Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://jira.flywire.tech/plugins/servlet/desk/portal/34

Overview

General Information

Sample URL:https://jira.flywire.tech/plugins/servlet/desk/portal/34
Analysis ID:1532113

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

HTML body contains low number of good links
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 5204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,1210385584711832822,2850508338919820376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jira.flywire.tech/plugins/servlet/desk/portal/34" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1...HTTP Parser: Number of links: 1
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1...HTTP Parser: Base64 decoded: %7B%22iat%22%3A1728729405%2C%22authDomain%22%3A%22flywire.cloudflareaccess.com%22%2C%22hostname%22%3A%22jira.flywire.tech%22%2C%22redirectURL%22%3A%22%2Fplugins%2Fservlet%2Fdesk%2Fportal%2F34%22%2C%22aud%22%3A%22716c1628db05683ca3bc4e46797d344bd73d8e1526c...
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1...HTTP Parser: Iframe src: https://login.okta.com/discovery/iframe.html
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1...HTTP Parser: Iframe src: https://login.okta.com/discovery/iframe.html
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1...HTTP Parser: Iframe src: https://login.okta.com/discovery/iframe.html
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1...HTTP Parser: No favicon
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1HTTP Parser: No <meta name="author".. found
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1HTTP Parser: No <meta name="author".. found
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1HTTP Parser: No <meta name="author".. found
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1HTTP Parser: No <meta name="author".. found
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1HTTP Parser: No <meta name="author".. found
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1...HTTP Parser: No <meta name="copyright".. found
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1...HTTP Parser: No <meta name="copyright".. found
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1...HTTP Parser: No <meta name="copyright".. found
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1...HTTP Parser: No <meta name="copyright".. found
Source: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1...HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: global trafficDNS traffic detected: DNS query: jira.flywire.tech
Source: global trafficDNS traffic detected: DNS query: flywire.cloudflareaccess.com
Source: global trafficDNS traffic detected: DNS query: flywire.okta.com
Source: global trafficDNS traffic detected: DNS query: ok2static.oktacdn.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: login.okta.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49766 version: TLS 1.2
Source: classification engineClassification label: clean1.win@19/29@18/194
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,1210385584711832822,2850508338919820376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jira.flywire.tech/plugins/servlet/desk/portal/34"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,1210385584711832822,2850508338919820376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Drive-by Compromise		Windows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://jira.flywire.tech/plugins/servlet/desk/portal/340%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
d14fm7q9i1ewz3.cloudfront.net1%VirustotalBrowse
www.google.com0%VirustotalBrowse
a9fda6e8074f1dfbe.awsglobalaccelerator.com0%VirustotalBrowse
ok2static.oktacdn.com0%VirustotalBrowse
jira.flywire.tech0%VirustotalBrowse
d37qf8t9pe6csu.cloudfront.net0%VirustotalBrowse
login.okta.com0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
d14fm7q9i1ewz3.cloudfront.net
18.245.86.88
truefalseunknown
www.google.com
142.250.181.228
truefalseunknown
jira.flywire.tech
104.18.42.244
truefalseunknown
a9fda6e8074f1dfbe.awsglobalaccelerator.com
99.83.213.230
truefalseunknown
flywire.cloudflareaccess.com
104.19.195.29
truefalse
    		unknown
    d37qf8t9pe6csu.cloudfront.net
    		108.138.7.107
    		truefalseunknown
    flywire.okta.com
    		unknown
    		unknownfalse
      		unknown
      ok2static.oktacdn.com
      		unknown
      		unknownfalseunknown
      login.okta.com
      		unknown
      		unknownfalseunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0ElMjI3MTZjMTYyOGRiMDU2ODNjYTNiYzRlNDY3OTdkMzQ0YmQ3M2Q4ZTE1MjZjODE5OWQ2NGRlZjAwNjBjMWE0YTI0JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm5BcWY1eGVLZzE3eWJLR09wJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI0NTI5YzBiNS04ZGYwLTQ1ZjktYjUyZi1jMjVjMWM2ZWQ4ZGElMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX2lkJTIyJTNBJTIyJTIyJTJDJTIyc2VydmljZV90b2tlbl9zdGF0dXMlMjIlM0FmYWxzZSUyQyUyMmF1dGhfc3RhdHVzJTIyJTNBJTIyTk9ORSUyMiUyQyUyMmlzX3dhcnAlMjIlM0FmYWxzZSUyQyUyMmlzX2dhdGV3YXklMjIlM0FmYWxzZSUyQyUyMm10bHNfYXV0aCUyMiUzQSU3QiUyMmNlcnRfaXNzdWVyX3NraSUyMiUzQSUyMiUyMiUyQyUyMmNlcnRfcHJlc2VudGVkJTIyJTNBZmFsc2UlMkMlMjJjZXJ0X3NlcmlhbCUyMiUzQSUyMiUyMiUyQyUyMmNlcnRfaXNzdWVyX2RuJTIyJTNBJTIyJTIyJTJDJTIyYXV0aF9zdGF0dXMlMjIlM0ElMjJOT05FJTIyJTdEJTJDJTIyYXBwU2Vzc2lvbkhhc2glMjIlM0ElMjIzMmYwN2UxZTY1ZmQ1ZTFkMDgxMjQyNDMyZWQ1MWJiOWMwYjE0OWJkN2Q2YTE5MWJlYTcyNDQ5ZWU3MzQwMjI1JTIyJTdEfalse
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        142.250.186.46
        		unknownUnited States
        		15169GOOGLEUSfalse
        18.245.86.88
        		d14fm7q9i1ewz3.cloudfront.netUnited States
        		16509AMAZON-02USfalse
        1.1.1.1
        		unknownAustralia
        		13335CLOUDFLARENETUSfalse
        18.245.86.45
        		unknownUnited States
        		16509AMAZON-02USfalse
        99.83.213.230
        		a9fda6e8074f1dfbe.awsglobalaccelerator.comUnited States
        		16509AMAZON-02USfalse
        104.18.42.244
        		jira.flywire.techUnited States
        		13335CLOUDFLARENETUSfalse
        216.58.206.67
        		unknownUnited States
        		15169GOOGLEUSfalse
        104.19.195.29
        		flywire.cloudflareaccess.comUnited States
        		13335CLOUDFLARENETUSfalse
        75.2.87.65
        		unknownUnited States
        		16509AMAZON-02USfalse
        216.58.206.46
        		unknownUnited States
        		15169GOOGLEUSfalse
        13.227.219.44
        		unknownUnited States
        		16509AMAZON-02USfalse
        239.255.255.250
        		unknownReserved
        		unknownunknownfalse
        142.250.181.228
        		www.google.comUnited States
        		15169GOOGLEUSfalse
        142.250.186.42
        		unknownUnited States
        		15169GOOGLEUSfalse
        108.138.7.107
        		d37qf8t9pe6csu.cloudfront.netUnited States
        		16509AMAZON-02USfalse
        142.250.186.99
        		unknownUnited States
        		15169GOOGLEUSfalse
        66.102.1.84
        		unknownUnited States
        		15169GOOGLEUSfalse

        Private

        IP
        192.168.2.16
        127.0.0.1

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1532113
        Start date and time:2024-10-12 12:36:12 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsinteractivecookbook.jbs
        Sample URL:https://jira.flywire.tech/plugins/servlet/desk/portal/34
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:13
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        Analysis Mode:stream
        Analysis stop reason:Timeout
        Detection:CLEAN
        Classification:clean1.win@19/29@18/194

        Warnings

        • Exclude process from analysis (whitelisted): svchost.exe
        • Excluded IPs from analysis (whitelisted): 216.58.206.67, 216.58.206.46, 66.102.1.84, 34.104.35.123, 93.184.221.240
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
        • Not all processes where analyzed, report is missing behavior information

        LLM Input / Output

        InputOutput
        URL: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b404 Model: jbxai
        {
"brands":["Cloudflare"],
"text":"Connecting to CLOUDFLARE Sign in with your account to access Cloudflare Edge Auth Production Powered by Okta Privacy Policy",
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
        URL: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b404 Model: jbxai
        {
"brands":["Cloudflare"],
"text":"Connecting to Cloudflare Edge Auth",
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
        URL: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b404 Model: jbxai
        {
"brands":["Cloudflare",
"Okta",
"Flywire"],
"text":"Connecting to Cloudflare Edge Auth Production",
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Next",
"text_input_field_labels":["Username"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
        URL: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b404 Model: jbxai
        {
"brands":["Cloudflare",
"Okta"],
"text":"Connecting to Cloudflare Edge Auth Production",
"contains_trigger_text":true,
"trigger_text":"Verifying your identity",
"prominent_button_name":"Cancel and take me to sign in",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
        URL: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b404 Model: jbxai
        {
"brands":["Cloudflare",
"Okta",
"Flywire"],
"text":"Connecting to Cloudflare Edge Auth Production",
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Next",
"text_input_field_labels":["Username"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
        URL: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b404 Model: jbxai
        {
"phishing_score":5,
"brands":"Cloudflare",
"legit_domain":"okta.com",
"classification":"wellknown",
"reasons":["The URL 'flywire.okta.com' is a subdomain of 'okta.com',
 which is a legitimate domain associated with Okta,
 a well-known identity and access management service.",
"The brand 'Cloudflare' does not match the domain 'okta.com'. This could indicate a potential phishing attempt if the page is pretending to be associated with Cloudflare.",
"The presence of a subdomain 'flywire' could be legitimate if it is a specific service or client using Okta's authentication services,
 but it could also be suspicious if not verified.",
"The input field 'Username' is common for login pages,
 which is typical for Okta services,
 but without further context,
 it could be used for phishing."],
"brand_matches":[false],
"url_match":false,
"brand_input":"Cloudflare",
"input_fields":"Username"}
        URL: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b404 Model: jbxai
        {
"brands":["Cloudflare",
"Okta",
"Flywire"],
"text":"Connecting to Cloudflare Edge Auth Production",
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Next",
"text_input_field_labels":["Username"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
        URL: https://flywire.okta.com/oauth2/v1/authorize?client_id=0oam8v0n7en8Yj7ON0x7&redirect_uri=https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&response_type=code&scope=openid%20groups%20profile%20email&state=19b80ec91e7d08e7bf25bee8b404 Model: jbxai
        {
"phishing_score":2,
"brands":"Cloudflare",
"legit_domain":"okta.com",
"classification":"wellknown",
"reasons":["The URL 'flywire.okta.com' is a subdomain of 'okta.com',
 which is a well-known identity and access management service provider.",
"The brand 'Cloudflare' is not directly associated with the domain 'okta.com'.",
"The presence of 'flywire' as a subdomain could indicate a legitimate use case,
 such as a specific service or client using Okta's authentication services.",
"There are no suspicious elements in the URL such as misspellings or unusual domain extensions.",
"The input field 'Username' is typical for authentication services provided by Okta."],
"brand_matches":[false],
"url_match":false,
"brand_input":"Cloudflare",
"input_fields":"Username"}

        Created / dropped Files

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 12 09:36:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2673
        Entropy (8bit):3.988485768106317
        Encrypted:false
        SSDEEP:
        MD5:0ABE995281A99E25B11FABA35D44E804
        SHA1:1698A248A74F6CADA4B82BB9076F8A944D800C96
        SHA-256:CC8EDC470B90FE2244CABC497D97B46F0D6D14930CD182CBE3E7502A2842A423
        SHA-512:F190699591292917B48E464022034727CF018CC3A0320E4FA46C05529B449C7FF7302D08C5324A54191A0B064C25060EE13F0007F0C30EF2E84168F5CE86D6C5
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,....>]......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ILY.T....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VLY.T....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VLY.T....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VLY.T..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VLY.T...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 12 09:36:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2675
        Entropy (8bit):4.0044837208995085
        Encrypted:false
        SSDEEP:
        MD5:5748E5759E6A4D6FF72472E1E20D4923
        SHA1:9EB4122DE04CF8C3078DEDCB333C765EC8D9E8D8
        SHA-256:B0825E4D0BBB625E229B5049290AD9B52F7EF9C7255C7D0648EC2E7E2C40D148
        SHA-512:6CA968C6F411D2484BD9083E65B52C722153B39D4FBCB9DAAC5E8A10FC256F4BB8C18825BD358DD327A1E099D17F8EA4587A1EBC79B060AF355CECA34615D248
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ILY.T....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VLY.T....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VLY.T....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VLY.T..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VLY.T...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2689
        Entropy (8bit):4.010555418426741
        Encrypted:false
        SSDEEP:
        MD5:4090B49E32BE8A1D9233ACFEC68D08E3
        SHA1:9D7FE5952896E28DA7B6DAAC3912260984C487DA
        SHA-256:453875BFEC2496D6494A7EFD0265CA66F66E561A592A10DE2AE675AE0CAB17E4
        SHA-512:C065FAF9DBA1E40D322520E048E7B589B80D5449E90F98324326306ECC519537C47E2B7EA08C27EA913FE6D863263596EF1F311799BC09ED0D74A6C768CB9AC4
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ILY.T....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VLY.T....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VLY.T....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VLY.T..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 12 09:36:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2677
        Entropy (8bit):4.00236201821272
        Encrypted:false
        SSDEEP:
        MD5:4ECDD6B81E023C7659CD1D4191E72672
        SHA1:64CA889B257847581D5FBF97B55B61B5E8A09CCC
        SHA-256:DB7A27EF854B684BEA07C8E05EF67506BC2C800397969F8D99B3C77496BCCEDF
        SHA-512:CBCEC3EF5B3FE249893E28BF805431314E6E47923017A321948C4E7765B85D8E33B1D12A16821AC03046ECC093EB2467B0F4AA7E4433705A35EC1FFBACCC9B4F
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ILY.T....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VLY.T....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VLY.T....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VLY.T..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VLY.T...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 12 09:36:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2677
        Entropy (8bit):3.991947333181277
        Encrypted:false
        SSDEEP:
        MD5:FD0F1E3A5BD24CCF568DE3EDE94AE11C
        SHA1:53A30383973012B4132822817EAAC69984BFBDA9
        SHA-256:B2C6E6F4B2647C32A2640F8B7317173601D114ED1003D2895D782AA698E3D7EA
        SHA-512:72C2E9465F50BB18D64314010E75022FD6795A338016410EB637A3B26BE8A24AF2E8A4ABF4E5D2B18549357087CAC81B4594371317CAD89D3E037DE8E5865893
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ILY.T....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VLY.T....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VLY.T....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VLY.T..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VLY.T...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Oct 12 09:36:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2679
        Entropy (8bit):4.000015703387388
        Encrypted:false
        SSDEEP:
        MD5:91E9E37E700BA6A9672A4DB74BED2BBE
        SHA1:BCEBD3105338E8BC252003191379DB6A483AB0B0
        SHA-256:678CBC558715DA0AFFB129F205D26B8369137711ED487CD003A02094DF15B283
        SHA-512:424C975F7153CCD1CB34E81BD19DCF57A00FD981F4B1AE52D50039DB082BB58B8D404A32E79E55C7DD748CED77F548E5D1416B988D247FF83BA41CBCF1CF4B89
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ILY.T....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VLY.T....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VLY.T....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VLY.T..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VLY.T...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

        Chrome Cache Entry: 103

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format (Version 2), CFF, length 42632, version 2.0
        Category:downloaded
        Size (bytes):42632
        Entropy (8bit):7.995693492865635
        Encrypted:true
        SSDEEP:
        MD5:F37DD71E272C2E2A491B7F3E0BC3BC3B
        SHA1:74824DA964C79C9ACFB73D1F9501F6D2EEEB4373
        SHA-256:419A069F2859715998EC2BEDA0659052F7E22469385CC25011C7ECBB97266719
        SHA-512:EF552D7DB14D0DFB8F94144482B9023F33FBBBC34CA7495C149FFEC228F3A3CE1A5839683BA9FF347A92D368F6F9F612E3F4D5DB54DA913160E8A2FEBE2B3C16
        Malicious:false
        Reputation:unknown
        URL:https://ok2static.oktacdn.com/assets/loginpage/font/assets/Aeonik-Regular.c672e6fbaa411f5719f3.woff2
        Preview:wOF2OTTO..........=....6...........................;..(...r....`..^.6.$..|....;. [.<...6..#..P4.....O.b%...z........nX..*.6.....f....../K.2..q.m.........Lxop...>C^.......2..5)..Z.I...1..lV:u....|....s/.pN%.R._..B.i;.EU..nJ>E....9....8....if...Ed;3.Y..%..z.f.v<.v....,.X9.v5....TO.......]...g.....x.{.|...Yj....zA.......X....$}..O.9...T.J.rCZ.]..KC..+...b.1...........5.f.^,..b@H.f....K5.. r$s..d.UAO..Q.0..0.p.....'X.....l...ZR.^.$...Nl./.>.TQ^....F.....m:1Lvr.{.].1'.Q.5.5..'..+7..db..o<.....J.Aa...N...Z.Tv.wA...^q..z...b...$...:J.....TI=.8.C.+...1&$.T..'.P#-.Aqq&_3^~....f7=a<....^.I.N.?.#.Z..F.b..)..... .......s....E.$X.$...b.-U..T..S3..._T.~oK....,.....S..).dOV.-A..2.LE.=o...Va,....G.......WTdV.D=q.O..m......N.sv`a.bbbDc....i..:+........{.w.E...w..|u.....t..0.V!....;.Z.....y.....H],.*.P".H.......s./._'P..U...M.B.B$...?..x..wIZ.pk)...K8.4.@..@...#....!..............{.S....K..r>.1#@...fdg.f,^...,2).'N...#"..3....5j..Q..5...1.j.<t._bY..5U....'.Rj.q.v..

        Chrome Cache Entry: 72

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format (Version 2), TrueType, length 105804, version 1.0
        Category:downloaded
        Size (bytes):105804
        Entropy (8bit):7.9975388815479675
        Encrypted:true
        SSDEEP:
        MD5:007AD31A53F4AB3F58EE74F2308482CE
        SHA1:DFA9F8F3D79BF8A0001FE72EEADAD0490CBA59CC
        SHA-256:152261291C938AA5AAD6A56D52B47FFCB893D1C0387E76D7F270A7382FF786D5
        SHA-512:48AEF263ACA876BA4DB5A596FBB8332524D6B440A8A516E1BAA7899F2F1DA0E1C44452D0380869EC455D27A6E0B931210B1FB669B36E36914CA27235F34E8558
        Malicious:false
        Reputation:unknown
        URL:https://ok2static.oktacdn.com/assets/loginpage/font/assets/Inter-SemiBold.b5f0f109bc88052d4000.woff2
        Preview:wOF2.......L.......@..................................@...J.`.......l.....T..6.$..N. ..$...-[73..O.....q....8Vg.A....._#..z.6..........!2.........2{..T..~..........................#...L...n....@.G..............m..(..!.N5..3..N....%..Y.$..i.(..V.n.G:L..K.eE|..!.hF..4..h.6F..D.h K.vRO1cT=..v...Z.l.9.{GsV..%.p.@...K*.IK\.Vb.=.g.#nm...f.1Y.m!.....M..'.P.vM".LBK.U....UI.6.F...d.y.Ej<.....l.R..N..;....!w....Q..%..;3...1...#.u4....W.tb.{.+d.....=c.F...#.|.?.......n.aV.l..p....A/..X.F...[........f.O...:..5.F..o'..{a..2......n..w.Q.d...B.O.\k.d...........=7...>.....@.B>zY~.e+>A.0".............n..7..4.%..........o.~.....=N.V..C.Z.......?.)Y...c.....[.|.OM..0["l.z...W[...I.......N..c!W/=.oX..e..f.5&G..g....#.."..b..&0.+...........H....#.P!..)Kgd...t.GLL..|0.x..Q.....56.6.Y.}...v2Y.....W.\.1\<6....?..~.1.#q....~.|F\....E..;.>..y...}.f....['.....sa?.6...{?......G.W............<......gZ.!Jr..Y=b..........G.....`.3{.".I.:...9..'...9.iLm..X.....?$..".p..g

        Chrome Cache Entry: 73

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (65460)
        Category:downloaded
        Size (bytes):209381
        Entropy (8bit):5.423351490681362
        Encrypted:false
        SSDEEP:
        MD5:58DE3BE0C9B511A0FDFD7EA4F69B56FC
        SHA1:91ECA02ABF11239EC4AF7A30B1DA6E2610F1B9A6
        SHA-256:6A6C595FCF3A6C74BF3509F160BA34B78A8A3EB92ECAF290412C46679576D3ED
        SHA-512:5C245A32BA199D4FC7314B870BFF6FF4EF322B0A44A171E6D440BD82E42A689B3ABA3545B61CF26A75AAF283C7F38ED07A9DD815E279077B15C6A04B27A20718
        Malicious:false
        Reputation:unknown
        URL:https://ok2static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.58de3be0c9b511a0fdfd7ea4f69b56fc.js
        Preview:/*! For license information please see initLoginPage.pack.js.LICENSE.txt */.var OktaLogin;!function(){var e={954:function(e,t,n){"use strict";var r,i,o;function a(e){return a="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},a(e)}e=n.nmd(e),i="undefined"!=typeof window?window:void 0,o=function(n,i){var o=[],s=n.document,u=o.slice,l=o.concat,c=o.push,p=o.indexOf,f={},h=f.toString,d=f.hasOwnProperty,m={},g="1.12.4",v=function e(t,n){return new e.fn.init(t,n)},y=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,b=/^-ms-/,x=/-([\da-z])/gi,w=function(e,t){return t.toUpperCase()};function k(e){var t=!!e&&"length"in e&&e.length,n=v.type(e);return"function"!==n&&!v.isWindow(e)&&("array"===n||0===t||"number"==typeof t&&t>0&&t-1 in e)}v.fn=v.prototype={jquery:g,constructor:v,selector:"",length:0,toArray:function(){return u.call(this)},get:function(e){return n

        Chrome Cache Entry: 74

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):174
        Entropy (8bit):4.83895241864043
        Encrypted:false
        SSDEEP:
        MD5:9B5CAF508170B020E11DA9528023459C
        SHA1:7C3D1EE333D184A7646D9D3723D6DAE4C46F74B7
        SHA-256:4EB21A668EDCFD315D050B3E5677297D5C5A776DE5CDA5AB8A54937E02C00BE7
        SHA-512:4E2C50D0A064233A890E40522D7C6AC2F9808DEA6159DE671F0930A5B65280DBB2EB9D118672ED7374FC986132D91A7930245FA9355915C6E6E5269703F316DA
        Malicious:false
        Reputation:unknown
        Preview:{"errorCode":"E0000022","errorSummary":"The endpoint does not support the provided HTTP method","errorLink":"E0000022","errorId":"oaeRNM5r_XqSqGmp8vTBLQ9og","errorCauses":[]}

        Chrome Cache Entry: 75

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (7540)
        Category:downloaded
        Size (bytes):29701
        Entropy (8bit):5.698841629339274
        Encrypted:false
        SSDEEP:
        MD5:E3B76749F779669D8EB94520342F0E57
        SHA1:883349AE6E1E15F0882F0D8B22FFD6222ADC1369
        SHA-256:D79F63ECB520B57E351498CA71C9FD98A0F25B106592EE35E4717D28360431C9
        SHA-512:5E5A8225D1E36D2B3359F0A678EE0E8811022A0E51BF8C8CB2E49FA1197E894343AB0415D6A9C028CAD4F16F2C491A8C9FA3331E3A0D5CC25EC2E23827BB6046
        Malicious:false
        Reputation:unknown
        URL:https://flywire.cloudflareaccess.com/cdn-cgi/access/login/jira.flywire.tech?kid=716c1628db05683ca3bc4e46797d344bd73d8e1526c8199d64def0060c1a4a24&redirect_url=%2Fplugins%2Fservlet%2Fdesk%2Fportal%2F34&meta=eyJraWQiOiI1ZWMwMjZkMWY4MjVlMjgxNDI4MDk1MjdlMzhhZTE2M2I5ODEyZWVjOTExZjI0MzdjYzNhZDMzYTc5ZWQ1NTFhIiwiYWxnIjoiUlMyNTYiLCJ0eXAiOiJKV1QifQ.eyJzZXJ2aWNlX3Rva2VuX3N0YXR1cyI6ZmFsc2UsImlhdCI6MTcyODcyOTQwNCwic2VydmljZV90b2tlbl9pZCI6IiIsImF1ZCI6IjcxNmMxNjI4ZGIwNTY4M2NhM2JjNGU0Njc5N2QzNDRiZDczZDhlMTUyNmM4MTk5ZDY0ZGVmMDA2MGMxYTRhMjQiLCJob3N0bmFtZSI6ImppcmEuZmx5d2lyZS50ZWNoIiwiYXBwX3Nlc3Npb25faGFzaCI6IjMyZjA3ZTFlNjVmZDVlMWQwODEyNDI0MzJlZDUxYmI5YzBiMTQ5YmQ3ZDZhMTkxYmVhNzI0NDllZTczNDAyMjUiLCJuYmYiOjE3Mjg3Mjk0MDQsImlzX3dhcnAiOmZhbHNlLCJpc19nYXRld2F5IjpmYWxzZSwidHlwZSI6Im1ldGEiLCJyZWRpcmVjdF91cmwiOiJcL3BsdWdpbnNcL3NlcnZsZXRcL2Rlc2tcL3BvcnRhbFwvMzQiLCJtdGxzX2F1dGgiOnsiY2VydF9pc3N1ZXJfc2tpIjoiIiwiY2VydF9wcmVzZW50ZWQiOmZhbHNlLCJjZXJ0X3NlcmlhbCI6IiIsImNlcnRfaXNzdWVyX2RuIjoiIiwiYXV0aF9zdGF0dXMiOiJOT05FIn0sImF1dGhfc3RhdHVzIjoiTk9ORSJ9.g5nXeCuy0l2CWaiFg3PFTsu1tJn6mQ_62_KgQYPcdtcXuQKnxYizMQAzx29-25pnbw1g8OA4ztF4exJxZPmChc1qhNCp3OUdBhAgKaGgqgJXsP6gxdK3CQ1gWpQxTceCMY_L17voGjZsPZtY8vKwR8I66SJZ5GzkX7omYqFvhTOq1M78qtTO8g5Hh0SGzB-LAt7lVVjoqHdnWLYaQWG1lDQcYRCKC_rfJcjLq-uu9ZwChqiqQrvM48LxIL7H5LN3eqWj2yLsNbg7dKVXEzo9Aezl47MNqF-hK0Z8pTMDbmKh8apLJ-VVnojNYOMgFpkeEff0NMxzKMcOXmhdsPK_dA
        Preview:<!DOCTYPE html>.<html>. <head>. <title>Sign in . Cloudflare Access</title>. <meta charset="utf-8" />. <meta name="robots" content="noindex" />. <meta name="viewport" content="initial-scale=1, maximum-scale=1, user-scalable=no, width=device-width" />. <article id="data". data-auto-redirect-to-identity="true". data-auto-redirect-url="https:&#x2F;&#x2F;flywire.okta.com&#x2F;oauth2&#x2F;v1&#x2F;authorize?client_id&#x3D;0oam8v0n7en8Yj7ON0x7&amp;redirect_uri&#x3D;https%3A%2F%2Fflywire.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&amp;response_type&#x3D;code&amp;scope&#x3D;openid%20groups%20profile%20email&amp;state&#x3D;19b80ec91e7d08e7bf25bee8b40416b0206bd1199e66bd0afb080829a4ae4c0b.JTdCJTIyaWF0JTIyJTNBMTcyODcyOTQwNSUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJmbHl3aXJlLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJqaXJhLmZseXdpcmUudGVjaCUyMiUyQyUyMnJlZGlyZWN0VVJMJTIyJTNBJTIyJTJGcGx1Z2lucyUyRnNlcnZsZXQlMkZkZXNrJTJGcG9ydGFsJTJGMzQlMjIlMkMlMjJhdWQlMjIlM0El

        Chrome Cache Entry: 76

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (51741)
        Category:downloaded
        Size (bytes):223282
        Entropy (8bit):5.021551922726
        Encrypted:false
        SSDEEP:
        MD5:CC9B6AFB7DEC5AB168AD8D9335378D66
        SHA1:42552ED2802032AE710EBD409AD23207BE6C3929
        SHA-256:E35E1D03FB9B7417FC605B85E7A9EF1BAA9822BC6E6191E9E28F95E80ECBAF13
        SHA-512:A75B4E180B43581E29CEE303F8DB52EE0BBF4F54593DFDED8A62BF137893EB5FFCB8A11A4EBBDD7F8CF0D09BF99F2F4FB3AC53DD72B87949A7FD729B4359D41B
        Malicious:false
        Reputation:unknown
        URL:https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/css/okta-sign-in.min.css
        Preview:@charset "UTF-8";.qtip{box-shadow:none;direction:ltr;display:none;font-size:10.5px;left:-28000px;line-height:12px;max-width:280px;min-width:50px;padding:0;position:absolute;top:-28000px}.qtip-content{word-wrap:break-word;padding:5px 9px;text-align:left}.qtip-content,.qtip-titlebar{overflow:hidden;position:relative}.qtip-titlebar{border-width:0 0 1px;font-weight:700;padding:5px 35px 5px 10px}.qtip-titlebar+.qtip-content{border-top-width:0!important}.qtip-close{border:1px solid transparent;cursor:pointer;outline:medium none;position:absolute;right:-9px;top:-9px;z-index:11}.qtip-titlebar .qtip-close{margin-top:-9px;right:4px;top:50%}* html .qtip-titlebar .qtip-close{top:16px}.qtip-icon .ui-icon,.qtip-titlebar .ui-icon{direction:ltr;display:block;text-indent:-1000em}.qtip-icon,.qtip-icon .ui-icon{-moz-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;text-decoration:none}.qtip-icon .ui-icon{background:transparent none no-repeat -100em -100em;color:inherit;height:14px;line-heigh

        Chrome Cache Entry: 80

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Unicode text, UTF-8 text, with very long lines (49026), with LF, NEL line terminators
        Category:dropped
        Size (bytes):98175
        Entropy (8bit):5.280388477954577
        Encrypted:false
        SSDEEP:
        MD5:611785C1E632D8744CBC829D0B832AF3
        SHA1:21F2AB2996DA4CBA76AEE72571740A6165FC908C
        SHA-256:2E5A8B1383B348C8EAB64B46D2890F57B958AC730ECA10E0A541546D1E0EC5F6
        SHA-512:5ECD190A1D426330F5040AEA26A0C39A5166FCB8210F0AA14758C12C9E7E203BB89545272928A418F720E0EFD6B6C575D2D3A52FB553CEBEFF5447F16A450AF3
        Malicious:false
        Reputation:unknown
        Preview:/*! For license information please see discoveryIframe-a869d3b07ebd94f8cfae.min.js.LICENSE.txt */.var MyOkta="object"==typeof MyOkta?MyOkta:{};MyOkta.discoveryIframe=function(t){var n={};function r(e){if(n[e])return n[e].exports;var i=n[e]={i:e,l:!1,exports:{}};return t[e].call(i.exports,i,i.exports,r),i.l=!0,i.exports}return r.m=t,r.c=n,r.d=function(t,n,e){r.o(t,n)||Object.defineProperty(t,n,{enumerable:!0,get:e})},r.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},r.t=function(t,n){if(1&n&&(t=r(t)),8&n)return t;if(4&n&&"object"==typeof t&&t&&t.__esModule)return t;var e=Object.create(null);if(r.r(e),Object.defineProperty(e,"default",{enumerable:!0,value:t}),2&n&&"string"!=typeof t)for(var i in t)r.d(e,i,function(n){return t[n]}.bind(null,i));return e},r.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(n,"a",n),n},r.

        Chrome Cache Entry: 81

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format, CFF, length 20600, version 1.0
        Category:downloaded
        Size (bytes):20600
        Entropy (8bit):7.980583146819557
        Encrypted:false
        SSDEEP:
        MD5:DB28723126138387CDF40680E6E0FA5D
        SHA1:4D706297987D613A4E3F4F23D08C62D16830845D
        SHA-256:7ECCBB3B4B68F9F24A3B826F2EEA4A1BBB48196CB734AFC1B62C3D045CB680E1
        SHA-512:076A50AB64D549E6FCDE52618B55D97CBB3E7B321D0CBDCCD267C83B1FDCDCDAFD8ED13CCD8186E23EC7FED2BF12AC693B6042FA258C624ECB01B7B7BA003915
        Malicious:false
        Reputation:unknown
        URL:https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/font/okticon.woff
        Preview:wOFFOTTO..Px......x|........................CFF ......Ki..p.....FFTM..Lt........x.^GDEF..L........ ....OS/2..L....H...`/.M[cmap..L....b.....'.@head..N\...+...6..>.hhea..N........$.J..hmtx..N..........:.)maxp..O|..........P.name..O............post..Ph....... ....x...x..(.....$.i=..T"44).).v..6.......N..].%....#[...,Y#.t..f...-.M.Z.....64..Po..J..M.[...-.xwr..=..@......|.%......{.X.('g.N.CuVG..:.".~.n.....n..%:..:.$.......1..X.b<.L.gn...n^..?.x....\........Ew.*]dY.^..E?^..?..tF.:.7t.t.t..gu...^./.e./..P.O.X...._._...u..n....._..uu....\...~v.[..s].s..sO.#9..s.rzr...79..bXf9s;..f.S...9.b.3.0.`0..V..6.....04.D......~ix..7...%l...mb%.(;..5...oh.....o..";...4.^E.D.^....._....{.......\.x=.}..c.....'s.....BnI...r.".:.17......Y...X.x.7,.[..b.b~q..g..t.[.._..%...|n..K.^R...K*.4,./..<...%o,...wK..._....[.f../}x.u.g...{if../.=......p...c.>.W..5..y;....s...y..2..y.....:..>hvX>........j.l./.....;X......T.8>^Z....O(.;h........8..?^Zoy...I..?...

        Chrome Cache Entry: 82

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:GIF image data, version 89a, 38 x 38
        Category:downloaded
        Size (bytes):10274
        Entropy (8bit):7.620311289125539
        Encrypted:false
        SSDEEP:
        MD5:DA5AFED58D4A7AB9E44A16EE5387707B
        SHA1:CE2BAC88D718F974ADD007D55EF0E9314D0F4B61
        SHA-256:2D0840961E9D93F813811D90C3ED7537149172E1BB0FA92762AB0E0A72AF054F
        SHA-512:FB5582B800DCF97A879E344D217EF31555FCDC2574CB21ECE0D8627F1CA78B2D5B25B9D7A5524EDEEDCA809638F338055F23612F651A308E96AFB0D8EF9AE00C
        Malicious:false
        Reputation:unknown
        URL:https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/img/ui/indicators/loader@1x.gif
        Preview:GIF89a&.&..........h........5v....."j....F..S......e.........s...'m.+p.{.....]...............c.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmpMM:InstanceID="xmp.iid:5D2465FD25BB11EA9227AD5F1F7D1F04" xmpMM:DocumentID="xmp.did:5D2465FE25BB11EA9227AD5F1F7D1F04"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5D2465FB25BB11EA9227AD5F1F7D1F04" stRef:documentID="xmp.did:5D2465FC25BB11EA9227AD5F1F7D1F04"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...........................................................................

        Chrome Cache Entry: 83

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
        Category:dropped
        Size (bytes):5430
        Entropy (8bit):2.7209270279774733
        Encrypted:false
        SSDEEP:
        MD5:449C9DD651DB589388B721EB2496F5B0
        SHA1:64F3B213A89A00F7B0940271576ECC72280236F7
        SHA-256:F9E86FB363A05F75AB3B525439D46BF4911D4CD4AE94C656C0198206374002AA
        SHA-512:410C701B5050A6D039EE82C6D1B1B596983622E35256A2628A108B20E03D8B0CC85D2033292D5E13ACE0199FFFBB34DBFE9DF82EA4161285082837056A06F2DC
        Malicious:false
        Reputation:unknown
        Preview:............ .h...&... .... .........(....... ..... .................................y)..y)..y).Lz)..z)..z)..z)..z)..z)..y(.Vx)..x)..........z+..y)..y)..y)..z)..z)..z)..z)..z)..z)..z)..z)..y)..y)..y)..z+..z*..z*..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..y)..{*..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..y(..y).Vz)..z)..z)..z)..z)..z(.Py)..x(..y).Pz)..z)..z)..z)..z)..z).Lz)..z)..z)..z)..z)..y)..v+..|'..s'..|*..y). z)..z)..z)..z)..z)..z)..z)..z)..z)..y).Pz)..s'..........z'..z*..z).Qz)..z)..z)..z)..z)..z)..z)..z)..y(..y)..................z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..................z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z(.Lz)..y'..........s&..{)..y).Pz)..z)..z)..z)..z)..z)..z)..z)..z)..y)..|*..s'..w'..},..y)..z)..z)..z)..z)..z)..y).Lz)..z)..z)..z)..z)..y(.Px(..y)..y).Lz)..z)..z)..z)..z)..y).Vx)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..w)..{*..y)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..x(..y(..z+..z)..z)..z)..z)..z)..z)

        Chrome Cache Entry: 84

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 362 x 120, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):4672
        Entropy (8bit):7.940263524594946
        Encrypted:false
        SSDEEP:
        MD5:69FE4B63FCB5691B5FD0CA1A3CE7FB1A
        SHA1:481AF09D2403556B82CB402B7FE81B3C85BFD95B
        SHA-256:973B46EC32BEB678E1FDB117601586EC8F1E301B1ACD88BFB7FF814B3711B133
        SHA-512:ED15FF68D2AEA07C646FFDB238BFB43222BEC61377ACAF1510E64054DEEA81624BDE94E123FC7708C5E28FB1F9256CC0CD15CD7EFC5FB35D2EA97A77AE4A3EBD
        Malicious:false
        Reputation:unknown
        Preview:.PNG........IHDR...j...x............IDATx..]..7......%W9.......uzr...!\.'..!8..`/ggO......!8.]5U...xs3..h4..'.'........o.....o.x......p.........A........_....._.(...Zj.__.f.....w....._..........Z..A..~<..<..jn..Q'.t.x...o. .....;.9...kjE.F.W.1. ..E..qY.n.1. ..I.~.'.H7JE...o.F......!T.c.G.A...M.C.].'.......R.A..1..x..^.J5B...94C7.H.)>.. ..H...S..,Q..B"L.j.-4.e..jQ.I[Q.....Q.c.j..&l.../].qnt..w....R..D...qp*.5...`#..bi....T|...S.E..V.o..7-6..*.i/.[...p.n.b0*..Ho..0.K._...$Bi..1..... B.+.@..1..a.*. .o6.;]...y.."...'...Di.. t.K.ZA..G.fL.=j.8...$b..J..1......8..#..s%m......E..7!.d....K..'b.gG.U.&.....c.......Ll.........6...<.;]'..cE".y..DH.?M..1..>F...........QB.Q.....~.Al.H#....)#%.....A....vT|..A<....(O. .y.T?/.f.4.2D.*?.....Z...g<..x....\.....=I.6c"._G.-...[.Z...u...pL.r?&...J...AQxx.k.....s.{....%.[._E..%.\.."..g....s..s...,...rzq.!...j .....Q:~.G.........m.:.......U..L.3..u.8?......:U..-.6.l.......I..I1Ro..B...C`Xr...Fh.P.+...<T

        Chrome Cache Entry: 85

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format (Version 2), TrueType, length 98868, version 1.0
        Category:downloaded
        Size (bytes):98868
        Entropy (8bit):7.997348664849209
        Encrypted:true
        SSDEEP:
        MD5:DC131113894217B5031000575D9DE002
        SHA1:F96348260751EA78B1D23E9557DB297290BDAF28
        SHA-256:D612F1212B452AF07F1A5DEFB2B672E76A91F7139E7499FA48BB9B2B985C22D6
        SHA-512:0AA4420C7B7DCC70238371F9D21D521D0673CAF4C1883EEB2D3254C5A1DAD941F4569F418350FFC61E93303466C504179B90BA0ACF008250DC9C2C6DDF6F850B
        Malicious:false
        Reputation:unknown
        URL:https://ok2static.oktacdn.com/assets/loginpage/font/assets/Inter-Regular.c8ba52b05a9ef10f4758.woff2
        Preview:wOF2.......4..........................................F...J.`..........9..T..6.$..N. ..r...-[....Jl..\Z 8...B.J.....9..m..nN...g....?^.AD!.......J.u.YW.s..)..[.J.<...............o$.....}.y#/!a.....(.2.V.X.G.j$...!d1/:.P.U..(.C..1.3...,.G..Y.'..\....$s....Y...h.........C}...yE|.e.k..WK.b[U.P].b.P..J&U.......o...9..p...2...N#....)..U,..".=..q[...S..E...U..U...`......r.Vx...T.*K.."j....q....R\......1.J9w..H]<..w..A..\o..:./...U..n.G..S...>...Z3.....&4.z.......^...d..J}L.U].-?...z..M.(.u.t.v.......['...iNP..VP..3.....{D...((l...^.....=..P...=.'....ry..aa....\ba.m.#.^...d..p.|.g.l...e..o.CB..k..2:....b,.".......=a.5.l./..............@../y...<..w1.C.(imM9...jW..L`...~...a....#....8.....(.Xg.t.9...s...m.H.?.x.v...v.....z'k6.?..y~.c%....>..[%S...(..k.{....+......)s.=.....!.+...7C.../..G/.....!X:...6+-..,<...&..4.....^.S...E>|Gi0....?.?^..r.M..E...3FT.&;..9....<..Sw-:..f.z9.}=Kn......"&...8...^s.mf.B..9...oh.O...2...lj|.#.U.H'...{.`..X.....e .AZ...T...

        Chrome Cache Entry: 86

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):174
        Entropy (8bit):4.78804422924668
        Encrypted:false
        SSDEEP:
        MD5:1B4CB0804DA2F7CFF6802F99A7A8C40F
        SHA1:52E8DAB8C35A70DB96523AEE9D116F81092933E0
        SHA-256:0D14D3BB968BBFC9E70BB420E281AC6B7B944B826BAB2872178706A0CE4A5690
        SHA-512:DEBE9DDFC018391C2F16F74A86799C3C309E2570014ACB9CEEBB89E95C0BC0BA6451BA40A0CD3A2026E10D3768C66F72DB0AEDE2D3525467FA964902E6A52036
        Malicious:false
        Reputation:unknown
        Preview:{"errorCode":"E0000022","errorSummary":"The endpoint does not support the provided HTTP method","errorLink":"E0000022","errorId":"oaeXuwWRvrNSVu7c9uaJhescA","errorCauses":[]}

        Chrome Cache Entry: 87

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (65460)
        Category:dropped
        Size (bytes):193456
        Entropy (8bit):5.43344083452999
        Encrypted:false
        SSDEEP:
        MD5:FDBF33124BE836560D8594251E6FA560
        SHA1:C996E5D037DFC0317CFD5590E465314D08FA0F47
        SHA-256:CA7A7FB99CA375503E8978455C37F2D2CD36F0438BE9AF2BF5682B890270241C
        SHA-512:6499535036115573424EFB9F0674C02D5A469B6B578D93FC0F085B0D4CE6B24B59EAA972CAD9A32D1A6CCC473F3FC101E0DA06AFF3CCD2AAED90E2299D3D9D39
        Malicious:false
        Reputation:unknown
        Preview:/*! For license information please see initLoginPage.pack.js.LICENSE.txt */.var OktaLogin;!function(){var e={954:function(e,t,n){"use strict";var r,i,o;function a(e){return a="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},a(e)}e=n.nmd(e),i="undefined"!=typeof window?window:void 0,o=function(n,i){var o=[],s=n.document,u=o.slice,l=o.concat,c=o.push,p=o.indexOf,f={},h=f.toString,d=f.hasOwnProperty,m={},g="1.12.4",v=function e(t,n){return new e.fn.init(t,n)},y=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,b=/^-ms-/,x=/-([\da-z])/gi,w=function(e,t){return t.toUpperCase()};function k(e){var t=!!e&&"length"in e&&e.length,n=v.type(e);return"function"!==n&&!v.isWindow(e)&&("array"===n||0===t||"number"==typeof t&&t>0&&t-1 in e)}v.fn=v.prototype={jquery:g,constructor:v,selector:"",length:0,toArray:function(){return u.call(this)},get:function(e){return n

        Chrome Cache Entry: 88

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (40099)
        Category:downloaded
        Size (bytes):1818778
        Entropy (8bit):5.32915519594988
        Encrypted:false
        SSDEEP:
        MD5:F42FD819BE9C8CE10EC67481A1EF6CFC
        SHA1:9B68A71F87F8D9C537F39E668840507D13D87435
        SHA-256:F60800D5114EB72B305133A3CCB5A441B12DAFFB5F166DFBCC5CF028283D0B97
        SHA-512:C6BFABDD010192C57A57269260BE763E7810800BC5DDC12980727FB6E5FFC7B213745A88BDB83038855BE446DF99BA7BD3572B2BB966B7AB9DE0741B96B11ED5
        Malicious:false
        Reputation:unknown
        URL:https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/js/okta-sign-in.min.js
        Preview:/*! Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved..The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.")..You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0..Unless required by applicable law or agreed to in writing, software.distributed under the License is distributed on an "AS IS" BASIS, WITHOUT.WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied...See the License for the specific language governing permissions and limitations under the License.. */.!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.OktaSignIn=t():e.OktaSignIn=t()}(self,(function(){return function(){var e={72284:function(e,t,n){"use strict";var r=n(12990),o=n(66583),i={days:function(e){return 864e5*e},hours:function(e){return 36e5*e},minutes:function(e){return

        Chrome Cache Entry: 90

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with no line terminators
        Category:downloaded
        Size (bytes):28
        Entropy (8bit):3.851823225551766
        Encrypted:false
        SSDEEP:
        MD5:67917D37C3BA446E4238BC4234D57A0D
        SHA1:2DE3B18B0E76E3ACF380A582613FBEA21FB280B3
        SHA-256:C14E1187B04C0980E5CF3514598D0C74A73D5602BF78F963DAFB1F82DF34A73D
        SHA-512:CD39A83FE41F19ACDA58D64EDF5534BBC238E8745BE244C1769B704210BA32F8C8964165AE4258F328FFB8797A0692A0825DB0285B612333FC105E46C2D07FC0
        Malicious:false
        Reputation:unknown
        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkAIlVL9PMRKxIFDYKLfA4=?alt=proto
        Preview:ChMKEQ2Ci3wOGgQICRgBGgQIZBgC

        Chrome Cache Entry: 91

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 420 x 144, 8-bit/color RGBA, non-interlaced
        Category:downloaded
        Size (bytes):8958
        Entropy (8bit):7.9266831468111105
        Encrypted:false
        SSDEEP:
        MD5:813AF8FC3F88F62D4FD2BB7ADA7C693C
        SHA1:90F5AD33EB828E67FC5AD4697F7E4995791B8A76
        SHA-256:8FAA87F02CA5FEA16808EA790ABA67C5957194A1FB98A52E706AD578CB10779D
        SHA-512:1D9D2CDB9B69A68627708899451B0D0154AF7185C72F2A122A3EBD9B95FE733EAF4E95F5CE549A83DC2D3EC0861083141600675517A926066B955B11AAA0D76A
        Malicious:false
        Reputation:unknown
        URL:https://ok2static.oktacdn.com/fs/bco/4/fs0z3j6jc3fzF8nEv0x7
        Preview:.PNG........IHDR.............G..:..".IDATx...xT.....U.....z.Zk..If.. U.m....Qm...Vm..s&..F.Q.V[..I.).@..Z^.**E..(Z.y.1.}.s.L ..g..3....o..99s......k.]V...............`=;.1..TG.wP.yZg8...v.H.?F./...............-.sl.._E...Uu.K?_.V..n...k.5z..eCpe.......>4Tg."....w..c.Y.c.C..9D[.]...".[h/...~_;....O.."..F....#a..L\m.....u...z.QA..R..M..<)"4...,..Tt.&TA.}n[.m<..D.FO..0....1..f..!.YL".h.F?A5w..I...w....A.vO...w.......($..... .B,..$e~{....=.GW.n..@)..M..m.9. ..=9")4!J1....%..N.j.~....P..|....PG.#...Y.R..FK.A..9.0...I..(.Q.z.W.>.r..)...s..oOf.....!m......j...s.E.F........f:........-u.....j..JD..._...V.....P....6.Dh...............M..".<....!..6..RJ!:.5L<..../....@..K-."'...B.W....(f.............dz....Q.....M.z..h.........I..Q.....>p....2.. ...F...C.....ZZ.R............y;...".W...bB+...,..>.7....X.5...gc;.... ..........|#k.b.. +.#.]...|.............b...Bl.Qr.......!.....9....|RP......., ._.P].%.hd.....BK....h..EfBX21].Dk.......%..YS.<...A....4....PmA..5

        Chrome Cache Entry: 92

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text
        Category:downloaded
        Size (bytes):606
        Entropy (8bit):4.773458241925958
        Encrypted:false
        SSDEEP:
        MD5:9C015B709AE7678A8083966012F6CFC9
        SHA1:187C8EE9F8A0ED1168C90686EED591E41736A055
        SHA-256:3ED7F33549C25F8DE6559B0E495BA63576F126FAFF3BA16B64E04378050E04D6
        SHA-512:DF793C718429BB7A19A16AB735D238C128113517D266BA3AC4F21C2415F7D9F320E4A907FCAAE92497F431FE8687D86513C17BDC82C420DD105858A311E364F9
        Malicious:false
        Reputation:unknown
        URL:https://flywire.okta.com/api/internal/brand/theme/style-sheet?touch-point=SIGN_IN_PAGE&v=06488e884d7aed9205d8a05a4e719a12e89729b0fdc87a80a3cf61c2f8ef4e9cfbac06166bf33d11bf95feaec209f636
        Preview:.tb--background {. background-color: #cccccc !important;.}..tb--button,..button-primary {. background: #147bd1 !important;. border-color: #147bd1 !important;. color: #000000 !important;.}..tb--button:hover,..button-primary:hover {. background-image: linear-gradient(hsla(0, 0%, 0%, 0.04) 0 0) !important;. }..tb--link {. color: #147bd1 !important;.}..link-button-disabled,..link-button-disabled:hover {. background-image: linear-gradient(hsla(0, 0%, 100%, 0.5) 0 0) !important;. color: hsla(0, 0%, 0%, 0.5) !important;. border-color: #ffffff !important;.}.

        Chrome Cache Entry: 93

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 50 x 1155, 8-bit/color RGBA, non-interlaced
        Category:downloaded
        Size (bytes):3141
        Entropy (8bit):7.275615969527201
        Encrypted:false
        SSDEEP:
        MD5:7846B2F8C6D0A7CA69FDD3D3C294E92D
        SHA1:E0BB021FFDF93C68FEF44DE2A3B08F378B6FB50A
        SHA-256:40810B0318131F9BA52C83A17E633A0AC476ADE66EA8A914D6C4980571397665
        SHA-512:C08600B8B07D56BB502F9AED5CE2BAB59B33105C1CCF595413BC7158368FA06C73BC2D22C7CC99D1EFD10FD7C599CEE92163DEC3D2312BFD98DBF69457C59DE7
        Malicious:false
        Reputation:unknown
        URL:https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/img/ui/forms/checkbox-sign-in-widget.png
        Preview:.PNG........IHDR...2.........;.lr....IDATx..._l.......{..@.,.g.e.2...l$...p8...H.ndxS...7o.\..1.4\.z...%K.[.%U.0..8.0...S..c..=..p...-...ky$...1..;.s...#......GQ.....mQ....z1.uq.W.$.c.?d}....z.(..[.l).J.T........<B..z.T*.P(.....]i?.i.u.k..7..!..!n.q.9$.....h.....q5...2?4&I.c``.s?.g=.Z...I.$...2..I.F....7..!..!n.qC..B....7..!..!n.qC..B....7..!..!n.qC..B....7..!..!n.qC..B....7..!..!n.qC..B.\7!..+.o.-..r.VK5^....+<..(*.......S]744T.......j.....uww+.x5..o..7..!..!n.q.9$..W..<.....!..y......,..A.A..7..!..!n.qC..B....7..!..!n.qC..B....7..!..!n.qC..B....7..!..!n.qC..B....7..!..!n.qC..B....7..+....EQT....+.8..A.Y...D.RI.T*I...D.....U.....+.JJ.)^..F..I=.....S'..{AC^8.Go...v.yM.....^..=#C.32.(......5.=zAB>.pN/..#I.v.F.Y^.~F....0.$I.._.S.6..e+.`..C.9#X.......~s./..M.......c.jQ..6..JM.......H.....}.==...ZRh.....$.....,n.u.,.B~..Mu-[...W.V...._..E7.b...+:......S..yu...}....vI....--._..}..S.....k.-z.[?Vk.Y.X.}.-j.}.,..Z......s.j.....d...:<<\,.f.

        Chrome Cache Entry: 94

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:HTML document, ASCII text, with very long lines (451), with no line terminators
        Category:downloaded
        Size (bytes):451
        Entropy (8bit):4.953811953533213
        Encrypted:false
        SSDEEP:
        MD5:B2B86038BC19F36D4E1A0024A848C529
        SHA1:1F711BE55C288CA97852B189A5613E53EB93EEFB
        SHA-256:925EC88AEC5EDB50CDF38D58E2DDD6D7E23D3F73391C0407EF50879C123AE330
        SHA-512:CCBFBB86529B34A7A3CA25D1772EDB20E542CE3CDF400367B9F21322338C44C121080C79123C45787CC28F1D3C62DC45ACC6623F20F83F64199FE00AA33EA753
        Malicious:false
        Reputation:unknown
        URL:https://login.okta.com/discovery/iframe.html
        Preview:<!doctype html><html class="no-js" lang=""><head><meta charset="utf-8"><meta http-equiv="x-ua-compatible" content="ie=edge"><meta name="x-my-okta-version" content="version: 1.65.0"/><title></title><meta name="description" content=""><meta name="viewport" content="width=device-width,initial-scale=1"><script src="/lib/discoveryIframe-a869d3b07ebd94f8cfae.min.js"></script></head><body><script>new MyOkta.discoveryIframe(window);</script></body></html>

        Chrome Cache Entry: 95

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 140 x 140, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):2411
        Entropy (8bit):7.824979416281876
        Encrypted:false
        SSDEEP:
        MD5:8146A7091EDA20534F86CEADFB34A1FA
        SHA1:C429E1305E5DFF0F7CB60B5E9DC3420A58B5E9B0
        SHA-256:D434B33B7D0382D89CD488DD964F27E395EB03CF34B51D822D45912D96E75C64
        SHA-512:FC1534711156684D5B5A939865F3657D21607F79042F4479AB9CA20F289CC17C91D4167BC90B4F5D1846ACF896D18B6B93F4E751E25B7208B002B4C98724134A
        Malicious:false
        Reputation:unknown
        Preview:.PNG........IHDR...............A>....pHYs...%...%.IR$.....sRGB.........gAMA......a.....IDATx..KlTe..?.............X.l`........P..@b.1*.&..X........a!..h...XX..d......z..1.3.s....K..XBg.w..<.....3.:y...... a..$L....c.0a..&.A.1H.0.... a..$L....c.0a..&.A.1H.0.... a..$L....c.0a..&.A.1H.0..7]..{.......x9....~.&J..S~.uA.k......oq.+..U+.....u.X...<..^.9...#y.{.l.....:./v.+..u.r!P..@..W..Kw..R.D.Mk.....'*a...ex.vI....q..../.S.^.b".a .s....o.E.zA...%.q2/.D.8s58Q...8...s..N_Q.z.@._.>JVYY$s.`..(...pY.....N.52%.'........,F....._..V.<..,.....'.yXV.D...4p......Q.....n..].@...n..v.2A..'YRzK..o...B%.9L.e.x.x...0..].,)!K..01.........I..#_.Q.g1.X..f..I..YB?.....F...fs/....\.e&8.....B!.a0V.....n...gCO}H.P...g......'..a0..3.Q...5....P.....%....N..[|.:.W.}...~.....nB....Im[.V..Rtu.'wn....!4..u.g...,@M...L....um..C#w..S.,.f....0....CG.t&......+.6.....9H..>P..J.]0..^.c.....In.5...hQ.,.{3...s...s..Y..].J...DvIq...V......Ypy...] CT.@\.4...|...os....V...QY..%0..F\...hD

        Chrome Cache Entry: 98

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (7276)
        Category:downloaded
        Size (bytes):7324
        Entropy (8bit):5.340251859196265
        Encrypted:false
        SSDEEP:
        MD5:C8C15F6857642C257BCD94823D968BB1
        SHA1:9BCC52E2F521518405982468701A635FAC1AEF72
        SHA-256:A9966A22000716A17F6A350B2D200E6638F3CB672021E57976CEE906CACAB021
        SHA-512:203A0AEF10B55CDC8F95CF48DD09541227198F3E49B80E273A8C30A06AAA996FAB9514E2F45AF385C8630C695AF0F8556243E6A9A246FCC6DCB322D775ACEA8F
        Malicious:false
        Reputation:unknown
        URL:https://ok2static.oktacdn.com/assets/loginpage/css/loginpage-theme.c8c15f6857642c257bcd94823d968bb1.css
        Preview:a,abbr,acronym,address,applet,b,big,blockquote,body,caption,center,cite,code,dd,del,dfn,div,dl,dt,em,fieldset,form,h1,h2,h3,h4,h5,h6,html,i,iframe,img,ins,kbd,label,legend,li,object,ol,p,pre,q,s,samp,small,span,strike,strong,sub,sup,table,tbody,td,tfoot,th,thead,tr,tt,u,ul,var{background:transparent;border:0;font-size:100%;font:inherit;margin:0;outline:0;padding:0;vertical-align:baseline}body{line-height:1}ol,ul{list-style:none}blockquote,q{quotes:none}blockquote:after,blockquote:before,q:after,q:before{content:"";content:none}:focus{outline:0}ins{text-decoration:none}del{text-decoration:line-through}table{border-collapse:collapse;border-spacing:0}input[type=hidden]{display:none!important}input[type=checkbox],input[type=radio]{border:0!important;margin:0;padding:0}@font-face{font-family:Public Sans;font-style:normal;font-weight:400;src:url(../font/assets/PublicSans-Regular-Vietnamese.7f70e758d9d5d50cd543.woff2) format("woff2"),url(../font/assets/PublicSans-Regular.da3764ebbac060d5b0e2.

        Chrome Cache Entry: 99

        Download File
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):638
        Entropy (8bit):7.490827261739918
        Encrypted:false
        SSDEEP:
        MD5:0BCDCA59E2F615E121CBAD5CF1435E5E
        SHA1:25DD4359C0FB3C3D9B9624C38DAEED444B9314B5
        SHA-256:F0A0CB86C3A462478B9603CF8B18042BADE83EBACE885BC2FC7D99FDDDE98138
        SHA-512:656D9DAA3873B55B2921CCF4006E42C6AB219D41F43DADE5D4F609B29A7415178B88EA974E54AF5DB1F8BC40B4F0F93A062E5EB6DA258E63162F9F53576C029C
        Malicious:false
        Reputation:unknown
        Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a.....IDATx....N.@.....4.+.v...H..[...<A..y.v....3T.5<.....S...x#L.....X..wg.`....R...}?.}..."...^VW..q..H.O...!.=..v.B.....M;.p0_.&?.~..R....:..a9......G.&p....kx.<.]vp>8P.+.5....m&9..N._.......\^.._). ..a.wf....Q..L&..WW.#...M?7...:R....P...y......,....cd..\Aq...0...i....vs0...0-..yr..m...K=..Q*!..;c~A/.Wac......&...\..Ud._.&4@.4......:.9D,.)L......@.PmOd.Xm$'.@..f..ONR....!......nU.).vI.".N....}b>....&-d..Ko.W....#)..nv..0...z.....)Jn.j...h....F..(..8.V.l=...X.z.SUz~.%.q-..d....OKk\.,u...g@...R..gOv.........A.h.....IEND.B`.

        Static File Info

        No static file info