Windows Analysis Report
https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord

Overview

General Information

Sample URL:	https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord
Analysis ID:	1432227
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.80
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.80
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.80
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.80
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord HTTP/1.1Host: vaultprod.suitextend.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/css/font-awesome.min.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vault/approval-list.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /look/order.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.min.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/jquery.min.js HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.min.js HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.theme.min.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.structure.min.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/extendfiles/filepreviewhandlingwithgatag.js HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /approval/logos/6815832-PRODUCTION/logo.png HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/no_files_found_basic.svg HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/no_files_found_basic.svg HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /approval/logos/6815832-PRODUCTION/logo.png HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: vaultprod.suitextend.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchordAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.168154857.1714147049; _gat_gtag_UA_121414391_2=1; _ga_W2VP5T9SKK=GS1.1.1714147049.1.0.1714147049.60.0.0; _ga=GA1.1.1718992256.1714147049
Source: global traffic	HTTP traffic detected: GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&gjid=1108515948&_gid=168154857.1714147049&_u=YEBAAUAAAAAAACAAI~&z=126485715 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&_u=YEBAAUAAAAAAACAAI~&z=821082346 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&_u=YEBAAUAAAAAAACAAI~&z=821082346 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_76.2.dr, chromecache_66.2.dr

String found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: vaultprod.suitextend.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dhulnj2mbbb02.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net

Source: unknown

HTTP traffic detected: POST /g/collect?v=2&tid=G-W2VP5T9SKK&cid=1718992256.1714147049&gtm=45je44o0v9125432902za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://vaultprod.suitextend.netX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: awselb/2.0Date: Fri, 26 Apr 2024 15:57:33 GMTContent-Type: text/plain; charset=utf-8Content-Length: 0Connection: close

Source: chromecache_73.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_73.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_71.2.dr, chromecache_61.2.dr, chromecache_64.2.dr, chromecache_77.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_61.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&
Source: chromecache_76.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_76.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_68.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/approval/logos/6815832-PRODUCTION/logo.png
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/css/font-awesome.min.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/extendfiles/filepreviewhandlingwithgatag.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.min.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.min.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.structure.min.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.theme.min.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery.min.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/no_files_found_basic.svg
Source: chromecache_74.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/pdf.js/pdf.min.js
Source: chromecache_74.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/pdf.js/pdf.worker.min.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/look/order.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/vault/approval-list.css
Source: chromecache_74.2.dr	String found in binary or memory: https://drive.google.com/
Source: chromecache_59.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:100
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRxC7mw9c.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRxi7mw9c.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRxy7mw9c.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRzS7mw9c.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTPYgFE_.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTjYgFE_.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFkD-vYSZviVYUb_rj3ij__anPXDTnogkk7.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFkD-vYSZviVYUb_rj3ij__anPXDTnohkk72xU.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFkD-vYSZviVYUb_rj3ij__anPXDTnojEk72xU.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFkD-vYSZviVYUb_rj3ij__anPXDTnojUk72xU.woff2)
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_76.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_76.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_68.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_68.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_66.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_68.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_68.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_68.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_68.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_68.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_72.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-121414391-2
Source: chromecache_76.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/36@18/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2028,i,9065570476912844413,18113127387993915333,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2028,i,9065570476912844413,18113127387993915333,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.2.196	www.google.com	United States	15169	GOOGLEUS	false
99.84.252.115	unknown	United States	16509	AMAZON-02US	false
44.229.254.216	k8s-eksextend-a4adbbb174-1873252189.us-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
99.84.252.24	dhulnj2mbbb02.cloudfront.net	United States	16509	AMAZON-02US	false
142.250.217.174	analytics.google.com	United States	15169	GOOGLEUS	false
142.250.64.196	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
74.125.134.157	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
142.251.35.228	unknown	United States	15169	GOOGLEUS	false
172.217.204.156	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
k8s-eksextend-a4adbbb174-1873252189.us-west-2.elb.amazonaws.com	44.229.254.216	true
dhulnj2mbbb02.cloudfront.net	99.84.252.24	true
www.google.com	172.217.2.196	true
analytics.google.com	142.250.217.174	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
stats.g.doubleclick.net	74.125.134.157	true
vaultprod.suitextend.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.min.css	false		high
https://dhulnj2mbbb02.cloudfront.net/common/no_files_found_basic.svg	false		high
https://vaultprod.suitextend.net/favicon.ico	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-W2VP5T9SKK&cid=1718992256.1714147049&gtm=45je44o0v9125432902za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0	false		high
https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.theme.min.css	false		high
https://dhulnj2mbbb02.cloudfront.net/common/css/font-awesome.min.css	false		high
https://analytics.google.com/g/collect?v=2&tid=G-W2VP5T9SKK&gtm=45je44o0v9125432902za200&_p=1714147047820&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=1718992256.1714147049&ul=en-us&sr=1280x1024&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=EAAI&_s=1&sid=1714147049&sct=1&seg=0&dl=https%3A%2F%2Fvaultprod.suitextend.net%2Fv1%2Fapproval%2Fpurchaseorder%2F8ffd726d-a7b1B356a-8e78e5043e7d%3Fid%3D19102619%26rectype%3Dpurchord&dt=Order%20Artwork%20Approval&en=page_view&_fv=1&_ss=1&tfd=13957	false		high
https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord	false		unknown
https://dhulnj2mbbb02.cloudfront.net/common/jquery.min.js	false		high
https://dhulnj2mbbb02.cloudfront.net/approval/logos/6815832-PRODUCTION/logo.png	false		high
https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.min.js	false		high
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&_u=YEBAAUAAAAAAACAAI~&z=821082346	false		high
https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.structure.min.css	false		high
https://dhulnj2mbbb02.cloudfront.net/vault/approval-list.css	false		high
https://dhulnj2mbbb02.cloudfront.net/common/extendfiles/filepreviewhandlingwithgatag.js	false		high
https://dhulnj2mbbb02.cloudfront.net/look/order.css	false		high
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&gjid=1108515948&_gid=168154857.1714147049&_u=YEBAAUAAAAAAACAAI~&z=126485715	false		high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 59	ASCII text, with very long lines (1323), with CRLF line terminators	64BE7774E4D205CBA8A909E43BA3995C	463E52BAC53AEE4DC0297C65DE7C8500316F54E9	FD0060987C945FC9B8BB65671C2F889416DD2393A0E0F16DD0C7E73FF7593E76
Chrome Cache Entry: 60	PNG image data, 777 x 189, 8-bit/color RGB, non-interlaced	DE71C370B1AD2BBB8F6DA9A69C6D6209	433D105F2C111808D19FB1F303F22EF1D5FD7E11	98DB374E3BA9D5B9DC6C5E1AF5D481A6D660925AAC9250398858236BD581AEF7
Chrome Cache Entry: 61	ASCII text, with very long lines (29135)	F9811CCF464E2D58A859E323389D1674	732548911B234D934A0678C6C97EF8BD65E54BD2	4F279CBD2464BEA089320C265BE67C78DC639742A3865924E216FFDE43BC3F2E
Chrome Cache Entry: 62	Web Open Font Format (Version 2), TrueType, length 33092, version 1.0	057478083C1D55EA0C2182B24F6DD72F	CAF557CD276A76992084EFC4C8857B66791A6B7F	BB2F90081933C0F2475883CA2C5CFEE94E96D7314A09433FFFC42E37F4CFFD3B
Chrome Cache Entry: 63	ASCII text	D88C3A3CEBD71D744D37965E06548595	8C6AB2D94974F876398AD58783BB9DFEE62E6393	27021451F3ADA1A889E8663135A0605909EA101FE77011E0A13E242B01B40222
Chrome Cache Entry: 64	ASCII text, with very long lines (15418)	E9116C98B880F22BC5E643EEBC1AA76A	1B4D62AFF5ABEC4C024EF1F18530A550AD550B25	F1EAB2934BC48B230B9F13C0876EFF44BF13A17422E774DFBDF79C3BCCA373FE
Chrome Cache Entry: 65	PNG image data, 777 x 189, 8-bit/color RGB, non-interlaced	DE71C370B1AD2BBB8F6DA9A69C6D6209	433D105F2C111808D19FB1F303F22EF1D5FD7E11	98DB374E3BA9D5B9DC6C5E1AF5D481A6D660925AAC9250398858236BD581AEF7
Chrome Cache Entry: 66	ASCII text, with very long lines (4179)	C44A97082A89E74A79BA41F09707D143	EA5F6A8BB4E878B38618F5C52DD0F106D8BBD3D2	81229FD77BE10237E9621ED049D9BA8BC089624ABE34F1AC68528CAED5AA080C
Chrome Cache Entry: 67	ASCII text, with CRLF line terminators	62C5C103813D1F80AB54421FCEAC8AA8	3913C6190C8DE0B107E1D0B7406524F313733904	4A7B5ADBB2670CDA0A6C6F1A59B9AF6FC398FD1D9D6F3711EA1018B2814A59B2
Chrome Cache Entry: 68	ASCII text, with very long lines (2343)	575B5480531DA4D14E7453E2016FE0BC	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
Chrome Cache Entry: 69	SVG Scalable Vector Graphics image	85DD89D2B6651694E3873FA82BED5AD1	EF337F5D65D5F52A4F09A4CF5982FC1631DFB792	CC281390C24DC050CDCA607BC72142FAD44B364403E74E8B5972697AA6029965
Chrome Cache Entry: 70	SVG Scalable Vector Graphics image	85DD89D2B6651694E3873FA82BED5AD1	EF337F5D65D5F52A4F09A4CF5982FC1631DFB792	CC281390C24DC050CDCA607BC72142FAD44B364403E74E8B5972697AA6029965
Chrome Cache Entry: 71	ASCII text, with very long lines (33326)	65A67998FE130F1B632B2FC4E34FD58A	6373AD330647583AEC649C50FE1763C746633585	86D678B7648D23E544EE6D35831984F76AC3F0AD3C66155DE38DB7F3AF2E0A5F
Chrome Cache Entry: 72	HTML document, ASCII text, with very long lines (304), with CRLF line terminators	A94C8A01A08299C5F19E84B2D63AEC4B	88BEAE135F4F5FEEE9CE56232353F7A3BC2BE027	2B5EEA5E6685BE335881416895AE2FE5C074DE018222873B9041CADFBCD35EFB
Chrome Cache Entry: 73	ASCII text, with very long lines (30837)	269550530CC127B6AA5A35925A7DE6CE	512C7D79033E3028A9BE61B540CF1A6870C896F8	799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
Chrome Cache Entry: 74	ASCII text, with CRLF line terminators	AE24A166F570A213C228A642B7C2A348	4717E77409E2DCD95BC9F9BDFBD14947C7100A4B	C24C18E2696E4B38AAB6F9FD845CE3FC72425C448513C9FB688657A07ABEA9EF
Chrome Cache Entry: 75	ASCII text, with very long lines (65450), with CRLF line terminators	A46FB81762396B7BF2020774A2FB4D9E	FB5EDD7A663DC8DDA7EC10815A7CD82A30FC98A7	D30B6114FB9496AE46B2A8CDF59379C8FFDB957534BD1DD73E626C7C61C7E67D
Chrome Cache Entry: 76	ASCII text, with very long lines (5945)	549955285C9B5F461A16B5D221882DA3	C77821CFF44C164F2891296B2FF0C6A76320C00F	145D48837685D1AA0A8E09960525D64DFD99973D279373D9ABFC3445C45B2FB5
Chrome Cache Entry: 77	ASCII text, with very long lines (13717)	D065898A64D4AEF8C1969DDA0201772D	3A1294852AAF05A8BF4CB1EE1E476294DF03D505	2A74B6197AFD69D6B19AF524F26522BFBCE3B98A8A5576781B10EB3AC4BE2882

There are no high impact signatures.

Source: https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.80
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.80
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.80
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.80
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord HTTP/1.1Host: vaultprod.suitextend.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/css/font-awesome.min.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vault/approval-list.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /look/order.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.min.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/jquery.min.js HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.min.js HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.theme.min.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.structure.min.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/extendfiles/filepreviewhandlingwithgatag.js HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /approval/logos/6815832-PRODUCTION/logo.png HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/no_files_found_basic.svg HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/no_files_found_basic.svg HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /approval/logos/6815832-PRODUCTION/logo.png HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: vaultprod.suitextend.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchordAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.168154857.1714147049; _gat_gtag_UA_121414391_2=1; _ga_W2VP5T9SKK=GS1.1.1714147049.1.0.1714147049.60.0.0; _ga=GA1.1.1718992256.1714147049
Source: global traffic	HTTP traffic detected: GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&gjid=1108515948&_gid=168154857.1714147049&_u=YEBAAUAAAAAAACAAI~&z=126485715 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&_u=YEBAAUAAAAAAACAAI~&z=821082346 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&_u=YEBAAUAAAAAAACAAI~&z=821082346 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_76.2.dr, chromecache_66.2.dr

Source: global traffic	DNS traffic detected: DNS query: vaultprod.suitextend.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dhulnj2mbbb02.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net

Source: unknown

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: awselb/2.0Date: Fri, 26 Apr 2024 15:57:33 GMTContent-Type: text/plain; charset=utf-8Content-Length: 0Connection: close

Source: chromecache_73.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_73.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_71.2.dr, chromecache_61.2.dr, chromecache_64.2.dr, chromecache_77.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_61.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&
Source: chromecache_76.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_76.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_68.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/approval/logos/6815832-PRODUCTION/logo.png
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/css/font-awesome.min.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/extendfiles/filepreviewhandlingwithgatag.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.min.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.min.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.structure.min.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.theme.min.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery.min.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/no_files_found_basic.svg
Source: chromecache_74.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/pdf.js/pdf.min.js
Source: chromecache_74.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/pdf.js/pdf.worker.min.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/look/order.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/vault/approval-list.css
Source: chromecache_74.2.dr	String found in binary or memory: https://drive.google.com/
Source: chromecache_59.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:100
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRxC7mw9c.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRxi7mw9c.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRxy7mw9c.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRzS7mw9c.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTPYgFE_.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTjYgFE_.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFkD-vYSZviVYUb_rj3ij__anPXDTnogkk7.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFkD-vYSZviVYUb_rj3ij__anPXDTnohkk72xU.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFkD-vYSZviVYUb_rj3ij__anPXDTnojEk72xU.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFkD-vYSZviVYUb_rj3ij__anPXDTnojUk72xU.woff2)
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_76.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_76.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_68.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_68.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_66.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_68.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_68.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_68.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_68.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_68.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_72.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-121414391-2
Source: chromecache_76.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/36@18/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2028,i,9065570476912844413,18113127387993915333,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2028,i,9065570476912844413,18113127387993915333,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1432227
Product:	CloudBasic
Start time:	17:56:21
Start date:	26.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord