Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://employerschoiceonline.instascreen.net/quickverify/release.taz?a=6aad0af695a81e45c40904d374f7153bb060e004&e=1744654543000&b=688506155&c=5

Overview

General Information

Sample URL:https://employerschoiceonline.instascreen.net/quickverify/release.taz?a=6aad0af695a81e45c40904d374f7153bb060e004&e=1744654543000&b=688506155&c=5
Analysis ID:1664836
Infos:

Detection

Score:0
Range:0 - 100
Confidence:100%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,12184459624570432134,3079195569910240246,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2076 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://employerschoiceonline.instascreen.net/quickverify/release.taz?a=6aad0af695a81e45c40904d374f7153bb060e004&e=1744654543000&b=688506155&c=5" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 5652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --metrics-shmem-handle=1936,i,12072537486879388997,15279011085792975354,524288 --field-trial-handle=1756,i,9776161172668221715,2789798183340385106,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=2064 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Downloads\Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.htmlHTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.htmlHTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.htmlHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 64.233.185.106:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.188.253.192:443 -> 192.168.2.7:49692 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.188.253.192:443 -> 192.168.2.7:49693 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.247.243.39:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.247.243.29:443 -> 192.168.2.7:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.177.122.147:443 -> 192.168.2.7:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.247.243.29:443 -> 192.168.2.7:49731 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /quickverify/release.taz?a=6aad0af695a81e45c40904d374f7153bb060e004&e=1744654543000&b=688506155&c=5 HTTP/1.1Host: employerschoiceonline.instascreen.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /nr-1044.min.js HTTP/1.1Host: js-agent.newrelic.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=1788&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&be=253&fe=1120&dc=1093&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1744657636331,%22n%22:0,%22f%22:5,%22dn%22:5,%22dne%22:5,%22c%22:5,%22ce%22:5,%22rq%22:5,%22rp%22:5,%22rpe%22:118,%22dl%22:126,%22di%22:1089,%22ds%22:1092,%22de%22:1093,%22dc%22:1119,%22l%22:1119,%22le%22:1121%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken HTTP/1.1Host: bam.nr-data.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=283&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&be=78&fe=264&dc=217&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1744657713925,%22n%22:0,%22f%22:9,%22dn%22:9,%22dne%22:9,%22c%22:9,%22ce%22:9,%22rq%22:9,%22rp%22:9,%22rpe%22:32,%22dl%22:45,%22di%22:213,%22ds%22:213,%22de%22:217,%22dc%22:263,%22l%22:263,%22le%22:264%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken HTTP/1.1Host: bam.nr-data.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=68e7260a60b7e390
Source: global trafficHTTP traffic detected: GET /1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=391&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&be=167&fe=235&dc=191&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1744657722960,%22n%22:0,%22f%22:6,%22dn%22:6,%22dne%22:6,%22c%22:6,%22ce%22:6,%22rq%22:6,%22rp%22:6,%22rpe%22:9,%22dl%22:90,%22di%22:191,%22ds%22:191,%22de%22:191,%22dc%22:233,%22l%22:233,%22le%22:236%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken HTTP/1.1Host: bam.nr-data.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=68e7260a60b7e390
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: employerschoiceonline.instascreen.net
Source: global trafficDNS traffic detected: DNS query: js-agent.newrelic.com
Source: global trafficDNS traffic detected: DNS query: bam.nr-data.net
Source: unknownHTTP traffic detected: POST /jserrors/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=61801&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&pve=1&err=%5B%7B%22params%22:%7B%22stackHash%22:334471766,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22showDisclosureOptions%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20showDisclosureOptions%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:27:22%22,%22pageview%22:1%7D,%22metrics%22:%7B%22count%22:1,%22time%22:%7B%22t%22:2625%7D%7D%7D,%7B%22params%22:%7B%22stackHash%22:334471760,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22jQuery%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20jQuery%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:21:34%22,%22pageview%22:1%7D,%22metrics%22:%7B%22count%22:1,%22time%22:%7B%22t%22:2624%7D%7D%7D%5D HTTP/1.1Host: bam.nr-data.netConnection: keep-aliveContent-Length: 0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=68e7260a60b7e390
Source: chromecache_132.1.drString found in binary or memory: http://www.employerschoicescreening.com
Source: 6482fce5-b414-4e47-aff7-25bcd0ef083a.tmp.0.dr, Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload.0.dr, chromecache_132.1.drString found in binary or memory: http://www.employerschoicescreening.com.
Source: 6482fce5-b414-4e47-aff7-25bcd0ef083a.tmp.0.dr, Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload.0.dr, chromecache_132.1.drString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: 6482fce5-b414-4e47-aff7-25bcd0ef083a.tmp.0.dr, Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload.0.dr, chromecache_132.1.drString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkAnkaWzU.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkBXkaWzU.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkBnka.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkC3kaWzU.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkCHkaWzU.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkCXkaWzU.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkCnkaWzU.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkaHkaWzU.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkenkaWzU.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3-UBGEe.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3CUBGEe.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3GUBGEe.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3KUBGEe.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3OUBGEe.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMawCUBGEe.woff2)
Source: chromecache_131.1.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMaxKUBGEe.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLAAM9UvI.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLAQM9UvI.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLAgM9UvI.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLAwM9UvI.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLCwM9UvI.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDAM9UvI.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19-7DRs5.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-1927DRs5.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-1967DRs5.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19G7DRs5.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19a7DRs5.woff2)
Source: chromecache_130.1.drString found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19y7DRs5.woff2)
Source: 6482fce5-b414-4e47-aff7-25bcd0ef083a.tmp.0.dr, Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload.0.dr, chromecache_132.1.drString found in binary or memory: https://mn.gov/mdhr/yourrights/
Source: 6482fce5-b414-4e47-aff7-25bcd0ef083a.tmp.0.dr, Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload.0.dr, chromecache_132.1.drString found in binary or memory: https://www.eeoc.gov/statutes/title-vii-civil-rights-act-1964
Source: 6482fce5-b414-4e47-aff7-25bcd0ef083a.tmp.0.dr, Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload.0.dr, chromecache_132.1.drString found in binary or memory: https://www.revisor.mn.gov/statutes/cite/13
Source: 6482fce5-b414-4e47-aff7-25bcd0ef083a.tmp.0.dr, Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload.0.dr, chromecache_132.1.drString found in binary or memory: https://www.revisor.mn.gov/statutes/cite/13C
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 64.233.185.106:443 -> 192.168.2.7:49691 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.188.253.192:443 -> 192.168.2.7:49692 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.188.253.192:443 -> 192.168.2.7:49693 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.247.243.39:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.247.243.29:443 -> 192.168.2.7:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 108.177.122.147:443 -> 192.168.2.7:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.247.243.29:443 -> 192.168.2.7:49731 version: TLS 1.2
Source: classification engineClassification label: clean0.win@43/17@12/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\6482fce5-b414-4e47-aff7-25bcd0ef083a.tmpJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,12184459624570432134,3079195569910240246,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2076 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://employerschoiceonline.instascreen.net/quickverify/release.taz?a=6aad0af695a81e45c40904d374f7153bb060e004&e=1744654543000&b=688506155&c=5"
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --metrics-shmem-handle=1936,i,12072537486879388997,15279011085792975354,524288 --field-trial-handle=1756,i,9776161172668221715,2789798183340385106,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=2064 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Downloads\Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,12184459624570432134,3079195569910240246,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2076 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --metrics-shmem-handle=1936,i,12072537486879388997,15279011085792975354,524288 --field-trial-handle=1756,i,9776161172668221715,2789798183340385106,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=2064 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1664836 URL: https://employerschoiceonli... Startdate: 14/04/2025 Architecture: WINDOWS Score: 0 5 chrome.exe 14 2->5         started        8 chrome.exe 1 2->8         started        10 chrome.exe 2->10         started        12 chrome.exe 2->12         started        dnsIp3 19 192.168.2.7, 138, 443, 49691 unknown unknown 5->19 14 chrome.exe 5->14         started        17 chrome.exe 8->17         started        process4 dnsIp5 21 www.google.com 64.233.185.106, 443, 49691, 49718 GOOGLEUS United States 14->21 23 fastly-tls12-bam.nr-data.net 162.247.243.29, 443, 49703, 49721 CLOUDFLARENETUS United States 14->23 31 5 other IPs or domains 14->31 25 108.177.122.147, 443, 49729, 49739 GOOGLEUS United States 17->25 27 bam.nr-data.net 17->27 29 bam.cell.nr-data.net 17->29

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://employerschoiceonline.instascreen.net/quickverify/release.taz?a=6aad0af695a81e45c40904d374f7153bb060e004&e=1744654543000&b=688506155&c=50%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.employerschoicescreening.com0%Avira URL Cloudsafe
file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html0%Avira URL Cloudsafe
http://www.employerschoicescreening.com.0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
fastly-tls12-bam.nr-data.net
162.247.243.29
truefalse
    		high
    b-group.instascreen.net
    		54.188.253.192
    		truefalse
      		unknown
      js-agent.newrelic.com
      		162.247.243.39
      		truefalse
        		high
        www.google.com
        		64.233.185.106
        		truefalse
          		high
          employerschoiceonline.instascreen.net
          		unknown
          		unknownfalse
            		high
            bam.nr-data.net
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.htmlfalse
              • Avira URL Cloud: safe
              		unknown
              https://bam.nr-data.net/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=391&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&be=167&fe=235&dc=191&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1744657722960,%22n%22:0,%22f%22:6,%22dn%22:6,%22dne%22:6,%22c%22:6,%22ce%22:6,%22rq%22:6,%22rp%22:6,%22rpe%22:9,%22dl%22:90,%22di%22:191,%22ds%22:191,%22de%22:191,%22dc%22:233,%22l%22:233,%22le%22:236%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setTokenfalse
                		high
                https://bam.nr-data.net/jserrors/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=60286&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&pve=1&err=%5B%7B%22params%22:%7B%22stackHash%22:334471766,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22showDisclosureOptions%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20showDisclosureOptions%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:27:22%22,%22pageview%22:1%7D,%22metrics%22:%7B%22count%22:1,%22time%22:%7B%22t%22:1188%7D%7D%7D,%7B%22params%22:%7B%22stackHash%22:334471760,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22jQuery%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20jQuery%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:21:34%22,%22pageview%22:1%7D,%22metrics%22:%7B%22count%22:1,%22time%22:%7B%22t%22:1187%7D%7D%7D%5Dfalse
                  		high
                  https://bam.nr-data.net/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=1788&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&be=253&fe=1120&dc=1093&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1744657636331,%22n%22:0,%22f%22:5,%22dn%22:5,%22dne%22:5,%22c%22:5,%22ce%22:5,%22rq%22:5,%22rp%22:5,%22rpe%22:118,%22dl%22:126,%22di%22:1089,%22ds%22:1092,%22de%22:1093,%22dc%22:1119,%22l%22:1119,%22le%22:1121%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setTokenfalse
                    		high
                    https://js-agent.newrelic.com/nr-1044.min.jsfalse
                      		high
                      https://bam.nr-data.net/jserrors/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=61801&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&pve=1&err=%5B%7B%22params%22:%7B%22stackHash%22:334471766,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22showDisclosureOptions%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20showDisclosureOptions%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:27:22%22,%22pageview%22:1%7D,%22metrics%22:%7B%22count%22:1,%22time%22:%7B%22t%22:2625%7D%7D%7D,%7B%22params%22:%7B%22stackHash%22:334471760,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22jQuery%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20jQuery%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:21:34%22,%22pageview%22:1%7D,%22metrics%22:%7B%22count%22:1,%22time%22:%7B%22t%22:2624%7D%7D%7D%5Dfalse
                        		high
                        https://bam.nr-data.net/jserrors/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=61312&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&pve=1&err=%5B%7B%22params%22:%7B%22stackHash%22:334471766,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22showDisclosureOptions%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20showDisclosureOptions%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:27:22%22,%22pageview%22:1%7D,%22metrics%22:%7B%22count%22:1,%22time%22:%7B%22t%22:1139%7D%7D%7D,%7B%22params%22:%7B%22stackHash%22:334471760,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22jQuery%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20jQuery%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:21:34%22,%22pageview%22:1%7D,%22metrics%22:%7B%22count%22:1,%22time%22:%7B%22t%22:1138%7D%7D%7D%5Dfalse
                          		high
                          https://bam.nr-data.net/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=283&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&be=78&fe=264&dc=217&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1744657713925,%22n%22:0,%22f%22:9,%22dn%22:9,%22dne%22:9,%22c%22:9,%22ce%22:9,%22rq%22:9,%22rp%22:9,%22rpe%22:32,%22dl%22:45,%22di%22:213,%22ds%22:213,%22de%22:217,%22dc%22:263,%22l%22:263,%22le%22:264%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setTokenfalse
                            		high
                            https://employerschoiceonline.instascreen.net/quickverify/release.taz?a=6aad0af695a81e45c40904d374f7153bb060e004&e=1744654543000&b=688506155&c=5false
                              		unknown
                              NameSourceMaliciousAntivirus DetectionReputation
                              https://www.eeoc.gov/statutes/title-vii-civil-rights-act-19646482fce5-b414-4e47-aff7-25bcd0ef083a.tmp.0.dr, Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload.0.dr, chromecache_132.1.drfalse
                                		high
                                http://www.employerschoicescreening.comchromecache_132.1.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.employerschoicescreening.com.6482fce5-b414-4e47-aff7-25bcd0ef083a.tmp.0.dr, Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload.0.dr, chromecache_132.1.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.revisor.mn.gov/statutes/cite/13C6482fce5-b414-4e47-aff7-25bcd0ef083a.tmp.0.dr, Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload.0.dr, chromecache_132.1.drfalse
                                  		high
                                  https://mn.gov/mdhr/yourrights/6482fce5-b414-4e47-aff7-25bcd0ef083a.tmp.0.dr, Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload.0.dr, chromecache_132.1.drfalse
                                    		high
                                    https://www.revisor.mn.gov/statutes/cite/136482fce5-b414-4e47-aff7-25bcd0ef083a.tmp.0.dr, Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload.0.dr, chromecache_132.1.drfalse
                                      		high

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      54.188.253.192
                                      		b-group.instascreen.netUnited States
                                      		16509AMAZON-02USfalse
                                      162.247.243.29
                                      		fastly-tls12-bam.nr-data.netUnited States
                                      		13335CLOUDFLARENETUSfalse
                                      162.247.243.39
                                      		js-agent.newrelic.comUnited States
                                      		13335CLOUDFLARENETUSfalse
                                      64.233.185.106
                                      		www.google.comUnited States
                                      		15169GOOGLEUSfalse
                                      108.177.122.147
                                      		unknownUnited States
                                      		15169GOOGLEUSfalse

                                      Private

                                      IP
                                      192.168.2.7

                                      General Information

                                      Joe Sandbox version:42.0.0 Malachite
                                      Analysis ID:1664836
                                      Start date and time:2025-04-14 21:06:10 +02:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 4m 37s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:browseurl.jbs
                                      Sample URL:https://employerschoiceonline.instascreen.net/quickverify/release.taz?a=6aad0af695a81e45c40904d374f7153bb060e004&e=1744654543000&b=688506155&c=5
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:19
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Detection:CLEAN
                                      Classification:clean0.win@43/17@12/6
                                      EGA Information:Failed
                                      HCA Information:
                                      • Successful, ratio: 100%
                                      • Number of executed functions: 0
                                      • Number of non-executed functions: 0
                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 172.217.215.102, 172.217.215.101, 172.217.215.113, 172.217.215.138, 172.217.215.139, 172.217.215.100, 172.217.215.94, 172.253.124.84, 74.125.138.113, 74.125.138.100, 74.125.138.139, 74.125.138.101, 74.125.138.102, 74.125.138.138, 173.194.219.102, 173.194.219.138, 173.194.219.100, 173.194.219.101, 173.194.219.139, 173.194.219.113, 108.177.122.100, 108.177.122.102, 108.177.122.138, 108.177.122.113, 108.177.122.139, 108.177.122.101, 64.233.176.95, 64.233.176.94, 23.218.145.145, 74.125.136.101, 74.125.136.138, 74.125.136.113, 74.125.136.102, 74.125.136.139, 74.125.136.100, 142.250.9.94, 142.250.9.138, 142.250.9.101, 142.250.9.113, 142.250.9.102, 142.250.9.139, 142.250.9.100, 64.233.185.94, 172.253.124.101, 172.253.124.139, 172.253.124.100, 172.253.124.138, 172.253.124.113, 172.253.124.102, 142.250.9.84, 74.125.21.100, 74.125.21.101, 74.125.21.139, 74.125.21.138, 74.125.21.102, 74.125.21.113, 172.253.124.94, 74.125.138.94, 142.251.15.94, 4.175.87.197, 23.79.17.61, 172.202.
                                      • Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtOpenFile calls found.
                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      • VT rate limit hit for: https://employerschoiceonline.instascreen.net/quickverify/release.taz?a=6aad0af695a81e45c40904d374f7153bb060e004&amp;e=1744654543000&amp;b=688506155&amp;c=5

                                      Simulations

                                      Behavior and APIs

                                      No simulations

                                      Joe Sandbox View / Context

                                      IPs

                                      No context

                                      Domains

                                      No context

                                      ASNs

                                      No context

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\Downloads\6482fce5-b414-4e47-aff7-25bcd0ef083a.tmp

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:HTML document, ISO-8859 text, with very long lines (14785), with CRLF, LF line terminators
                                      Category:dropped
                                      Size (bytes):32294
                                      Entropy (8bit):5.425102287773794
                                      Encrypted:false
                                      SSDEEP:384:5bGmRhGjV+3ifEbSaGPc260350RqeJb/QJNhDOLNNZfGSDjnVXy85Dn3LFq:5b2+S8bml350IeJOhDGrto
                                      MD5:5C27CCCB81AC2D594D826A0F4F4C7D9D
                                      SHA1:8CA96E29D803868D6731FB388045BAEB148510A5
                                      SHA-256:90517C924A29C2E37E17208037BEF51C194BFC3E4508D8BB6C2C3FEB3C5D2DAC
                                      SHA-512:C16C59D292D874DD13E57B1AECBCB793B6E337B9B8960E31AFF4DD9F0347EDF133D7305FA6CEFF463B84BD34E6FA6FA01F3D835D17F339DA79435A685DD7D2DA
                                      Malicious:false
                                      Reputation:low
                                      Preview:..<!DOCTYPE html>..<html lang="en">..<head>..<meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Applicant Authorization Forms</title>. <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">. <script type="text/javascript">.window.NREUM||(NREUM={}),__nr_require=function(t,n,e){function r(e){if(!n[e]){var o=n[e]={exports:{}};t[e][0].call(o.exports,function(n){var o=t[e][1][n];return r(o||n)},o,o.exports)}return n[e].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<e.length;o++)r(e[o]);return r}({1:[function(t,n,e){function r(t){try{s.console&&console.log(t)}catch(n){}}var o,i=t("ee"),a=t(15),s={};try{o=localStorage.getItem("__nr_flags").split(","),console&&"function"==typeof console.log&&(s.console=!0,o.indexOf("dev")!==-1&&(s.dev=!0),o.indexOf("nr_dev")!==-1&&(s.nrDev=!0))}catch(c){}s.nrDev&&i.on("internal-error",function(t){r(t.stack)}),s.dev&&i.on("fn-err",function(t,n,e){r(e.stack)}),s.dev&&(r("NR AGENT IN DEVELOPMENT MODE"),r("fl

                                      C:\Users\user\Downloads\Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html (copy)

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:HTML document, ISO-8859 text, with very long lines (14785), with CRLF, LF line terminators
                                      Category:dropped
                                      Size (bytes):40394
                                      Entropy (8bit):5.4155417064437845
                                      Encrypted:false
                                      SSDEEP:768:5b2+S8bml350IeJOhDGrt5IW0DE5KLv0Dq5KBX0DU5KlHMQMGE:c3JhTW0Q47024BX0A46QS
                                      MD5:77CDA4937A2722C2950062E30E362D39
                                      SHA1:28EB59B8FBE915D9BA878D458F578E6F64A17178
                                      SHA-256:EC606D17CF9795F70E80B5F04A47A24A739E876A31BA648994DB330E8F378907
                                      SHA-512:2E731F0E921BB7BB399F4B49D39AD4FECF8A74CBA884659B08FD89AF16A2261290BF4EB256B5B236A1242473250991DFCF72DFE1B30EE24B319A491DBD8C777B
                                      Malicious:false
                                      Reputation:low
                                      Preview:..<!DOCTYPE html>..<html lang="en">..<head>..<meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Applicant Authorization Forms</title>. <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">. <script type="text/javascript">.window.NREUM||(NREUM={}),__nr_require=function(t,n,e){function r(e){if(!n[e]){var o=n[e]={exports:{}};t[e][0].call(o.exports,function(n){var o=t[e][1][n];return r(o||n)},o,o.exports)}return n[e].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<e.length;o++)r(e[o]);return r}({1:[function(t,n,e){function r(t){try{s.console&&console.log(t)}catch(n){}}var o,i=t("ee"),a=t(15),s={};try{o=localStorage.getItem("__nr_flags").split(","),console&&"function"==typeof console.log&&(s.console=!0,o.indexOf("dev")!==-1&&(s.dev=!0),o.indexOf("nr_dev")!==-1&&(s.nrDev=!0))}catch(c){}s.nrDev&&i.on("internal-error",function(t){r(t.stack)}),s.dev&&i.on("fn-err",function(t,n,e){r(e.stack)}),s.dev&&(r("NR AGENT IN DEVELOPMENT MODE"),r("fl

                                      C:\Users\user\Downloads\Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html.crdownload

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:HTML document, ISO-8859 text, with very long lines (14785), with CRLF, LF line terminators
                                      Category:dropped
                                      Size (bytes):40394
                                      Entropy (8bit):5.4155417064437845
                                      Encrypted:false
                                      SSDEEP:768:5b2+S8bml350IeJOhDGrt5IW0DE5KLv0Dq5KBX0DU5KlHMQMGE:c3JhTW0Q47024BX0A46QS
                                      MD5:77CDA4937A2722C2950062E30E362D39
                                      SHA1:28EB59B8FBE915D9BA878D458F578E6F64A17178
                                      SHA-256:EC606D17CF9795F70E80B5F04A47A24A739E876A31BA648994DB330E8F378907
                                      SHA-512:2E731F0E921BB7BB399F4B49D39AD4FECF8A74CBA884659B08FD89AF16A2261290BF4EB256B5B236A1242473250991DFCF72DFE1B30EE24B319A491DBD8C777B
                                      Malicious:false
                                      Reputation:low
                                      Preview:..<!DOCTYPE html>..<html lang="en">..<head>..<meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Applicant Authorization Forms</title>. <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">. <script type="text/javascript">.window.NREUM||(NREUM={}),__nr_require=function(t,n,e){function r(e){if(!n[e]){var o=n[e]={exports:{}};t[e][0].call(o.exports,function(n){var o=t[e][1][n];return r(o||n)},o,o.exports)}return n[e].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<e.length;o++)r(e[o]);return r}({1:[function(t,n,e){function r(t){try{s.console&&console.log(t)}catch(n){}}var o,i=t("ee"),a=t(15),s={};try{o=localStorage.getItem("__nr_flags").split(","),console&&"function"==typeof console.log&&(s.console=!0,o.indexOf("dev")!==-1&&(s.dev=!0),o.indexOf("nr_dev")!==-1&&(s.nrDev=!0))}catch(c){}s.nrDev&&i.on("internal-error",function(t){r(t.stack)}),s.dev&&i.on("fn-err",function(t,n,e){r(e.stack)}),s.dev&&(r("NR AGENT IN DEVELOPMENT MODE"),r("fl

                                      Chrome Cache Entry: 126

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:downloaded
                                      Size (bytes):87
                                      Entropy (8bit):4.05298175485356
                                      Encrypted:false
                                      SSDEEP:3:U3KTDW3MiLLUHcjVXlVBT7PCcfn:H6NLgHWXZT7PCcfn
                                      MD5:5151B02BBED24D56CBE862FE7462084D
                                      SHA1:6ACAB31C3D18D3E61309E8B46338CF8BC4D67EEC
                                      SHA-256:300735AC477BB7E09CE2725F0031B085E5C86F09903D053AC8E44596731D8780
                                      SHA-512:BF09D8D9D0DFBE00FD38D3BEF695FA70CD9EB64BB629F475CB5BBF7889F866D1F9626DDBC84927020735F8FC0B4236206A7A5CA837368126D92C30ECDAED32C6
                                      Malicious:false
                                      Reputation:low
                                      URL:"https://bam.nr-data.net/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=283&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&be=78&fe=264&dc=217&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1744657713925,%22n%22:0,%22f%22:9,%22dn%22:9,%22dne%22:9,%22c%22:9,%22ce%22:9,%22rq%22:9,%22rp%22:9,%22rpe%22:32,%22dl%22:45,%22di%22:213,%22ds%22:213,%22de%22:217,%22dc%22:263,%22l%22:263,%22le%22:264%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken"
                                      Preview:NREUM.setToken({'stn':0,'err':1,'ins':1,'spa':1,'sr':0,'srs':0,'st':1,'sts':0,'log':0})

                                      Chrome Cache Entry: 127

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:downloaded
                                      Size (bytes):87
                                      Entropy (8bit):4.05298175485356
                                      Encrypted:false
                                      SSDEEP:3:U3KTDW3MiLLUHcjVXlVBT7PCcfn:H6NLgHWXZT7PCcfn
                                      MD5:5151B02BBED24D56CBE862FE7462084D
                                      SHA1:6ACAB31C3D18D3E61309E8B46338CF8BC4D67EEC
                                      SHA-256:300735AC477BB7E09CE2725F0031B085E5C86F09903D053AC8E44596731D8780
                                      SHA-512:BF09D8D9D0DFBE00FD38D3BEF695FA70CD9EB64BB629F475CB5BBF7889F866D1F9626DDBC84927020735F8FC0B4236206A7A5CA837368126D92C30ECDAED32C6
                                      Malicious:false
                                      Reputation:low
                                      URL:"https://bam.nr-data.net/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=391&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&be=167&fe=235&dc=191&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1744657722960,%22n%22:0,%22f%22:6,%22dn%22:6,%22dne%22:6,%22c%22:6,%22ce%22:6,%22rq%22:6,%22rp%22:6,%22rpe%22:9,%22dl%22:90,%22di%22:191,%22ds%22:191,%22de%22:191,%22dc%22:233,%22l%22:233,%22le%22:236%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken"
                                      Preview:NREUM.setToken({'stn':0,'err':1,'ins':1,'spa':1,'sr':0,'srs':0,'st':1,'sts':0,'log':0})

                                      Chrome Cache Entry: 128

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with no line terminators
                                      Category:downloaded
                                      Size (bytes):87
                                      Entropy (8bit):4.05298175485356
                                      Encrypted:false
                                      SSDEEP:3:U3KTDW3MiLLUHcjVXlVBT7PCcfn:H6NLgHWXZT7PCcfn
                                      MD5:5151B02BBED24D56CBE862FE7462084D
                                      SHA1:6ACAB31C3D18D3E61309E8B46338CF8BC4D67EEC
                                      SHA-256:300735AC477BB7E09CE2725F0031B085E5C86F09903D053AC8E44596731D8780
                                      SHA-512:BF09D8D9D0DFBE00FD38D3BEF695FA70CD9EB64BB629F475CB5BBF7889F866D1F9626DDBC84927020735F8FC0B4236206A7A5CA837368126D92C30ECDAED32C6
                                      Malicious:false
                                      Reputation:low
                                      URL:"https://bam.nr-data.net/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=1788&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&be=253&fe=1120&dc=1093&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1744657636331,%22n%22:0,%22f%22:5,%22dn%22:5,%22dne%22:5,%22c%22:5,%22ce%22:5,%22rq%22:5,%22rp%22:5,%22rpe%22:118,%22dl%22:126,%22di%22:1089,%22ds%22:1092,%22de%22:1093,%22dc%22:1119,%22l%22:1119,%22le%22:1121%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken"
                                      Preview:NREUM.setToken({'stn':0,'err':1,'ins':1,'spa':1,'sr':0,'srs':0,'st':1,'sts':0,'log':0})

                                      Chrome Cache Entry: 129

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines (22890), with no line terminators
                                      Category:downloaded
                                      Size (bytes):22890
                                      Entropy (8bit):5.299497896298777
                                      Encrypted:false
                                      SSDEEP:384:yWe9x8LHvWgIdGYwNRUyqK3zqdPEliwbiki5IYrQXFFPXXRbS7gQhs:yWzeg0GYwNHoprBQVBt/Qhs
                                      MD5:6442AAA45EC28F8B2C541026F3C24871
                                      SHA1:32DC677BB3FA61736A35D30A809AA1C4A0A04976
                                      SHA-256:574558BC99CBCC4C8A0E57519CB6A317A0A4E0B70094FBEC41946138D576486B
                                      SHA-512:A158F255F94883CEA48CEE91A343946A5F1B04EC56764EAC0B9E4D478E48B34EBC24FC261E4A6D10F71928513E938CD9D8029A860187ADABAAAF19C4BD45834F
                                      Malicious:false
                                      Reputation:low
                                      URL:https://js-agent.newrelic.com/nr-1044.min.js
                                      Preview:!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var a="function"==typeof __nr_require&&__nr_require;if(!i&&a)return a(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '"+t+"'")}var s=e[t]={exports:{}};n[t][0].call(s.exports,function(e){var o=n[t][1][e];return r(o||e)},s,s.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i++)r(t[i]);return r}({1:[function(n,e,t){e.exports=function(n,e){return"addEventListener"in window?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on"+n,e):void 0}},{}],2:[function(n,e,t){function r(n,e,t,r){l("bstAgg",[n,e,t,r]),p[n]||(p[n]={});var i=p[n][e];return i||(i=p[n][e]={params:t||{}}),i.metrics=o(r,i.metrics),i}function o(n,e){return e||(e={count:0}),e.count+=1,f(n,function(n,t){e[n]=i(t,e[n])}),e}function i(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c+=1,e.t+=n,e.sos+=n*n,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function a(n,e){return e?p[n]&&p

                                      Chrome Cache Entry: 130

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text
                                      Category:downloaded
                                      Size (bytes):14724
                                      Entropy (8bit):5.49602855764709
                                      Encrypted:false
                                      SSDEEP:384:fihPi6ifiyyiUiAi7FhPF6FfFyyFUFAF7vhPv6vfvyyvUvAvhneVn9VnznQun4na:aU5a03DJnWdHkQj9gHdKGhy9VzF4zFVq
                                      MD5:519DFEEC1A1CDD1EEF8F2201090BE675
                                      SHA1:22A84DBCB69DD399F3726B80858B38C264DFCBAD
                                      SHA-256:4ED63316CE7E7B844D78B0CB329A687CCEF90CB40E1E2A9AE093B2EB8A98E9FE
                                      SHA-512:83F63836370D0901C0E211540DBF9D321D32044BA0A7E8651D10A33010588512431316D6642ECB5532256478BD365511F8766903190FB57F84C1B1FD07A0B739
                                      Malicious:false
                                      Reputation:low
                                      URL:"https://fonts.googleapis.com/css?family=Roboto+Condensed:400,400italic,500,500italic,700,700italic"
                                      Preview:/* cyrillic-ext */.@font-face {. font-family: 'Roboto Condensed';. font-style: italic;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/robotocondensed/v27/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLAgM9UvI.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Roboto Condensed';. font-style: italic;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/robotocondensed/v27/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLCwM9UvI.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Roboto Condensed';. font-style: italic;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/robotocondensed/v27/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLAwM9UvI.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Roboto Condensed';. font-style: italic;. font-weight: 400;. src: url(

                                      Chrome Cache Entry: 131

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text, with very long lines (1572)
                                      Category:downloaded
                                      Size (bytes):32400
                                      Entropy (8bit):5.274095985994467
                                      Encrypted:false
                                      SSDEEP:768:VTFGjLEN9RxxoaR4LfNSGm3SwXiL5No8c5NSpbJfai0Ydi9+QJEaNPDz4T06JOaH:uv7L2md
                                      MD5:9F8EC6F16D15D42A47DBF12A9CBDCC28
                                      SHA1:B5CC52FE2329E19B94EDEE8610F630A112711DD0
                                      SHA-256:3B77B94E6A5AB4E9D345C74F10AAD3B6F057D7F777F91AC92273040F5B4639DF
                                      SHA-512:9AB82B5B4956FDDB01234F8B486B831CB5DA17712EEE3186B6A63238DBD191D672D324C9254A4EFC1C12DBB1D3C1269CA5A0FE9453D3A6EFC76C6F60EC82F9AA
                                      Malicious:false
                                      Reputation:low
                                      URL:"https://fonts.googleapis.com/css?family=Roboto:400,400italic,500,500italic,700,700italic"
                                      Preview:/* cyrillic-ext */.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkC3kaWzU.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkAnkaWzU.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/roboto/v47/KFO5CnqEu92Fr1Mu53ZEC9_Vu3r1gIhOszmkCnkaWzU.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 400;.

                                      Chrome Cache Entry: 132

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:HTML document, ISO-8859 text, with very long lines (14785), with CRLF, LF line terminators
                                      Category:downloaded
                                      Size (bytes):40394
                                      Entropy (8bit):5.4155417064437845
                                      Encrypted:false
                                      SSDEEP:768:5b2+S8bml350IeJOhDGrt5IW0DE5KLv0Dq5KBX0DU5KlHMQMGE:c3JhTW0Q47024BX0A46QS
                                      MD5:77CDA4937A2722C2950062E30E362D39
                                      SHA1:28EB59B8FBE915D9BA878D458F578E6F64A17178
                                      SHA-256:EC606D17CF9795F70E80B5F04A47A24A739E876A31BA648994DB330E8F378907
                                      SHA-512:2E731F0E921BB7BB399F4B49D39AD4FECF8A74CBA884659B08FD89AF16A2261290BF4EB256B5B236A1242473250991DFCF72DFE1B30EE24B319A491DBD8C777B
                                      Malicious:false
                                      Reputation:low
                                      URL:https://employerschoiceonline.instascreen.net/quickverify/release.taz?a=6aad0af695a81e45c40904d374f7153bb060e004&e=1744654543000&b=688506155&c=5
                                      Preview:..<!DOCTYPE html>..<html lang="en">..<head>..<meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Applicant Authorization Forms</title>. <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">. <script type="text/javascript">.window.NREUM||(NREUM={}),__nr_require=function(t,n,e){function r(e){if(!n[e]){var o=n[e]={exports:{}};t[e][0].call(o.exports,function(n){var o=t[e][1][n];return r(o||n)},o,o.exports)}return n[e].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<e.length;o++)r(e[o]);return r}({1:[function(t,n,e){function r(t){try{s.console&&console.log(t)}catch(n){}}var o,i=t("ee"),a=t(15),s={};try{o=localStorage.getItem("__nr_flags").split(","),console&&"function"==typeof console.log&&(s.console=!0,o.indexOf("dev")!==-1&&(s.dev=!0),o.indexOf("nr_dev")!==-1&&(s.nrDev=!0))}catch(c){}s.nrDev&&i.on("internal-error",function(t){r(t.stack)}),s.dev&&i.on("fn-err",function(t,n,e){r(e.stack)}),s.dev&&(r("NR AGENT IN DEVELOPMENT MODE"),r("fl

                                      Static File Info

                                      No static file info

                                      File Icon

                                      Icon Hash:00b29a8e86828200

                                      Network Behavior

                                      Download Network PCAP: filteredfull

                                      Network Port Distribution

                                      • Total Packets: 145
                                      • 443 (HTTPS)
                                      • 80 (HTTP)
                                      • 53 (DNS)
                                      TimestampSource PortDest PortSource IPDest IP
                                      Apr 14, 2025 21:07:06.684566021 CEST49675443192.168.2.72.23.227.208
                                      Apr 14, 2025 21:07:06.684571981 CEST49673443192.168.2.72.23.227.208
                                      Apr 14, 2025 21:07:06.684830904 CEST49674443192.168.2.72.23.227.208
                                      Apr 14, 2025 21:07:08.559607029 CEST4967680192.168.2.723.199.215.203
                                      Apr 14, 2025 21:07:08.559633970 CEST49677443192.168.2.72.18.98.62
                                      Apr 14, 2025 21:07:13.436589003 CEST49691443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:07:13.436646938 CEST4434969164.233.185.106192.168.2.7
                                      Apr 14, 2025 21:07:13.436744928 CEST49691443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:07:13.436913013 CEST49691443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:07:13.436928034 CEST4434969164.233.185.106192.168.2.7
                                      Apr 14, 2025 21:07:13.658379078 CEST4434969164.233.185.106192.168.2.7
                                      Apr 14, 2025 21:07:13.658473015 CEST49691443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:07:13.659785986 CEST49691443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:07:13.659795046 CEST4434969164.233.185.106192.168.2.7
                                      Apr 14, 2025 21:07:13.660039902 CEST4434969164.233.185.106192.168.2.7
                                      Apr 14, 2025 21:07:13.702253103 CEST49691443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:07:14.873430014 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:14.873466015 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:14.873605967 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:14.873847961 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:14.873872042 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:14.874144077 CEST49693443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:14.874186993 CEST4434969354.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:14.874243975 CEST49693443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:14.874411106 CEST49693443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:14.874425888 CEST4434969354.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.398718119 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.398732901 CEST4434969354.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.398803949 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.398817062 CEST49693443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.400082111 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.400091887 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.400346994 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.400496960 CEST49693443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.400501966 CEST4434969354.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.400746107 CEST4434969354.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.400779963 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.448271036 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.453353882 CEST49693443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.792546988 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.792599916 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.792642117 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.792680025 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.792701960 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.792726994 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.792752028 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.792777061 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.792886972 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.792924881 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.792954922 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.792964935 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.792994022 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.835500002 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.835623980 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.835638046 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.835654974 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:15.835700989 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.837848902 CEST49692443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:07:15.837869883 CEST4434969254.188.253.192192.168.2.7
                                      Apr 14, 2025 21:07:16.297678947 CEST49675443192.168.2.72.23.227.208
                                      Apr 14, 2025 21:07:16.297698021 CEST49674443192.168.2.72.23.227.208
                                      Apr 14, 2025 21:07:16.299949884 CEST49673443192.168.2.72.23.227.208
                                      Apr 14, 2025 21:07:18.414048910 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.414098978 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.414211035 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.414372921 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.414388895 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.638545990 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.638880968 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.721211910 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.721235037 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.721596003 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.725111961 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.772279978 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.844610929 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.844682932 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.844732046 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.844772100 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.844803095 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.844810963 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.844827890 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.844878912 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.844878912 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.848057032 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.851581097 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.851619005 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.851768017 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.851784945 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.851923943 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.855129957 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.858705997 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.858767986 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.858783960 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.862214088 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.862312078 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.862421989 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.862435102 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.862485886 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.865777016 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.866019964 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:18.866103888 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.964979887 CEST49702443192.168.2.7162.247.243.39
                                      Apr 14, 2025 21:07:18.965003014 CEST44349702162.247.243.39192.168.2.7
                                      Apr 14, 2025 21:07:19.080976963 CEST49703443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:07:19.081042051 CEST44349703162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:07:19.081171036 CEST49703443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:07:19.081374884 CEST49703443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:07:19.081391096 CEST44349703162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:07:19.425316095 CEST44349703162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:07:19.425375938 CEST49703443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:07:19.426553011 CEST49703443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:07:19.426563978 CEST44349703162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:07:19.426796913 CEST44349703162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:07:19.427021980 CEST49703443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:07:19.472276926 CEST44349703162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:07:19.801842928 CEST44349703162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:07:19.802002907 CEST44349703162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:07:19.802078009 CEST49703443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:07:19.802927017 CEST49703443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:07:19.802942991 CEST44349703162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:07:23.662071943 CEST4434969164.233.185.106192.168.2.7
                                      Apr 14, 2025 21:07:23.662132978 CEST4434969164.233.185.106192.168.2.7
                                      Apr 14, 2025 21:07:23.662220001 CEST49691443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:07:23.782200098 CEST49691443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:07:23.782224894 CEST4434969164.233.185.106192.168.2.7
                                      Apr 14, 2025 21:07:35.811039925 CEST49671443192.168.2.7204.79.197.203
                                      Apr 14, 2025 21:07:36.123166084 CEST49671443192.168.2.7204.79.197.203
                                      Apr 14, 2025 21:07:36.732557058 CEST49671443192.168.2.7204.79.197.203
                                      Apr 14, 2025 21:07:37.935688019 CEST49671443192.168.2.7204.79.197.203
                                      Apr 14, 2025 21:07:40.341871977 CEST49671443192.168.2.7204.79.197.203
                                      Apr 14, 2025 21:07:44.373079062 CEST49678443192.168.2.720.189.173.15
                                      Apr 14, 2025 21:07:44.685070992 CEST49678443192.168.2.720.189.173.15
                                      Apr 14, 2025 21:07:45.169538021 CEST49671443192.168.2.7204.79.197.203
                                      Apr 14, 2025 21:07:45.294543028 CEST49678443192.168.2.720.189.173.15
                                      Apr 14, 2025 21:07:46.497673035 CEST49678443192.168.2.720.189.173.15
                                      Apr 14, 2025 21:07:48.904062986 CEST49678443192.168.2.720.189.173.15
                                      Apr 14, 2025 21:07:53.716389894 CEST49678443192.168.2.720.189.173.15
                                      Apr 14, 2025 21:07:54.779031038 CEST49671443192.168.2.7204.79.197.203
                                      Apr 14, 2025 21:08:00.403878927 CEST49693443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:08:00.403892994 CEST4434969354.188.253.192192.168.2.7
                                      Apr 14, 2025 21:08:03.325990915 CEST49678443192.168.2.720.189.173.15
                                      Apr 14, 2025 21:08:13.391452074 CEST49718443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:08:13.391484976 CEST4434971864.233.185.106192.168.2.7
                                      Apr 14, 2025 21:08:13.391552925 CEST49718443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:08:13.391779900 CEST49718443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:08:13.391793013 CEST4434971864.233.185.106192.168.2.7
                                      Apr 14, 2025 21:08:13.614011049 CEST4434971864.233.185.106192.168.2.7
                                      Apr 14, 2025 21:08:13.614331961 CEST49718443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:08:13.614362955 CEST4434971864.233.185.106192.168.2.7
                                      Apr 14, 2025 21:08:15.796595097 CEST49693443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:08:15.796679020 CEST4434969354.188.253.192192.168.2.7
                                      Apr 14, 2025 21:08:15.796736956 CEST49693443192.168.2.754.188.253.192
                                      Apr 14, 2025 21:08:18.984838963 CEST49721443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:18.984880924 CEST44349721162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:18.984952927 CEST49721443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:18.985169888 CEST49721443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:18.985182047 CEST44349721162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:19.201817036 CEST44349721162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:19.202117920 CEST49721443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:19.202136040 CEST44349721162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:19.202282906 CEST49721443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:19.202291012 CEST44349721162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:19.451106071 CEST44349721162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:19.451229095 CEST44349721162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:19.451484919 CEST49721443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:19.451745987 CEST49721443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:19.451759100 CEST44349721162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:23.624814987 CEST4434971864.233.185.106192.168.2.7
                                      Apr 14, 2025 21:08:23.624888897 CEST4434971864.233.185.106192.168.2.7
                                      Apr 14, 2025 21:08:23.625125885 CEST49718443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:08:23.797590017 CEST49718443192.168.2.764.233.185.106
                                      Apr 14, 2025 21:08:23.797609091 CEST4434971864.233.185.106192.168.2.7
                                      Apr 14, 2025 21:08:32.028990030 CEST49729443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:08:32.029051065 CEST44349729108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:08:32.029122114 CEST49729443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:08:32.029261112 CEST49729443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:08:32.029272079 CEST44349729108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:08:32.245663881 CEST44349729108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:08:32.245738983 CEST49729443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:08:32.247006893 CEST49729443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:08:32.247020006 CEST44349729108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:08:32.247302055 CEST44349729108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:08:32.295097113 CEST49729443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:08:35.172131062 CEST49731443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:35.172183037 CEST44349731162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:35.172364950 CEST49731443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:35.172636032 CEST49731443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:35.172651052 CEST44349731162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:35.507371902 CEST44349731162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:35.507436037 CEST49731443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:35.556257963 CEST49731443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:35.556298018 CEST44349731162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:35.556626081 CEST44349731162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:35.557847023 CEST49731443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:35.600267887 CEST44349731162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:35.958425045 CEST44349731162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:35.958528996 CEST44349731162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:35.958667994 CEST49731443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:35.960150003 CEST49731443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:35.960166931 CEST44349731162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:42.244541883 CEST44349729108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:08:42.244601965 CEST44349729108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:08:42.244699955 CEST49729443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:08:43.930583954 CEST49729443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:08:43.930633068 CEST44349729108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:08:44.214200974 CEST49735443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:44.214255095 CEST44349735162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:44.214509964 CEST49735443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:44.215070009 CEST49735443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:44.215084076 CEST44349735162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:44.550348997 CEST44349735162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:44.558017015 CEST49735443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:44.558044910 CEST44349735162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:44.558386087 CEST49735443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:44.558392048 CEST44349735162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:44.944649935 CEST44349735162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:44.944798946 CEST44349735162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:08:44.944896936 CEST49735443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:44.946176052 CEST49735443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:08:44.946193933 CEST44349735162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:31.984513044 CEST49739443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:09:31.984561920 CEST44349739108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:09:31.985085011 CEST49739443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:09:31.985085011 CEST49739443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:09:31.985120058 CEST44349739108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:09:32.201858997 CEST44349739108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:09:32.202332973 CEST49739443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:09:32.202358961 CEST44349739108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:09:35.064762115 CEST49741443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:35.064816952 CEST44349741162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:35.064918041 CEST49741443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:35.065080881 CEST49741443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:35.065094948 CEST44349741162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:35.281280041 CEST44349741162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:35.281740904 CEST49741443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:35.281763077 CEST44349741162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:35.282030106 CEST49741443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:35.282036066 CEST44349741162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:35.528923988 CEST44349741162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:35.529053926 CEST44349741162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:35.529580116 CEST49741443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:35.529779911 CEST49741443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:35.529794931 CEST44349741162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:42.200661898 CEST44349739108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:09:42.200740099 CEST44349739108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:09:42.200824022 CEST49739443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:09:44.021806955 CEST49739443192.168.2.7108.177.122.147
                                      Apr 14, 2025 21:09:44.021852016 CEST44349739108.177.122.147192.168.2.7
                                      Apr 14, 2025 21:09:45.125708103 CEST49745443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:45.125771046 CEST44349745162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:45.125916004 CEST49745443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:45.126091003 CEST49745443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:45.126110077 CEST44349745162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:45.344769955 CEST44349745162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:45.345077038 CEST49745443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:45.345115900 CEST44349745162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:45.345365047 CEST49745443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:45.345372915 CEST44349745162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:45.604837894 CEST44349745162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:45.604991913 CEST44349745162.247.243.29192.168.2.7
                                      Apr 14, 2025 21:09:45.605040073 CEST49745443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:45.605557919 CEST49745443192.168.2.7162.247.243.29
                                      Apr 14, 2025 21:09:45.605575085 CEST44349745162.247.243.29192.168.2.7
                                      TimestampSource PortDest PortSource IPDest IP
                                      Apr 14, 2025 21:07:08.769221067 CEST53617671.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:08.991539955 CEST53650501.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:09.843553066 CEST53512751.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:09.888768911 CEST53550361.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:13.328639030 CEST6278253192.168.2.71.1.1.1
                                      Apr 14, 2025 21:07:13.328958988 CEST6115553192.168.2.71.1.1.1
                                      Apr 14, 2025 21:07:13.435421944 CEST53611551.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:13.435569048 CEST53627821.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:14.715353966 CEST5283953192.168.2.71.1.1.1
                                      Apr 14, 2025 21:07:14.715631962 CEST6112953192.168.2.71.1.1.1
                                      Apr 14, 2025 21:07:14.871109009 CEST53611291.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:14.872678041 CEST53528391.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:17.511733055 CEST53610821.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:18.306637049 CEST5018053192.168.2.71.1.1.1
                                      Apr 14, 2025 21:07:18.306934118 CEST5310053192.168.2.71.1.1.1
                                      Apr 14, 2025 21:07:18.413413048 CEST53531001.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:18.413434029 CEST53501801.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:18.973704100 CEST5731353192.168.2.71.1.1.1
                                      Apr 14, 2025 21:07:18.974118948 CEST6269153192.168.2.71.1.1.1
                                      Apr 14, 2025 21:07:19.080231905 CEST53626911.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:19.080323935 CEST53573131.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:26.987896919 CEST53547941.1.1.1192.168.2.7
                                      Apr 14, 2025 21:07:45.668445110 CEST53640701.1.1.1192.168.2.7
                                      Apr 14, 2025 21:08:08.090332985 CEST53533041.1.1.1192.168.2.7
                                      Apr 14, 2025 21:08:08.671926022 CEST53548501.1.1.1192.168.2.7
                                      Apr 14, 2025 21:08:11.779267073 CEST53510421.1.1.1192.168.2.7
                                      Apr 14, 2025 21:08:27.381901026 CEST53521461.1.1.1192.168.2.7
                                      Apr 14, 2025 21:08:27.454116106 CEST53552001.1.1.1192.168.2.7
                                      Apr 14, 2025 21:08:28.057846069 CEST53608221.1.1.1192.168.2.7
                                      Apr 14, 2025 21:08:31.921524048 CEST5415853192.168.2.71.1.1.1
                                      Apr 14, 2025 21:08:31.921750069 CEST5544453192.168.2.71.1.1.1
                                      Apr 14, 2025 21:08:32.027864933 CEST53541581.1.1.1192.168.2.7
                                      Apr 14, 2025 21:08:32.027893066 CEST53554441.1.1.1192.168.2.7
                                      Apr 14, 2025 21:08:35.063652992 CEST5963953192.168.2.71.1.1.1
                                      Apr 14, 2025 21:08:35.063950062 CEST5310753192.168.2.71.1.1.1
                                      Apr 14, 2025 21:08:35.170418978 CEST53596391.1.1.1192.168.2.7
                                      Apr 14, 2025 21:08:35.170514107 CEST53531071.1.1.1192.168.2.7
                                      Apr 14, 2025 21:08:41.115115881 CEST138138192.168.2.7192.168.2.255
                                      Apr 14, 2025 21:08:45.048794031 CEST53501411.1.1.1192.168.2.7
                                      Apr 14, 2025 21:09:03.920376062 CEST53631391.1.1.1192.168.2.7
                                      Apr 14, 2025 21:09:26.700373888 CEST53539741.1.1.1192.168.2.7
                                      Apr 14, 2025 21:09:27.219954014 CEST53532281.1.1.1192.168.2.7
                                      Apr 14, 2025 21:09:30.372035027 CEST53497091.1.1.1192.168.2.7
                                      TimestampSource IPDest IPChecksumCodeType
                                      Apr 14, 2025 21:07:09.842083931 CEST192.168.2.71.1.1.1c24c(Port unreachable)Destination Unreachable

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Apr 14, 2025 21:07:13.328639030 CEST192.168.2.71.1.1.10x6913Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:13.328958988 CEST192.168.2.71.1.1.10x219eStandard query (0)www.google.com65IN (0x0001)false
                                      Apr 14, 2025 21:07:14.715353966 CEST192.168.2.71.1.1.10xa2e1Standard query (0)employerschoiceonline.instascreen.netA (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:14.715631962 CEST192.168.2.71.1.1.10x737dStandard query (0)employerschoiceonline.instascreen.net65IN (0x0001)false
                                      Apr 14, 2025 21:07:18.306637049 CEST192.168.2.71.1.1.10x922cStandard query (0)js-agent.newrelic.comA (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:18.306934118 CEST192.168.2.71.1.1.10x6126Standard query (0)js-agent.newrelic.com65IN (0x0001)false
                                      Apr 14, 2025 21:07:18.973704100 CEST192.168.2.71.1.1.10x622eStandard query (0)bam.nr-data.netA (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:18.974118948 CEST192.168.2.71.1.1.10x77a3Standard query (0)bam.nr-data.net65IN (0x0001)false
                                      Apr 14, 2025 21:08:31.921524048 CEST192.168.2.71.1.1.10x4798Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:08:31.921750069 CEST192.168.2.71.1.1.10xe559Standard query (0)www.google.com65IN (0x0001)false
                                      Apr 14, 2025 21:08:35.063652992 CEST192.168.2.71.1.1.10x7477Standard query (0)bam.nr-data.netA (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:08:35.063950062 CEST192.168.2.71.1.1.10x3899Standard query (0)bam.nr-data.net65IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Apr 14, 2025 21:07:13.435421944 CEST1.1.1.1192.168.2.70x219eNo error (0)www.google.com65IN (0x0001)false
                                      Apr 14, 2025 21:07:13.435569048 CEST1.1.1.1192.168.2.70x6913No error (0)www.google.com64.233.185.106A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:13.435569048 CEST1.1.1.1192.168.2.70x6913No error (0)www.google.com64.233.185.99A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:13.435569048 CEST1.1.1.1192.168.2.70x6913No error (0)www.google.com64.233.185.103A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:13.435569048 CEST1.1.1.1192.168.2.70x6913No error (0)www.google.com64.233.185.105A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:13.435569048 CEST1.1.1.1192.168.2.70x6913No error (0)www.google.com64.233.185.147A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:13.435569048 CEST1.1.1.1192.168.2.70x6913No error (0)www.google.com64.233.185.104A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:14.871109009 CEST1.1.1.1192.168.2.70x737dNo error (0)employerschoiceonline.instascreen.netb-group.instascreen.netCNAME (Canonical name)IN (0x0001)false
                                      Apr 14, 2025 21:07:14.872678041 CEST1.1.1.1192.168.2.70xa2e1No error (0)employerschoiceonline.instascreen.netb-group.instascreen.netCNAME (Canonical name)IN (0x0001)false
                                      Apr 14, 2025 21:07:14.872678041 CEST1.1.1.1192.168.2.70xa2e1No error (0)b-group.instascreen.net54.188.253.192A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:14.872678041 CEST1.1.1.1192.168.2.70xa2e1No error (0)b-group.instascreen.net44.240.253.46A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:14.872678041 CEST1.1.1.1192.168.2.70xa2e1No error (0)b-group.instascreen.net54.186.209.228A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:18.413434029 CEST1.1.1.1192.168.2.70x922cNo error (0)js-agent.newrelic.com162.247.243.39A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:07:19.080231905 CEST1.1.1.1192.168.2.70x77a3No error (0)bam.nr-data.netbam.cell.nr-data.netCNAME (Canonical name)IN (0x0001)false
                                      Apr 14, 2025 21:07:19.080231905 CEST1.1.1.1192.168.2.70x77a3No error (0)bam.cell.nr-data.netfastly-tls12-bam.nr-data.netCNAME (Canonical name)IN (0x0001)false
                                      Apr 14, 2025 21:07:19.080323935 CEST1.1.1.1192.168.2.70x622eNo error (0)bam.nr-data.netbam.cell.nr-data.netCNAME (Canonical name)IN (0x0001)false
                                      Apr 14, 2025 21:07:19.080323935 CEST1.1.1.1192.168.2.70x622eNo error (0)bam.cell.nr-data.netfastly-tls12-bam.nr-data.netCNAME (Canonical name)IN (0x0001)false
                                      Apr 14, 2025 21:07:19.080323935 CEST1.1.1.1192.168.2.70x622eNo error (0)fastly-tls12-bam.nr-data.net162.247.243.29A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:08:32.027864933 CEST1.1.1.1192.168.2.70x4798No error (0)www.google.com108.177.122.147A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:08:32.027864933 CEST1.1.1.1192.168.2.70x4798No error (0)www.google.com108.177.122.105A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:08:32.027864933 CEST1.1.1.1192.168.2.70x4798No error (0)www.google.com108.177.122.103A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:08:32.027864933 CEST1.1.1.1192.168.2.70x4798No error (0)www.google.com108.177.122.99A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:08:32.027864933 CEST1.1.1.1192.168.2.70x4798No error (0)www.google.com108.177.122.106A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:08:32.027864933 CEST1.1.1.1192.168.2.70x4798No error (0)www.google.com108.177.122.104A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:08:32.027893066 CEST1.1.1.1192.168.2.70xe559No error (0)www.google.com65IN (0x0001)false
                                      Apr 14, 2025 21:08:35.170418978 CEST1.1.1.1192.168.2.70x7477No error (0)bam.nr-data.netbam.cell.nr-data.netCNAME (Canonical name)IN (0x0001)false
                                      Apr 14, 2025 21:08:35.170418978 CEST1.1.1.1192.168.2.70x7477No error (0)bam.cell.nr-data.netfastly-tls12-bam.nr-data.netCNAME (Canonical name)IN (0x0001)false
                                      Apr 14, 2025 21:08:35.170418978 CEST1.1.1.1192.168.2.70x7477No error (0)fastly-tls12-bam.nr-data.net162.247.243.29A (IP address)IN (0x0001)false
                                      Apr 14, 2025 21:08:35.170514107 CEST1.1.1.1192.168.2.70x3899No error (0)bam.nr-data.netbam.cell.nr-data.netCNAME (Canonical name)IN (0x0001)false
                                      Apr 14, 2025 21:08:35.170514107 CEST1.1.1.1192.168.2.70x3899No error (0)bam.cell.nr-data.netfastly-tls12-bam.nr-data.netCNAME (Canonical name)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • employerschoiceonline.instascreen.net
                                      • js-agent.newrelic.com
                                      • bam.nr-data.net

                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.74969254.188.253.1924435416C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-14 19:07:15 UTC785OUTGET /quickverify/release.taz?a=6aad0af695a81e45c40904d374f7153bb060e004&e=1744654543000&b=688506155&c=5 HTTP/1.1
                                      Host: employerschoiceonline.instascreen.net
                                      Connection: keep-alive
                                      sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      Accept-Encoding: gzip, deflate, br, zstd
                                      Accept-Language: en-US,en;q=0.9
                                      2025-04-14 19:07:15 UTC884INHTTP/1.1 200
                                      Date: Mon, 14 Apr 2025 19:07:15 GMT
                                      Content-Type: text/html;charset=ISO-8859-1
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Set-Cookie: AWSALB=ZRgYTCo2ORzSFZ7ZJCClP5IrsPYscVoTps6Cix+9ZmGBKTpKrl0NH8dZUAO2Wi4JX/c0/uVovoZIhGuLl2sV0S3XweMEJmlGKXtgyH7GrugZt1v5WLDwKQTAAopR; Expires=Mon, 21 Apr 2025 19:07:15 GMT; Path=/
                                      Set-Cookie: AWSALBCORS=ZRgYTCo2ORzSFZ7ZJCClP5IrsPYscVoTps6Cix+9ZmGBKTpKrl0NH8dZUAO2Wi4JX/c0/uVovoZIhGuLl2sV0S3XweMEJmlGKXtgyH7GrugZt1v5WLDwKQTAAopR; Expires=Mon, 21 Apr 2025 19:07:15 GMT; Path=/; SameSite=None; Secure
                                      Expires: 0
                                      Cache-Control: must-revalidate, post-check=0, pre-check=0
                                      Pragma: no-store
                                      Content-Disposition: attachment; filename=Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html
                                      Set-Cookie: SESSION=ZGEzZWRlYTctMjg3Zi00ZmUwLWI0YWEtZGZlMGUzYzdmYmEx; Path=/; Secure; HttpOnly; SameSite=None
                                      vary: accept-encoding
                                      Server: MMXX
                                      2025-04-14 19:07:15 UTC15500INData Raw: 33 65 32 63 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 41 70 70 6c 69 63 61 6e 74 20 41 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 46 6f 72 6d 73 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 4d 45 54 41 20 4e 41 4d 45 3d 22 52 4f 42 4f 54 53 22 20 43 4f 4e 54 45 4e 54 3d 22 4e 4f 49 4e 44 45 58 2c 20 4e 4f 46 4f 4c 4c 4f 57 22 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a
                                      Data Ascii: 3e2c<!DOCTYPE html><html lang="en"><head><meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Applicant Authorization Forms</title> <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"> <script type="text/javascript">
                                      2025-04-14 19:07:15 UTC424INData Raw: 69 70 74 73 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2d 6d 69 67 72 61 74 65 2d 33 2e 35 2e 30 2e 6a 73 3f 76 3d 33 2e 33 2e 33 32 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 5f 73 63 72 69 70 74 73 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2e 66 6f 63 75 73 2d 66 69 72 73 74 2e 63 75 73 74 6f 6d 2e 6a 73 3f 76 3d 33 2e 33 2e 33 32 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 5f 73 63 72 69 70 74 73 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2e 62 6c 6f 63 6b 55 49 2d 32 2e 37 30 2e 6a 73 3f 76 3d 33 2e 33 2e 33 32 22 3e 3c 2f 73 63 72 69 70
                                      Data Ascii: ipts/jquery/jquery-migrate-3.5.0.js?v=3.3.32"></script> <script type="text/javascript" src="/_scripts/jquery/jquery.focus-first.custom.js?v=3.3.32"></script> <script type="text/javascript" src="/_scripts/jquery/jquery.blockUI-2.70.js?v=3.3.32"></scrip
                                      2025-04-14 19:07:15 UTC16384INData Raw: 35 66 39 65 0d 0a 69 70 74 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 5f 6c 69 62 73 2f 62 6f 6f 74 73 74 72 61 70 5f 33 2e 34 2e 31 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 3d 33 2e 33 2e 33 32 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 6a 51 75 65 72 79 2e 6d 69 67 72 61 74 65 45 6e 61 62 6c 65 50 61 74 63 68 65 73 28 22 73 65 6c 66 2d 63 6c 6f 73 65 64 2d 74 61 67 73 22 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69
                                      Data Ascii: 5f9eipt> <script type="text/javascript" src="/_libs/bootstrap_3.4.1/js/bootstrap.min.js?v=3.3.32"></script> <script type="text/javascript">jQuery.migrateEnablePatches("self-closed-tags");</script> <link href="https://fonts.googleapis.com/css?fami
                                      2025-04-14 19:07:15 UTC8102INData Raw: 64 69 63 61 6c 20 6f 72 20 64 69 73 61 62 69 6c 69 74 79 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 29 2c 20 61 6e 64 20 6f 74 68 65 72 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 79 6f 75 2c 20 61 6e 64 20 69 6e 74 65 72 76 69 65 77 69 6e 67 20 70 65 6f 70 6c 65 20 77 68 6f 20 61 72 65 20 6b 6e 6f 77 6c 65 64 67 65 61 62 6c 65 20 61 62 6f 75 74 20 79 6f 75 2e 20 54 68 65 20 72 65 73 75 6c 74 73 20 6f 66 20 74 68 69 73 20 72 65 70 6f 72 74 20 6d 61 79 20 62 65 20 75 73 65 64 20 61 73 20 61 20 66 61 63 74 6f 72 20 69 6e 20 6d 61 6b 69 6e 67 20 65 6d 70 6c 6f 79 6d 65 6e 74 20 64 65 63 69 73 69 6f 6e 73 2e 20 54 68 65 20 73 6f 75 72 63 65 20 6f 66 20 61 6e 79 20 69 6e 76 65 73 74 69 67 61 74 69 76 65 20 63 6f 6e 73 75 6d 65 72 20 72 65 70 6f 72 74 20
                                      Data Ascii: dical or disability information), and other information about you, and interviewing people who are knowledgeable about you. The results of this report may be used as a factor in making employment decisions. The source of any investigative consumer report
                                      2025-04-14 19:07:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.749702162.247.243.394435416C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-14 19:07:18 UTC540OUTGET /nr-1044.min.js HTTP/1.1
                                      Host: js-agent.newrelic.com
                                      Connection: keep-alive
                                      sec-ch-ua-platform: "Windows"
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                      sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                      sec-ch-ua-mobile: ?0
                                      Accept: */*
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: script
                                      Sec-Fetch-Storage-Access: active
                                      Accept-Encoding: gzip, deflate, br, zstd
                                      Accept-Language: en-US,en;q=0.9
                                      2025-04-14 19:07:18 UTC549INHTTP/1.1 200 OK
                                      Connection: close
                                      Content-Length: 22890
                                      Last-Modified: Wed, 18 Oct 2023 20:58:59 GMT
                                      ETag: "6442aaa45ec28f8b2c541026f3c24871"
                                      Cache-Control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
                                      Content-Type: application/javascript
                                      Access-Control-Allow-Origin: *
                                      Accept-Ranges: bytes
                                      Date: Mon, 14 Apr 2025 19:07:18 GMT
                                      X-Served-By: cache-pdk-kfty8610032-PDK
                                      X-Cache: HIT
                                      X-Cache-Hits: 0
                                      Vary: Accept-Encoding
                                      Cross-Origin-Resource-Policy: cross-origin
                                      Strict-Transport-Security: max-age=300
                                      2025-04-14 19:07:18 UTC1378INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 6e 2c 65 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 74 2c 69 29 7b 69 66 28 21 65 5b 74 5d 29 7b 69 66 28 21 6e 5b 74 5d 29 7b 76 61 72 20 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 5f 5f 6e 72 5f 72 65 71 75 69 72 65 26 26 5f 5f 6e 72 5f 72 65 71 75 69 72 65 3b 69 66 28 21 69 26 26 61 29 72 65 74 75 72 6e 20 61 28 74 2c 21 30 29 3b 69 66 28 6f 29 72 65 74 75 72 6e 20 6f 28 74 2c 21 30 29 3b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 66 69 6e 64 20 6d 6f 64 75 6c 65 20 27 22 2b 74 2b 22 27 22 29 7d 76 61 72 20 73 3d 65 5b 74 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 6e 5b 74 5d 5b 30 5d 2e 63 61 6c 6c 28 73 2e 65 78 70 6f 72 74 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76
                                      Data Ascii: !function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var a="function"==typeof __nr_require&&__nr_require;if(!i&&a)return a(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '"+t+"'")}var s=e[t]={exports:{}};n[t][0].call(s.exports,function(e){v
                                      2025-04-14 19:07:18 UTC1378INData Raw: 73 61 63 74 69 6f 6e 3d 28 74 7c 7c 22 68 74 74 70 3a 2f 2f 63 75 73 74 6f 6d 2e 74 72 61 6e 73 61 63 74 69 6f 6e 22 29 2b 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 6e 2c 65 29 7b 76 61 72 20 74 3d 65 3f 65 2d 68 2e 6f 66 66 73 65 74 3a 6e 3b 6c 2e 73 74 6f 72 65 28 22 63 6d 22 2c 22 66 69 6e 69 73 68 65 64 22 2c 7b 6e 61 6d 65 3a 22 66 69 6e 69 73 68 65 64 22 7d 2c 7b 74 69 6d 65 3a 74 7d 29 2c 69 28 6e 2c 7b 6e 61 6d 65 3a 22 66 69 6e 69 73 68 65 64 22 2c 73 74 61 72 74 3a 74 2b 68 2e 6f 66 66 73 65 74 2c 6f 72 69 67 69 6e 3a 22 6e 72 22 7d 29 2c 76 28 22 61 70 69 2d 61 64 64 50 61 67 65 41 63 74 69 6f 6e 22 2c 5b 74 2c 22 66 69 6e 69 73 68 65 64 22 5d 29 7d 66 75 6e 63 74 69 6f 6e 20 69 28 6e 2c 65 29 7b 69 66 28 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d
                                      Data Ascii: saction=(t||"http://custom.transaction")+e)}function o(n,e){var t=e?e-h.offset:n;l.store("cm","finished",{name:"finished"},{time:t}),i(n,{name:"finished",start:t+h.offset,origin:"nr"}),v("api-addPageAction",[t,"finished"])}function i(n,e){if(e&&"object"==
                                      2025-04-14 19:07:18 UTC1378INData Raw: 74 73 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 65 3d 6f 2e 62 61 63 6b 6c 6f 67 5b 6e 5d 2c 74 3d 61 5b 6e 5d 3b 69 66 28 74 29 7b 66 6f 72 28 76 61 72 20 73 3d 30 3b 65 26 26 73 3c 65 2e 6c 65 6e 67 74 68 3b 2b 2b 73 29 72 28 65 5b 73 5d 2c 74 29 3b 69 28 74 2c 66 75 6e 63 74 69 6f 6e 28 6e 2c 65 29 7b 69 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 5b 30 5d 2e 6f 6e 28 6e 2c 74 5b 31 5d 29 7d 29 7d 29 7d 64 65 6c 65 74 65 20 61 5b 6e 5d 2c 6f 2e 62 61 63 6b 6c 6f 67 5b 6e 5d 3d 6e 75 6c 6c 7d 7d 2c 7b 7d 5d 2c 36 3a 5b 66 75 6e 63 74 69 6f 6e 28 6e 2c 65 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 6e 29 7b 72 65 74 75 72 6e 20 66 5b 6e 5d 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 6e 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 3d 6e 7c 7c
                                      Data Ascii: ts=function(n){var e=o.backlog[n],t=a[n];if(t){for(var s=0;e&&s<e.length;++s)r(e[s],t);i(t,function(n,e){i(e,function(e,t){t[0].on(n,t[1])})})}delete a[n],o.backlog[n]=null}},{}],6:[function(n,e,t){function r(n){return f[n]}function o(n){return null===n||
                                      2025-04-14 19:07:18 UTC1378INData Raw: 6d 65 22 2c 22 66 69 72 73 74 62 79 74 65 22 29 2c 6b 2e 6d 65 61 73 75 72 65 28 22 66 65 22 2c 22 66 69 72 73 74 62 79 74 65 22 2c 22 6f 6e 6c 6f 61 64 22 29 2c 6b 2e 6d 65 61 73 75 72 65 28 22 64 63 22 2c 22 66 69 72 73 74 62 79 74 65 22 2c 22 64 6f 6d 43 6f 6e 74 65 6e 74 22 29 3b 76 61 72 20 65 3d 62 2e 67 65 74 28 22 6d 65 61 73 75 72 65 73 22 29 2c 74 3d 68 28 65 2c 66 75 6e 63 74 69 6f 6e 28 6e 2c 65 29 7b 72 65 74 75 72 6e 22 26 22 2b 6e 2b 22 3d 22 2b 65 2e 70 61 72 61 6d 73 2e 76 61 6c 75 65 7d 29 2e 6a 6f 69 6e 28 22 22 29 3b 69 66 28 74 29 7b 76 61 72 20 72 3d 22 31 22 2c 6f 3d 5b 70 28 6e 29 5d 3b 69 66 28 6f 2e 70 75 73 68 28 74 29 2c 6f 2e 70 75 73 68 28 67 2e 70 61 72 61 6d 28 22 74 74 22 2c 6e 2e 69 6e 66 6f 2e 74 74 47 75 69 64 29 29 2c
                                      Data Ascii: me","firstbyte"),k.measure("fe","firstbyte","onload"),k.measure("dc","firstbyte","domContent");var e=b.get("measures"),t=h(e,function(n,e){return"&"+n+"="+e.params.value}).join("");if(t){var r="1",o=[p(n)];if(o.push(t),o.push(g.param("tt",n.info.ttGuid)),
                                      2025-04-14 19:07:18 UTC1378INData Raw: 73 3b 73 77 69 74 63 68 28 65 29 7b 63 61 73 65 22 6a 73 65 72 72 6f 72 73 22 3a 61 3d 21 31 2c 69 3d 54 3f 77 2e 62 65 61 63 6f 6e 3a 77 2e 69 6d 67 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 69 66 28 72 2e 6e 65 65 64 52 65 73 70 6f 6e 73 65 29 61 3d 21 30 2c 69 3d 77 2e 78 68 72 3b 65 6c 73 65 20 69 66 28 72 2e 75 6e 6c 6f 61 64 29 61 3d 54 2c 69 3d 54 3f 77 2e 62 65 61 63 6f 6e 3a 77 2e 69 6d 67 3b 65 6c 73 65 20 69 66 28 52 29 61 3d 21 30 2c 69 3d 77 2e 78 68 72 3b 65 6c 73 65 7b 69 66 28 22 65 76 65 6e 74 73 22 21 3d 3d 65 29 72 65 74 75 72 6e 21 31 3b 69 3d 77 2e 69 6d 67 7d 7d 72 65 74 75 72 6e 20 61 26 26 22 65 76 65 6e 74 73 22 3d 3d 3d 65 3f 73 3d 74 2e 62 6f 64 79 2e 65 3a 61 3f 73 3d 79 28 74 2e 62 6f 64 79 29 3a 6f 2b 3d 67 2e 6f 62 6a 28
                                      Data Ascii: s;switch(e){case"jserrors":a=!1,i=T?w.beacon:w.img;break;default:if(r.needResponse)a=!0,i=w.xhr;else if(r.unload)a=T,i=T?w.beacon:w.img;else if(R)a=!0,i=w.xhr;else{if("events"!==e)return!1;i=w.img}}return a&&"events"===e?s=t.body.e:a?s=y(t.body):o+=g.obj(
                                      2025-04-14 19:07:18 UTC1378INData Raw: 69 76 3e 3c 2f 64 69 76 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 39 5d 3e 3c 64 69 76 3e 3c 2f 64 69 76 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 22 3b 76 61 72 20 69 3d 6f 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 64 69 76 22 29 2e 6c 65 6e 67 74 68 3b 34 3d 3d 3d 69 3f 72 2e 69 65 56 65 72 73 69 6f 6e 3d 36 3a 33 3d 3d 3d 69 3f 72 2e 69 65 56 65 72 73 69 6f 6e 3d 37 3a 32 3d 3d 3d 69 3f 72 2e 69 65 56 65 72 73 69 6f 6e 3d 38 3a 31 3d 3d 3d 69 3f 72 2e 69 65 56 65 72 73 69 6f 6e 3d 39 3a 72 2e 69 65 56 65 72 73 69 6f 6e 3d 30 2c 65 2e 65 78 70 6f 72 74 73 3d 72 2e 69 65 56 65 72 73 69 6f 6e 7d 2c 7b 7d 5d 2c 31 30 3a 5b 66 75 6e 63 74 69 6f 6e 28 6e 2c 65 2c 74 29 7b 66 75 6e 63 74 69 6f
                                      Data Ascii: iv></div><![endif]-->...[if lte IE 9]><div></div><![endif]-->";var i=o.getElementsByTagName("div").length;4===i?r.ieVersion=6:3===i?r.ieVersion=7:2===i?r.ieVersion=8:1===i?r.ieVersion=9:r.ieVersion=0,e.exports=r.ieVersion},{}],10:[function(n,e,t){functio
                                      2025-04-14 19:07:18 UTC1378INData Raw: 64 6f 6d 43 6f 6d 70 6c 65 74 65 2c 74 2c 65 2c 22 64 63 22 29 2c 69 28 6e 5b 6d 2b 61 5d 2c 74 2c 65 2c 22 6c 22 29 2c 69 28 6e 5b 6d 2b 73 5d 2c 74 2c 65 2c 22 6c 65 22 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 6e 2c 65 29 7b 72 65 74 75 72 6e 20 69 28 6e 2e 74 79 70 65 2c 30 2c 65 2c 22 74 79 22 29 2c 69 28 6e 2e 72 65 64 69 72 65 63 74 43 6f 75 6e 74 2c 30 2c 65 2c 22 72 63 22 29 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 69 28 6e 2c 65 2c 74 2c 72 29 7b 76 61 72 20 6f 3b 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 6e 26 26 6e 3e 30 26 26 28 6f 3d 4d 61 74 68 2e 72 6f 75 6e 64 28 6e 2d 65 29 2c 74 5b 72 5d 3d 6f 29 2c 76 2e 70 75 73 68 28 6f 29 7d 76 61 72 20 61 3d 22 53 74 61 72 74 22 2c 73 3d 22 45 6e 64 22 2c 75 3d 22 75 6e 6c 6f 61 64 45 76 65
                                      Data Ascii: domComplete,t,e,"dc"),i(n[m+a],t,e,"l"),i(n[m+s],t,e,"le"),e}function o(n,e){return i(n.type,0,e,"ty"),i(n.redirectCount,0,e,"rc"),e}function i(n,e,t,r){var o;"number"==typeof n&&n>0&&(o=Math.round(n-e),t[r]=o),v.push(o)}var a="Start",s="End",u="unloadEve
                                      2025-04-14 19:07:18 UTC1378INData Raw: 3d 3d 72 2e 63 68 61 72 41 74 28 72 2e 6c 65 6e 67 74 68 2d 31 29 26 26 28 72 3d 72 2e 73 75 62 73 74 72 28 30 2c 72 2e 6c 65 6e 67 74 68 2d 31 29 29 29 3a 30 3d 3d 3d 73 5b 75 5d 2e 69 6e 64 65 78 4f 66 28 22 72 3d 22 29 26 26 28 74 3d 73 5b 75 5d 2e 73 75 62 73 74 72 69 6e 67 28 32 29 2c 22 3b 22 3d 3d 3d 74 2e 63 68 61 72 41 74 28 74 2e 6c 65 6e 67 74 68 2d 31 29 26 26 28 74 3d 74 2e 73 75 62 73 74 72 28 30 2c 74 2e 6c 65 6e 67 74 68 2d 31 29 29 29 3b 69 66 28 74 29 7b 76 61 72 20 63 3d 61 28 64 6f 63 75 6d 65 6e 74 2e 72 65 66 65 72 72 65 72 29 3b 69 3d 63 3d 3d 74 2c 69 7c 7c 28 69 3d 61 28 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3d 3d 74 26 26 63 3d 3d 72 29 7d 69 66 28 69 26 26 6f 29 7b 76 61 72 20 66 3d 28 6e 65 77 20
                                      Data Ascii: ==r.charAt(r.length-1)&&(r=r.substr(0,r.length-1))):0===s[u].indexOf("r=")&&(t=s[u].substring(2),";"===t.charAt(t.length-1)&&(t=t.substr(0,t.length-1)));if(t){var c=a(document.referrer);i=c==t,i||(i=a(document.location.href)==t&&c==r)}if(i&&o){var f=(new
                                      2025-04-14 19:07:18 UTC1378INData Raw: 74 68 3f 22 7b 7d 22 3a 22 7b 22 2b 72 2e 6a 6f 69 6e 28 22 2c 22 29 2b 22 7d 22 7d 7d 76 61 72 20 61 3d 6e 28 33 30 29 2c 73 3d 6e 28 22 65 65 22 29 2c 75 3d 2f 5b 5c 5c 5c 22 5c 78 30 30 2d 5c 78 31 66 5c 78 37 66 2d 5c 78 39 66 5c 75 30 30 61 64 5c 75 30 36 30 30 2d 5c 75 30 36 30 34 5c 75 30 37 30 66 5c 75 31 37 62 34 5c 75 31 37 62 35 5c 75 32 30 30 63 2d 5c 75 32 30 30 66 5c 75 32 30 32 38 2d 5c 75 32 30 32 66 5c 75 32 30 36 30 2d 5c 75 32 30 36 66 5c 75 66 65 66 66 5c 75 66 66 66 30 2d 5c 75 66 66 66 66 5d 2f 67 2c 63 3d 7b 22 5c 62 22 3a 22 5c 5c 62 22 2c 22 5c 74 22 3a 22 5c 5c 74 22 2c 22 5c 6e 22 3a 22 5c 5c 6e 22 2c 22 5c 66 22 3a 22 5c 5c 66 22 2c 22 5c 72 22 3a 22 5c 5c 72 22 2c 27 22 27 3a 27 5c 5c 22 27 2c 22 5c 5c 22 3a 22 5c 5c 5c 5c 22
                                      Data Ascii: th?"{}":"{"+r.join(",")+"}"}}var a=n(30),s=n("ee"),u=/[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,c={"\b":"\\b","\t":"\\t","\n":"\\n","\f":"\\f","\r":"\\r",'"':'\\"',"\\":"\\\\"
                                      2025-04-14 19:07:18 UTC1378INData Raw: 65 6e 67 74 68 3f 7b 6d 6f 64 65 3a 22 73 74 61 63 6b 22 2c 6e 61 6d 65 3a 6e 2e 6e 61 6d 65 7c 7c 63 28 6e 29 2c 6d 65 73 73 61 67 65 3a 6e 2e 6d 65 73 73 61 67 65 2c 73 74 61 63 6b 53 74 72 69 6e 67 3a 6d 28 65 2e 73 74 61 63 6b 4c 69 6e 65 73 29 2c 66 72 61 6d 65 73 3a 65 2e 66 72 61 6d 65 73 7d 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 69 28 6e 2c 65 29 7b 76 61 72 20 74 3d 61 28 65 29 3b 72 65 74 75 72 6e 20 74 3f 28 66 28 74 2e 66 75 6e 63 29 3f 6e 2e 77 72 61 70 70 65 72 53 65 65 6e 3d 21 30 3a 6e 2e 73 74 61 63 6b 4c 69 6e 65 73 2e 70 75 73 68 28 65 29 2c 6e 2e 77 72 61 70 70 65 72 53 65 65 6e 7c 7c 6e 2e 66 72 61 6d 65 73 2e 70 75 73 68 28 74 29 2c 6e 29 3a 28 6e 2e 73 74 61 63 6b 4c 69 6e 65 73 2e 70 75 73 68 28 65 29 2c 6e 29 7d 66 75 6e 63
                                      Data Ascii: ength?{mode:"stack",name:n.name||c(n),message:n.message,stackString:m(e.stackLines),frames:e.frames}:null}function i(n,e){var t=a(e);return t?(f(t.func)?n.wrapperSeen=!0:n.stackLines.push(e),n.wrapperSeen||n.frames.push(t),n):(n.stackLines.push(e),n)}func


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.749703162.247.243.294435416C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-14 19:07:19 UTC1020OUTGET /1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=1788&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&be=253&fe=1120&dc=1093&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1744657636331,%22n%22:0,%22f%22:5,%22dn%22:5,%22dne%22:5,%22c%22:5,%22ce%22:5,%22rq%22:5,%22rp%22:5,%22rpe%22:118,%22dl%22:126,%22di%22:1089,%22ds%22:1092,%22de%22:1093,%22dc%22:1119,%22l%22:1119,%22le%22:1121%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken HTTP/1.1
                                      Host: bam.nr-data.net
                                      Connection: keep-alive
                                      sec-ch-ua-platform: "Windows"
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                      sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                      sec-ch-ua-mobile: ?0
                                      Accept: */*
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: script
                                      Sec-Fetch-Storage-Access: active
                                      Accept-Encoding: gzip, deflate, br, zstd
                                      Accept-Language: en-US,en;q=0.9
                                      2025-04-14 19:07:19 UTC521INHTTP/1.1 200
                                      Connection: close
                                      Content-Length: 87
                                      date: Mon, 14 Apr 2025 19:07:19 GMT
                                      content-type: text/javascript
                                      nr-rate-limited: allowed
                                      access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                                      access-control-allow-credentials: true
                                      access-control-allow-origin: *
                                      access-control-expose-headers: Date
                                      timing-allow-origin: *
                                      set-cookie: JSESSIONID=68e7260a60b7e390; Path=/; Domain=.nr-data.net; Secure; SameSite=None
                                      cross-origin-resource-policy: cross-origin
                                      x-served-by: cache-pao-kpao1770050-PAO
                                      2025-04-14 19:07:19 UTC87INData Raw: 4e 52 45 55 4d 2e 73 65 74 54 6f 6b 65 6e 28 7b 27 73 74 6e 27 3a 30 2c 27 65 72 72 27 3a 31 2c 27 69 6e 73 27 3a 31 2c 27 73 70 61 27 3a 31 2c 27 73 72 27 3a 30 2c 27 73 72 73 27 3a 30 2c 27 73 74 27 3a 31 2c 27 73 74 73 27 3a 30 2c 27 6c 6f 67 27 3a 30 7d 29
                                      Data Ascii: NREUM.setToken({'stn':0,'err':1,'ins':1,'spa':1,'sr':0,'srs':0,'st':1,'sts':0,'log':0})


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.749721162.247.243.294435416C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-14 19:08:19 UTC1676OUTPOST /jserrors/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=61801&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&pve=1&err=%5B%7B%22params%22:%7B%22stackHash%22:334471766,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22showDisclosureOptions%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20showDisclosureOptions%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:27:22%22,%22pageview%22:1%7D,%22metrics%22:%7B%22count%22:1,%22time%22:%7B%22t%22:2625%7D%7D%7D,%7B%22params%22:%7B%22stackHash%22:334471760,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22jQuery%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20jQuery%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:21:34%22,%22pageview%22:1%7D,% [TRUNCATED]
                                      Host: bam.nr-data.net
                                      Connection: keep-alive
                                      Content-Length: 0
                                      sec-ch-ua-platform: "Windows"
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                      sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                      sec-ch-ua-mobile: ?0
                                      Accept: */*
                                      Origin: null
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: empty
                                      Sec-Fetch-Storage-Access: active
                                      Accept-Encoding: gzip, deflate, br, zstd
                                      Accept-Language: en-US,en;q=0.9
                                      Cookie: JSESSIONID=68e7260a60b7e390
                                      2025-04-14 19:08:19 UTC364INHTTP/1.1 200
                                      Connection: close
                                      Content-Length: 24
                                      date: Mon, 14 Apr 2025 19:08:19 GMT
                                      content-type: image/gif
                                      nr-rate-limited: allowed
                                      access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                                      access-control-allow-credentials: true
                                      access-control-allow-origin: null
                                      cross-origin-resource-policy: cross-origin
                                      x-served-by: cache-pdk-kfty8610034-PDK
                                      2025-04-14 19:08:19 UTC24INData Raw: 47 49 46 38 39 61 01 00 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02
                                      Data Ascii: GIF89a,


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      4192.168.2.749731162.247.243.294435760C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-14 19:08:35 UTC1045OUTGET /1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=283&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&be=78&fe=264&dc=217&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1744657713925,%22n%22:0,%22f%22:9,%22dn%22:9,%22dne%22:9,%22c%22:9,%22ce%22:9,%22rq%22:9,%22rp%22:9,%22rpe%22:32,%22dl%22:45,%22di%22:213,%22ds%22:213,%22de%22:217,%22dc%22:263,%22l%22:263,%22le%22:264%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken HTTP/1.1
                                      Host: bam.nr-data.net
                                      Connection: keep-alive
                                      sec-ch-ua-platform: "Windows"
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                      sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                      sec-ch-ua-mobile: ?0
                                      Accept: */*
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: script
                                      Sec-Fetch-Storage-Access: active
                                      Accept-Encoding: gzip, deflate, br, zstd
                                      Accept-Language: en-US,en;q=0.9
                                      Cookie: JSESSIONID=68e7260a60b7e390
                                      2025-04-14 19:08:35 UTC521INHTTP/1.1 200
                                      Connection: close
                                      Content-Length: 87
                                      date: Mon, 14 Apr 2025 19:08:35 GMT
                                      content-type: text/javascript
                                      nr-rate-limited: allowed
                                      access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                                      access-control-allow-credentials: true
                                      access-control-allow-origin: *
                                      access-control-expose-headers: Date
                                      timing-allow-origin: *
                                      set-cookie: JSESSIONID=68e7260a60b7e390; Path=/; Domain=.nr-data.net; Secure; SameSite=None
                                      cross-origin-resource-policy: cross-origin
                                      x-served-by: cache-bfi-krnt7300107-BFI
                                      2025-04-14 19:08:35 UTC87INData Raw: 4e 52 45 55 4d 2e 73 65 74 54 6f 6b 65 6e 28 7b 27 73 74 6e 27 3a 30 2c 27 65 72 72 27 3a 31 2c 27 69 6e 73 27 3a 31 2c 27 73 70 61 27 3a 31 2c 27 73 72 27 3a 30 2c 27 73 72 73 27 3a 30 2c 27 73 74 27 3a 31 2c 27 73 74 73 27 3a 30 2c 27 6c 6f 67 27 3a 30 7d 29
                                      Data Ascii: NREUM.setToken({'stn':0,'err':1,'ins':1,'spa':1,'sr':0,'srs':0,'st':1,'sts':0,'log':0})


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      5192.168.2.749735162.247.243.294435760C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-14 19:08:44 UTC1045OUTGET /1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=391&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&be=167&fe=235&dc=191&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1744657722960,%22n%22:0,%22f%22:6,%22dn%22:6,%22dne%22:6,%22c%22:6,%22ce%22:6,%22rq%22:6,%22rp%22:6,%22rpe%22:9,%22dl%22:90,%22di%22:191,%22ds%22:191,%22de%22:191,%22dc%22:233,%22l%22:233,%22le%22:236%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken HTTP/1.1
                                      Host: bam.nr-data.net
                                      Connection: keep-alive
                                      sec-ch-ua-platform: "Windows"
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                      sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                      sec-ch-ua-mobile: ?0
                                      Accept: */*
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: script
                                      Sec-Fetch-Storage-Access: active
                                      Accept-Encoding: gzip, deflate, br, zstd
                                      Accept-Language: en-US,en;q=0.9
                                      Cookie: JSESSIONID=68e7260a60b7e390
                                      2025-04-14 19:08:44 UTC521INHTTP/1.1 200
                                      Connection: close
                                      Content-Length: 87
                                      date: Mon, 14 Apr 2025 19:08:44 GMT
                                      content-type: text/javascript
                                      nr-rate-limited: allowed
                                      access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                                      access-control-allow-credentials: true
                                      access-control-allow-origin: *
                                      access-control-expose-headers: Date
                                      timing-allow-origin: *
                                      set-cookie: JSESSIONID=68e7260a60b7e390; Path=/; Domain=.nr-data.net; Secure; SameSite=None
                                      cross-origin-resource-policy: cross-origin
                                      x-served-by: cache-bfi-krnt7300060-BFI
                                      2025-04-14 19:08:44 UTC87INData Raw: 4e 52 45 55 4d 2e 73 65 74 54 6f 6b 65 6e 28 7b 27 73 74 6e 27 3a 30 2c 27 65 72 72 27 3a 31 2c 27 69 6e 73 27 3a 31 2c 27 73 70 61 27 3a 31 2c 27 73 72 27 3a 30 2c 27 73 72 73 27 3a 30 2c 27 73 74 27 3a 31 2c 27 73 74 73 27 3a 30 2c 27 6c 6f 67 27 3a 30 7d 29
                                      Data Ascii: NREUM.setToken({'stn':0,'err':1,'ins':1,'spa':1,'sr':0,'srs':0,'st':1,'sts':0,'log':0})


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      6192.168.2.749741162.247.243.294435760C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-14 19:09:35 UTC1676OUTPOST /jserrors/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=60286&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&pve=1&err=%5B%7B%22params%22:%7B%22stackHash%22:334471766,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22showDisclosureOptions%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20showDisclosureOptions%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:27:22%22,%22pageview%22:1%7D,%22metrics%22:%7B%22count%22:1,%22time%22:%7B%22t%22:1188%7D%7D%7D,%7B%22params%22:%7B%22stackHash%22:334471760,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22jQuery%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20jQuery%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:21:34%22,%22pageview%22:1%7D,% [TRUNCATED]
                                      Host: bam.nr-data.net
                                      Connection: keep-alive
                                      Content-Length: 0
                                      sec-ch-ua-platform: "Windows"
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                      sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                      sec-ch-ua-mobile: ?0
                                      Accept: */*
                                      Origin: null
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: empty
                                      Sec-Fetch-Storage-Access: active
                                      Accept-Encoding: gzip, deflate, br, zstd
                                      Accept-Language: en-US,en;q=0.9
                                      Cookie: JSESSIONID=68e7260a60b7e390
                                      2025-04-14 19:09:35 UTC364INHTTP/1.1 200
                                      Connection: close
                                      Content-Length: 24
                                      date: Mon, 14 Apr 2025 19:09:35 GMT
                                      content-type: image/gif
                                      nr-rate-limited: allowed
                                      access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                                      access-control-allow-credentials: true
                                      access-control-allow-origin: null
                                      cross-origin-resource-policy: cross-origin
                                      x-served-by: cache-pdk-kfty8610034-PDK
                                      2025-04-14 19:09:35 UTC24INData Raw: 47 49 46 38 39 61 01 00 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02
                                      Data Ascii: GIF89a,


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      7192.168.2.749745162.247.243.294435760C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-14 19:09:45 UTC1676OUTPOST /jserrors/1/0d2f6deff6?a=4275739&sa=1&v=1044.a6554e7&t=Unnamed%20Transaction&rst=61312&ref=file:///C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html&pve=1&err=%5B%7B%22params%22:%7B%22stackHash%22:334471766,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22showDisclosureOptions%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20showDisclosureOptions%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:27:22%22,%22pageview%22:1%7D,%22metrics%22:%7B%22count%22:1,%22time%22:%7B%22t%22:1139%7D%7D%7D,%7B%22params%22:%7B%22stackHash%22:334471760,%22exceptionClass%22:%22ReferenceError%22,%22request_uri%22:%22/C:/Users/user/Downloads/Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html%22,%22message%22:%22jQuery%20is%20not%20defined%22,%22stack_trace%22:%22ReferenceError:%20jQuery%20is%20not%20defined%5Cn%20%20%20%20at%20%3Cinline%3E:21:34%22,%22pageview%22:1%7D,% [TRUNCATED]
                                      Host: bam.nr-data.net
                                      Connection: keep-alive
                                      Content-Length: 0
                                      sec-ch-ua-platform: "Windows"
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                      sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                      sec-ch-ua-mobile: ?0
                                      Accept: */*
                                      Origin: null
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: empty
                                      Sec-Fetch-Storage-Access: active
                                      Accept-Encoding: gzip, deflate, br, zstd
                                      Accept-Language: en-US,en;q=0.9
                                      Cookie: JSESSIONID=68e7260a60b7e390
                                      2025-04-14 19:09:45 UTC364INHTTP/1.1 200
                                      Connection: close
                                      Content-Length: 24
                                      date: Mon, 14 Apr 2025 19:09:45 GMT
                                      content-type: image/gif
                                      nr-rate-limited: allowed
                                      access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                                      access-control-allow-credentials: true
                                      access-control-allow-origin: null
                                      cross-origin-resource-policy: cross-origin
                                      x-served-by: cache-pdk-kfty8610023-PDK
                                      2025-04-14 19:09:45 UTC24INData Raw: 47 49 46 38 39 61 01 00 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02
                                      Data Ascii: GIF89a,


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:15:07:06
                                      Start date:14/04/2025
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                      Imagebase:0x7ff778810000
                                      File size:3'388'000 bytes
                                      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true
                                      Show Windows behavior

                                      File Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      COM Activities

                                      Show Windows behavior

                                      Process Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Memory Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Process Token Activities


                                      General

                                      Target ID:1
                                      Start time:15:07:07
                                      Start date:14/04/2025
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2044,i,12184459624570432134,3079195569910240246,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2076 /prefetch:3
                                      Imagebase:0x7ff778810000
                                      File size:3'388'000 bytes
                                      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true
                                      Show Windows behavior

                                      File Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Memory Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      General

                                      Target ID:4
                                      Start time:15:07:13
                                      Start date:14/04/2025
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://employerschoiceonline.instascreen.net/quickverify/release.taz?a=6aad0af695a81e45c40904d374f7153bb060e004&e=1744654543000&b=688506155&c=5"
                                      Imagebase:0x7ff778810000
                                      File size:3'388'000 bytes
                                      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      General

                                      Target ID:13
                                      Start time:15:08:25
                                      Start date:14/04/2025
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                      Imagebase:0x7ff778810000
                                      File size:3'388'000 bytes
                                      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:false
                                      Show Windows behavior

                                      File Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      COM Activities

                                      Show Windows behavior

                                      Process Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Memory Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Process Token Activities


                                      General

                                      Target ID:14
                                      Start time:15:08:26
                                      Start date:14/04/2025
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --metrics-shmem-handle=1936,i,12072537486879388997,15279011085792975354,524288 --field-trial-handle=1756,i,9776161172668221715,2789798183340385106,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250414-050123.764000 --mojo-platform-channel-handle=2064 /prefetch:3
                                      Imagebase:0x7ff778810000
                                      File size:3'388'000 bytes
                                      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:false
                                      Show Windows behavior

                                      File Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Memory Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      General

                                      Target ID:15
                                      Start time:15:08:33
                                      Start date:14/04/2025
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Downloads\Authorization-Form-BENJAMIN-THOMAS-BRADLEY.html"
                                      Imagebase:0x7ff778810000
                                      File size:3'388'000 bytes
                                      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      Disassembly

                                      No disassembly