Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    129s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/11/2023, 18:25 UTC

General

  • Target

    https://denotificationservices.bbcportal.com/Entry

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://denotificationservices.bbcportal.com/Entry
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3320
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef3409758,0x7ffef3409768,0x7ffef3409778
      2⤵
        PID:3232
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:2
        2⤵
          PID:2480
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:8
          2⤵
            PID:4688
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:8
            2⤵
              PID:2860
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:1
              2⤵
                PID:996
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:1
                2⤵
                  PID:5060
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4608 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:1
                  2⤵
                    PID:4080
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:8
                    2⤵
                      PID:4036
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:8
                      2⤵
                        PID:1264
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1864,i,10335734834429866557,11470884430702875280,131072 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:264
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:4772

                      Network

                      • flag-us
                        DNS
                        denotificationservices.bbcportal.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        denotificationservices.bbcportal.com
                        IN A
                        Response
                        denotificationservices.bbcportal.com
                        IN CNAME
                        prod-alb-external-1034143959.us-west-2.elb.amazonaws.com
                        prod-alb-external-1034143959.us-west-2.elb.amazonaws.com
                        IN A
                        54.191.69.23
                        prod-alb-external-1034143959.us-west-2.elb.amazonaws.com
                        IN A
                        54.244.115.141
                      • flag-us
                        DNS
                        68.32.126.40.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        68.32.126.40.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        106.208.58.216.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        106.208.58.216.in-addr.arpa
                        IN PTR
                        Response
                        106.208.58.216.in-addr.arpa
                        IN PTR
                        ams17s08-in-f101e100net
                        106.208.58.216.in-addr.arpa
                        IN PTR
                        sof01s11-in-f106�I
                      • flag-us
                        DNS
                        2.136.104.51.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        2.136.104.51.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        23.69.191.54.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        23.69.191.54.in-addr.arpa
                        IN PTR
                        Response
                        23.69.191.54.in-addr.arpa
                        IN PTR
                        ec2-54-191-69-23 us-west-2compute amazonawscom
                      • flag-us
                        DNS
                        denotificationservices.portal.finalsiteconnect.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        denotificationservices.portal.finalsiteconnect.com
                        IN A
                        Response
                        denotificationservices.portal.finalsiteconnect.com
                        IN CNAME
                        prod-alb-external-1034143959.us-west-2.elb.amazonaws.com
                        prod-alb-external-1034143959.us-west-2.elb.amazonaws.com
                        IN A
                        54.191.69.23
                        prod-alb-external-1034143959.us-west-2.elb.amazonaws.com
                        IN A
                        54.244.115.141
                      • flag-us
                        DNS
                        249.194.19.2.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        249.194.19.2.in-addr.arpa
                        IN PTR
                        Response
                        249.194.19.2.in-addr.arpa
                        IN PTR
                        a2-19-194-249deploystaticakamaitechnologiescom
                      • flag-us
                        DNS
                        198.52.96.20.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        198.52.96.20.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        103.94.239.18.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        103.94.239.18.in-addr.arpa
                        IN PTR
                        Response
                        103.94.239.18.in-addr.arpa
                        IN PTR
                        server-18-239-94-103ams1r cloudfrontnet
                      • flag-us
                        DNS
                        serverapi.arcgisonline.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        serverapi.arcgisonline.com
                        IN A
                        Response
                        serverapi.arcgisonline.com
                        IN CNAME
                        serverapivpc-431199233.us-east-1.elb.amazonaws.com
                        serverapivpc-431199233.us-east-1.elb.amazonaws.com
                        IN A
                        52.21.75.95
                        serverapivpc-431199233.us-east-1.elb.amazonaws.com
                        IN A
                        52.86.130.216
                      • flag-us
                        DNS
                        198.1.85.104.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        198.1.85.104.in-addr.arpa
                        IN PTR
                        Response
                        198.1.85.104.in-addr.arpa
                        IN PTR
                        a104-85-1-198deploystaticakamaitechnologiescom
                      • flag-us
                        DNS
                        95.75.21.52.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        95.75.21.52.in-addr.arpa
                        IN PTR
                        Response
                        95.75.21.52.in-addr.arpa
                        IN PTR
                        ec2-52-21-75-95 compute-1 amazonawscom
                      • flag-us
                        DNS
                        content-autofill.googleapis.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        content-autofill.googleapis.com
                        IN A
                        Response
                        content-autofill.googleapis.com
                        IN A
                        142.251.36.42
                        content-autofill.googleapis.com
                        IN A
                        172.217.168.234
                        content-autofill.googleapis.com
                        IN A
                        142.250.179.170
                        content-autofill.googleapis.com
                        IN A
                        142.250.179.202
                        content-autofill.googleapis.com
                        IN A
                        142.251.36.10
                        content-autofill.googleapis.com
                        IN A
                        142.251.39.106
                        content-autofill.googleapis.com
                        IN A
                        172.217.168.202
                        content-autofill.googleapis.com
                        IN A
                        172.217.23.202
                        content-autofill.googleapis.com
                        IN A
                        216.58.208.106
                        content-autofill.googleapis.com
                        IN A
                        216.58.214.10
                        content-autofill.googleapis.com
                        IN A
                        142.250.179.138
                      • flag-nl
                        GET
                        https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwm42Or4DGFzpxIFDaNMX0gSBQ1b39LDEiwJwy3O0xFBvysSBQ0WMZ7PEgUNGM4RHBIFDaPT_sgSBQ2rAAnrEgUN_-P9TBIQCUqz3lGL_vEDEgUNKVxULQ==?alt=proto
                        chrome.exe
                        Remote address:
                        142.251.36.42:443
                        Request
                        GET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwm42Or4DGFzpxIFDaNMX0gSBQ1b39LDEiwJwy3O0xFBvysSBQ0WMZ7PEgUNGM4RHBIFDaPT_sgSBQ2rAAnrEgUN_-P9TBIQCUqz3lGL_vEDEgUNKVxULQ==?alt=proto HTTP/2.0
                        host: content-autofill.googleapis.com
                        x-goog-encode-response-if-executable: base64
                        x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                        x-client-data: CNDiygE=
                        sec-fetch-site: none
                        sec-fetch-mode: no-cors
                        sec-fetch-dest: empty
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                      • flag-us
                        DNS
                        js-agent.newrelic.com
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        js-agent.newrelic.com
                        IN A
                        Response
                        js-agent.newrelic.com
                        IN CNAME
                        k.sni.global.fastly.net
                        k.sni.global.fastly.net
                        IN A
                        151.101.2.137
                        k.sni.global.fastly.net
                        IN A
                        151.101.66.137
                        k.sni.global.fastly.net
                        IN A
                        151.101.130.137
                        k.sni.global.fastly.net
                        IN A
                        151.101.194.137
                      • flag-us
                        GET
                        https://js-agent.newrelic.com/nr-spa-1216.min.js
                        chrome.exe
                        Remote address:
                        151.101.2.137:443
                        Request
                        GET /nr-spa-1216.min.js HTTP/2.0
                        host: js-agent.newrelic.com
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-mobile: ?0
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        sec-ch-ua-platform: "Windows"
                        accept: */*
                        sec-fetch-site: cross-site
                        sec-fetch-mode: no-cors
                        sec-fetch-dest: script
                        referer: https://denotificationservices.portal.finalsiteconnect.com/
                        accept-encoding: gzip, deflate, br
                        accept-language: en-US,en;q=0.9
                        Response
                        HTTP/2.0 200
                        x-amz-id-2: FUigxCcWBswZn8ipZsVP9GVNNEjjAcBAHssxrglC+D9cDuP7zT37S1fi1bt1p8maZuv9Qc5uul0=
                        x-amz-request-id: EQ1MZYFK7SE50Z86
                        last-modified: Wed, 18 Oct 2023 21:31:16 GMT
                        etag: "63e2df852d15ab21d7ff8fc4363222e8"
                        x-amz-server-side-encryption: AES256
                        cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
                        x-amz-version-id: MElzWumrf8lREc3kORDlSWHVtEZAK4m8
                        content-type: application/javascript
                        server: AmazonS3
                        access-control-allow-origin: *
                        content-encoding: br
                        accept-ranges: bytes
                        date: Wed, 15 Nov 2023 18:26:39 GMT
                        via: 1.1 varnish
                        x-served-by: cache-ams21072-AMS
                        x-cache: HIT
                        x-cache-hits: 389193
                        x-timer: S1700072799.298075,VS0,VE0
                        vary: Accept-Encoding
                        cross-origin-resource-policy: cross-origin
                        strict-transport-security: max-age=300
                        content-length: 19141
                      • flag-us
                        DNS
                        bam.nr-data.net
                        chrome.exe
                        Remote address:
                        8.8.8.8:53
                        Request
                        bam.nr-data.net
                        IN A
                        Response
                        bam.nr-data.net
                        IN CNAME
                        bam.cell.nr-data.net
                        bam.cell.nr-data.net
                        IN CNAME
                        bam.nr-data.net.cdn.cloudflare.net
                        bam.nr-data.net.cdn.cloudflare.net
                        IN A
                        162.247.241.14
                      • flag-us
                        GET
                        https://bam.nr-data.net/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=4651&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry&ap=80&be=2413&fe=4428&dc=3810&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1700072793242,%22n%22:0,%22f%22:1519,%22dn%22:1523,%22dne%22:1571,%22c%22:1571,%22s%22:1747,%22ce%22:1959,%22rq%22:1960,%22rp%22:2364,%22rpe%22:2423,%22dl%22:2385,%22di%22:3809,%22ds%22:3810,%22de%22:3844,%22dc%22:4428,%22l%22:4428,%22le%22:4430%7D,%22navigation%22:%7B%7D%7D&fp=3535&fcp=3537&jsonp=NREUM.setToken
                        chrome.exe
                        Remote address:
                        162.247.241.14:443
                        Request
                        GET /1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=4651&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry&ap=80&be=2413&fe=4428&dc=3810&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1700072793242,%22n%22:0,%22f%22:1519,%22dn%22:1523,%22dne%22:1571,%22c%22:1571,%22s%22:1747,%22ce%22:1959,%22rq%22:1960,%22rp%22:2364,%22rpe%22:2423,%22dl%22:2385,%22di%22:3809,%22ds%22:3810,%22de%22:3844,%22dc%22:4428,%22l%22:4428,%22le%22:4430%7D,%22navigation%22:%7B%7D%7D&fp=3535&fcp=3537&jsonp=NREUM.setToken HTTP/1.1
                        Host: bam.nr-data.net
                        Connection: keep-alive
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        sec-ch-ua-platform: "Windows"
                        Accept: */*
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: script
                        Referer: https://denotificationservices.portal.finalsiteconnect.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Response
                        HTTP/1.1 200 OK
                        Date: Wed, 15 Nov 2023 18:26:39 GMT
                        Content-Type: text/javascript
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        CF-Ray: 82698b3498631c9e-AMS
                        CF-Cache-Status: DYNAMIC
                        Access-Control-Allow-Origin: *
                        Set-Cookie: JSESSIONID=9c3465ea0195e76f; Path=/; Domain=.nr-data.net; Secure; SameSite=None
                        access-control-allow-credentials: true
                        access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                        cross-origin-resource-policy: cross-origin
                        Vary: Accept-Encoding
                        Server: cloudflare
                        Content-Encoding: gzip
                      • flag-us
                        POST
                        https://bam.nr-data.net/events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=5037&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry
                        chrome.exe
                        Remote address:
                        162.247.241.14:443
                        Request
                        POST /events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=5037&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry HTTP/1.1
                        Host: bam.nr-data.net
                        Connection: keep-alive
                        Content-Length: 212
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-platform: "Windows"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        content-type: text/plain
                        Accept: */*
                        Origin: https://denotificationservices.portal.finalsiteconnect.com
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Dest: empty
                        Referer: https://denotificationservices.portal.finalsiteconnect.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Cookie: JSESSIONID=9c3465ea0195e76f
                        Response
                        HTTP/1.1 200 OK
                        Date: Wed, 15 Nov 2023 18:26:39 GMT
                        Content-Type: image/gif
                        Content-Length: 24
                        Connection: keep-alive
                        CF-Ray: 82698b363a481c9e-AMS
                        CF-Cache-Status: DYNAMIC
                        Access-Control-Allow-Origin: https://denotificationservices.portal.finalsiteconnect.com
                        access-control-allow-credentials: true
                        access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                        Vary: Accept-Encoding
                        Server: cloudflare
                      • flag-us
                        POST
                        https://bam.nr-data.net/events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=14657&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry
                        chrome.exe
                        Remote address:
                        162.247.241.14:443
                        Request
                        POST /events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=14657&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry HTTP/1.1
                        Host: bam.nr-data.net
                        Connection: keep-alive
                        Content-Length: 68
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-platform: "Windows"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        content-type: text/plain
                        Accept: */*
                        Origin: https://denotificationservices.portal.finalsiteconnect.com
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Dest: empty
                        Referer: https://denotificationservices.portal.finalsiteconnect.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Cookie: JSESSIONID=9c3465ea0195e76f
                        Response
                        HTTP/1.1 200 OK
                        Date: Wed, 15 Nov 2023 18:26:49 GMT
                        Content-Type: image/gif
                        Content-Length: 24
                        Connection: keep-alive
                        CF-Ray: 82698b725e1a1c9e-AMS
                        CF-Cache-Status: DYNAMIC
                        Access-Control-Allow-Origin: https://denotificationservices.portal.finalsiteconnect.com
                        access-control-allow-credentials: true
                        access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                        Vary: Accept-Encoding
                        Server: cloudflare
                      • flag-us
                        POST
                        https://bam.nr-data.net/jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=65029&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry
                        chrome.exe
                        Remote address:
                        162.247.241.14:443
                        Request
                        POST /jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=65029&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry HTTP/1.1
                        Host: bam.nr-data.net
                        Connection: keep-alive
                        Content-Length: 612
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-platform: "Windows"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        content-type: text/plain
                        Accept: */*
                        Origin: https://denotificationservices.portal.finalsiteconnect.com
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Dest: empty
                        Referer: https://denotificationservices.portal.finalsiteconnect.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Cookie: JSESSIONID=9c3465ea0195e76f
                        Response
                        HTTP/1.1 200 OK
                        Date: Wed, 15 Nov 2023 18:27:39 GMT
                        Content-Type: image/gif
                        Content-Length: 24
                        Connection: keep-alive
                        CF-Ray: 82698cad38c11c9e-AMS
                        CF-Cache-Status: DYNAMIC
                        Access-Control-Allow-Origin: https://denotificationservices.portal.finalsiteconnect.com
                        access-control-allow-credentials: true
                        access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                        Vary: Accept-Encoding
                        Server: cloudflare
                      • flag-us
                        POST
                        https://bam.nr-data.net/events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=74678&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry
                        chrome.exe
                        Remote address:
                        162.247.241.14:443
                        Request
                        POST /events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=74678&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry HTTP/1.1
                        Host: bam.nr-data.net
                        Connection: keep-alive
                        Content-Length: 226
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-platform: "Windows"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        content-type: text/plain
                        Accept: */*
                        Origin: https://denotificationservices.portal.finalsiteconnect.com
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Dest: empty
                        Referer: https://denotificationservices.portal.finalsiteconnect.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Cookie: JSESSIONID=9c3465ea0195e76f
                        Response
                        HTTP/1.1 200 OK
                        Date: Wed, 15 Nov 2023 18:27:49 GMT
                        Content-Type: image/gif
                        Content-Length: 24
                        Connection: keep-alive
                        CF-Ray: 82698ce97e4f1c9e-AMS
                        CF-Cache-Status: DYNAMIC
                        Access-Control-Allow-Origin: https://denotificationservices.portal.finalsiteconnect.com
                        access-control-allow-credentials: true
                        access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                        Vary: Accept-Encoding
                        Server: cloudflare
                      • flag-us
                        POST
                        https://bam.nr-data.net/jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=125032&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry
                        chrome.exe
                        Remote address:
                        162.247.241.14:443
                        Request
                        POST /jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=125032&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry HTTP/1.1
                        Host: bam.nr-data.net
                        Connection: keep-alive
                        Content-Length: 647
                        sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
                        sec-ch-ua-platform: "Windows"
                        sec-ch-ua-mobile: ?0
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
                        content-type: text/plain
                        Accept: */*
                        Origin: https://denotificationservices.portal.finalsiteconnect.com
                        Sec-Fetch-Site: cross-site
                        Sec-Fetch-Mode: cors
                        Sec-Fetch-Dest: empty
                        Referer: https://denotificationservices.portal.finalsiteconnect.com/
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Cookie: JSESSIONID=9c3465ea0195e76f
                        Response
                        HTTP/1.1 200 OK
                        Date: Wed, 15 Nov 2023 18:28:39 GMT
                        Content-Type: image/gif
                        Content-Length: 24
                        Connection: keep-alive
                        CF-Ray: 82698e2438951c9e-AMS
                        CF-Cache-Status: DYNAMIC
                        Access-Control-Allow-Origin: https://denotificationservices.portal.finalsiteconnect.com
                        access-control-allow-credentials: true
                        access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
                        Vary: Accept-Encoding
                        Server: cloudflare
                      • flag-us
                        DNS
                        42.36.251.142.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        42.36.251.142.in-addr.arpa
                        IN PTR
                        Response
                        42.36.251.142.in-addr.arpa
                        IN PTR
                        ams17s12-in-f101e100net
                      • flag-us
                        DNS
                        137.2.101.151.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        137.2.101.151.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        226.21.18.104.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        226.21.18.104.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        14.241.247.162.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        14.241.247.162.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        26.35.223.20.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        26.35.223.20.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        tse1.mm.bing.net
                        Remote address:
                        8.8.8.8:53
                        Request
                        tse1.mm.bing.net
                        IN A
                        Response
                        tse1.mm.bing.net
                        IN CNAME
                        mm-mm.bing.net.trafficmanager.net
                        mm-mm.bing.net.trafficmanager.net
                        IN CNAME
                        dual-a-0001.a-msedge.net
                        dual-a-0001.a-msedge.net
                        IN A
                        204.79.197.200
                        dual-a-0001.a-msedge.net
                        IN A
                        13.107.21.200
                      • flag-us
                        GET
                        https://tse1.mm.bing.net/th?id=OADD2.10239317301470_10T4S66MXCAC1M054&pid=21.2&w=1080&h=1920&c=4
                        Remote address:
                        204.79.197.200:443
                        Request
                        GET /th?id=OADD2.10239317301470_10T4S66MXCAC1M054&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                        host: tse1.mm.bing.net
                        accept: */*
                        accept-encoding: gzip, deflate, br
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                        Response
                        HTTP/2.0 200
                        cache-control: public, max-age=2592000
                        content-length: 396701
                        content-type: image/jpeg
                        x-cache: TCP_HIT
                        access-control-allow-origin: *
                        access-control-allow-headers: *
                        access-control-allow-methods: GET, POST, OPTIONS
                        timing-allow-origin: *
                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        x-msedge-ref: Ref A: 5EBB69659721407B9C346D8C9738D8E8 Ref B: DUS30EDGE0921 Ref C: 2023-11-15T18:26:42Z
                        date: Wed, 15 Nov 2023 18:26:42 GMT
                      • flag-us
                        GET
                        https://tse1.mm.bing.net/th?id=OADD2.10239317300903_1I9D73EQ93UVAQQA3&pid=21.2&w=1920&h=1080&c=4
                        Remote address:
                        204.79.197.200:443
                        Request
                        GET /th?id=OADD2.10239317300903_1I9D73EQ93UVAQQA3&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                        host: tse1.mm.bing.net
                        accept: */*
                        accept-encoding: gzip, deflate, br
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                        Response
                        HTTP/2.0 200
                        cache-control: public, max-age=2592000
                        content-length: 563338
                        content-type: image/jpeg
                        x-cache: TCP_HIT
                        access-control-allow-origin: *
                        access-control-allow-headers: *
                        access-control-allow-methods: GET, POST, OPTIONS
                        timing-allow-origin: *
                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        x-msedge-ref: Ref A: 6813BECA290245C690AB5C77F58C3A15 Ref B: DUS30EDGE0921 Ref C: 2023-11-15T18:26:42Z
                        date: Wed, 15 Nov 2023 18:26:42 GMT
                      • flag-us
                        GET
                        https://tse1.mm.bing.net/th?id=OADD2.10239317301037_1F4LYB5BP3D8EEGSO&pid=21.2&w=1920&h=1080&c=4
                        Remote address:
                        204.79.197.200:443
                        Request
                        GET /th?id=OADD2.10239317301037_1F4LYB5BP3D8EEGSO&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                        host: tse1.mm.bing.net
                        accept: */*
                        accept-encoding: gzip, deflate, br
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                        Response
                        HTTP/2.0 200
                        cache-control: public, max-age=2592000
                        content-length: 444999
                        content-type: image/jpeg
                        x-cache: TCP_HIT
                        access-control-allow-origin: *
                        access-control-allow-headers: *
                        access-control-allow-methods: GET, POST, OPTIONS
                        timing-allow-origin: *
                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        x-msedge-ref: Ref A: 702FEBB0BCB54568A8C0ED8DC30B08ED Ref B: DUS30EDGE0921 Ref C: 2023-11-15T18:26:42Z
                        date: Wed, 15 Nov 2023 18:26:42 GMT
                      • flag-us
                        GET
                        https://tse1.mm.bing.net/th?id=OADD2.10239317301336_1YOPPWPUT0SV8Y6UI&pid=21.2&w=1080&h=1920&c=4
                        Remote address:
                        204.79.197.200:443
                        Request
                        GET /th?id=OADD2.10239317301336_1YOPPWPUT0SV8Y6UI&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                        host: tse1.mm.bing.net
                        accept: */*
                        accept-encoding: gzip, deflate, br
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                        Response
                        HTTP/2.0 200
                        cache-control: public, max-age=2592000
                        content-length: 463918
                        content-type: image/jpeg
                        x-cache: TCP_HIT
                        access-control-allow-origin: *
                        access-control-allow-headers: *
                        access-control-allow-methods: GET, POST, OPTIONS
                        timing-allow-origin: *
                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        x-msedge-ref: Ref A: DAD4959C3F2F40BFB24EF4203BA7B70B Ref B: DUS30EDGE0921 Ref C: 2023-11-15T18:26:42Z
                        date: Wed, 15 Nov 2023 18:26:42 GMT
                      • flag-us
                        GET
                        https://tse1.mm.bing.net/th?id=OADD2.10239317301329_158N7EC87NQCHAYN7&pid=21.2&w=1920&h=1080&c=4
                        Remote address:
                        204.79.197.200:443
                        Request
                        GET /th?id=OADD2.10239317301329_158N7EC87NQCHAYN7&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                        host: tse1.mm.bing.net
                        accept: */*
                        accept-encoding: gzip, deflate, br
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                        Response
                        HTTP/2.0 200
                        cache-control: public, max-age=2592000
                        content-length: 501734
                        content-type: image/jpeg
                        x-cache: TCP_HIT
                        access-control-allow-origin: *
                        access-control-allow-headers: *
                        access-control-allow-methods: GET, POST, OPTIONS
                        timing-allow-origin: *
                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        x-msedge-ref: Ref A: 9C302D498B7A4CFCA013AF4FE7A42E88 Ref B: DUS30EDGE0921 Ref C: 2023-11-15T18:26:42Z
                        date: Wed, 15 Nov 2023 18:26:42 GMT
                      • flag-us
                        GET
                        https://tse1.mm.bing.net/th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&w=1080&h=1920&c=4
                        Remote address:
                        204.79.197.200:443
                        Request
                        GET /th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                        host: tse1.mm.bing.net
                        accept: */*
                        accept-encoding: gzip, deflate, br
                        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                        Response
                        HTTP/2.0 200
                        cache-control: public, max-age=2592000
                        content-length: 526983
                        content-type: image/jpeg
                        x-cache: TCP_HIT
                        access-control-allow-origin: *
                        access-control-allow-headers: *
                        access-control-allow-methods: GET, POST, OPTIONS
                        timing-allow-origin: *
                        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        x-msedge-ref: Ref A: E150769AE26545E583E332BE0AFA7EBD Ref B: DUS30EDGE0921 Ref C: 2023-11-15T18:26:43Z
                        date: Wed, 15 Nov 2023 18:26:43 GMT
                      • flag-us
                        DNS
                        200.197.79.204.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        200.197.79.204.in-addr.arpa
                        IN PTR
                        Response
                        200.197.79.204.in-addr.arpa
                        IN PTR
                        a-0001a-msedgenet
                      • flag-us
                        DNS
                        208.194.73.20.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        208.194.73.20.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        183.59.114.20.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        183.59.114.20.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        18.31.95.13.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        18.31.95.13.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        126.178.238.8.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        126.178.238.8.in-addr.arpa
                        IN PTR
                        Response
                      • flag-us
                        DNS
                        25.77.123.92.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        25.77.123.92.in-addr.arpa
                        IN PTR
                        Response
                        25.77.123.92.in-addr.arpa
                        IN PTR
                        a92-123-77-25deploystaticakamaitechnologiescom
                      • flag-us
                        DNS
                        14.227.111.52.in-addr.arpa
                        Remote address:
                        8.8.8.8:53
                        Request
                        14.227.111.52.in-addr.arpa
                        IN PTR
                        Response
                      • 54.191.69.23:443
                        denotificationservices.bbcportal.com
                        tls
                        chrome.exe
                        1.9kB
                        7.0kB
                        13
                        15
                      • 54.191.69.23:443
                        denotificationservices.portal.finalsiteconnect.com
                        tls
                        chrome.exe
                        19.8kB
                        891.3kB
                        364
                        663
                      • 52.21.75.95:443
                        serverapi.arcgisonline.com
                        tls
                        chrome.exe
                        9.3kB
                        292.4kB
                        120
                        219
                      • 52.21.75.95:443
                        serverapi.arcgisonline.com
                        tls
                        chrome.exe
                        930 B
                        480 B
                        8
                        7
                      • 142.251.36.42:443
                        https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwm42Or4DGFzpxIFDaNMX0gSBQ1b39LDEiwJwy3O0xFBvysSBQ0WMZ7PEgUNGM4RHBIFDaPT_sgSBQ2rAAnrEgUN_-P9TBIQCUqz3lGL_vEDEgUNKVxULQ==?alt=proto
                        tls, http2
                        chrome.exe
                        1.8kB
                        7.0kB
                        14
                        15

                        HTTP Request

                        GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSFwm42Or4DGFzpxIFDaNMX0gSBQ1b39LDEiwJwy3O0xFBvysSBQ0WMZ7PEgUNGM4RHBIFDaPT_sgSBQ2rAAnrEgUN_-P9TBIQCUqz3lGL_vEDEgUNKVxULQ==?alt=proto
                      • 151.101.2.137:443
                        https://js-agent.newrelic.com/nr-spa-1216.min.js
                        tls, http2
                        chrome.exe
                        2.0kB
                        27.3kB
                        19
                        29

                        HTTP Request

                        GET https://js-agent.newrelic.com/nr-spa-1216.min.js

                        HTTP Response

                        200
                      • 162.247.241.14:443
                        https://bam.nr-data.net/jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=125032&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry
                        tls, http
                        chrome.exe
                        9.2kB
                        7.7kB
                        25
                        27

                        HTTP Request

                        GET https://bam.nr-data.net/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=4651&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry&ap=80&be=2413&fe=4428&dc=3810&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1700072793242,%22n%22:0,%22f%22:1519,%22dn%22:1523,%22dne%22:1571,%22c%22:1571,%22s%22:1747,%22ce%22:1959,%22rq%22:1960,%22rp%22:2364,%22rpe%22:2423,%22dl%22:2385,%22di%22:3809,%22ds%22:3810,%22de%22:3844,%22dc%22:4428,%22l%22:4428,%22le%22:4430%7D,%22navigation%22:%7B%7D%7D&fp=3535&fcp=3537&jsonp=NREUM.setToken

                        HTTP Response

                        200

                        HTTP Request

                        POST https://bam.nr-data.net/events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=5037&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

                        HTTP Response

                        200

                        HTTP Request

                        POST https://bam.nr-data.net/events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=14657&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

                        HTTP Response

                        200

                        HTTP Request

                        POST https://bam.nr-data.net/jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=65029&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

                        HTTP Response

                        200

                        HTTP Request

                        POST https://bam.nr-data.net/events/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=74678&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

                        HTTP Response

                        200

                        HTTP Request

                        POST https://bam.nr-data.net/jserrors/1/02cdbc3b4e?a=568416701&v=1216.487a282&to=YVEAMktUWxAAUkVfWlgbLzB6GnANFUNIdVpYQBAJVVlQEU54X1JQTg%3D%3D&rst=125032&ck=1&ref=https://denotificationservices.portal.finalsiteconnect.com/Entry

                        HTTP Response

                        200
                      • 204.79.197.200:443
                        https://tse1.mm.bing.net/th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&w=1080&h=1920&c=4
                        tls, http2
                        101.8kB
                        3.0MB
                        2187
                        2179

                        HTTP Request

                        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301470_10T4S66MXCAC1M054&pid=21.2&w=1080&h=1920&c=4

                        HTTP Request

                        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300903_1I9D73EQ93UVAQQA3&pid=21.2&w=1920&h=1080&c=4

                        HTTP Response

                        200

                        HTTP Response

                        200

                        HTTP Request

                        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301037_1F4LYB5BP3D8EEGSO&pid=21.2&w=1920&h=1080&c=4

                        HTTP Request

                        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301336_1YOPPWPUT0SV8Y6UI&pid=21.2&w=1080&h=1920&c=4

                        HTTP Response

                        200

                        HTTP Response

                        200

                        HTTP Request

                        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301329_158N7EC87NQCHAYN7&pid=21.2&w=1920&h=1080&c=4

                        HTTP Response

                        200

                        HTTP Request

                        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301738_1X6L2VINPQJNWJA05&pid=21.2&w=1080&h=1920&c=4

                        HTTP Response

                        200
                      • 204.79.197.200:443
                        tse1.mm.bing.net
                        tls, http2
                        1.2kB
                        8.3kB
                        16
                        14
                      • 8.8.8.8:53
                        denotificationservices.bbcportal.com
                        dns
                        chrome.exe
                        82 B
                        181 B
                        1
                        1

                        DNS Request

                        denotificationservices.bbcportal.com

                        DNS Response

                        54.191.69.23
                        54.244.115.141

                      • 8.8.8.8:53
                        68.32.126.40.in-addr.arpa
                        dns
                        71 B
                        157 B
                        1
                        1

                        DNS Request

                        68.32.126.40.in-addr.arpa

                      • 8.8.8.8:53
                        106.208.58.216.in-addr.arpa
                        dns
                        73 B
                        143 B
                        1
                        1

                        DNS Request

                        106.208.58.216.in-addr.arpa

                      • 8.8.8.8:53
                        2.136.104.51.in-addr.arpa
                        dns
                        71 B
                        157 B
                        1
                        1

                        DNS Request

                        2.136.104.51.in-addr.arpa

                      • 8.8.8.8:53
                        23.69.191.54.in-addr.arpa
                        dns
                        71 B
                        133 B
                        1
                        1

                        DNS Request

                        23.69.191.54.in-addr.arpa

                      • 8.8.8.8:53
                        denotificationservices.portal.finalsiteconnect.com
                        dns
                        chrome.exe
                        96 B
                        195 B
                        1
                        1

                        DNS Request

                        denotificationservices.portal.finalsiteconnect.com

                        DNS Response

                        54.191.69.23
                        54.244.115.141

                      • 8.8.8.8:53
                        249.194.19.2.in-addr.arpa
                        dns
                        71 B
                        135 B
                        1
                        1

                        DNS Request

                        249.194.19.2.in-addr.arpa

                      • 8.8.8.8:53
                        198.52.96.20.in-addr.arpa
                        dns
                        71 B
                        157 B
                        1
                        1

                        DNS Request

                        198.52.96.20.in-addr.arpa

                      • 8.8.8.8:53
                        103.94.239.18.in-addr.arpa
                        dns
                        72 B
                        128 B
                        1
                        1

                        DNS Request

                        103.94.239.18.in-addr.arpa

                      • 8.8.8.8:53
                        serverapi.arcgisonline.com
                        dns
                        chrome.exe
                        72 B
                        165 B
                        1
                        1

                        DNS Request

                        serverapi.arcgisonline.com

                        DNS Response

                        52.21.75.95
                        52.86.130.216

                      • 8.8.8.8:53
                        198.1.85.104.in-addr.arpa
                        dns
                        71 B
                        135 B
                        1
                        1

                        DNS Request

                        198.1.85.104.in-addr.arpa

                      • 8.8.8.8:53
                        95.75.21.52.in-addr.arpa
                        dns
                        70 B
                        123 B
                        1
                        1

                        DNS Request

                        95.75.21.52.in-addr.arpa

                      • 8.8.8.8:53
                        content-autofill.googleapis.com
                        dns
                        chrome.exe
                        77 B
                        253 B
                        1
                        1

                        DNS Request

                        content-autofill.googleapis.com

                        DNS Response

                        142.251.36.42
                        172.217.168.234
                        142.250.179.170
                        142.250.179.202
                        142.251.36.10
                        142.251.39.106
                        172.217.168.202
                        172.217.23.202
                        216.58.208.106
                        216.58.214.10
                        142.250.179.138

                      • 8.8.8.8:53
                        js-agent.newrelic.com
                        dns
                        chrome.exe
                        67 B
                        168 B
                        1
                        1

                        DNS Request

                        js-agent.newrelic.com

                        DNS Response

                        151.101.2.137
                        151.101.66.137
                        151.101.130.137
                        151.101.194.137

                      • 8.8.8.8:53
                        bam.nr-data.net
                        dns
                        chrome.exe
                        61 B
                        145 B
                        1
                        1

                        DNS Request

                        bam.nr-data.net

                        DNS Response

                        162.247.241.14

                      • 8.8.8.8:53
                        42.36.251.142.in-addr.arpa
                        dns
                        72 B
                        111 B
                        1
                        1

                        DNS Request

                        42.36.251.142.in-addr.arpa

                      • 8.8.8.8:53
                        137.2.101.151.in-addr.arpa
                        dns
                        72 B
                        132 B
                        1
                        1

                        DNS Request

                        137.2.101.151.in-addr.arpa

                      • 8.8.8.8:53
                        226.21.18.104.in-addr.arpa
                        dns
                        72 B
                        134 B
                        1
                        1

                        DNS Request

                        226.21.18.104.in-addr.arpa

                      • 8.8.8.8:53
                        14.241.247.162.in-addr.arpa
                        dns
                        73 B
                        138 B
                        1
                        1

                        DNS Request

                        14.241.247.162.in-addr.arpa

                      • 8.8.8.8:53
                        26.35.223.20.in-addr.arpa
                        dns
                        71 B
                        157 B
                        1
                        1

                        DNS Request

                        26.35.223.20.in-addr.arpa

                      • 224.0.0.251:5353
                        chrome.exe
                        204 B
                        3
                      • 8.8.8.8:53
                        tse1.mm.bing.net
                        dns
                        62 B
                        173 B
                        1
                        1

                        DNS Request

                        tse1.mm.bing.net

                        DNS Response

                        204.79.197.200
                        13.107.21.200

                      • 8.8.8.8:53
                        200.197.79.204.in-addr.arpa
                        dns
                        73 B
                        106 B
                        1
                        1

                        DNS Request

                        200.197.79.204.in-addr.arpa

                      • 8.8.8.8:53
                        208.194.73.20.in-addr.arpa
                        dns
                        72 B
                        158 B
                        1
                        1

                        DNS Request

                        208.194.73.20.in-addr.arpa

                      • 8.8.8.8:53
                        183.59.114.20.in-addr.arpa
                        dns
                        72 B
                        158 B
                        1
                        1

                        DNS Request

                        183.59.114.20.in-addr.arpa

                      • 8.8.8.8:53
                        18.31.95.13.in-addr.arpa
                        dns
                        70 B
                        144 B
                        1
                        1

                        DNS Request

                        18.31.95.13.in-addr.arpa

                      • 8.8.8.8:53
                        126.178.238.8.in-addr.arpa
                        dns
                        72 B
                        126 B
                        1
                        1

                        DNS Request

                        126.178.238.8.in-addr.arpa

                      • 8.8.8.8:53
                        25.77.123.92.in-addr.arpa
                        dns
                        71 B
                        135 B
                        1
                        1

                        DNS Request

                        25.77.123.92.in-addr.arpa

                      • 8.8.8.8:53
                        14.227.111.52.in-addr.arpa
                        dns
                        72 B
                        158 B
                        1
                        1

                        DNS Request

                        14.227.111.52.in-addr.arpa

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\75d54c8a-82c1-4de1-97e9-ad51bfc4672f.tmp

                        Filesize

                        2B

                        MD5

                        99914b932bd37a50b983c5e7c90ae93b

                        SHA1

                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                        SHA256

                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                        SHA512

                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                        Filesize

                        216B

                        MD5

                        776b3aa9395ed89a32e8a4f6077573a6

                        SHA1

                        0be548b9dbdb4a7b9dbbbe8268d15358d51e9634

                        SHA256

                        7a725e2db5c7c6433d52a2bf8cb18ecd189cfffa54dda5a3a75dcd537bcfce25

                        SHA512

                        569658bc35eabd13bf3b638e9815260f799e953bdad43b8a5d5b96f5f330a141a55860a4eb03175d7a35773254c85fa5f7829ce093697295d49b87ea8055567a

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        1KB

                        MD5

                        ef520375d1cfdc63835d080c2f998869

                        SHA1

                        1160757038907166d4920121f144fff4a1c695ff

                        SHA256

                        a25d39fa9e1f05095d0a4c61bc9be337c2058e93a187029eab5d9a179d61d072

                        SHA512

                        e13b1a68ef15df45263063d840b14fcf836780eb79055995a3c5986d6f6dcb147d260a2449548540f87a92afc55852bb86e4232bdfb225e61301343153bdb2e0

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                        Filesize

                        2KB

                        MD5

                        8592af38ac6daacb5b84d6030b2ea462

                        SHA1

                        50614e7a0346a0c2a418ee45b2d181897f62b882

                        SHA256

                        e1bbf96cb42e384df902ac97d42e32e5cd9c561eee514ffde4f2525354b29f4a

                        SHA512

                        b4fff41290a4542362b0f37a47fdbe0fbf2f4c772643c0be8509b9ade54f8563d2ba955578aedbe3de69d5bfde0743986ee671de2884cb0d4905b19b09ddf62d

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                        Filesize

                        873B

                        MD5

                        75cae19bde598f19bef126b18e1b24ff

                        SHA1

                        e4d24faeba2d7ef9937bc62cd350d61163236647

                        SHA256

                        0fb107c9251ec7950547500fee8fc7d15e5040e3c27108283b38de0dc9721b8b

                        SHA512

                        be727a54712ca638967d290677db8551a2c8d98babcdd48b7db74506a6fa4e60ce1960316b3e69006726b0fef37d65c2b0c3df7a75e04402cb0ffa15e9766d7c

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        23c5d6502a3707ac9c9049eb4c34b2e4

                        SHA1

                        259f95f7466041c8385996901bf209801d9a558a

                        SHA256

                        ba248f6305f03eafeeef04c2b4371d3429b3e2b526b2089a3638ca4756e4a318

                        SHA512

                        cf632305ef158ddd68fe8bd2014c71be05098b8d5f8ca9aaffc8a998cc7c5d0e22bef35a8527c911d329fd91569363d2c5f3f8fd732d28c7e3e0700de6d14afb

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                        Filesize

                        6KB

                        MD5

                        9973803f00920ff5eec9132b49a4066b

                        SHA1

                        cd32d2b3526f6e7a05b564affa59326c5a9afe7d

                        SHA256

                        83b14c957880d1a67d3356534e2539b79c6c7b71902bc81a02b453031cb68508

                        SHA512

                        61909f3d35ec4bceb2486e8b4e247c58ec328052398ebd054ac669437b0f199b103b077f4338c25f21af5d59005769df4fecd8c428aa0fcecee0fe4ce1a9700e

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                        Filesize

                        214KB

                        MD5

                        8a1991a0d866d5cbf9377015904c0e4a

                        SHA1

                        20bedef7c16e0c2eff9659709dbbe64e4695360f

                        SHA256

                        76963696c59d7ecdda82c25238eb4959b58c60683128614c4c998c2a271bd62d

                        SHA512

                        ec8fc01cdfb0a44ccc19dcf23f97cefedc4c41961f221d07f7536ac528fb4f7e6527d3cb6945d985518772361cccdccc5cd2b59ad0c6192a27fa0867dc56dbe7

                      We care about your privacy.

                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.