Edit tour

Windows Analysis Report
https://u43352250.ct.sendgrid.net/ls/click?upn=u001.2TkyzlsQCUugGXuDl-2F-2FHUvoM2ETHNpRvqhUsgZ-2FkMBtQax4rppmJj4bCIHTqvH0YHRnRsXf8CGGu4YpLTNZpZ76bC1bPYcH-2Fs7lPN4w9U413Pp7cIHNkwBCX6uL3j2eBHwg-2BebWrg1KUa82t5ZICcmYo0WQM2kZFkD7HpWk75aUnWOlObXQnYMQDVVFJBSIyJTz-2FcgyQYpE1U8MTbTj4og-3D-3DqsOa_iRxCSnIo8RQ

Overview

General Information

Sample URL:	https://u43352250.ct.sendgrid.net/ls/click?upn=u001.2TkyzlsQCUugGXuDl-2F-2FHUvoM2ETHNpRvqhUsgZ-2FkMBtQax4rppmJj4bCIHTqvH0YHRnRsXf8CGGu4YpLTNZpZ76bC1bPYcH-2Fs7lPN4w9U413Pp7cIHNkwBCX6uL3j2eBHwg-2BebWrg1
Analysis ID:	1417268
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5932 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2056,i,14718616948296286658,1544279549036497326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u43352250.ct.sendgrid.net/ls/click?upn=u001.2TkyzlsQCUugGXuDl-2F-2FHUvoM2ETHNpRvqhUsgZ-2FkMBtQax4rppmJj4bCIHTqvH0YHRnRsXf8CGGu4YpLTNZpZ76bC1bPYcH-2Fs7lPN4w9U413Pp7cIHNkwBCX6uL3j2eBHwg-2BebWrg1KUa82t5ZICcmYo0WQM2kZFkD7HpWk75aUnWOlObXQnYMQDVVFJBSIyJTz-2FcgyQYpE1U8MTbTj4og-3D-3DqsOa_iRxCSnIo8RQB7YNudZaC4Ihhi4-2FeFgLLl2lTQIvavZl96L2C56utm-2Bw7ouDj9FEttxzNo52FQOke1iBijoQooSyWq-2FRY6V54aNK82S-2Bkuf-2BN5nHiy67Pr8M73AscSF4EoUq-2BIyu-2B-2F2VMHADSvnRqwUV3Wv5sOhaz4r56562Hs-2F-2FpAGvb5tdJEMLjsqfOaqTe81fKRLd3TCw-2FD9bJpyEXSA-3D-3D" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834daca	HTTP Parser: No favicon
Source: https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834daca	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.40
Source: unknown	TCP traffic detected without corresponding DNS query: 162.222.105.40
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.2TkyzlsQCUugGXuDl-2F-2FHUvoM2ETHNpRvqhUsgZ-2FkMBtQax4rppmJj4bCIHTqvH0YHRnRsXf8CGGu4YpLTNZpZ76bC1bPYcH-2Fs7lPN4w9U413Pp7cIHNkwBCX6uL3j2eBHwg-2BebWrg1KUa82t5ZICcmYo0WQM2kZFkD7HpWk75aUnWOlObXQnYMQDVVFJBSIyJTz-2FcgyQYpE1U8MTbTj4og-3D-3DqsOa_iRxCSnIo8RQB7YNudZaC4Ihhi4-2FeFgLLl2lTQIvavZl96L2C56utm-2Bw7ouDj9FEttxzNo52FQOke1iBijoQooSyWq-2FRY6V54aNK82S-2Bkuf-2BN5nHiy67Pr8M73AscSF4EoUq-2BIyu-2B-2F2VMHADSvnRqwUV3Wv5sOhaz4r56562Hs-2F-2FpAGvb5tdJEMLjsqfOaqTe81fKRLd3TCw-2FD9bJpyEXSA-3D-3D HTTP/1.1Host: u43352250.ct.sendgrid.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834daca HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usa/FormLoader/FormLoader.bundle.js HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://assets-usa.mkt.dynamics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://assets-usa.mkt.dynamics.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://assets-usa.mkt.dynamics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/forms/1c65701d-0ded-ee11-a1ff-00224834daca HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/plainsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834dacaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834dacaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/forms/1c65701d-0ded-ee11-a1ff-00224834daca HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /api/v1.0/orgs/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/landingpageforms/forms/1c65701d-0ded-ee11-a1ff-00224834daca/visits HTTP/1.1Host: public-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: u43352250.ct.sendgrid.net

Source: unknown

HTTP traffic detected: POST /api/v1.0/orgs/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/landingpageforms/forms/1c65701d-0ded-ee11-a1ff-00224834daca/visits HTTP/1.1Host: public-usa.mkt.dynamics.comConnection: keep-aliveContent-Length: 153sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://assets-usa.mkt.dynamics.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 19:29:46 GMTContent-Type: text/htmlContent-Length: 548Connection: closeStrict-Transport-Security: max-age=2592000; preloadx-azure-ref: 20240328T192946Z-va93t229q121v133m8ee9hqat800000001m000000000w206x-fd-int-roxy-purgeid: 67853739X-Cache: TCP_MISS
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 28 Mar 2024 19:29:48 GMTContent-Length: 0Connection: closex-ms-trace-id: 8d8f20fa44fb0145dd94e8b6423696f1Strict-Transport-Security: max-age=2592000; preload

Source: chromecache_50.2.dr, chromecache_46.2.dr	String found in binary or memory: https://96f1a48d.8dbf5d03b92582d2caf4ee06.workers.dev
Source: chromecache_49.2.dr	String found in binary or memory: https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/forms/1c65701
Source: chromecache_49.2.dr	String found in binary or memory: https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js
Source: chromecache_49.2.dr	String found in binary or memory: https://public-usa.mkt.dynamics.com/api/v1.0/orgs/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/landingpagefo

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/12@12/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2056,i,14718616948296286658,1544279549036497326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u43352250.ct.sendgrid.net/ls/click?upn=u001.2TkyzlsQCUugGXuDl-2F-2FHUvoM2ETHNpRvqhUsgZ-2FkMBtQax4rppmJj4bCIHTqvH0YHRnRsXf8CGGu4YpLTNZpZ76bC1bPYcH-2Fs7lPN4w9U413Pp7cIHNkwBCX6uL3j2eBHwg-2BebWrg1KUa82t5ZICcmYo0WQM2kZFkD7HpWk75aUnWOlObXQnYMQDVVFJBSIyJTz-2FcgyQYpE1U8MTbTj4og-3D-3DqsOa_iRxCSnIo8RQB7YNudZaC4Ihhi4-2FeFgLLl2lTQIvavZl96L2C56utm-2Bw7ouDj9FEttxzNo52FQOke1iBijoQooSyWq-2FRY6V54aNK82S-2Bkuf-2BN5nHiy67Pr8M73AscSF4EoUq-2BIyu-2B-2F2VMHADSvnRqwUV3Wv5sOhaz4r56562Hs-2F-2FpAGvb5tdJEMLjsqfOaqTe81fKRLd3TCw-2FD9bJpyEXSA-3D-3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2056,i,14718616948296286658,1544279549036497326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://u43352250.ct.sendgrid.net/ls/click?upn=u001.2TkyzlsQCUugGXuDl-2F-2FHUvoM2ETHNpRvqhUsgZ-2FkMBtQax4rppmJj4bCIHTqvH0YHRnRsXf8CGGu4YpLTNZpZ76bC1bPYcH-2Fs7lPN4w9U413Pp7cIHNkwBCX6uL3j2eBHwg-2BebWrg1KUa82t5ZICcmYo0WQM2kZFkD7HpWk75aUnWOlObXQnYMQDVVFJBSIyJTz-2FcgyQYpE1U8MTbTj4og-3D-3DqsOa_iRxCSnIo8RQB7YNudZaC4Ihhi4-2FeFgLLl2lTQIvavZl96L2C56utm-2Bw7ouDj9FEttxzNo52FQOke1iBijoQooSyWq-2FRY6V54aNK82S-2Bkuf-2BN5nHiy67Pr8M73AscSF4EoUq-2BIyu-2B-2F2VMHADSvnRqwUV3Wv5sOhaz4r56562Hs-2F-2FpAGvb5tdJEMLjsqfOaqTe81fKRLd3TCw-2FD9bJpyEXSA-3D-3D	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://96f1a48d.8dbf5d03b92582d2caf4ee06.workers.dev	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
u43352250.ct.sendgrid.net	167.89.123.147	true	false	high
www.google.com	172.253.122.103	true	false	high
prdia888eus0aks.mkt.dynamics.com	52.146.76.30	true	false	high
part-0012.t-0009.t-msedge.net	13.107.213.40	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
public-usa.mkt.dynamics.com	unknown	unknown	false	high
assets-usa.mkt.dynamics.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://u43352250.ct.sendgrid.net/ls/click?upn=u001.2TkyzlsQCUugGXuDl-2F-2FHUvoM2ETHNpRvqhUsgZ-2FkMBtQax4rppmJj4bCIHTqvH0YHRnRsXf8CGGu4YpLTNZpZ76bC1bPYcH-2Fs7lPN4w9U413Pp7cIHNkwBCX6uL3j2eBHwg-2BebWrg1KUa82t5ZICcmYo0WQM2kZFkD7HpWk75aUnWOlObXQnYMQDVVFJBSIyJTz-2FcgyQYpE1U8MTbTj4og-3D-3DqsOa_iRxCSnIo8RQB7YNudZaC4Ihhi4-2FeFgLLl2lTQIvavZl96L2C56utm-2Bw7ouDj9FEttxzNo52FQOke1iBijoQooSyWq-2FRY6V54aNK82S-2Bkuf-2BN5nHiy67Pr8M73AscSF4EoUq-2BIyu-2B-2F2VMHADSvnRqwUV3Wv5sOhaz4r56562Hs-2F-2FpAGvb5tdJEMLjsqfOaqTe81fKRLd3TCw-2FD9bJpyEXSA-3D-3D	false	high
https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/forms/1c65701d-0ded-ee11-a1ff-00224834daca	false	high
https://assets-usa.mkt.dynamics.com/favicon.ico	false	high
https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834daca	false	high
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/landingpageforms/forms/1c65701d-0ded-ee11-a1ff-00224834daca/visits	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/forms/1c65701	chromecache_49.2.dr	false		high
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/landingpagefo	chromecache_49.2.dr	false		high
https://96f1a48d.8dbf5d03b92582d2caf4ee06.workers.dev	chromecache_50.2.dr, chromecache_46.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
167.89.123.147	u43352250.ct.sendgrid.net	United States	11377	SENDGRIDUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.107.213.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.146.76.30	prdia888eus0aks.mkt.dynamics.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.253.122.103	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417268
Start date and time:	2024-03-28 20:28:54 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://u43352250.ct.sendgrid.net/ls/click?upn=u001.2TkyzlsQCUugGXuDl-2F-2FHUvoM2ETHNpRvqhUsgZ-2FkMBtQax4rppmJj4bCIHTqvH0YHRnRsXf8CGGu4YpLTNZpZ76bC1bPYcH-2Fs7lPN4w9U413Pp7cIHNkwBCX6uL3j2eBHwg-2BebWrg1KUa82t5ZICcmYo0WQM2kZFkD7HpWk75aUnWOlObXQnYMQDVVFJBSIyJTz-2FcgyQYpE1U8MTbTj4og-3D-3DqsOa_iRxCSnIo8RQB7YNudZaC4Ihhi4-2FeFgLLl2lTQIvavZl96L2C56utm-2Bw7ouDj9FEttxzNo52FQOke1iBijoQooSyWq-2FRY6V54aNK82S-2Bkuf-2BN5nHiy67Pr8M73AscSF4EoUq-2BIyu-2B-2F2VMHADSvnRqwUV3Wv5sOhaz4r56562Hs-2F-2FpAGvb5tdJEMLjsqfOaqTe81fKRLd3TCw-2FD9bJpyEXSA-3D-3D
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/12@12/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.167.94, 142.251.163.139, 142.251.163.101, 142.251.163.102, 142.251.163.113, 142.251.163.138, 142.251.163.100, 172.253.115.84, 34.104.35.123, 13.85.23.86, 23.207.202.61, 23.207.202.72, 23.207.202.48, 23.207.202.78, 23.207.202.75, 23.207.202.80, 23.207.202.73, 23.207.202.71, 23.207.202.46, 192.229.211.108, 20.242.39.171, 13.95.31.18, 142.251.16.94
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, assets-mkt-usa.azureedge.net, clientservices.googleapis.com, a767.dspw65.akamai.net, cxppusa1im4t7x7z5iubq.trafficmanager.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, assets-mkt-usa.afd.azureedge.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, azureedge-t-prod.trafficmanager.net, cxppusa1formui01cdnsa01-endpoint.azureedge.net, clients.l.google.com, cxppusa1formui01cdnsa01-endpoint.afd.azureedge.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://u43352250.ct.sendgrid.net/ls/click?upn=u001.2TkyzlsQCUugGXuDl-2F-2FHUvoM2ETHNpRvqhUsgZ-2FkMBtQax4rppmJj4bCIHTqvH0YHRnRsXf8CGGu4YpLTNZpZ76bC1bPYcH-2Fs7lPN4w9U413Pp7cIHNkwBCX6uL3j2eBHwg-2BebWrg1KUa82t5ZICcmYo0WQM2kZFkD7HpWk75aUnWOlObXQnYMQDVVFJBSIyJTz-2FcgyQYpE1U8MTbTj4og-3D-3DqsOa_iRxCSnIo8RQB7YNudZaC4Ihhi4-2FeFgLLl2lTQIvavZl96L2C56utm-2Bw7ouDj9FEttxzNo52FQOke1iBijoQooSyWq-2FRY6V54aNK82S-2Bkuf-2BN5nHiy67Pr8M73AscSF4EoUq-2BIyu-2B-2F2VMHADSvnRqwUV3Wv5sOhaz4r56562Hs-2F-2FpAGvb5tdJEMLjsqfOaqTe81fKRLd3TCw-2FD9bJpyEXSA-3D-3D

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1304
Entropy (8bit):	4.68425644587903
Encrypted:	false
SSDEEP:	24:mioTJODICcnv8cKoexKc846vgBie9ZY8mlvOq8RvLNHVENggeGg:micaIPU7oeoc8xYBfmlgRjNOen
MD5:	DBAC2EBFBE18E8C7CF3830AF4C420E77
SHA1:	78ADD1C663DD8B4AD6BBF89E48376015EA08A85A
SHA-256:	491377DB69C365D489C88BD4AC641D341B52E6A70B034390A5FC3D161268BCA5
SHA-512:	7DBFFD0FB6EC417AB7481919357D20D78224C9B97D180B603CFCD8F8808EA8FD54A4D15103178C15A985C563BE80CBBB6391E58D06C42F1062DF0948E79F7880
Malicious:	false
Reputation:	low
Preview:	{.. "FormFailedToLoad": "Failed to load form",.. "FormFailedToLoadCors": "The form can not be loaded on a domain that hasn't been allowed for external form hosting or there is a network connectivity issue",.. "LearnMore": "Learn more",.. "FormSubmitted": "Form submitted",.. "FormSubmitError": "Error submitting the form",.. "Reload": "Reload",.. "LookupLoading": "loading...",.. "LookupGenericError": "There was a problem retrieving items. Try again later.",.. "ValidationRequiredField": "This field is required",.. "EventFailedToLoad": "Failed to load event.",.. "EventAtCapacity": "This event is no longer accepting registrations.",.. "EventNotLive": "We are still setting up this event. Please check again in some time or contact the event organizer ",.. "SubmissionErrorEventNotLive": "Registrations for this event have been closed. We look forward to seeing you at our next event.",.. "SubmissionErrorEventCapacityIsFull": "Registrations for this event have been closed. We.re a

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1048)
Category:	dropped
Size (bytes):	29376
Entropy (8bit):	4.42646110832627
Encrypted:	false
SSDEEP:	192:lHVYB4GEwZT1TpSGCeRH8u/Lj7Ma9xPcjBsvLNrqbVb+6JknFjlirg1qaR3H0ZPA:Y4V4iCqaRX8o8oU7M
MD5:	3730C9713D2C1934BA3F5D1D8839DDC7
SHA1:	E2583A832025B85197F639FF874A6D4E22924BD6
SHA-256:	208F2799AB8029EDC0A9768B60D71DD9B8029A34587CBCA96BBAB5D57CD5544B
SHA-512:	C8A2F11BCA78F4D3709C7EFB8AFACCC7E33D48E58EFC7597534AC1F1ABC2EFD68B210E64B8107B2D63952C54CBE4FF48B3CAF7AC3C24587C2804AC91A874B965
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html><html><head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Marketing Form</title>. <meta name="referrer" content="never">. <meta type="xrm/designer/setting" name="type" value="marketing-designer-content-editor-document">. <meta type="xrm/designer/setting" name="layout-editable" value="marketing-designer-layout-editable">. <style>. .editor-control-layout html {. box-sizing: border-box;. background-color: #fff;. }. .editor-control-layout ,. .editor-control-layout :before,. .editor-control-layout *:after {. box-sizing: inherit;. }.. .marketingForm h1 {. color: #000;. margin: 0px;. padding: 0px;. width: 100%;. font-family: "Segoe

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	548
Entropy (8bit):	4.688532577858027
Encrypted:	false
SSDEEP:	12:TjeRHVIdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH68DTPTPTPTPTPTc
MD5:	370E16C3B7DBA286CFF055F93B9A94D8
SHA1:	65F3537C3C798F7DA146C55AEF536F7B5D0CB943
SHA-256:	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
SHA-512:	75CD6A0AC7D6081D35140ABBEA018D1A2608DD936E2E21F61BF69E063F6FA16DD31C62392F5703D7A7C828EE3D4ECC838E73BFF029A98CED8986ACB5C8364966
Malicious:	false
Reputation:	low
URL:	https://assets-usa.mkt.dynamics.com/favicon.ico
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	1304
Entropy (8bit):	4.68425644587903
Encrypted:	false
SSDEEP:	24:mioTJODICcnv8cKoexKc846vgBie9ZY8mlvOq8RvLNHVENggeGg:micaIPU7oeoc8xYBfmlgRjNOen
MD5:	DBAC2EBFBE18E8C7CF3830AF4C420E77
SHA1:	78ADD1C663DD8B4AD6BBF89E48376015EA08A85A
SHA-256:	491377DB69C365D489C88BD4AC641D341B52E6A70B034390A5FC3D161268BCA5
SHA-512:	7DBFFD0FB6EC417AB7481919357D20D78224C9B97D180B603CFCD8F8808EA8FD54A4D15103178C15A985C563BE80CBBB6391E58D06C42F1062DF0948E79F7880
Malicious:	false
Reputation:	low
URL:	https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/public/locales/en-us/translation.json
Preview:	{.. "FormFailedToLoad": "Failed to load form",.. "FormFailedToLoadCors": "The form can not be loaded on a domain that hasn't been allowed for external form hosting or there is a network connectivity issue",.. "LearnMore": "Learn more",.. "FormSubmitted": "Form submitted",.. "FormSubmitError": "Error submitting the form",.. "Reload": "Reload",.. "LookupLoading": "loading...",.. "LookupGenericError": "There was a problem retrieving items. Try again later.",.. "ValidationRequiredField": "This field is required",.. "EventFailedToLoad": "Failed to load event.",.. "EventAtCapacity": "This event is no longer accepting registrations.",.. "EventNotLive": "We are still setting up this event. Please check again in some time or contact the event organizer ",.. "SubmissionErrorEventNotLive": "Registrations for this event have been closed. We look forward to seeing you at our next event.",.. "SubmissionErrorEventCapacityIsFull": "Registrations for this event have been closed. We.re a

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	491
Entropy (8bit):	4.991879439331024
Encrypted:	false
SSDEEP:	12:s8CU8//qvSnBliDoi2CvBlybhh6BAdexMAdb:e/ivqliDopCZlyIAdexbb
MD5:	0C29EEBCC3884ADF837E2593C78800E0
SHA1:	15A26F82F54C6B05A046976D437C788FFBE1DE6A
SHA-256:	E32C5AABB6FBCCB07F5588423020470F6E756E1B92A4C4DA1ED9700155216EFB
SHA-512:	7EA1028073C07938019B979097DA34EAAA23CE3239F21D12856B1CD98B443C756DC512ACF9D4A53F7A74D677086D83871215DDA1033DFEF38134EF209E8B06BB
Malicious:	false
Reputation:	low
URL:	https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834daca
Preview:	<div. data-form-id='1c65701d-0ded-ee11-a1ff-00224834daca'. data-form-api-url='https://public-usa.mkt.dynamics.com/api/v1.0/orgs/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/landingpageforms'. data-cached-form-url='https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/forms/1c65701d-0ded-ee11-a1ff-00224834daca' ></div>. <script src = 'https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js' ></script>

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1048)
Category:	downloaded
Size (bytes):	29376
Entropy (8bit):	4.42646110832627
Encrypted:	false
SSDEEP:	192:lHVYB4GEwZT1TpSGCeRH8u/Lj7Ma9xPcjBsvLNrqbVb+6JknFjlirg1qaR3H0ZPA:Y4V4iCqaRX8o8oU7M
MD5:	3730C9713D2C1934BA3F5D1D8839DDC7
SHA1:	E2583A832025B85197F639FF874A6D4E22924BD6
SHA-256:	208F2799AB8029EDC0A9768B60D71DD9B8029A34587CBCA96BBAB5D57CD5544B
SHA-512:	C8A2F11BCA78F4D3709C7EFB8AFACCC7E33D48E58EFC7597534AC1F1ABC2EFD68B210E64B8107B2D63952C54CBE4FF48B3CAF7AC3C24587C2804AC91A874B965
Malicious:	false
Reputation:	low
URL:	https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/forms/1c65701d-0ded-ee11-a1ff-00224834daca
Preview:	<!DOCTYPE html><html><head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Marketing Form</title>. <meta name="referrer" content="never">. <meta type="xrm/designer/setting" name="type" value="marketing-designer-content-editor-document">. <meta type="xrm/designer/setting" name="layout-editable" value="marketing-designer-layout-editable">. <style>. .editor-control-layout html {. box-sizing: border-box;. background-color: #fff;. }. .editor-control-layout ,. .editor-control-layout :before,. .editor-control-layout *:after {. box-sizing: inherit;. }.. .marketingForm h1 {. color: #000;. margin: 0px;. padding: 0px;. width: 100%;. font-family: "Segoe

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65461)
Category:	downloaded
Size (bytes):	711081
Entropy (8bit):	5.444336573525724
Encrypted:	false
SSDEEP:	3072:Ns0tPO7ZVKF61InSjikH0Gu0r2ee6PnBdHQdU1HECHttsMkO3bBqMG/+9coZukG6:N7tPOCWPQdUzCO3bBL9jZVGiMRlRhxkR
MD5:	FDC2BE4EB54FF521EB5F6CA57AEDAE03
SHA1:	580FEFB1274BB5A21E34DC206D3F042512CA2EDC
SHA-256:	36C366BC39F4B2EB17CC2EAC87B9B94199CB4DFC0FF9F3D8A2F4C2EADE1BB9C3
SHA-512:	42939CBF474C6593774F5B5FF13A5E9FCDDE7CAAE05229CBE9804C1368337B892EB3ED96CA85133A34AC0551696B4995EA203773B474BF31E50780BF9BDD53C2
Malicious:	false
Reputation:	low
URL:	https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js
Preview:	/! For license information please see FormLoader.bundle.js.LICENSE.txt /.var d365mktforms;(()=>{var e,t,n={317:function(e,t){var n="undefined"!=typeof self?self:this,r=function(){function e(){this.fetch=!1,this.DOMException=n.DOMException}return e.prototype=n,new e}();!function(e){!function(t){var n="URLSearchParams"in e,r="Symbol"in e&&"iterator"in Symbol,i="FileReader"in e&&"Blob"in e&&function(){try{return new Blob,!0}catch(e){return!1}}(),a="FormData"in e,o="ArrayBuffer"in e;if(o)var s=["[object Int8Array]","[object Uint8Array]","[object Uint8ClampedArray]","[object Int16Array]","[object Uint16Array]","[object Int32Array]","[object Uint32Array]","[object Float32Array]","[object Float64Array]"],u=ArrayBuffer.isView\|\|function(e){return e&&s.indexOf(Object.prototype.toString.call(e))>-1};function c(e){if("string"!=typeof e&&(e=String(e)),/[^a-z0-9\-#$%&'*+.^_`\|~]/i.test(e))throw new TypeError("Invalid character in header field name");return e.toLowerCase()}function l(e){return"strin

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 28, 2024 20:29:36.593413115 CET	49678	443	192.168.2.4	104.46.162.224
Mar 28, 2024 20:29:37.405955076 CET	49675	443	192.168.2.4	173.222.162.32
Mar 28, 2024 20:29:43.332798004 CET	49734	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.332854986 CET	443	49734	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.332926989 CET	49734	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.333179951 CET	49735	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.333228111 CET	443	49735	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.333357096 CET	49734	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.333372116 CET	443	49734	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.333380938 CET	49735	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.333600998 CET	49735	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.333615065 CET	443	49735	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.692868948 CET	443	49734	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.693257093 CET	49734	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.693279028 CET	443	49734	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.694535971 CET	443	49735	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.694720984 CET	49735	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.694736958 CET	443	49735	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.694802046 CET	443	49734	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.694873095 CET	49734	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.695763111 CET	443	49735	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.695825100 CET	49735	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.695925951 CET	49734	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.695988894 CET	443	49734	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.696465015 CET	49734	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.696471930 CET	443	49734	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.696827888 CET	49735	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.696888924 CET	443	49735	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.746103048 CET	49734	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.761212111 CET	49735	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.761219978 CET	443	49735	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.808473110 CET	443	49734	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.808537006 CET	443	49734	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.808664083 CET	49734	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.808983088 CET	49734	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:43.808996916 CET	443	49734	167.89.123.147	192.168.2.4
Mar 28, 2024 20:29:43.917293072 CET	49736	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:43.917309999 CET	443	49736	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:43.917390108 CET	49736	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:43.917572975 CET	49736	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:43.917586088 CET	443	49736	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:43.954493046 CET	49735	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:29:44.226286888 CET	443	49736	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:44.226557970 CET	49736	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:44.226571083 CET	443	49736	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:44.227590084 CET	443	49736	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:44.227699995 CET	49736	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:44.228790998 CET	49736	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:44.228857040 CET	443	49736	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:44.228974104 CET	49736	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:44.228982925 CET	443	49736	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:44.281212091 CET	49736	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:44.567296028 CET	443	49736	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:44.567593098 CET	443	49736	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:44.567653894 CET	49736	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:44.568017960 CET	49736	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:44.568028927 CET	443	49736	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:44.726532936 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:44.726588964 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:44.726643085 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:44.726928949 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:44.726943016 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.036190033 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.036607027 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.036632061 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.037656069 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.037718058 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.039145947 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.039208889 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.039423943 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.039431095 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.091464043 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.335742950 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.335777998 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.335787058 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.335814953 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.335829973 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.335840940 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.335983038 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.335983038 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.336003065 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.336013079 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.336040020 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.336065054 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.336095095 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.435087919 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.435105085 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.435169935 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.435178041 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.435218096 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.435722113 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.435735941 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.435786963 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.435794115 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.435827017 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.441360950 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.441375017 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.441447020 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.441453934 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.441493034 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.533828020 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.533844948 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.533984900 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.533993959 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.534037113 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.534226894 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.534240961 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.534286976 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.534292936 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.534332991 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.535001040 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.535016060 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.535070896 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.535077095 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.535113096 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.535415888 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.535429955 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.535484076 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.535490990 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.535530090 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.535739899 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.535753012 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.535798073 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.535804033 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.535839081 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.540672064 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.540685892 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.540756941 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.540762901 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.540805101 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.574923992 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.574938059 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.575109005 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.575115919 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.575160980 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.633161068 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.633183956 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.633251905 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.633261919 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.633305073 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.633331060 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.633338928 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.633338928 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.633343935 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.633385897 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.633855104 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.633869886 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.633913040 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.633919001 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.633958101 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.634166002 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.634181023 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.634227037 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.634232044 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.634272099 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.634462118 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.634479046 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.634514093 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.634519100 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.634550095 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.634562016 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.634845972 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.634865999 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.634897947 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.634902954 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.634932041 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.634949923 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.635193110 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.635209084 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.635265112 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.635271072 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.635324001 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.635602951 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.635617971 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.635674953 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.635680914 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.635720015 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.635941982 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.635955095 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.635994911 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.635999918 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.636033058 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.636051893 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.637738943 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.639355898 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.639369965 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.639425993 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.639432907 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.639467955 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.639966965 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.639986992 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.640013933 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.640018940 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.640048027 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.640068054 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.673908949 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.673924923 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.673974037 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.673985958 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.674025059 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.674519062 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.674534082 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.674571037 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.674576998 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.674603939 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.674616098 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.674849033 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.674861908 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.674891949 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.674896955 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.674921989 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.674937963 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.733247042 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.733261108 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.733335018 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.733335018 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.733344078 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.733378887 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.733649015 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.733664036 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.733700037 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.733705997 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.733752012 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.734404087 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.734419107 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.734460115 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.734466076 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.734509945 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.734822989 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.734843969 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.734888077 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.734894037 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.734936953 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.735169888 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.735183954 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.735217094 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.735223055 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.735260010 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.735272884 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.735688925 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.735702038 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.735733986 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.735738993 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.735775948 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.735800982 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.736020088 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.736043930 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.736082077 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.736087084 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.736097097 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.736121893 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.736407042 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.736422062 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.736454010 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.736459017 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.736501932 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.736818075 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.736833096 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.736871958 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.736879110 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.736912012 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.737179995 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.737199068 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.737224102 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.737226963 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.737267971 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.737517118 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.737565041 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.737575054 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.737580061 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.737615108 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.737864017 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.737878084 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.737920046 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.737926006 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.737958908 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.738197088 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.738209963 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.738245964 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.738250971 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.738291979 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.738585949 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.738600016 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.738631964 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.738636971 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.738668919 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.738682985 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.739171028 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.739212990 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.739252090 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.739257097 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.739284992 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.739299059 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.739408970 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.739427090 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.739449978 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.739454031 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.739509106 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.739711046 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.739723921 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.739754915 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.739759922 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.739779949 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.739795923 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.739801884 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.739844084 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.739850044 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.739881039 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.739893913 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.739928007 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.746742964 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.765898943 CET	49739	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.765911102 CET	443	49739	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.916445971 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:45.916485071 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:45.916534901 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:45.917138100 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:45.917151928 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:45.922648907 CET	49741	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.922683954 CET	443	49741	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:45.922755003 CET	49741	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.923114061 CET	49741	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:45.923126936 CET	443	49741	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.232475042 CET	443	49741	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.233038902 CET	49741	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.233050108 CET	443	49741	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.234477043 CET	443	49741	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.234532118 CET	49741	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.234596968 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.234985113 CET	49741	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.235043049 CET	443	49741	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.235198021 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.235219002 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.235367060 CET	49741	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.235373020 CET	443	49741	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.235637903 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.236097097 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.236176014 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.236249924 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.275124073 CET	49741	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.284240007 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.290677071 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.463596106 CET	443	49741	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.463805914 CET	443	49741	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.463857889 CET	49741	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.476721048 CET	49742	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.476773977 CET	443	49742	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.476831913 CET	49742	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.477494955 CET	49742	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.477509975 CET	443	49742	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.480684996 CET	49741	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.480694056 CET	443	49741	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.516484976 CET	49743	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:29:46.516510010 CET	443	49743	172.253.122.103	192.168.2.4
Mar 28, 2024 20:29:46.516573906 CET	49743	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:29:46.516927958 CET	49743	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:29:46.516941071 CET	443	49743	172.253.122.103	192.168.2.4
Mar 28, 2024 20:29:46.628823042 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.628851891 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.628859043 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.628895044 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.628916979 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.628925085 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.628940105 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.628959894 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.628988028 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.629239082 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.629268885 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.629280090 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.629288912 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.629319906 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.629319906 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.629334927 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.629374981 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.632333994 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.635512114 CET	49744	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.635550976 CET	443	49744	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.635632992 CET	49744	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.636681080 CET	49744	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.636692047 CET	443	49744	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.640626907 CET	49740	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.640646935 CET	443	49740	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.750283957 CET	443	49743	172.253.122.103	192.168.2.4
Mar 28, 2024 20:29:46.753882885 CET	49743	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:29:46.753910065 CET	443	49743	172.253.122.103	192.168.2.4
Mar 28, 2024 20:29:46.754889965 CET	443	49743	172.253.122.103	192.168.2.4
Mar 28, 2024 20:29:46.754997969 CET	49743	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:29:46.760674000 CET	49743	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:29:46.760751009 CET	443	49743	172.253.122.103	192.168.2.4
Mar 28, 2024 20:29:46.772675037 CET	49745	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:46.772697926 CET	443	49745	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:46.776772022 CET	49745	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:46.780006886 CET	49745	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:46.780019045 CET	443	49745	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:46.803531885 CET	443	49742	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.808676958 CET	49742	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.808697939 CET	443	49742	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.809046984 CET	443	49742	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.812697887 CET	49743	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:29:46.812736034 CET	443	49743	172.253.122.103	192.168.2.4
Mar 28, 2024 20:29:46.822988987 CET	49742	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.823056936 CET	443	49742	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.844683886 CET	49742	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:46.860685110 CET	49743	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:29:46.871993065 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.872013092 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.872158051 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.876075983 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.876087904 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.888240099 CET	443	49742	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.941631079 CET	443	49744	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.944962025 CET	49744	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.944984913 CET	443	49744	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.946149111 CET	443	49744	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.946242094 CET	49744	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.967582941 CET	49744	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.967689037 CET	443	49744	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.968266964 CET	49744	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:46.968291044 CET	443	49744	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:46.994705915 CET	443	49742	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.994911909 CET	443	49742	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:46.996948957 CET	49742	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:47.006522894 CET	49742	443	192.168.2.4	13.107.213.40
Mar 28, 2024 20:29:47.006540060 CET	443	49742	13.107.213.40	192.168.2.4
Mar 28, 2024 20:29:47.013972044 CET	49675	443	192.168.2.4	173.222.162.32
Mar 28, 2024 20:29:47.014111996 CET	49744	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.098499060 CET	443	49745	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.099428892 CET	49745	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.099442959 CET	443	49745	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.100507975 CET	443	49745	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.100676060 CET	49745	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.102323055 CET	49745	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.102385998 CET	443	49745	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.104677916 CET	49745	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.141645908 CET	443	49744	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.141938925 CET	443	49744	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.144907951 CET	49744	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.148238897 CET	443	49745	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.148277044 CET	49744	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.148292065 CET	443	49744	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.154596090 CET	49745	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.154606104 CET	443	49745	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.178412914 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.200675964 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.200692892 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.201467991 CET	49745	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.201757908 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.201961994 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.202661037 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.202723026 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.202933073 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.248245955 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.248414993 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.248423100 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.295223951 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.347690105 CET	443	49745	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.356194019 CET	49745	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.356273890 CET	443	49745	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.356457949 CET	49745	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.364322901 CET	49747	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.364339113 CET	443	49747	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.364753008 CET	49747	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.368680954 CET	49747	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.368693113 CET	443	49747	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.450223923 CET	49748	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:47.450253010 CET	443	49748	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:47.450438976 CET	49748	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:47.451986074 CET	49748	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:47.451998949 CET	443	49748	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:47.481261969 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.481286049 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.481296062 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.481308937 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.481314898 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.481317997 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.481340885 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.481360912 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.481389999 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.481476068 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.481786966 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.481794119 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.481822014 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.481851101 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.481852055 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.481882095 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.481960058 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.482357025 CET	49746	443	192.168.2.4	13.107.246.40
Mar 28, 2024 20:29:47.482367992 CET	443	49746	13.107.246.40	192.168.2.4
Mar 28, 2024 20:29:47.663996935 CET	443	49748	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:47.664071083 CET	49748	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:47.666879892 CET	49748	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:47.666887045 CET	443	49748	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:47.667090893 CET	443	49748	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:47.709057093 CET	49748	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:47.736984015 CET	443	49747	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.737207890 CET	49747	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.737221003 CET	443	49747	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.738377094 CET	443	49747	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.738434076 CET	49747	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.738728046 CET	49747	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.738790035 CET	443	49747	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.738857985 CET	49747	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.738866091 CET	443	49747	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:47.756226063 CET	443	49748	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:47.779609919 CET	49747	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:47.891782999 CET	443	49748	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:47.891959906 CET	443	49748	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:47.892004967 CET	49748	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:47.892105103 CET	49748	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:47.892118931 CET	443	49748	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:47.892128944 CET	49748	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:47.892133951 CET	443	49748	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:48.067852974 CET	49749	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:48.067873955 CET	443	49749	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:48.067938089 CET	49749	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:48.069190979 CET	49749	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:48.069207907 CET	443	49749	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:48.168870926 CET	443	49747	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:48.168950081 CET	443	49747	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:48.168991089 CET	49747	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:48.173110962 CET	49747	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:48.173119068 CET	443	49747	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:48.277679920 CET	443	49749	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:48.277736902 CET	49749	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:48.280421019 CET	49750	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:48.280458927 CET	443	49750	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:48.280513048 CET	49750	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:48.281140089 CET	49750	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:48.281152010 CET	443	49750	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:48.283341885 CET	49749	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:48.283349037 CET	443	49749	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:48.283591986 CET	443	49749	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:48.286978960 CET	49749	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:48.328243017 CET	443	49749	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:48.482902050 CET	443	49749	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:48.482960939 CET	443	49749	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:48.483011007 CET	49749	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:48.488511086 CET	49749	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:48.488521099 CET	443	49749	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:48.488529921 CET	49749	443	192.168.2.4	23.51.58.94
Mar 28, 2024 20:29:48.488534927 CET	443	49749	23.51.58.94	192.168.2.4
Mar 28, 2024 20:29:48.600838900 CET	443	49750	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:48.608557940 CET	49750	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:48.608586073 CET	443	49750	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:48.609786987 CET	443	49750	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:48.609844923 CET	49750	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:48.611139059 CET	49750	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:48.611216068 CET	443	49750	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:48.611694098 CET	49750	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:48.611699104 CET	443	49750	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:48.654607058 CET	49750	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:48.708014011 CET	443	49750	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:48.708091974 CET	443	49750	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:48.708178043 CET	49750	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:48.712683916 CET	49750	443	192.168.2.4	52.146.76.30
Mar 28, 2024 20:29:48.712697983 CET	443	49750	52.146.76.30	192.168.2.4
Mar 28, 2024 20:29:56.756818056 CET	443	49743	172.253.122.103	192.168.2.4
Mar 28, 2024 20:29:56.756880045 CET	443	49743	172.253.122.103	192.168.2.4
Mar 28, 2024 20:29:56.757047892 CET	49743	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:29:58.492650032 CET	49743	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:29:58.492675066 CET	443	49743	172.253.122.103	192.168.2.4
Mar 28, 2024 20:30:05.924223900 CET	80	49723	162.222.105.40	192.168.2.4
Mar 28, 2024 20:30:05.924388885 CET	49723	80	192.168.2.4	162.222.105.40
Mar 28, 2024 20:30:05.924388885 CET	49723	80	192.168.2.4	162.222.105.40
Mar 28, 2024 20:30:06.018376112 CET	80	49723	162.222.105.40	192.168.2.4
Mar 28, 2024 20:30:28.764939070 CET	49735	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:30:28.764962912 CET	443	49735	167.89.123.147	192.168.2.4
Mar 28, 2024 20:30:43.573179960 CET	443	49735	167.89.123.147	192.168.2.4
Mar 28, 2024 20:30:43.573252916 CET	443	49735	167.89.123.147	192.168.2.4
Mar 28, 2024 20:30:43.573441029 CET	49735	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:30:44.403542042 CET	49735	443	192.168.2.4	167.89.123.147
Mar 28, 2024 20:30:44.403567076 CET	443	49735	167.89.123.147	192.168.2.4
Mar 28, 2024 20:30:46.419075966 CET	49759	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:30:46.419102907 CET	443	49759	172.253.122.103	192.168.2.4
Mar 28, 2024 20:30:46.419297934 CET	49759	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:30:46.419837952 CET	49759	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:30:46.419852018 CET	443	49759	172.253.122.103	192.168.2.4
Mar 28, 2024 20:30:46.635962009 CET	443	49759	172.253.122.103	192.168.2.4
Mar 28, 2024 20:30:46.644345999 CET	49759	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:30:46.644361973 CET	443	49759	172.253.122.103	192.168.2.4
Mar 28, 2024 20:30:46.644706011 CET	443	49759	172.253.122.103	192.168.2.4
Mar 28, 2024 20:30:46.655788898 CET	49759	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:30:46.655858040 CET	443	49759	172.253.122.103	192.168.2.4
Mar 28, 2024 20:30:46.703941107 CET	49759	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:30:55.546425104 CET	49724	80	192.168.2.4	72.21.81.240
Mar 28, 2024 20:30:55.641469002 CET	80	49724	72.21.81.240	192.168.2.4
Mar 28, 2024 20:30:55.641860962 CET	49724	80	192.168.2.4	72.21.81.240
Mar 28, 2024 20:30:56.636862993 CET	443	49759	172.253.122.103	192.168.2.4
Mar 28, 2024 20:30:56.636934042 CET	443	49759	172.253.122.103	192.168.2.4
Mar 28, 2024 20:30:56.636982918 CET	49759	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:30:58.407314062 CET	49759	443	192.168.2.4	172.253.122.103
Mar 28, 2024 20:30:58.407340050 CET	443	49759	172.253.122.103	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 28, 2024 20:29:42.241939068 CET	53	56151	1.1.1.1	192.168.2.4
Mar 28, 2024 20:29:42.278346062 CET	53	58675	1.1.1.1	192.168.2.4
Mar 28, 2024 20:29:42.979916096 CET	53	54674	1.1.1.1	192.168.2.4
Mar 28, 2024 20:29:43.233735085 CET	63748	53	192.168.2.4	1.1.1.1
Mar 28, 2024 20:29:43.233867884 CET	50231	53	192.168.2.4	1.1.1.1
Mar 28, 2024 20:29:43.332037926 CET	53	50231	1.1.1.1	192.168.2.4
Mar 28, 2024 20:29:43.332053900 CET	53	63748	1.1.1.1	192.168.2.4
Mar 28, 2024 20:29:43.810914993 CET	52175	53	192.168.2.4	1.1.1.1
Mar 28, 2024 20:29:43.811055899 CET	54275	53	192.168.2.4	1.1.1.1
Mar 28, 2024 20:29:46.418517113 CET	63506	53	192.168.2.4	1.1.1.1
Mar 28, 2024 20:29:46.418745995 CET	60912	53	192.168.2.4	1.1.1.1
Mar 28, 2024 20:29:46.514595032 CET	53	60912	1.1.1.1	192.168.2.4
Mar 28, 2024 20:29:46.514825106 CET	53	63506	1.1.1.1	192.168.2.4
Mar 28, 2024 20:29:46.661474943 CET	52183	53	192.168.2.4	1.1.1.1
Mar 28, 2024 20:29:46.661849022 CET	52696	53	192.168.2.4	1.1.1.1
Mar 28, 2024 20:29:46.724169970 CET	54486	53	192.168.2.4	1.1.1.1
Mar 28, 2024 20:29:46.724169970 CET	53978	53	192.168.2.4	1.1.1.1
Mar 28, 2024 20:29:48.181948900 CET	56731	53	192.168.2.4	1.1.1.1
Mar 28, 2024 20:29:48.182749033 CET	54064	53	192.168.2.4	1.1.1.1
Mar 28, 2024 20:30:01.689985991 CET	53	51001	1.1.1.1	192.168.2.4
Mar 28, 2024 20:30:07.113986969 CET	138	138	192.168.2.4	192.168.2.255
Mar 28, 2024 20:30:20.409966946 CET	53	62126	1.1.1.1	192.168.2.4
Mar 28, 2024 20:30:41.493247032 CET	53	62356	1.1.1.1	192.168.2.4
Mar 28, 2024 20:30:42.812354088 CET	53	64667	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 28, 2024 20:29:43.233735085 CET	192.168.2.4	1.1.1.1	0x6897	Standard query (0)	u43352250.ct.sendgrid.net	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:43.233867884 CET	192.168.2.4	1.1.1.1	0xa21	Standard query (0)	u43352250.ct.sendgrid.net	65	IN (0x0001)	false
Mar 28, 2024 20:29:43.810914993 CET	192.168.2.4	1.1.1.1	0xd7ba	Standard query (0)	assets-usa.mkt.dynamics.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:43.811055899 CET	192.168.2.4	1.1.1.1	0xc1eb	Standard query (0)	assets-usa.mkt.dynamics.com	65	IN (0x0001)	false
Mar 28, 2024 20:29:46.418517113 CET	192.168.2.4	1.1.1.1	0x405c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.418745995 CET	192.168.2.4	1.1.1.1	0x5266	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 28, 2024 20:29:46.661474943 CET	192.168.2.4	1.1.1.1	0x692c	Standard query (0)	public-usa.mkt.dynamics.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.661849022 CET	192.168.2.4	1.1.1.1	0x5e7	Standard query (0)	public-usa.mkt.dynamics.com	65	IN (0x0001)	false
Mar 28, 2024 20:29:46.724169970 CET	192.168.2.4	1.1.1.1	0xf66a	Standard query (0)	assets-usa.mkt.dynamics.com	65	IN (0x0001)	false
Mar 28, 2024 20:29:46.724169970 CET	192.168.2.4	1.1.1.1	0x70b8	Standard query (0)	assets-usa.mkt.dynamics.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:48.181948900 CET	192.168.2.4	1.1.1.1	0xa569	Standard query (0)	public-usa.mkt.dynamics.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:48.182749033 CET	192.168.2.4	1.1.1.1	0x44e	Standard query (0)	public-usa.mkt.dynamics.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 28, 2024 20:29:43.332053900 CET	1.1.1.1	192.168.2.4	0x6897	No error (0)	u43352250.ct.sendgrid.net		167.89.123.147	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:43.332053900 CET	1.1.1.1	192.168.2.4	0x6897	No error (0)	u43352250.ct.sendgrid.net		167.89.115.121	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:43.332053900 CET	1.1.1.1	192.168.2.4	0x6897	No error (0)	u43352250.ct.sendgrid.net		167.89.115.54	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:43.332053900 CET	1.1.1.1	192.168.2.4	0x6897	No error (0)	u43352250.ct.sendgrid.net		167.89.115.147	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:43.332053900 CET	1.1.1.1	192.168.2.4	0x6897	No error (0)	u43352250.ct.sendgrid.net		167.89.123.16	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:43.332053900 CET	1.1.1.1	192.168.2.4	0x6897	No error (0)	u43352250.ct.sendgrid.net		167.89.123.122	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:43.907931089 CET	1.1.1.1	192.168.2.4	0xd7ba	No error (0)	assets-usa.mkt.dynamics.com	assets-mkt-usa.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:43.907931089 CET	1.1.1.1	192.168.2.4	0xd7ba	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:43.907931089 CET	1.1.1.1	192.168.2.4	0xd7ba	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:43.907931089 CET	1.1.1.1	192.168.2.4	0xd7ba	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:43.916786909 CET	1.1.1.1	192.168.2.4	0xc1eb	No error (0)	assets-usa.mkt.dynamics.com	assets-mkt-usa.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:44.725960970 CET	1.1.1.1	192.168.2.4	0x18fb	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:44.725960970 CET	1.1.1.1	192.168.2.4	0x18fb	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:44.725960970 CET	1.1.1.1	192.168.2.4	0x18fb	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.514595032 CET	1.1.1.1	192.168.2.4	0x5266	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 28, 2024 20:29:46.514825106 CET	1.1.1.1	192.168.2.4	0x405c	No error (0)	www.google.com		172.253.122.103	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.514825106 CET	1.1.1.1	192.168.2.4	0x405c	No error (0)	www.google.com		172.253.122.104	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.514825106 CET	1.1.1.1	192.168.2.4	0x405c	No error (0)	www.google.com		172.253.122.105	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.514825106 CET	1.1.1.1	192.168.2.4	0x405c	No error (0)	www.google.com		172.253.122.99	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.514825106 CET	1.1.1.1	192.168.2.4	0x405c	No error (0)	www.google.com		172.253.122.106	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.514825106 CET	1.1.1.1	192.168.2.4	0x405c	No error (0)	www.google.com		172.253.122.147	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.620271921 CET	1.1.1.1	192.168.2.4	0x517a	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:46.620271921 CET	1.1.1.1	192.168.2.4	0x517a	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.620271921 CET	1.1.1.1	192.168.2.4	0x517a	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.756455898 CET	1.1.1.1	192.168.2.4	0x692c	No error (0)	public-usa.mkt.dynamics.com	cxppusa1im4t7x7z5iubq.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:46.756455898 CET	1.1.1.1	192.168.2.4	0x692c	No error (0)	public-prdia888eus0aks.mkt.dynamics.com	prdia888eus0aks.mkt.dynamics.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:46.756455898 CET	1.1.1.1	192.168.2.4	0x692c	No error (0)	prdia888eus0aks.mkt.dynamics.com		52.146.76.30	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.764842033 CET	1.1.1.1	192.168.2.4	0x5e7	No error (0)	public-usa.mkt.dynamics.com	cxppusa1im4t7x7z5iubq.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:46.764842033 CET	1.1.1.1	192.168.2.4	0x5e7	No error (0)	public-prdia888eus0aks.mkt.dynamics.com	prdia888eus0aks.mkt.dynamics.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:46.821721077 CET	1.1.1.1	192.168.2.4	0x70b8	No error (0)	assets-usa.mkt.dynamics.com	assets-mkt-usa.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:46.821721077 CET	1.1.1.1	192.168.2.4	0x70b8	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:46.821721077 CET	1.1.1.1	192.168.2.4	0x70b8	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.821721077 CET	1.1.1.1	192.168.2.4	0x70b8	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:46.828795910 CET	1.1.1.1	192.168.2.4	0xf66a	No error (0)	assets-usa.mkt.dynamics.com	assets-mkt-usa.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:48.278070927 CET	1.1.1.1	192.168.2.4	0xa569	No error (0)	public-usa.mkt.dynamics.com	cxppusa1im4t7x7z5iubq.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:48.278070927 CET	1.1.1.1	192.168.2.4	0xa569	No error (0)	public-prdia888eus0aks.mkt.dynamics.com	prdia888eus0aks.mkt.dynamics.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:48.278070927 CET	1.1.1.1	192.168.2.4	0xa569	No error (0)	prdia888eus0aks.mkt.dynamics.com		52.146.76.30	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:29:48.278352976 CET	1.1.1.1	192.168.2.4	0x44e	No error (0)	public-usa.mkt.dynamics.com	cxppusa1im4t7x7z5iubq.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:48.278352976 CET	1.1.1.1	192.168.2.4	0x44e	No error (0)	public-prdia888eus0aks.mkt.dynamics.com	prdia888eus0aks.mkt.dynamics.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:59.724509001 CET	1.1.1.1	192.168.2.4	0xb684	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:29:59.724509001 CET	1.1.1.1	192.168.2.4	0xb684	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:30:12.816284895 CET	1.1.1.1	192.168.2.4	0x9f97	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:30:12.816284895 CET	1.1.1.1	192.168.2.4	0x9f97	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:30:35.489113092 CET	1.1.1.1	192.168.2.4	0x82c3	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:30:35.489113092 CET	1.1.1.1	192.168.2.4	0x82c3	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Mar 28, 2024 20:30:54.236358881 CET	1.1.1.1	192.168.2.4	0xf6b	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 20:30:54.236358881 CET	1.1.1.1	192.168.2.4	0xf6b	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

u43352250.ct.sendgrid.net

assets-usa.mkt.dynamics.com

https:

cxppusa1formui01cdnsa01-endpoint.azureedge.net

public-usa.mkt.dynamics.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	167.89.123.147	443	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:43 UTC	1165	OUT	GET /ls/click?upn=u001.2TkyzlsQCUugGXuDl-2F-2FHUvoM2ETHNpRvqhUsgZ-2FkMBtQax4rppmJj4bCIHTqvH0YHRnRsXf8CGGu4YpLTNZpZ76bC1bPYcH-2Fs7lPN4w9U413Pp7cIHNkwBCX6uL3j2eBHwg-2BebWrg1KUa82t5ZICcmYo0WQM2kZFkD7HpWk75aUnWOlObXQnYMQDVVFJBSIyJTz-2FcgyQYpE1U8MTbTj4og-3D-3DqsOa_iRxCSnIo8RQB7YNudZaC4Ihhi4-2FeFgLLl2lTQIvavZl96L2C56utm-2Bw7ouDj9FEttxzNo52FQOke1iBijoQooSyWq-2FRY6V54aNK82S-2Bkuf-2BN5nHiy67Pr8M73AscSF4EoUq-2BIyu-2B-2F2VMHADSvnRqwUV3Wv5sOhaz4r56562Hs-2F-2FpAGvb5tdJEMLjsqfOaqTe81fKRLd3TCw-2FD9bJpyEXSA-3D-3D HTTP/1.1 Host: u43352250.ct.sendgrid.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 19:29:43 UTC	338	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 28 Mar 2024 19:29:43 GMT Content-Type: text/html; charset=utf-8 Content-Length: 162 Connection: close Location: https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834daca X-Robots-Tag: noindex, nofollow
2024-03-28 19:29:43 UTC	162	IN	Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d 69 63 73 2e 63 6f 6d 2f 64 37 37 66 62 31 63 37 2d 39 64 64 66 2d 65 65 31 31 2d 39 30 34 36 2d 30 30 30 64 33 61 39 38 61 64 31 66 2f 64 69 67 69 74 61 6c 61 73 73 65 74 73 2f 73 74 61 6e 64 61 6c 6f 6e 65 66 6f 72 6d 73 2f 31 63 36 35 37 30 31 64 2d 30 64 65 64 2d 65 65 31 31 2d 61 31 66 66 2d 30 30 32 32 34 38 33 34 64 61 63 61 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href="https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834daca">Found</a>.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	13.107.213.40	443	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:44 UTC	773	OUT	GET /d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834daca HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 19:29:44 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 19:29:44 GMT Content-Type: text/html Content-Length: 491 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=900, must-revalidate x-ms-trace-id: 04d23f360227531c55f9b3f7d965776e Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff x-azure-ref: 20240328T192944Z-x67sv75c354b335e6u6f3msdew00000001ag00000000xzs1 x-fd-int-roxy-purgeid: 67853739 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-03-28 19:29:44 UTC	491	IN	Data Raw: 3c 64 69 76 0a 20 20 20 20 20 20 20 20 64 61 74 61 2d 66 6f 72 6d 2d 69 64 3d 27 31 63 36 35 37 30 31 64 2d 30 64 65 64 2d 65 65 31 31 2d 61 31 66 66 2d 30 30 32 32 34 38 33 34 64 61 63 61 27 0a 20 20 20 20 20 20 20 20 64 61 74 61 2d 66 6f 72 6d 2d 61 70 69 2d 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 70 75 62 6c 69 63 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d 69 63 73 2e 63 6f 6d 2f 61 70 69 2f 76 31 2e 30 2f 6f 72 67 73 2f 64 37 37 66 62 31 63 37 2d 39 64 64 66 2d 65 65 31 31 2d 39 30 34 36 2d 30 30 30 64 33 61 39 38 61 64 31 66 2f 6c 61 6e 64 69 6e 67 70 61 67 65 66 6f 72 6d 73 27 0a 20 20 20 20 20 20 20 20 64 61 74 61 2d 63 61 63 68 65 64 2d 66 6f 72 6d 2d 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d Data Ascii: <div data-form-id='1c65701d-0ded-ee11-a1ff-00224834daca' data-form-api-url='https://public-usa.mkt.dynamics.com/api/v1.0/orgs/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/landingpageforms' data-cached-form-url='https://assets-usa.mkt.dynam

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	13.107.246.40	443	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:45 UTC	592	OUT	GET /usa/FormLoader/FormLoader.bundle.js HTTP/1.1 Host: cxppusa1formui01cdnsa01-endpoint.azureedge.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://assets-usa.mkt.dynamics.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 19:29:45 UTC	643	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 19:29:45 GMT Content-Type: application/javascript Content-Length: 711081 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Tue, 27 Feb 2024 09:22:18 GMT ETag: 0x8DC3775981D513B x-ms-request-id: da6a91fa-101e-004d-2728-810192000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Allow-Origin: * x-azure-ref: 20240328T192945Z-y5z1gcnft53zh20xbemxunzpts00000001r000000000g9tp x-fd-int-roxy-purgeid: 66630197 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-03-28 19:29:45 UTC	15741	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 46 6f 72 6d 4c 6f 61 64 65 72 2e 62 75 6e 64 6c 65 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 76 61 72 20 64 33 36 35 6d 6b 74 66 6f 72 6d 73 3b 28 28 29 3d 3e 7b 76 61 72 20 65 2c 74 2c 6e 3d 7b 33 31 37 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 73 65 6c 66 3f 73 65 6c 66 3a 74 68 69 73 2c 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 74 68 69 73 2e 66 65 74 63 68 3d 21 31 2c 74 68 69 73 2e 44 4f 4d 45 78 63 65 70 74 69 6f 6e 3d 6e 2e 44 4f 4d 45 78 63 65 70 74 69 6f 6e 7d 72 65 74 75 72 6e 20 65 2e 70 72 6f 74 6f Data Ascii: /! For license information please see FormLoader.bundle.js.LICENSE.txt /var d365mktforms;(()=>{var e,t,n={317:function(e,t){var n="undefined"!=typeof self?self:this,r=function(){function e(){this.fetch=!1,this.DOMException=n.DOMException}return e.proto
2024-03-28 19:29:45 UTC	16384	IN	Data Raw: 22 29 2c 63 3d 64 28 22 72 65 61 63 74 2e 6d 65 6d 6f 22 29 2c 6c 3d 64 28 22 72 65 61 63 74 2e 6c 61 7a 79 22 29 7d 76 61 72 20 70 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3b 66 75 6e 63 74 69 6f 6e 20 66 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 61 63 74 6a 73 2e 6f 72 67 2f 64 6f 63 73 2f 65 72 72 6f 72 2d 64 65 63 6f 64 65 72 2e 68 74 6d 6c 3f 69 6e 76 61 72 69 61 6e 74 3d 22 2b 65 2c 6e 3d 31 3b 6e 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 74 2b 3d 22 26 61 72 67 73 5b 5d 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 72 67 75 6d 65 6e 74 73 5b 6e 5d 29 3b 72 65 74 75 72 6e 22 4d 69 6e Data Ascii: "),c=d("react.memo"),l=d("react.lazy")}var p="function"==typeof Symbol&&Symbol.iterator;function f(e){for(var t="https://reactjs.org/docs/error-decoder.html?invariant="+e,n=1;n<arguments.length;n++)t+="&args[]="+encodeURIComponent(arguments[n]);return"Min
2024-03-28 19:29:45 UTC	16384	IN	Data Raw: 47 56 34 55 45 4a 41 46 67 59 43 6e 6b 41 45 6d 64 4b 43 62 70 36 48 41 44 6d 51 66 44 70 53 51 45 58 63 77 69 41 78 55 61 69 78 47 79 49 4b 47 67 48 6b 4d 6c 41 71 65 43 77 4a 41 67 44 73 74 5a 41 67 51 77 4b 45 6a 68 5a 39 41 52 34 4d 41 41 53 47 46 72 67 30 6d 47 44 43 67 51 49 46 6d 62 4d 73 41 47 42 69 2b 38 36 4b 46 42 68 49 34 63 50 77 6d 7a 61 48 41 30 57 51 66 64 75 53 77 49 53 47 69 43 41 4d 70 56 6a 77 6e 45 67 51 41 49 66 6b 45 43 51 6b 41 4e 41 41 73 41 41 41 41 41 42 34 41 48 67 43 46 42 41 59 45 68 49 61 45 78 4d 62 45 52 45 4a 45 70 4b 61 6b 35 4f 62 6b 5a 47 4a 6b 4c 43 6f 73 6c 4a 61 55 31 4e 62 55 74 4c 61 30 39 50 62 30 48 42 6f 63 56 46 4a 55 64 48 4a 30 6a 49 36 4d 7a 4d 37 4d 72 4b 36 73 37 4f 37 73 50 44 34 38 6e 4a 36 63 33 4e 37 Data Ascii: GV4UEJAFgYCnkAEmdKCbp6HADmQfDpSQEXcwiAxUaixGyIKGgHkMlAqeCwJAgDstZAgQwKEjhZ9AR4MAASGFrg0mGDCgQIFmbMsAGBi+86KFBhI4cPwmzaHA0WQfduSwISGiCAMpVjwnEgQAIfkECQkANAAsAAAAAB4AHgCFBAYEhIaExMbEREJEpKak5ObkZGJkLCoslJaU1NbUtLa09Pb0HBocVFJUdHJ0jI6MzM7MrK6s7O7sPD48nJ6c3N7
2024-03-28 19:29:45 UTC	16384	IN	Data Raw: 73 5b 33 5d 3a 7b 73 69 6c 65 6e 74 3a 21 31 7d 3b 66 6f 72 28 76 61 72 20 69 20 69 6e 20 6e 29 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 6e 5b 69 5d 26 26 22 5b 6f 62 6a 65 63 74 20 41 72 72 61 79 5d 22 21 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 61 70 70 6c 79 28 6e 5b 69 5d 29 7c 7c 74 68 69 73 2e 61 64 64 52 65 73 6f 75 72 63 65 28 65 2c 74 2c 69 2c 6e 5b 69 5d 2c 7b 73 69 6c 65 6e 74 3a 21 30 7d 29 3b 72 2e 73 69 6c 65 6e 74 7c 7c 74 68 69 73 2e 65 6d 69 74 28 22 61 64 64 65 64 22 2c 65 2c 74 2c 6e 29 7d 7d 2c 7b 6b 65 79 3a 22 61 64 64 52 65 73 6f 75 72 63 65 42 75 6e 64 6c 65 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 69 29 7b 76 61 72 20 61 3d 61 72 67 75 6d 65 6e Data Ascii: s[3]:{silent:!1};for(var i in n)"string"!=typeof n[i]&&"[object Array]"!==Object.prototype.toString.apply(n[i])\|\|this.addResource(e,t,i,n[i],{silent:!0});r.silent\|\|this.emit("added",e,t,n)}},{key:"addResourceBundle",value:function(e,t,n,r,i){var a=argumen
2024-03-28 19:29:45 UTC	16384	IN	Data Raw: 6e 20 4e 75 6d 62 65 72 28 31 3d 3d 65 3f 30 3a 32 3d 3d 65 3f 31 3a 65 3c 37 3f 32 3a 65 3c 31 31 3f 33 3a 34 29 7d 2c 31 31 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 31 3d 3d 65 7c 7c 31 31 3d 3d 65 3f 30 3a 32 3d 3d 65 7c 7c 31 32 3d 3d 65 3f 31 3a 65 3e 32 26 26 65 3c 32 30 3f 32 3a 33 29 7d 2c 31 32 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 65 25 31 30 21 3d 31 7c 7c 65 25 31 30 30 3d 3d 31 31 29 7d 2c 31 33 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 30 21 3d 3d 65 29 7d 2c 31 34 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 31 3d 3d 65 3f 30 3a 32 3d 3d 65 3f 31 3a 33 3d 3d 65 3f 32 3a 33 29 7d 2c 31 Data Ascii: n Number(1==e?0:2==e?1:e<7?2:e<11?3:4)},11:function(e){return Number(1==e\|\|11==e?0:2==e\|\|12==e?1:e>2&&e<20?2:3)},12:function(e){return Number(e%10!=1\|\|e%100==11)},13:function(e){return Number(0!==e)},14:function(e){return Number(1==e?0:2==e?1:3==e?2:3)},1
2024-03-28 19:29:45 UTC	16384	IN	Data Raw: 61 73 4c 6f 61 64 65 64 4e 61 6d 65 73 70 61 63 65 28 74 29 3f 74 68 69 73 2e 6c 6f 67 67 65 72 2e 77 61 72 6e 28 27 64 69 64 20 6e 6f 74 20 73 61 76 65 20 6b 65 79 20 22 27 2e 63 6f 6e 63 61 74 28 6e 2c 27 22 20 61 73 20 74 68 65 20 6e 61 6d 65 73 70 61 63 65 20 22 27 29 2e 63 6f 6e 63 61 74 28 74 2c 27 22 20 77 61 73 20 6e 6f 74 20 79 65 74 20 6c 6f 61 64 65 64 27 29 2c 22 54 68 69 73 20 6d 65 61 6e 73 20 73 6f 6d 65 74 68 69 6e 67 20 49 53 20 57 52 4f 4e 47 20 69 6e 20 79 6f 75 72 20 73 65 74 75 70 2e 20 59 6f 75 20 61 63 63 65 73 73 20 74 68 65 20 74 20 66 75 6e 63 74 69 6f 6e 20 62 65 66 6f 72 65 20 69 31 38 6e 65 78 74 2e 69 6e 69 74 20 2f 20 69 31 38 6e 65 78 74 2e 6c 6f 61 64 4e 61 6d 65 73 70 61 63 65 20 2f 20 69 31 38 6e 65 78 74 2e 63 68 61 6e Data Ascii: asLoadedNamespace(t)?this.logger.warn('did not save key "'.concat(n,'" as the namespace "').concat(t,'" was not yet loaded'),"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.chan
2024-03-28 19:29:45 UTC	16384	IN	Data Raw: 63 74 69 76 65 58 4f 62 6a 65 63 74 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 6e 26 26 22 6f 62 6a 65 63 74 22 3d 3d 3d 77 65 28 6e 29 26 26 28 6e 3d 54 65 28 22 22 2c 6e 29 2e 73 6c 69 63 65 28 31 29 29 2c 65 2e 71 75 65 72 79 53 74 72 69 6e 67 50 61 72 61 6d 73 26 26 28 74 3d 54 65 28 74 2c 65 2e 71 75 65 72 79 53 74 72 69 6e 67 50 61 72 61 6d 73 29 29 3b 74 72 79 7b 76 61 72 20 69 3b 28 69 3d 76 65 3f 6e 65 77 20 76 65 3a 6e 65 77 20 62 65 28 22 4d 53 58 4d 4c 32 2e 58 4d 4c 48 54 54 50 2e 33 2e 30 22 29 29 2e 6f 70 65 6e 28 6e 3f 22 50 4f 53 54 22 3a 22 47 45 54 22 2c 74 2c 31 29 2c 65 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 69 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 Data Ascii: ctiveXObject?function(e,t,n,r){n&&"object"===we(n)&&(n=Te("",n).slice(1)),e.queryStringParams&&(t=Te(t,e.queryStringParams));try{var i;(i=ve?new ve:new be("MSXML2.XMLHTTP.3.0")).open(n?"POST":"GET",t,1),e.crossDomain\|\|i.setRequestHeader("X-Requested-With"
2024-03-28 19:29:45 UTC	16384	IN	Data Raw: 65 22 2c 65 2e 61 66 74 65 72 3d 22 41 66 74 65 72 22 2c 65 2e 63 75 72 72 65 6e 74 3d 22 43 75 72 72 65 6e 74 22 7d 28 74 74 7c 7c 28 74 74 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 6e 6f 48 6f 6c 64 6f 75 74 3d 22 6e 6f 48 6f 6c 64 6f 75 74 22 2c 65 2e 68 6f 6c 64 6f 75 74 3d 22 68 6f 6c 64 6f 75 74 22 7d 28 6e 74 7c 7c 28 6e 74 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 43 6f 6e 64 69 74 69 6f 6e 4d 65 74 3d 22 43 6f 6e 64 69 74 69 6f 6e 4d 65 74 22 2c 65 2e 54 69 6d 65 4c 69 6d 69 74 3d 22 54 69 6d 65 4c 69 6d 69 74 22 7d 28 72 74 7c 7c 28 72 74 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 53 74 61 6e 64 41 6c 6f 6e 65 3d 22 53 74 61 6e 64 41 6c 6f 6e 65 22 2c 65 2e 53 69 6e 67 6c 65 41 63 74 69 6f 6e Data Ascii: e",e.after="After",e.current="Current"}(tt\|\|(tt={})),function(e){e.noHoldout="noHoldout",e.holdout="holdout"}(nt\|\|(nt={})),function(e){e.ConditionMet="ConditionMet",e.TimeLimit="TimeLimit"}(rt\|\|(rt={})),function(e){e.StandAlone="StandAlone",e.SingleAction
2024-03-28 19:29:45 UTC	16384	IN	Data Raw: 20 73 2e 74 72 79 73 2e 70 75 73 68 28 5b 32 2c 34 2c 2c 35 5d 29 2c 5b 34 2c 50 72 6f 6d 69 73 65 2e 61 6c 6c 28 74 2e 6d 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 72 65 74 75 72 6e 20 69 5b 61 5d 26 26 69 5b 61 5d 2e 72 65 71 75 65 73 74 65 64 41 74 21 3d 3d 72 3f 6f 2e 74 72 79 52 65 74 72 69 65 76 65 56 61 6c 75 65 28 22 22 2e 63 6f 6e 63 61 74 28 65 2c 22 5f 22 29 2e 63 6f 6e 63 61 74 28 74 29 2c 6f 2e 65 78 70 69 72 61 74 69 6f 6e 43 61 63 68 65 2c 69 5b 61 5d 2c 6e 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 6e 75 6c 6c 29 7d 29 29 29 5d 3b 63 61 73 65 20 33 3a 72 65 74 75 72 6e 20 73 2e 73 65 6e 74 28 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 61 5b 74 5b 6e 5d 5d 3d 65 7d Data Ascii: s.trys.push([2,4,,5]),[4,Promise.all(t.map((function(t,a){return i[a]&&i[a].requestedAt!==r?o.tryRetrieveValue("".concat(e,"_").concat(t),o.expirationCache,i[a],n):Promise.resolve(null)})))];case 3:return s.sent().forEach((function(e,n){return a[t[n]]=e}
2024-03-28 19:29:45 UTC	16384	IN	Data Raw: 2e 6c 61 62 65 6c 29 7b 63 61 73 65 20 30 3a 72 65 74 75 72 6e 5b 34 2c 74 68 69 73 2e 66 65 74 63 68 47 65 74 28 65 29 5d 3b 63 61 73 65 20 31 3a 69 66 28 21 28 6e 3d 72 2e 73 65 6e 74 28 29 29 2e 6f 6b 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 22 2e 63 6f 6e 63 61 74 28 6e 75 6c 6c 3d 3d 74 3f 22 22 3a 74 2b 22 20 22 2c 22 53 74 61 74 75 73 3a 20 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 73 74 61 74 75 73 2c 22 20 2d 20 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 73 74 61 74 75 73 54 65 78 74 29 29 3b 72 65 74 75 72 6e 5b 34 2c 6e 2e 6a 73 6f 6e 28 29 5d 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 5b 32 2c 72 2e 73 65 6e 74 28 29 5d 7d 7d 29 29 7d 29 29 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 66 65 74 63 68 50 6f 73 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c Data Ascii: .label){case 0:return[4,this.fetchGet(e)];case 1:if(!(n=r.sent()).ok)throw new Error("".concat(null==t?"":t+" ","Status: ").concat(n.status," - ").concat(n.statusText));return[4,n.json()];case 2:return[2,r.sent()]}}))}))},e.prototype.fetchPost=function(e,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	13.107.246.40	443	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:46 UTC	650	OUT	GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1 Host: cxppusa1formui01cdnsa01-endpoint.azureedge.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://assets-usa.mkt.dynamics.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://assets-usa.mkt.dynamics.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 19:29:46 UTC	608	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 19:29:46 GMT Content-Type: application/json Content-Length: 1304 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Tue, 27 Feb 2024 09:22:19 GMT ETag: 0x8DC377598F59007 x-ms-request-id: e80f9c91-301e-001b-2546-8198ad000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Allow-Origin: * x-azure-ref: 20240328T192946Z-bx3x7fsbw56ut00yp1tg6gurus00000001q000000000hfv5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-03-28 19:29:46 UTC	1304	IN	Data Raw: 7b 0d 0a 20 20 22 46 6f 72 6d 46 61 69 6c 65 64 54 6f 4c 6f 61 64 22 3a 20 22 46 61 69 6c 65 64 20 74 6f 20 6c 6f 61 64 20 66 6f 72 6d 22 2c 0d 0a 20 20 22 46 6f 72 6d 46 61 69 6c 65 64 54 6f 4c 6f 61 64 43 6f 72 73 22 3a 20 22 54 68 65 20 66 6f 72 6d 20 63 61 6e 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 20 6f 6e 20 61 20 64 6f 6d 61 69 6e 20 74 68 61 74 20 68 61 73 6e 27 74 20 62 65 65 6e 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 65 78 74 65 72 6e 61 6c 20 66 6f 72 6d 20 68 6f 73 74 69 6e 67 20 6f 72 20 74 68 65 72 65 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 69 73 73 75 65 22 2c 0d 0a 20 20 22 4c 65 61 72 6e 4d 6f 72 65 22 3a 20 22 4c 65 61 72 6e 20 6d 6f 72 65 22 2c 0d 0a 20 20 22 46 6f 72 6d 53 75 62 6d 69 74 74 65 Data Ascii: { "FormFailedToLoad": "Failed to load form", "FormFailedToLoadCors": "The form can not be loaded on a domain that hasn't been allowed for external form hosting or there is a network connectivity issue", "LearnMore": "Learn more", "FormSubmitte

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49740	13.107.213.40	443	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:46 UTC	738	OUT	GET /d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/forms/1c65701d-0ded-ee11-a1ff-00224834daca HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: text/plain sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834daca Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 19:29:46 UTC	589	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 19:29:46 GMT Content-Type: text/html Content-Length: 29376 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=900, must-revalidate x-ms-trace-id: 35ed36e92a09f4c436f8f3cbd125bde9 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff x-azure-ref: 20240328T192946Z-d4c8811u8p7uzfu5depuz1fmbw00000001a000000000qhmh x-fd-int-roxy-purgeid: 67853739 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-03-28 19:29:46 UTC	15795	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 72 6b 65 74 69 6e 67 20 46 6f 72 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Marketing Form</title> <meta name="referrer" cont
2024-03-28 19:29:46 UTC	13581	IN	Data Raw: 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 74 77 6f 4f 70 74 69 6f 6e 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 64 69 76 2e 72 61 64 69 6f 62 75 74 74 6f 6e 73 20 3e 20 64 69 76 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 74 77 6f 4f 70 74 69 6f 6e 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 64 69 76 2e 74 77 6f 6f 70 74 69 6f 6e 5f 63 68 65 63 6b 62 6f 78 20 3e 20 64 69 76 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 6f 70 74 69 6f 6e 53 65 74 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 64 69 76 2e 72 61 64 69 6f 62 75 74 74 6f 6e 73 20 3e 20 64 69 76 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 6d 75 6c 74 69 4f 70 74 69 6f 6e 53 65 74 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 66 69 65 6c 64 73 65 74 20 3e 20 64 69 76 2c Data Ascii: } .twoOptionFormFieldBlock div.radiobuttons > div, .twoOptionFormFieldBlock div.twooption_checkbox > div, .optionSetFormFieldBlock div.radiobuttons > div, .multiOptionSetFormFieldBlock fieldset > div,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	13.107.213.40	443	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:46 UTC	713	OUT	GET /favicon.ico HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834daca Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 19:29:46 UTC	313	IN	HTTP/1.1 404 Not Found Date: Thu, 28 Mar 2024 19:29:46 GMT Content-Type: text/html Content-Length: 548 Connection: close Strict-Transport-Security: max-age=2592000; preload x-azure-ref: 20240328T192946Z-va93t229q121v133m8ee9hqat800000001m000000000w206 x-fd-int-roxy-purgeid: 67853739 X-Cache: TCP_MISS
2024-03-28 19:29:46 UTC	548	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	13.107.246.40	443	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:46 UTC	422	OUT	GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1 Host: cxppusa1formui01cdnsa01-endpoint.azureedge.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 19:29:47 UTC	628	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 19:29:47 GMT Content-Type: application/json Content-Length: 1304 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Tue, 27 Feb 2024 09:22:19 GMT ETag: 0x8DC377598F59007 x-ms-request-id: e80f9c91-301e-001b-2546-8198ad000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Allow-Origin: * x-azure-ref: 20240328T192947Z-gzsdptb0vd235eqyhfqzfe0phg00000001rg00000000gbnv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-03-28 19:29:47 UTC	1304	IN	Data Raw: 7b 0d 0a 20 20 22 46 6f 72 6d 46 61 69 6c 65 64 54 6f 4c 6f 61 64 22 3a 20 22 46 61 69 6c 65 64 20 74 6f 20 6c 6f 61 64 20 66 6f 72 6d 22 2c 0d 0a 20 20 22 46 6f 72 6d 46 61 69 6c 65 64 54 6f 4c 6f 61 64 43 6f 72 73 22 3a 20 22 54 68 65 20 66 6f 72 6d 20 63 61 6e 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 20 6f 6e 20 61 20 64 6f 6d 61 69 6e 20 74 68 61 74 20 68 61 73 6e 27 74 20 62 65 65 6e 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 65 78 74 65 72 6e 61 6c 20 66 6f 72 6d 20 68 6f 73 74 69 6e 67 20 6f 72 20 74 68 65 72 65 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 69 73 73 75 65 22 2c 0d 0a 20 20 22 4c 65 61 72 6e 4d 6f 72 65 22 3a 20 22 4c 65 61 72 6e 20 6d 6f 72 65 22 2c 0d 0a 20 20 22 46 6f 72 6d 53 75 62 6d 69 74 74 65 Data Ascii: { "FormFailedToLoad": "Failed to load form", "FormFailedToLoadCors": "The form can not be loaded on a domain that hasn't been allowed for external form hosting or there is a network connectivity issue", "LearnMore": "Learn more", "FormSubmitte

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49745	52.146.76.30	443	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:47 UTC	605	OUT	OPTIONS /api/v1.0/orgs/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/landingpageforms/forms/1c65701d-0ded-ee11-a1ff-00224834daca/visits HTTP/1.1 Host: public-usa.mkt.dynamics.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://assets-usa.mkt.dynamics.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 19:29:47 UTC	383	IN	HTTP/1.1 204 No Content Server: nginx Date: Thu, 28 Mar 2024 19:29:47 GMT Connection: close Access-Control-Allow-Headers: content-type Access-Control-Allow-Methods: GET,POST Access-Control-Allow-Origin: https://assets-usa.mkt.dynamics.com x-ms-trace-id: 777dc2fb252cb584ed4bf0bd55760492 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49746	13.107.246.40	443	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:47 UTC	444	OUT	GET /d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/forms/1c65701d-0ded-ee11-a1ff-00224834daca HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 19:29:47 UTC	609	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 19:29:47 GMT Content-Type: text/html Content-Length: 29376 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=900, must-revalidate x-ms-trace-id: 35ed36e92a09f4c436f8f3cbd125bde9 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff x-azure-ref: 20240328T192947Z-pqtck5q2et6kvek514ag73krts00000001ug000000006725 x-fd-int-roxy-purgeid: 67853739 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-03-28 19:29:47 UTC	15775	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 72 6b 65 74 69 6e 67 20 46 6f 72 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Marketing Form</title> <meta name="referrer" cont
2024-03-28 19:29:47 UTC	13601	IN	Data Raw: 67 69 6e 2d 74 6f 70 3a 20 31 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 74 77 6f 4f 70 74 69 6f 6e 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 64 69 76 2e 72 61 64 69 6f 62 75 74 74 6f 6e 73 20 3e 20 64 69 76 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 74 77 6f 4f 70 74 69 6f 6e 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 64 69 76 2e 74 77 6f 6f 70 74 69 6f 6e 5f 63 68 65 63 6b 62 6f 78 20 3e 20 64 69 76 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 6f 70 74 69 6f 6e 53 65 74 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 64 69 76 2e 72 61 64 69 6f 62 75 74 74 6f 6e 73 20 3e 20 64 69 76 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 6d 75 6c 74 69 4f 70 74 69 6f 6e 53 65 74 46 6f 72 6d 46 69 65 6c 64 42 Data Ascii: gin-top: 16px; } .twoOptionFormFieldBlock div.radiobuttons > div, .twoOptionFormFieldBlock div.twooption_checkbox > div, .optionSetFormFieldBlock div.radiobuttons > div, .multiOptionSetFormFieldB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49748	23.51.58.94	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:47 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-28 19:29:47 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=214441 Date: Thu, 28 Mar 2024 19:29:47 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49747	52.146.76.30	443	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:47 UTC	715	OUT	POST /api/v1.0/orgs/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/landingpageforms/forms/1c65701d-0ded-ee11-a1ff-00224834daca/visits HTTP/1.1 Host: public-usa.mkt.dynamics.com Connection: keep-alive Content-Length: 153 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json Content-Type: application/json sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://assets-usa.mkt.dynamics.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 19:29:47 UTC	153	OUT	Data Raw: 7b 22 70 61 67 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d 69 63 73 2e 63 6f 6d 2f 64 37 37 66 62 31 63 37 2d 39 64 64 66 2d 65 65 31 31 2d 39 30 34 36 2d 30 30 30 64 33 61 39 38 61 64 31 66 2f 64 69 67 69 74 61 6c 61 73 73 65 74 73 2f 73 74 61 6e 64 61 6c 6f 6e 65 66 6f 72 6d 73 2f 31 63 36 35 37 30 31 64 2d 30 64 65 64 2d 65 65 31 31 2d 61 31 66 66 2d 30 30 32 32 34 38 33 34 64 61 63 61 22 7d Data Ascii: {"pageUrl":"https://assets-usa.mkt.dynamics.com/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/digitalassets/standaloneforms/1c65701d-0ded-ee11-a1ff-00224834daca"}
2024-03-28 19:29:48 UTC	366	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 19:29:48 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: https://assets-usa.mkt.dynamics.com x-ms-trace-id: 8862703fbdd26fd60940d399d80637ef Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff
2024-03-28 19:29:48 UTC	54	IN	Data Raw: 32 62 0d 0a 7b 22 69 6e 74 65 72 61 63 74 69 6f 6e 53 74 61 74 75 73 22 3a 30 2c 22 65 72 72 6f 72 4d 65 73 73 61 67 65 22 3a 6e 75 6c 6c 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2b{"interactionStatus":0,"errorMessage":null}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49749	23.51.58.94	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:48 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-28 19:29:48 UTC	456	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 Cache-Control: public, max-age=214388 Date: Thu, 28 Mar 2024 19:29:48 GMT Content-Length: 55 Connection: close X-CID: 2
2024-03-28 19:29:48 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49750	52.146.76.30	443	5932	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 19:29:48 UTC	468	OUT	GET /api/v1.0/orgs/d77fb1c7-9ddf-ee11-9046-000d3a98ad1f/landingpageforms/forms/1c65701d-0ded-ee11-a1ff-00224834daca/visits HTTP/1.1 Host: public-usa.mkt.dynamics.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-03-28 19:29:48 UTC	218	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Thu, 28 Mar 2024 19:29:48 GMT Content-Length: 0 Connection: close x-ms-trace-id: 8d8f20fa44fb0145dd94e8b6423696f1 Strict-Transport-Security: max-age=2592000; preload

Target ID:	0
Start time:	20:29:38
Start date:	28/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	20:29:40
Start date:	28/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=2056,i,14718616948296286658,1544279549036497326,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	20:29:42
Start date:	28/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u43352250.ct.sendgrid.net/ls/click?upn=u001.2TkyzlsQCUugGXuDl-2F-2FHUvoM2ETHNpRvqhUsgZ-2FkMBtQax4rppmJj4bCIHTqvH0YHRnRsXf8CGGu4YpLTNZpZ76bC1bPYcH-2Fs7lPN4w9U413Pp7cIHNkwBCX6uL3j2eBHwg-2BebWrg1KUa82t5ZICcmYo0WQM2kZFkD7HpWk75aUnWOlObXQnYMQDVVFJBSIyJTz-2FcgyQYpE1U8MTbTj4og-3D-3DqsOa_iRxCSnIo8RQB7YNudZaC4Ihhi4-2FeFgLLl2lTQIvavZl96L2C56utm-2Bw7ouDj9FEttxzNo52FQOke1iBijoQooSyWq-2FRY6V54aNK82S-2Bkuf-2BN5nHiy67Pr8M73AscSF4EoUq-2BIyu-2B-2F2VMHADSvnRqwUV3Wv5sOhaz4r56562Hs-2F-2FpAGvb5tdJEMLjsqfOaqTe81fKRLd3TCw-2FD9bJpyEXSA-3D-3D"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4180, Parent PID: 4020

General

Chronological Activities

Analysis Process: chrome.exePID: 5932, Parent PID: 4180

General

Chronological Activities

Analysis Process: chrome.exePID: 6624, Parent PID: 4020

General

Chronological Activities