438C0FA7ACF94&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; ANON=A=680C1B1A649CBD64DD40EBFCFFFFFFFF; MUID=BC76BB0020D345C1A049A4820CB4C03C; MUIDB=BC76BB0020D345C1A049A4820CB4C03C
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=625blHBBocdSL7D&MD=5nDxeLNw HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: protect-us.mimecast.com
Source: global traffic	DNS traffic detected: DNS query: secure-portal.login-us.mimecast.com
Source: global traffic	DNS traffic detected: DNS query: static.srcspot.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.pendo.io
Source: global traffic	DNS traffic detected: DNS query: app.pendo.io

Source: unknown

Source: chromecache_165.1.dr	String found in binary or memory: http://daneden.me/animate
Source: chromecache_118.1.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_118.1.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_165.1.dr	String found in binary or memory: http://janstevens.github.io/angular-growl-2
Source: chromecache_165.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_165.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_165.1.dr	String found in binary or memory: http://www.mimecast.com/
Source: chromecache_165.1.dr	String found in binary or memory: http://www.mimecast.com/Customers/Support/Contact-support/
Source: chromecache_165.1.dr	String found in binary or memory: http://www.opensource.org/licenses/MIT
Source: chromecache_127.1.dr, chromecache_128.1.dr	String found in binary or memory: https://agent.pendo.io/licenses
Source: chromecache_127.1.dr, chromecache_128.1.dr	String found in binary or memory: https://api.feedback.us.pendo.io
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://app.dmarcanalyzer.com/register?utm_medium=pendo&utm_source=adcon&utm_campaign=7013l000001JNB
Source: chromecache_165.1.dr	String found in binary or memory: https://cdn.pendo.io/agent/static/
Source: chromecache_165.1.dr	String found in binary or memory: https://community.mimecast.com/community/knowledge-base/secure-messaging
Source: chromecache_165.1.dr	String found in binary or memory: https://community.mimecast.com/docs/DOC-1183
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/cybergraph-cybergraph-1-0-configuration-settings
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/cybergraph-cybergraph-2-0-configuration-settings
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/email-security-cloud-gateway-configuring-url-protection
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/email-security-cloud-gateway-continuity-guides
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/email-security-cloud-gateway-secure-messaging-getting-start
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/email-security-cloud-gateway-targeted-threat-protection-int
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/email-security-cloud-gateway-ttp-attachment-protect-configu
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/email-security-cloud-gateway-ttp-impersonation-protection-g
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/article/end-user-applications-large-file-send-getting-started
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://community.mimecast.com/s/education-free-courses?utm_medium=pendo&utm_source=adcon&utm_campai
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-api-and-integrations
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-awareness-training
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-brand-exploit-protect
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-case-review-application
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-dmarc-analyzer
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-email-security-cg
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-supervision
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-sync-and-recover
Source: chromecache_162.1.dr, chromecache_130.1.dr	String found in binary or memory: https://community.mimecast.com/s/knowledge-hub-web-security
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://community.mimecast.com/s/mimecast-education?utm_medium=pendo&utm_source=adcon&utm_campaign=7
Source: chromecache_127.1.dr, chromecache_128.1.dr	String found in binary or memory: https://feedback.us.pendo.io
Source: chromecache_165.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_142.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_165.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_165.1.dr	String found in binary or memory: https://github.com/dbtek/angular-aside
Source: chromecache_165.1.dr	String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: chromecache_165.1.dr	String found in binary or memory: https://github.com/mgcrea/angular-motion
Source: chromecache_165.1.dr	String found in binary or memory: https://github.com/nickpettit/glide
Source: chromecache_165.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://info.mimecast.com/AT-IEP-Demo.html?utm_medium=pendo&utm_source=adcon&utm_campaign=7013l00000
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://info.mimecast.com/Continuity-and-Recovery-Demo-.html?utm_medium=pendo&utm_source=adcon&utm_c
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://info.mimecast.com/Safe_Phish_Demo.html?utm_medium=pendo&utm_source=adcon&utm_campaign=7013l0
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://info.mimecast.com/SolutionFrameworkRequest?utm_medium=pendo&utm_source=adcon&utm_campaign=70
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://info.mimecast.com/Web-Security-Service.html?utm_medium=pendo&utm_source=adcon&utm_campaign=7
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://info.mimecast.com/security-awareness-remote-resources.html?utm_medium=pendo&utm_source=adcon
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://login-alpha.mimecast.com/administration/app/#/l/accountassessment
Source: chromecache_127.1.dr, chromecache_128.1.dr	String found in binary or memory: https://pendo-io-static.storage.googleapis.com/agent/static/0600cd7b-e6b2-4ba9-4249-ab1342c3631b/pen
Source: chromecache_127.1.dr, chromecache_128.1.dr	String found in binary or memory: https://pendo-static-5707797427912704.storage.googleapis.com
Source: chromecache_132.1.dr	String found in binary or memory: https://play.vidyard.com/LE2oaRu3qApZkgaw4JjwZM.jpg
Source: chromecache_132.1.dr	String found in binary or memory: https://play.vidyard.com/embed/v4.js
Source: chromecache_165.1.dr	String found in binary or memory: https://static.srcspot.com/libs/galindo.js
Source: chromecache_165.1.dr	String found in binary or memory: https://summernote.org
Source: chromecache_165.1.dr	String found in binary or memory: https://us-api.mimecast.com
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://www.mimecast.com/coronavirus/?utm_medium=pendo&utm_source=adcon&utm_campaign=7013l000001JNBI
Source: chromecache_145.1.dr, chromecache_123.1.dr	String found in binary or memory: https://www.mimecast.com/state-of-email-security/download-hub/?utm_medium=pendo&utm_source=adcon&utm

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.18:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.18:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.177:443 -> 192.168.2.18:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.18:49784 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@17/107@20/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1932,i,16414200054814140303,7306942213891831198,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://protect-us.mimecast.com/s/sMiVC687o9CPGJB2XupfJF5g12L"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1932,i,16414200054814140303,7306942213891831198,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1544003
Product:	CloudBasic
Start time:	17:47:32
Start date:	28.10.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://protect-us.mimecast.com/s/sMiVC687o9CPGJB2XupfJF5g12L

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://protect-us.mimecast.com/s/sMiVC687o9CPGJB2XupfJF5g12L

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://protect-us.mimecast.com/s/sMiVC687o9CPGJB2XupfJF5g12L