Windows Analysis Report
https://ex.encryptedmessage.net/login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US

Overview

General Information

Sample URL:	https://ex.encryptedmessage.net/login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US
Analysis ID:	1655137
Infos:

Detection

Score:	2
Range:	0 - 100
Confidence:	100%

Signatures

Creates files inside the system directory

Deletes files inside the Windows folder

HTML body contains low number of good links

HTML title does not match URL

Classification

Signatures

HTML body contains low number of good links

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16	HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: <input type="password" .../> found

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873

HTTP Parser: No favicon

Source: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16	HTTP Parser: No <meta name="author".. found

Source: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 15.156.131.241:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.156.131.241:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.157.43.57:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.157.43.57:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.152.7:443 -> 192.168.2.16:49786 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 8MB later: 40MB

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16 HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: AWSALB=CNoxH6YxQLXAEbD35/Ty+F6WgSk/G1JcR1omCNHRkybrgqAmIeUwXMXdRYuH/wZkISr4V0/LlFNjtp27XH4c4kdvSx2usY+9np/OUMDDn5wyYQg+RGAj6dw9YQr8; AWSALBCORS=CNoxH6YxQLXAEbD35/Ty+F6WgSk/G1JcR1omCNHRkybrgqAmIeUwXMXdRYuH/wZkISr4V0/LlFNjtp27XH4c4kdvSx2usY+9np/OUMDDn5wyYQg+RGAj6dw9YQr8; JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D
Source: global traffic	HTTP traffic detected: GET /lib/bootstrap/5.3.1/css/bootstrap.min-896192cc65e20f1fcc6d792b5b9a4626.css HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /css/emx.bundle-3975cbf626d6d7960ebca176ffe9840f.css HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/bootstrap-datepicker/1.10.0/css/bootstrap-datepicker3.min-c728c2322fd538c74766c0dcbac43b83.css HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/font-awesome/6.4.2/css/all.min-5222e06b77a1692fa2520a219840e6be.css HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /branding/shwetagujaran/en_US/custom-e254c0cef93ed2c3806b68efc4138e61.css HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /branding/shwetagujaran/en_US/enterprise.bundle-7ab156563ef53e8490cfe6acda805b47.css HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/jquery/3.7.1/jquery.min-2c872dbe60f4ba70fb85356113d8b35e.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/popperjs__core/2.11.8/dist/umd/popper.min-31032b08bd8e72220462d3f54f8bd69a.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/bootstrap/5.3.1/js/bootstrap.bundle.min-e2b09c06f0e714b6144a6788a28e3950.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/bootstrap-datepicker/1.10.0/js/bootstrap-datepicker.min-a96aac4929372486ac749f94ba3c3175.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/js-cookie/3.0.5/dist/js.cookie.min-ae11f74bdaae51ba13385aa097723268.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /js/emx.bundle.min-86fc922d2fb394a37c85eaa4e56f60ed.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /js/emx.runner-0a18ee1303a0f6769b4a8d1f67a6e87e.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /branding/shwetagujaran/en_US/images/web_logo-32675a1fb88c5b6ff52b6d61e0f5256e.gif HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=pz/pXAYooz/8tY1cyz0hVup7aCWcZs7IzQBI2QIDwc1sIFvLwBqLqnS3Kv2zt3uC/P9AeepQRRBogbzLV3uwFZA7RVYctOG+VMqhWBrM1jaPmiQOE/poXm9jSQuB; AWSALBCORS=pz/pXAYooz/8tY1cyz0hVup7aCWcZs7IzQBI2QIDwc1sIFvLwBqLqnS3Kv2zt3uC/P9AeepQRRBogbzLV3uwFZA7RVYctOG+VMqhWBrM1jaPmiQOE/poXm9jSQuB
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-google-1b6f146547a097e6fc3d8179b333939a.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=BpYmgeZx9+cujWT5XsU9wNU4roJGq87OJLzu8czfvKBG2teMFwzYM+sUJeBftXm/JI7gA4qA/iNlA3rx5H1G6PsQIB3IxdCvhvVdSVbFL9fzIAdzT/1BQ4yaDDdN; AWSALBCORS=BpYmgeZx9+cujWT5XsU9wNU4roJGq87OJLzu8czfvKBG2teMFwzYM+sUJeBftXm/JI7gA4qA/iNlA3rx5H1G6PsQIB3IxdCvhvVdSVbFL9fzIAdzT/1BQ4yaDDdN
Source: global traffic	HTTP traffic detected: GET /lib/font-awesome/6.4.2/webfonts/fa-solid-900-d5e647388e2415268b700d3df2e30a0d.woff2 HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveOrigin: https://ex.encryptedmessage.netsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ex.encryptedmessage.net/lib/font-awesome/6.4.2/css/all.min-5222e06b77a1692fa2520a219840e6be.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-office365-5dc02a97b60bf560437a756de1eb962e.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-live-0c29638c7558632a1a5f053d344405ba.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-linkedin-82739d35031efd67455dd9ab7cf2b73b.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-facebook-b18683abb49575e19fb83021573ee32c.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-salesforce-775689b0bcda294bcd144887793cf544.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /branding/shwetagujaran/en_US/images/web_logo-32675a1fb88c5b6ff52b6d61e0f5256e.gif HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-google-1b6f146547a097e6fc3d8179b333939a.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=XNjoJKHV75XFegscWkM0KZHZfinBNx7MDAo/rYvRK+10p6FymelHiQRwzUvpjCWybtkQOo+IdR5H/4mX9LYkLe2B4RbHiJI2SNADFOG8/4ROMg9gvg4++d1l7oIO; AWSALBCORS=XNjoJKHV75XFegscWkM0KZHZfinBNx7MDAo/rYvRK+10p6FymelHiQRwzUvpjCWybtkQOo+IdR5H/4mX9LYkLe2B4RbHiJI2SNADFOG8/4ROMg9gvg4++d1l7oIO
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-office365-5dc02a97b60bf560437a756de1eb962e.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=f/ms6+63zZRHrjOpY4SVyz1f3btskE6lqBVNiQHhhC8HaJd+jHN0OPCxI2VK6ROtiGgouaJRiZTYFpnqSW0ssPHNmO8bfksYeNJA/tXt5SYOU8lXyk7lp/DlRAyO; AWSALBCORS=f/ms6+63zZRHrjOpY4SVyz1f3btskE6lqBVNiQHhhC8HaJd+jHN0OPCxI2VK6ROtiGgouaJRiZTYFpnqSW0ssPHNmO8bfksYeNJA/tXt5SYOU8lXyk7lp/DlRAyO
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-live-0c29638c7558632a1a5f053d344405ba.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=LEQoTNejnWSRZJ4ZFGC6SCzJVDVENBEyyyZGWscH6Jr3tfZEg7VLL4/rzf3zxvA3iIEbUuaIhyXH0ppgn9FKTrRpeSHppIC2pHN8Sa4YDNAcjYtsHmSHnN+xPmD/; AWSALBCORS=LEQoTNejnWSRZJ4ZFGC6SCzJVDVENBEyyyZGWscH6Jr3tfZEg7VLL4/rzf3zxvA3iIEbUuaIhyXH0ppgn9FKTrRpeSHppIC2pHN8Sa4YDNAcjYtsHmSHnN+xPmD/
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-linkedin-82739d35031efd67455dd9ab7cf2b73b.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=LEQoTNejnWSRZJ4ZFGC6SCzJVDVENBEyyyZGWscH6Jr3tfZEg7VLL4/rzf3zxvA3iIEbUuaIhyXH0ppgn9FKTrRpeSHppIC2pHN8Sa4YDNAcjYtsHmSHnN+xPmD/; AWSALBCORS=LEQoTNejnWSRZJ4ZFGC6SCzJVDVENBEyyyZGWscH6Jr3tfZEg7VLL4/rzf3zxvA3iIEbUuaIhyXH0ppgn9FKTrRpeSHppIC2pHN8Sa4YDNAcjYtsHmSHnN+xPmD/
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-facebook-b18683abb49575e19fb83021573ee32c.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=LEQoTNejnWSRZJ4ZFGC6SCzJVDVENBEyyyZGWscH6Jr3tfZEg7VLL4/rzf3zxvA3iIEbUuaIhyXH0ppgn9FKTrRpeSHppIC2pHN8Sa4YDNAcjYtsHmSHnN+xPmD/; AWSALBCORS=LEQoTNejnWSRZJ4ZFGC6SCzJVDVENBEyyyZGWscH6Jr3tfZEg7VLL4/rzf3zxvA3iIEbUuaIhyXH0ppgn9FKTrRpeSHppIC2pHN8Sa4YDNAcjYtsHmSHnN+xPmD/
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-salesforce-775689b0bcda294bcd144887793cf544.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=emgOoacTYTa4LUukVoBzZPG70Zu4c5ahsFj+gsYFKaA1uZDVl9C6zQ0zJ0lsxBGHC/J3MQBU25Aq98ypEmDnBqGIHIjEkLQJ/DV/CA3RXnzbXf8pgcWDHHltnbF8; AWSALBCORS=emgOoacTYTa4LUukVoBzZPG70Zu4c5ahsFj+gsYFKaA1uZDVl9C6zQ0zJ0lsxBGHC/J3MQBU25Aq98ypEmDnBqGIHIjEkLQJ/DV/CA3RXnzbXf8pgcWDHHltnbF8
Source: global traffic	HTTP traffic detected: GET /branding/shwetagujaran/en_US/images/favicon-e283b6aeaa78ba7398d2c211675c4907.ico HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=0F3bwl4TTW5AgOTCk6N+/XjnJ54+Z7kUf5H2axvCSN3OelVq2V9qCR+VQQK1NEMrbUZWB++VvoXxQ+IOh7j7iYByzl4Y8ZHXnulCYI04a0D5aou5hZ8FKSDWuez7; AWSALBCORS=0F3bwl4TTW5AgOTCk6N+/XjnJ54+Z7kUf5H2axvCSN3OelVq2V9qCR+VQQK1NEMrbUZWB++VvoXxQ+IOh7j7iYByzl4Y8ZHXnulCYI04a0D5aou5hZ8FKSDWuez7
Source: global traffic	HTTP traffic detected: GET /branding/shwetagujaran/en_US/images/favicon-e283b6aeaa78ba7398d2c211675c4907.ico HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=Rtz9ypEgSgHwYLX7Hc9gcks9B8vAp8kH80VeLjR5WxzB3bRaNY70dcp19zRfoHkeklSF77XSecmIkUEkub4O2MJe4oSudodKFIWSV7n44KWk6KWV+DhzGPw3lMrx; AWSALBCORS=Rtz9ypEgSgHwYLX7Hc9gcks9B8vAp8kH80VeLjR5WxzB3bRaNY70dcp19zRfoHkeklSF77XSecmIkUEkub4O2MJe4oSudodKFIWSV7n44KWk6KWV+DhzGPw3lMrx
Source: global traffic	HTTP traffic detected: GET /oauth/redirect?oauth_app_id=3 HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=e+VI1nHulSpxtRQGAlbrS7rAzhx8UA6EK45B3Br1xLKoB4KxuK8Bm58eyCI5aYG1Y30rnIFfMRzM0ZchBHExFJecPqCcM9tBw9zH6QPqAWZ1k645hpMWiM+Qg8iV; AWSALBCORS=e+VI1nHulSpxtRQGAlbrS7rAzhx8UA6EK45B3Br1xLKoB4KxuK8Bm58eyCI5aYG1Y30rnIFfMRzM0ZchBHExFJecPqCcM9tBw9zH6QPqAWZ1k645hpMWiM+Qg8iV
Source: global traffic	HTTP traffic detected: GET /registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16 HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=z+qImHQVpGhWj8TkFS7zk/ZaLyOqn0Z2mXiN5uHobJjpRIDBVQahQyoyPGxQklXxZrUaVEwSdiL6NeeRY64Xx+/4+9cZ7UL//ToXSt8iPtGl7Yq1AComzUr5ovG3; AWSALBCORS=z+qImHQVpGhWj8TkFS7zk/ZaLyOqn0Z2mXiN5uHobJjpRIDBVQahQyoyPGxQklXxZrUaVEwSdiL6NeeRY64Xx+/4+9cZ7UL//ToXSt8iPtGl7Yq1AComzUr5ovG3

Source: global traffic	DNS traffic detected: DNS query: ex.encryptedmessage.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net

Source: unknown

HTTP traffic detected: POST /api/report?catId=GW+estsfd+bno HTTP/1.1Host: identity.nel.measure.office.netConnection: keep-aliveContent-Length: 677Content-Type: application/reports+jsonOrigin: https://login.microsoftonline.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 15.156.131.241:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.156.131.241:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.157.43.57:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.157.43.57:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.152.7:443 -> 192.168.2.16:49786 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6944_1262731591

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6944_1262731591

Source: classification engine

Classification label: clean2.win@25/39@16/194

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2076,i,15795881246440324585,6213408208904075405,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ex.encryptedmessage.net/login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2076,i,15795881246440324585,6213408208904075405,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
15.157.43.57	unknown	United States	71	HP-INTERNET-ASUS	false
64.233.180.84	unknown	United States	15169	GOOGLEUS	false
142.250.72.106	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
13.107.246.40	s-part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.165.138	unknown	United States	15169	GOOGLEUS	false
142.250.65.174	unknown	United States	15169	GOOGLEUS	false
40.126.24.148	www.tm.a.prd.aadg.trafficmanager.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.223.209.79	unknown	United States	16625	AKAMAI-ASUS	false
15.156.131.241	echoworx-can-1157909266.ca-central-1.elb.amazonaws.com	United States	71	HP-INTERNET-ASUS	false
23.204.152.7	a1894.dscb.akamai.net	United States	20940	AKAMAI-ASN1EU	false
40.126.35.64	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.80.67	unknown	United States	15169	GOOGLEUS	false
142.251.40.164	www.google.com	United States	15169	GOOGLEUS	false
142.251.40.142	unknown	United States	15169	GOOGLEUS	false
20.42.65.89	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.65.238	unknown	United States	15169	GOOGLEUS	false
52.168.117.169	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.41.3	unknown	United States	15169	GOOGLEUS	false
20.190.152.19	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.35.163	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true
echoworx-can-1157909266.ca-central-1.elb.amazonaws.com	15.156.131.241	true
e329293.dscd.akamaiedge.net	104.70.121.41	true
www.google.com	142.251.40.164	true
a1894.dscb.akamai.net	23.204.152.7	true
www.tm.a.prd.aadg.trafficmanager.net	40.126.24.148	true
identity.nel.measure.office.net	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
login.microsoftonline.com	unknown	unknown
ex.encryptedmessage.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ex.encryptedmessage.net/lib/js-cookie/3.0.5/dist/js.cookie.min-ae11f74bdaae51ba13385aa097723268.js	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/lib/font-awesome/6.4.2/css/all.min-5222e06b77a1692fa2520a219840e6be.css	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/lib/font-awesome/6.4.2/webfonts/fa-solid-900-d5e647388e2415268b700d3df2e30a0d.woff2	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/lib/bootstrap/5.3.1/js/bootstrap.bundle.min-e2b09c06f0e714b6144a6788a28e3950.js	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US	false		unknown
https://ex.encryptedmessage.net/oauth/redirect?oauth_app_id=3	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/branding/shwetagujaran/en_US/images/favicon-e283b6aeaa78ba7398d2c211675c4907.ico	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/images/socialnetworks/connectorlogo-linkedin-82739d35031efd67455dd9ab7cf2b73b.png	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16	false		unknown
https://ex.encryptedmessage.net/images/socialnetworks/connectorlogo-office365-5dc02a97b60bf560437a756de1eb962e.png	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/lib/bootstrap/5.3.1/css/bootstrap.min-896192cc65e20f1fcc6d792b5b9a4626.css	false	Avira URL Cloud: safe	unknown
https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno	false		high
https://ex.encryptedmessage.net/images/socialnetworks/connectorlogo-live-0c29638c7558632a1a5f053d344405ba.png	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/js/emx.runner-0a18ee1303a0f6769b4a8d1f67a6e87e.js	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/lib/jquery/3.7.1/jquery.min-2c872dbe60f4ba70fb85356113d8b35e.js	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/branding/shwetagujaran/en_US/custom-e254c0cef93ed2c3806b68efc4138e61.css	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/images/socialnetworks/connectorlogo-salesforce-775689b0bcda294bcd144887793cf544.png	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/branding/shwetagujaran/en_US/enterprise.bundle-7ab156563ef53e8490cfe6acda805b47.css	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/js/emx.bundle.min-86fc922d2fb394a37c85eaa4e56f60ed.js	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/lib/bootstrap-datepicker/1.10.0/js/bootstrap-datepicker.min-a96aac4929372486ac749f94ba3c3175.js	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/branding/shwetagujaran/en_US/images/web_logo-32675a1fb88c5b6ff52b6d61e0f5256e.gif	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/images/socialnetworks/connectorlogo-facebook-b18683abb49575e19fb83021573ee32c.png	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/css/emx.bundle-3975cbf626d6d7960ebca176ffe9840f.css	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/images/socialnetworks/connectorlogo-google-1b6f146547a097e6fc3d8179b333939a.png	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/lib/bootstrap-datepicker/1.10.0/css/bootstrap-datepicker3.min-c728c2322fd538c74766c0dcbac43b83.css	false	Avira URL Cloud: safe	unknown
https://ex.encryptedmessage.net/lib/popperjs__core/2.11.8/dist/umd/popper.min-31032b08bd8e72220462d3f54f8bd69a.js	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 102	ASCII text	0A18EE1303A0F6769B4A8D1F67A6E87E	A8664DD4F77874C93041521AE5C8F3998B381C55	04BA619F722FADF3C60E9D35BF0E4F43C6B701EB6CE7D7B89AA37F3073B7C1D2
Chrome Cache Entry: 103	ASCII text, with very long lines (52276)	BEE86630DE9C2517FA9609659E8EF17C	B17E8AC37245F310F7CF7098B2F49AF45D9D9A90	46499962C5220A50CF2F177F5B811D1E1BD017ECF0CBC28F7C5AA2A5CAEA7DA7
Chrome Cache Entry: 104	ASCII text, with very long lines (20912)	C728C2322FD538C74766C0DCBAC43B83	C4979D10966FCA347C103B9FB11B38F9BCB79F59	6D946B4152B5AD8BF171C5FC5800B25A0B83E816B487887F42CEAF9893F63F0B
Chrome Cache Entry: 106	ASCII text, with very long lines (1700)	AE11F74BDAAE51BA13385AA097723268	D6CD1E79CEE878F761715AD811D29EA06637416E	582CC085DD8FEA044917D1EFDE838E77E845262FD025BBFE0339F808607C81F6
Chrome Cache Entry: 107	PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced	775689B0BCDA294BCD144887793CF544	9CB917BBB455BB0BDEFA2C7E6C1E8F7088DC46D3	A53F2C8DCC479E5A36A71E7FE9ADA135F4276C5C4112825EE5E614E27939672F
Chrome Cache Entry: 108	ASCII text, with very long lines (65356)	3975CBF626D6D7960EBCA176FFE9840F	87EBF992BA7285CD8B36C119FF59F5F6D2833341	5B073BC2EDC1BA0335F8A8AFC3BA3B0F5559E73E3A8222330BFF0B4A2AAD2686
Chrome Cache Entry: 109	MS Windows icon resource - 5 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel	E283B6AEAA78BA7398D2C211675C4907	DCD896D6CA2526E871D38C7BB263A3D122230DC4	10CB44D679D90420F55EA018BBC87379F19A04A8193C39120D9F4F08FC3AF00C
Chrome Cache Entry: 110	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986	81C7B985343C317ADEEA2C28F5C6FF4D	7A04D6215D0B79EEDE6823C4B3621795AD552534	6BDBA6F0D2271DD20E6E6AEA2B459A1A23050EDE1B3BBADE4C913A1716F6E491
Chrome Cache Entry: 111	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 142588	47B6359A09BBEE6AA41B82E06C5A6105	7049BB7A20217A9153F9AED16A0A6B6DF27B1038	EACBD5A1C958B4A2859D1D59FCDF028EDB6DD7567109218A83AA4E263A253A35
Chrome Cache Entry: 113	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 114	ASCII text, with very long lines (65447)	2C872DBE60F4BA70FB85356113D8B35E	EE48592D1FFF952FCF06CE0B666ED4785493AFDC	FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
Chrome Cache Entry: 115	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 117	PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced	B18683ABB49575E19FB83021573EE32C	98D26C40FB382CB7222E6C3A9B12FB5C6FD1FF08	2D7E183D5809E6DFE6466D69F4251E7A8A022C30FCB940D3CDE92BA58893A613
Chrome Cache Entry: 118	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 58644	FCA4A90FD7C2D439B087528EEE0F2782	7FB04ED94A94FF03E532A52B1387DC29DDAF439E	FB8F15112AF581621E2B19B638B43B655703939AA86392F68F7540D38E2A060D
Chrome Cache Entry: 119	PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced	0C29638C7558632A1A5F053D344405BA	28F771A54D875705058EEB5941DA762401C0ACB9	ECC6EC51A0FF2A2C3314E3F98F47C75BEB6CA294E70569CDC457A05FE7028D8D
Chrome Cache Entry: 120	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 121	ASCII text, with no line terminators	8C3BD836F34AA2C0365678B344577366	177C4BDE35209F97BCA21047F4852C2FC7D3A768	4D05917F2ED8C770A6A322039BEA36DFA69EF9AF9F40EAEA835CB42E8E97EA37
Chrome Cache Entry: 122	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 123	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 124	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 125	ASCII text	E254C0CEF93ED2C3806B68EFC4138E61	53F822FE02CF7561FD5A29E2D93B4ED95810AC85	E6E983B55845DDFCD65934A153EC23F7731481CCE9C362E0978051E73105E386
Chrome Cache Entry: 126	ASCII text, with very long lines (31980)	A96AAC4929372486AC749F94BA3C3175	CDFF2C53B8FF6B44EB16E842BD4B86541A7853F6	899A7D77238C24A3C5767D5432B6BD64C84F640952199533761AAA1208A313E4
Chrome Cache Entry: 127	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424	3BA4D76A17ADD0A6C34EE696F28C8541	5E8A4B8334539A7EAB798A7799F6E232016CB263	17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
Chrome Cache Entry: 129	ASCII text, with very long lines (65299)	E2B09C06F0E714B6144A6788A28E3950	CE54F85F278FBCD5CB2292F9C186EEDF63CDCF88	D2EA6C1E0CABCA20D18E924B25A1CD0187C38BA7C33F60AB06E1B0402B9BCDB5
Chrome Cache Entry: 130	Unicode text, UTF-8 text, with very long lines (65342)	896192CC65E20F1FCC6D792B5B9A4626	B13EF70543D70C1EC7FDD56A5EBC9D7D64023851	D939D21F27010C09B6C2966681D8B4CFCD64CA418F240922518F967FDED16EF6
Chrome Cache Entry: 137	Web Open Font Format (Version 2), TrueType, length 150020, version 772.1280	D5E647388E2415268B700D3DF2E30A0D	97F0942C6627DDD89FB62170E5CAC9A2CBD6C98C	886C86112A804EF1DDD1CB206AF4C8C40E34B73C26652CA231404AA35A6B30D9
Chrome Cache Entry: 138	ASCII text, with very long lines (646)	86FC922D2FB394A37C85EAA4E56F60ED	88D932C7A1EAB0949C07D7D0DF29A94817003CFA	EEA9BE21783CB25F566DF40117EEFD3ECAA618A36C00A334CC72EDBB94AF954D
Chrome Cache Entry: 86	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152	C1E82BF71ADD622AD0F3BF8572F634FC	6CA863D4CAB96669202548D301693B3F5F80B0D5	BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
Chrome Cache Entry: 87	PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced	1B6F146547A097E6FC3D8179B333939A	957905F7479D69C50A5546E884D8EE31887738FF	1E222036C0E351790C3FE64416AEBA71BA08E01E14550B09C9C745F425212A9E
Chrome Cache Entry: 88	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 91	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 455667	33E13AB2DB6540C3B64C119CE450CFA8	2608E73884B3F039987C3BB31C4ACB31BD48A5F4	06BBD11635362530528A350A84DEA1F961D261BE142B79C56478C703F02334C2
Chrome Cache Entry: 92	ASCII text, with CRLF line terminators	7AB156563EF53E8490CFE6ACDA805B47	79098DEEF06F1ED4BB7972128B43F1D9EAE02BD6	07640921F8AFE2535FDE15E55787949D1C0C92F42E3C18831C9E014672EE24D5
Chrome Cache Entry: 93	PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced	82739D35031EFD67455DD9AB7CF2B73B	A3CC8E7516ACF7BE9002BE7C35ABD880E917A4AF	D4228B0041763AFFD3E406B591F8D32781BD94B42B5EEF29243BE30D0F8E2EF6
Chrome Cache Entry: 94	PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced	5DC02A97B60BF560437A756DE1EB962E	7E277ED9E38CB1DE81B197AA622B62B07C26F7D6	1C694E93C2201102A4181ED99D1D4AFCDE919AB760352206D03EFDFF42D0208C
Chrome Cache Entry: 95	HTML document, ASCII text, with very long lines (3445), with CRLF line terminators	ACDEC8DAD3164FBA20E86D50F1B979F1	0C5FD1CCA5BECDB0080D20E6A90CCD91BC0D5894	1D2CDE2E778A731CBD158758F735E1BCC2508A8252720D261D94068AFF45AACC
Chrome Cache Entry: 96	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755	2897F2B9FBDFCA48FD9E7C3EBACD4825	1AC29A73147FAB24EECEDE0BBF4ABAC2B09B4FDA	34AC02CED788528E58CD6EBB75EDF624F4061D4839369AF860A36AC0BFC3C830
Chrome Cache Entry: 97	ASCII text, with very long lines (20033)	31032B08BD8E72220462D3F54F8BD69A	871D6EF1070BD363EA390E0C8C384E47DCE7F389	C212F4B505A86352AED62B24A8F16F999F821ECBE6456C7F3C8A04BC87968782
Chrome Cache Entry: 98	ASCII text, with no line terminators	0326BB78930C251C40E718669E41F258	15760632F5B8A37165361B7CD4E78F387727D806	FB2231D6C4ECAD0F48724EB85FD313260C29EB2D14D761D77A9EF471526DF92C
Chrome Cache Entry: 99	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769	57EADECAC2A031883A702F6B12A14502	3C1E4F5ABE11775DD678085EAC97029DF618A9F7	C76276A58DFB0E4D68D277526E5F05EE357E13957B4C91BE2C74BE7CD20B065E

HTML body contains low number of good links

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873	HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873	HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16	HTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

Source: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16	HTTP Parser: No <meta name="author".. found

Source: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6048739a-5855-43f4-a8e7-405dd2ea29c1&redirect_uri=https%3A%2F%2Fex.encryptedmessage.net%2Fauth%2Foffice365&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=d87e126873&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 15.156.131.241:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.156.131.241:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.157.43.57:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.157.43.57:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.152.7:443 -> 192.168.2.16:49786 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 8MB later: 40MB

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16 HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: AWSALB=CNoxH6YxQLXAEbD35/Ty+F6WgSk/G1JcR1omCNHRkybrgqAmIeUwXMXdRYuH/wZkISr4V0/LlFNjtp27XH4c4kdvSx2usY+9np/OUMDDn5wyYQg+RGAj6dw9YQr8; AWSALBCORS=CNoxH6YxQLXAEbD35/Ty+F6WgSk/G1JcR1omCNHRkybrgqAmIeUwXMXdRYuH/wZkISr4V0/LlFNjtp27XH4c4kdvSx2usY+9np/OUMDDn5wyYQg+RGAj6dw9YQr8; JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D
Source: global traffic	HTTP traffic detected: GET /lib/bootstrap/5.3.1/css/bootstrap.min-896192cc65e20f1fcc6d792b5b9a4626.css HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /css/emx.bundle-3975cbf626d6d7960ebca176ffe9840f.css HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/bootstrap-datepicker/1.10.0/css/bootstrap-datepicker3.min-c728c2322fd538c74766c0dcbac43b83.css HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/font-awesome/6.4.2/css/all.min-5222e06b77a1692fa2520a219840e6be.css HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /branding/shwetagujaran/en_US/custom-e254c0cef93ed2c3806b68efc4138e61.css HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /branding/shwetagujaran/en_US/enterprise.bundle-7ab156563ef53e8490cfe6acda805b47.css HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/jquery/3.7.1/jquery.min-2c872dbe60f4ba70fb85356113d8b35e.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/popperjs__core/2.11.8/dist/umd/popper.min-31032b08bd8e72220462d3f54f8bd69a.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/bootstrap/5.3.1/js/bootstrap.bundle.min-e2b09c06f0e714b6144a6788a28e3950.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/bootstrap-datepicker/1.10.0/js/bootstrap-datepicker.min-a96aac4929372486ac749f94ba3c3175.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /lib/js-cookie/3.0.5/dist/js.cookie.min-ae11f74bdaae51ba13385aa097723268.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /js/emx.bundle.min-86fc922d2fb394a37c85eaa4e56f60ed.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /js/emx.runner-0a18ee1303a0f6769b4a8d1f67a6e87e.js HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8; AWSALBCORS=kra178RVPgMKvxbMiqyRGeZS1mvIVj1IfTGLRpWiuwPiK+7yRT7FHdBgcB6pxuSWwXHyMl2fPtQwRG5To6w8s1O5f4zRx4fVVvPAxFTlQSRg2kcntcJMl0Ty6um8
Source: global traffic	HTTP traffic detected: GET /branding/shwetagujaran/en_US/images/web_logo-32675a1fb88c5b6ff52b6d61e0f5256e.gif HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=pz/pXAYooz/8tY1cyz0hVup7aCWcZs7IzQBI2QIDwc1sIFvLwBqLqnS3Kv2zt3uC/P9AeepQRRBogbzLV3uwFZA7RVYctOG+VMqhWBrM1jaPmiQOE/poXm9jSQuB; AWSALBCORS=pz/pXAYooz/8tY1cyz0hVup7aCWcZs7IzQBI2QIDwc1sIFvLwBqLqnS3Kv2zt3uC/P9AeepQRRBogbzLV3uwFZA7RVYctOG+VMqhWBrM1jaPmiQOE/poXm9jSQuB
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-google-1b6f146547a097e6fc3d8179b333939a.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=BpYmgeZx9+cujWT5XsU9wNU4roJGq87OJLzu8czfvKBG2teMFwzYM+sUJeBftXm/JI7gA4qA/iNlA3rx5H1G6PsQIB3IxdCvhvVdSVbFL9fzIAdzT/1BQ4yaDDdN; AWSALBCORS=BpYmgeZx9+cujWT5XsU9wNU4roJGq87OJLzu8czfvKBG2teMFwzYM+sUJeBftXm/JI7gA4qA/iNlA3rx5H1G6PsQIB3IxdCvhvVdSVbFL9fzIAdzT/1BQ4yaDDdN
Source: global traffic	HTTP traffic detected: GET /lib/font-awesome/6.4.2/webfonts/fa-solid-900-d5e647388e2415268b700d3df2e30a0d.woff2 HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveOrigin: https://ex.encryptedmessage.netsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ex.encryptedmessage.net/lib/font-awesome/6.4.2/css/all.min-5222e06b77a1692fa2520a219840e6be.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-office365-5dc02a97b60bf560437a756de1eb962e.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-live-0c29638c7558632a1a5f053d344405ba.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-linkedin-82739d35031efd67455dd9ab7cf2b73b.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-facebook-b18683abb49575e19fb83021573ee32c.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-salesforce-775689b0bcda294bcd144887793cf544.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /branding/shwetagujaran/en_US/images/web_logo-32675a1fb88c5b6ff52b6d61e0f5256e.gif HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt; AWSALBCORS=+g8fnSJ7IAgwg9uTh3Z3Qrfs4z4ImNT0AODfKgyGKC8z5XgiOWeBVkDem4HgEd85cqykSi3z4fBc6TRtHAkNO6wBOrTSDmG4Bihotu3PAajSx0QN9SGvDciUCyxt
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-google-1b6f146547a097e6fc3d8179b333939a.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=XNjoJKHV75XFegscWkM0KZHZfinBNx7MDAo/rYvRK+10p6FymelHiQRwzUvpjCWybtkQOo+IdR5H/4mX9LYkLe2B4RbHiJI2SNADFOG8/4ROMg9gvg4++d1l7oIO; AWSALBCORS=XNjoJKHV75XFegscWkM0KZHZfinBNx7MDAo/rYvRK+10p6FymelHiQRwzUvpjCWybtkQOo+IdR5H/4mX9LYkLe2B4RbHiJI2SNADFOG8/4ROMg9gvg4++d1l7oIO
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-office365-5dc02a97b60bf560437a756de1eb962e.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=f/ms6+63zZRHrjOpY4SVyz1f3btskE6lqBVNiQHhhC8HaJd+jHN0OPCxI2VK6ROtiGgouaJRiZTYFpnqSW0ssPHNmO8bfksYeNJA/tXt5SYOU8lXyk7lp/DlRAyO; AWSALBCORS=f/ms6+63zZRHrjOpY4SVyz1f3btskE6lqBVNiQHhhC8HaJd+jHN0OPCxI2VK6ROtiGgouaJRiZTYFpnqSW0ssPHNmO8bfksYeNJA/tXt5SYOU8lXyk7lp/DlRAyO
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-live-0c29638c7558632a1a5f053d344405ba.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=LEQoTNejnWSRZJ4ZFGC6SCzJVDVENBEyyyZGWscH6Jr3tfZEg7VLL4/rzf3zxvA3iIEbUuaIhyXH0ppgn9FKTrRpeSHppIC2pHN8Sa4YDNAcjYtsHmSHnN+xPmD/; AWSALBCORS=LEQoTNejnWSRZJ4ZFGC6SCzJVDVENBEyyyZGWscH6Jr3tfZEg7VLL4/rzf3zxvA3iIEbUuaIhyXH0ppgn9FKTrRpeSHppIC2pHN8Sa4YDNAcjYtsHmSHnN+xPmD/
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-linkedin-82739d35031efd67455dd9ab7cf2b73b.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=LEQoTNejnWSRZJ4ZFGC6SCzJVDVENBEyyyZGWscH6Jr3tfZEg7VLL4/rzf3zxvA3iIEbUuaIhyXH0ppgn9FKTrRpeSHppIC2pHN8Sa4YDNAcjYtsHmSHnN+xPmD/; AWSALBCORS=LEQoTNejnWSRZJ4ZFGC6SCzJVDVENBEyyyZGWscH6Jr3tfZEg7VLL4/rzf3zxvA3iIEbUuaIhyXH0ppgn9FKTrRpeSHppIC2pHN8Sa4YDNAcjYtsHmSHnN+xPmD/
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-facebook-b18683abb49575e19fb83021573ee32c.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=LEQoTNejnWSRZJ4ZFGC6SCzJVDVENBEyyyZGWscH6Jr3tfZEg7VLL4/rzf3zxvA3iIEbUuaIhyXH0ppgn9FKTrRpeSHppIC2pHN8Sa4YDNAcjYtsHmSHnN+xPmD/; AWSALBCORS=LEQoTNejnWSRZJ4ZFGC6SCzJVDVENBEyyyZGWscH6Jr3tfZEg7VLL4/rzf3zxvA3iIEbUuaIhyXH0ppgn9FKTrRpeSHppIC2pHN8Sa4YDNAcjYtsHmSHnN+xPmD/
Source: global traffic	HTTP traffic detected: GET /images/socialnetworks/connectorlogo-salesforce-775689b0bcda294bcd144887793cf544.png HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=emgOoacTYTa4LUukVoBzZPG70Zu4c5ahsFj+gsYFKaA1uZDVl9C6zQ0zJ0lsxBGHC/J3MQBU25Aq98ypEmDnBqGIHIjEkLQJ/DV/CA3RXnzbXf8pgcWDHHltnbF8; AWSALBCORS=emgOoacTYTa4LUukVoBzZPG70Zu4c5ahsFj+gsYFKaA1uZDVl9C6zQ0zJ0lsxBGHC/J3MQBU25Aq98ypEmDnBqGIHIjEkLQJ/DV/CA3RXnzbXf8pgcWDHHltnbF8
Source: global traffic	HTTP traffic detected: GET /branding/shwetagujaran/en_US/images/favicon-e283b6aeaa78ba7398d2c211675c4907.ico HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=0F3bwl4TTW5AgOTCk6N+/XjnJ54+Z7kUf5H2axvCSN3OelVq2V9qCR+VQQK1NEMrbUZWB++VvoXxQ+IOh7j7iYByzl4Y8ZHXnulCYI04a0D5aou5hZ8FKSDWuez7; AWSALBCORS=0F3bwl4TTW5AgOTCk6N+/XjnJ54+Z7kUf5H2axvCSN3OelVq2V9qCR+VQQK1NEMrbUZWB++VvoXxQ+IOh7j7iYByzl4Y8ZHXnulCYI04a0D5aou5hZ8FKSDWuez7
Source: global traffic	HTTP traffic detected: GET /branding/shwetagujaran/en_US/images/favicon-e283b6aeaa78ba7398d2c211675c4907.ico HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=Rtz9ypEgSgHwYLX7Hc9gcks9B8vAp8kH80VeLjR5WxzB3bRaNY70dcp19zRfoHkeklSF77XSecmIkUEkub4O2MJe4oSudodKFIWSV7n44KWk6KWV+DhzGPw3lMrx; AWSALBCORS=Rtz9ypEgSgHwYLX7Hc9gcks9B8vAp8kH80VeLjR5WxzB3bRaNY70dcp19zRfoHkeklSF77XSecmIkUEkub4O2MJe4oSudodKFIWSV7n44KWk6KWV+DhzGPw3lMrx
Source: global traffic	HTTP traffic detected: GET /oauth/redirect?oauth_app_id=3 HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://ex.encryptedmessage.net/registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=e+VI1nHulSpxtRQGAlbrS7rAzhx8UA6EK45B3Br1xLKoB4KxuK8Bm58eyCI5aYG1Y30rnIFfMRzM0ZchBHExFJecPqCcM9tBw9zH6QPqAWZ1k645hpMWiM+Qg8iV; AWSALBCORS=e+VI1nHulSpxtRQGAlbrS7rAzhx8UA6EK45B3Br1xLKoB4KxuK8Bm58eyCI5aYG1Y30rnIFfMRzM0ZchBHExFJecPqCcM9tBw9zH6QPqAWZ1k645hpMWiM+Qg8iV
Source: global traffic	HTTP traffic detected: GET /registration.html?rrRegcode=NHVRKVbT&rrUserId=3331752f-6c3d-46c4-95c9-987d769a9579&enterprise=shwetagujaran&locale=en_US&msgUserId=7189d3cda8553c16 HTTP/1.1Host: ex.encryptedmessage.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=FD7E8ACDFD534752279A4ECC409A6B7D; AWSALB=z+qImHQVpGhWj8TkFS7zk/ZaLyOqn0Z2mXiN5uHobJjpRIDBVQahQyoyPGxQklXxZrUaVEwSdiL6NeeRY64Xx+/4+9cZ7UL//ToXSt8iPtGl7Yq1AComzUr5ovG3; AWSALBCORS=z+qImHQVpGhWj8TkFS7zk/ZaLyOqn0Z2mXiN5uHobJjpRIDBVQahQyoyPGxQklXxZrUaVEwSdiL6NeeRY64Xx+/4+9cZ7UL//ToXSt8iPtGl7Yq1AComzUr5ovG3

Source: global traffic	DNS traffic detected: DNS query: ex.encryptedmessage.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net

Source: unknown

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 15.156.131.241:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.156.131.241:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.157.43.57:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.157.43.57:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.152.7:443 -> 192.168.2.16:49786 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6944_1262731591

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6944_1262731591

Source: classification engine

Classification label: clean2.win@25/39@16/194

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2076,i,15795881246440324585,6213408208904075405,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ex.encryptedmessage.net/login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2076,i,15795881246440324585,6213408208904075405,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1655137
Product:	CloudBasic
Start time:	00:57:40
Start date:	03.04.2025
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://ex.encryptedmessage.net/login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://ex.encryptedmessage.net/login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://ex.encryptedmessage.net/login.html?msgUserId=7189d3cda8553c16&enterprise=shwetagujaran&rrRegcode=NHVRKVbT&locale=en_US