Edit tour

Windows Analysis Report
https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord

Overview

General Information

Sample URL:	https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord
Analysis ID:	1432227
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1816 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2028,i,9065570476912844413,18113127387993915333,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.80
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.80
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.80
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.80
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord HTTP/1.1Host: vaultprod.suitextend.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/css/font-awesome.min.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vault/approval-list.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /look/order.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.min.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/jquery.min.js HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.min.js HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.theme.min.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.structure.min.css HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/extendfiles/filepreviewhandlingwithgatag.js HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /approval/logos/6815832-PRODUCTION/logo.png HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/no_files_found_basic.svg HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/no_files_found_basic.svg HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /approval/logos/6815832-PRODUCTION/logo.png HTTP/1.1Host: dhulnj2mbbb02.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: vaultprod.suitextend.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchordAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _gid=GA1.2.168154857.1714147049; _gat_gtag_UA_121414391_2=1; _ga_W2VP5T9SKK=GS1.1.1714147049.1.0.1714147049.60.0.0; _ga=GA1.1.1718992256.1714147049
Source: global traffic	HTTP traffic detected: GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&gjid=1108515948&_gid=168154857.1714147049&_u=YEBAAUAAAAAAACAAI~&z=126485715 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&_u=YEBAAUAAAAAAACAAI~&z=821082346 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&_u=YEBAAUAAAAAAACAAI~&z=821082346 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_76.2.dr, chromecache_66.2.dr

String found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: vaultprod.suitextend.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dhulnj2mbbb02.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net

Source: unknown

HTTP traffic detected: POST /g/collect?v=2&tid=G-W2VP5T9SKK&cid=1718992256.1714147049&gtm=45je44o0v9125432902za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://vaultprod.suitextend.netX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://vaultprod.suitextend.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: awselb/2.0Date: Fri, 26 Apr 2024 15:57:33 GMTContent-Type: text/plain; charset=utf-8Content-Length: 0Connection: close

Source: chromecache_73.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_73.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_71.2.dr, chromecache_61.2.dr, chromecache_64.2.dr, chromecache_77.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_61.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&
Source: chromecache_76.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_76.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_68.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/approval/logos/6815832-PRODUCTION/logo.png
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/css/font-awesome.min.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/extendfiles/filepreviewhandlingwithgatag.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.min.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.min.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.structure.min.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.theme.min.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/jquery.min.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/no_files_found_basic.svg
Source: chromecache_74.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/pdf.js/pdf.min.js
Source: chromecache_74.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/common/pdf.js/pdf.worker.min.js
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/look/order.css
Source: chromecache_72.2.dr	String found in binary or memory: https://dhulnj2mbbb02.cloudfront.net/vault/approval-list.css
Source: chromecache_74.2.dr	String found in binary or memory: https://drive.google.com/
Source: chromecache_59.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:100
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRxC7mw9c.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRxi7mw9c.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRxy7mw9c.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRzS7mw9c.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTPYgFE_.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTjYgFE_.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFkD-vYSZviVYUb_rj3ij__anPXDTnogkk7.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFkD-vYSZviVYUb_rj3ij__anPXDTnohkk72xU.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFkD-vYSZviVYUb_rj3ij__anPXDTnojEk72xU.woff2)
Source: chromecache_63.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFkD-vYSZviVYUb_rj3ij__anPXDTnojUk72xU.woff2)
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_76.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_76.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_68.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_68.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_66.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_68.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_68.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_68.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_68.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_76.2.dr, chromecache_66.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_68.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_72.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-121414391-2
Source: chromecache_76.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/36@18/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2028,i,9065570476912844413,18113127387993915333,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2028,i,9065570476912844413,18113127387993915333,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.merchant-center-analytics.goog	0%	URL Reputation	safe
https://vaultprod.suitextend.net/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
k8s-eksextend-a4adbbb174-1873252189.us-west-2.elb.amazonaws.com	44.229.254.216	true	false	high
dhulnj2mbbb02.cloudfront.net	99.84.252.24	true	false	high
www.google.com	172.217.2.196	true	false	high
analytics.google.com	142.250.217.174	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
stats.g.doubleclick.net	74.125.134.157	true	false	high
vaultprod.suitextend.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.min.css	false		high
https://dhulnj2mbbb02.cloudfront.net/common/no_files_found_basic.svg	false		high
https://vaultprod.suitextend.net/favicon.ico	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-W2VP5T9SKK&cid=1718992256.1714147049&gtm=45je44o0v9125432902za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0	false		high
https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.theme.min.css	false		high
https://dhulnj2mbbb02.cloudfront.net/common/css/font-awesome.min.css	false		high
https://analytics.google.com/g/collect?v=2&tid=G-W2VP5T9SKK&gtm=45je44o0v9125432902za200&_p=1714147047820&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=1718992256.1714147049&ul=en-us&sr=1280x1024&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=EAAI&_s=1&sid=1714147049&sct=1&seg=0&dl=https%3A%2F%2Fvaultprod.suitextend.net%2Fv1%2Fapproval%2Fpurchaseorder%2F8ffd726d-a7b1B356a-8e78e5043e7d%3Fid%3D19102619%26rectype%3Dpurchord&dt=Order%20Artwork%20Approval&en=page_view&_fv=1&_ss=1&tfd=13957	false		high
https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord	false		unknown
https://dhulnj2mbbb02.cloudfront.net/common/jquery.min.js	false		high
https://dhulnj2mbbb02.cloudfront.net/approval/logos/6815832-PRODUCTION/logo.png	false		high
https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.min.js	false		high
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&_u=YEBAAUAAAAAAACAAI~&z=821082346	false		high
https://dhulnj2mbbb02.cloudfront.net/common/jquery-ui-1.12.1.netsuite/jquery-ui.structure.min.css	false		high
https://dhulnj2mbbb02.cloudfront.net/vault/approval-list.css	false		high
https://dhulnj2mbbb02.cloudfront.net/common/extendfiles/filepreviewhandlingwithgatag.js	false		high
https://dhulnj2mbbb02.cloudfront.net/look/order.css	false		high
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&gjid=1108515948&_gid=168154857.1714147049&_u=YEBAAUAAAAAAACAAI~&z=126485715	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	chromecache_73.2.dr	false		high
https://stats.g.doubleclick.net/g/collect	chromecache_76.2.dr	false		high
http://jqueryui.com	chromecache_71.2.dr, chromecache_61.2.dr, chromecache_64.2.dr, chromecache_77.2.dr	false		high
https://tagassistant.google.com/	chromecache_68.2.dr	false		high
http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&	chromecache_61.2.dr	false		high
https://adservice.google.com/pagead/regclk	chromecache_76.2.dr	false		high
https://ampcid.google.com/v1/publisher:getClientId	chromecache_68.2.dr	false		high
https://cct.google/taggy/agent.js	chromecache_76.2.dr, chromecache_66.2.dr	false	URL Reputation: safe URL Reputation: safe	unknown
http://fontawesome.io/license	chromecache_73.2.dr	false		high
https://www.google.com	chromecache_76.2.dr, chromecache_66.2.dr	false		high
https://www.google.com/ads/ga-audiences	chromecache_68.2.dr	false		high
https://www.google.%/ads/ga-audiences	chromecache_68.2.dr	false	URL Reputation: safe	low
https://drive.google.com/	chromecache_74.2.dr	false		high
https://td.doubleclick.net	chromecache_76.2.dr, chromecache_66.2.dr	false		high
https://dhulnj2mbbb02.cloudfront.net/common/pdf.js/pdf.min.js	chromecache_74.2.dr	false		high
https://www.merchant-center-analytics.goog	chromecache_76.2.dr	false	URL Reputation: safe	unknown
https://stats.g.doubleclick.net/g/collect?v=2&	chromecache_76.2.dr	false		high
https://stats.g.doubleclick.net/j/collect	chromecache_68.2.dr	false		high
https://dhulnj2mbbb02.cloudfront.net/common/pdf.js/pdf.worker.min.js	chromecache_74.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.2.196	www.google.com	United States	15169	GOOGLEUS	false
99.84.252.115	unknown	United States	16509	AMAZON-02US	false
44.229.254.216	k8s-eksextend-a4adbbb174-1873252189.us-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
99.84.252.24	dhulnj2mbbb02.cloudfront.net	United States	16509	AMAZON-02US	false
142.250.217.174	analytics.google.com	United States	15169	GOOGLEUS	false
142.250.64.196	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
74.125.134.157	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
142.251.35.228	unknown	United States	15169	GOOGLEUS	false
172.217.204.156	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432227
Start date and time:	2024-04-26 17:56:21 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/36@18/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.64.195, 142.251.107.84, 142.251.35.238, 34.104.35.123, 20.12.23.50, 142.250.64.202, 199.232.210.172, 142.250.64.232, 192.229.211.108, 142.250.217.227, 192.178.50.78, 13.95.31.18, 142.250.189.142, 20.166.126.56, 142.250.217.195
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, www.googletagmanager.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net, www.google-analytics.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1323), with CRLF line terminators
Category:	downloaded
Size (bytes):	12113
Entropy (8bit):	5.2637372714370265
Encrypted:	false
SSDEEP:	192:l7Gv1lTVHAqpLHs+BI2tieJVPCO+vHLO2zWscwqJHddmtj7U:lK99VHAurP3COqr/WscwqJHddmtjA
MD5:	64BE7774E4D205CBA8A909E43BA3995C
SHA1:	463E52BAC53AEE4DC0297C65DE7C8500316F54E9
SHA-256:	FD0060987C945FC9B8BB65671C2F889416DD2393A0E0F16DD0C7E73FF7593E76
SHA-512:	0254808A6BEAA8B25B5CE5303E21E3283F2302DFE7ECB344342CEEC22E94B1846DB96C143CD26D3CCC5124B404375A447C0EE23065C2C722877196FD45463A46
Malicious:	false
Reputation:	low
URL:	https://dhulnj2mbbb02.cloudfront.net/vault/approval-list.css
Preview:	@import url('https://fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i\|Playfair+Display:400,400i,700,700i,900,900i');..@import normalize.css;...clearfix {clear: both;..}.....clearfix:before,.clearfix:after {...content: "";...display: table;..}.....clearfix:after {...clear: both;..}..* {...box-sizing: border-box;..}..body {...margin-left: auto;...margin-right: auto;...width: 92%;.../* max-width: 1200px; /...padding-left: 2.275%;...padding-right: 2.275%;.. font-family: 'Montserrat', sans-serif;.. color: #535252;..}....a {...color: #fff;...text-decoration: none;..}......h1 {...margin: 0;...font-size: 8pt;...text-align: center;..}..h2 {...width: 100%;.. color: #5988da;.. / text-align: right; /.. margin: 0;.. text-transform: uppercase;.. font-size: 20pt;.. font-weight: 700;..}..h3{.../ text-align: right; */.. margin: 0;.. font-weight: normal;.. font-size: 14pt;..}..h4 {...margin: 0 10px 0 0;.. font-size: 13

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 17:57:15.065642118 CEST	53	57457	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:15.074208975 CEST	53	61430	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:17.252577066 CEST	60658	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:17.255403996 CEST	51593	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:17.395163059 CEST	53	60658	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:17.398844957 CEST	53	51593	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:17.574054003 CEST	53	50499	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:19.192498922 CEST	56756	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:19.192898989 CEST	60929	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:19.317981005 CEST	53	56756	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:19.318252087 CEST	53	60929	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:24.262909889 CEST	56036	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:24.263469934 CEST	63450	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:24.391732931 CEST	53	63450	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:24.406595945 CEST	53	56036	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:27.929486036 CEST	62091	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:27.929878950 CEST	50643	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:28.049779892 CEST	53	56208	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:28.061925888 CEST	53	50643	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:28.063931942 CEST	53	62091	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:28.225553989 CEST	53	58281	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:32.687619925 CEST	64827	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:32.687757015 CEST	59767	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:32.689188004 CEST	59773	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:32.689340115 CEST	61930	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:32.812773943 CEST	53	64827	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:32.812936068 CEST	53	59767	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:32.814162970 CEST	53	59773	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:32.814547062 CEST	53	61930	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:34.055608988 CEST	53	64965	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:34.294956923 CEST	138	138	192.168.2.4	192.168.2.255
Apr 26, 2024 17:57:35.015175104 CEST	64311	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:35.015844107 CEST	65461	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:35.021760941 CEST	49298	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:35.022223949 CEST	51566	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:35.140479088 CEST	53	64311	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:35.141113043 CEST	53	65461	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:35.147402048 CEST	53	49298	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:35.148211956 CEST	53	51566	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:37.626084089 CEST	53	63531	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:38.718230009 CEST	55748	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:38.718414068 CEST	57759	53	192.168.2.4	1.1.1.1
Apr 26, 2024 17:57:38.843374968 CEST	53	57759	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:38.843732119 CEST	53	55748	1.1.1.1	192.168.2.4
Apr 26, 2024 17:57:56.704567909 CEST	53	53582	1.1.1.1	192.168.2.4
Apr 26, 2024 17:58:14.901778936 CEST	53	62647	1.1.1.1	192.168.2.4
Apr 26, 2024 17:58:20.162837029 CEST	53	52779	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:18 UTC	753	OUT	GET /v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord HTTP/1.1 Host: vaultprod.suitextend.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:19 UTC	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 15:57:19 GMT Content-Type: text/html Content-Length: 24496 Connection: close x-request-id: Root=1-662bcede-18a777c109fd4ba208ebe215 X-Robots-Tag: noindex
2024-04-26 15:57:19 UTC	16182	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4f 72 64 65 72 20 41 72 74 77 6f 72 6b 20 41 70 70 72 6f 76 61 6c 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 68 75 6c 6e 6a 32 6d 62 62 62 30 32 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e Data Ascii: <!doctype html><html> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Order Artwork Approval</title> <link rel="stylesheet" href="https://dhulnj2mbbb02.cloudfront.
2024-04-26 15:57:19 UTC	8314	IN	Data Raw: 6c 74 22 3e 41 70 70 72 6f 76 65 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 69 64 3d 22 72 65 6a 65 63 74 42 75 74 74 6f 6e 24 7b 28 69 2b 31 29 7d 22 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 2e 35 70 78 3b 22 20 63 6c 61 73 73 3d 22 72 62 74 6e 20 62 74 6e 20 62 74 6e 2d 64 65 66 61 75 6c 74 22 3e 52 65 6a 65 63 74 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 60 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 55 73 65 72 20 4e 61 6d 65 20 48 74 6d 6c 2e 0d 0a 20 20 20 20 20 20 20 20 6c 65 74 20 75 73 65 72 4e 61 6d 65 48 74 6d 6c 20 3d 20 60 60 3b 0d 0a 20 20 20 20 20 20 20 20 2f 2f 20 69 66 28 28 72 65 63 6f 72 Data Ascii: lt">Approve</button> <button type="button" id="rejectButton${(i+1)}" style="margin-left:2.5px;" class="rbtn btn btn-default">Reject</button> </div>`; // User Name Html. let userNameHtml = ``; // if((recor

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:24 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 15:57:24 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=54381 Date: Fri, 26 Apr 2024 15:57:24 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:24 UTC	581	OUT	GET /common/css/font-awesome.min.css HTTP/1.1 Host: dhulnj2mbbb02.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:25 UTC	498	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 31000 Connection: close Date: Fri, 26 Apr 2024 15:57:26 GMT Last-Modified: Sun, 15 Apr 2018 17:40:44 GMT ETag: "269550530cc127b6aa5a35925a7de6ce" x-amz-version-id: 7owoREQdyGJrr0kckef3AROlqzvLKM8M Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 3a19b902285148c2a53af8571832b7a4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-P6 X-Amz-Cf-Id: OfPEwsU0JONqij36OAPkepOlTBTQCZdtpFSXh98SGT0fVzWEwoUi5w==
2024-04-26 15:57:25 UTC	15886	IN	Data Raw: 2f 2a 21 0a 20 2a 20 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 34 2e 37 2e 30 20 62 79 20 40 64 61 76 65 67 61 6e 64 79 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 20 2d 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 0a 20 2a 20 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 2f 6c 69 63 65 6e 73 65 20 28 46 6f 6e 74 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 53 53 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 2f 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 46 6f 6e 74 41 77 65 73 6f 6d 65 27 3b 73 72 63 3a 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 65 6f 74 3f 76 3d 34 2e 37 2e 30 27 29 3b 73 Data Ascii: /! Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.7.0');s
2024-04-26 15:57:25 UTC	1596	IN	Data Raw: 74 2d 61 6d 6f 75 6e 74 2d 64 65 73 63 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 31 22 7d 2e 66 61 2d 73 6f 72 74 2d 6e 75 6d 65 72 69 63 2d 61 73 63 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 32 22 7d 2e 66 61 2d 73 6f 72 74 2d 6e 75 6d 65 72 69 63 2d 64 65 73 63 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 33 22 7d 2e 66 61 2d 74 68 75 6d 62 73 2d 75 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 34 22 7d 2e 66 61 2d 74 68 75 6d 62 73 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 35 22 7d 2e 66 61 2d 79 6f 75 74 75 62 65 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 36 36 22 7d 2e 66 61 2d 79 6f 75 74 75 62 65 Data Ascii: t-amount-desc:before{content:"\f161"}.fa-sort-numeric-asc:before{content:"\f162"}.fa-sort-numeric-desc:before{content:"\f163"}.fa-thumbs-up:before{content:"\f164"}.fa-thumbs-down:before{content:"\f165"}.fa-youtube-square:before{content:"\f166"}.fa-youtube
2024-04-26 15:57:25 UTC	13518	IN	Data Raw: 66 31 38 64 22 7d 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 6f 2d 72 69 67 68 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 38 65 22 7d 2e 66 61 2d 61 72 72 6f 77 2d 63 69 72 63 6c 65 2d 6f 2d 6c 65 66 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 39 30 22 7d 2e 66 61 2d 74 6f 67 67 6c 65 2d 6c 65 66 74 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 63 61 72 65 74 2d 73 71 75 61 72 65 2d 6f 2d 6c 65 66 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 39 31 22 7d 2e 66 61 2d 64 6f 74 2d 63 69 72 63 6c 65 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 39 32 22 7d 2e 66 61 2d 77 68 65 65 6c 63 68 61 69 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 31 39 33 22 7d 2e 66 61 2d 76 69 Data Ascii: f18d"}.fa-arrow-circle-o-right:before{content:"\f18e"}.fa-arrow-circle-o-left:before{content:"\f190"}.fa-toggle-left:before,.fa-caret-square-o-left:before{content:"\f191"}.fa-dot-circle-o:before{content:"\f192"}.fa-wheelchair:before{content:"\f193"}.fa-vi

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:24 UTC	573	OUT	GET /vault/approval-list.css HTTP/1.1 Host: dhulnj2mbbb02.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:25 UTC	536	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 12113 Connection: close Date: Fri, 26 Apr 2024 15:57:26 GMT Last-Modified: Mon, 06 Nov 2023 13:16:43 GMT ETag: "64be7774e4d205cba8a909e43ba3995c" x-amz-server-side-encryption: AES256 x-amz-version-id: ipycDempKzbex7OEFFJ_0SAciJPiEfpw Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 b0a964693e0264710e25444c0dcc6040.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-P6 X-Amz-Cf-Id: _Vn9YKtNTflrPuiB3ZUUk5eO4dwULHXS2pey4dYKNo_pk3II0Hhizw==
2024-04-26 15:57:25 UTC	12113	IN	Data Raw: 40 69 6d 70 6f 72 74 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 31 30 30 2c 31 30 30 69 2c 32 30 30 2c 32 30 30 69 2c 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 35 30 30 2c 35 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 2c 39 30 30 2c 39 30 30 69 7c 50 6c 61 79 66 61 69 72 2b 44 69 73 70 6c 61 79 3a 34 30 30 2c 34 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 39 30 30 2c 39 30 30 69 27 29 3b 0d 0a 40 69 6d 70 6f 72 74 20 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 3b 0d 0a 2e 63 6c 65 61 72 66 69 78 20 7b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 0d 0a 7d 0d 0a 0d 0a 2e 63 6c 65 61 72 66 Data Ascii: @import url('https://fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i\|Playfair+Display:400,400i,700,700i,900,900i');@import normalize.css;.clearfix {clear: both;}.clearf

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:24 UTC	564	OUT	GET /look/order.css HTTP/1.1 Host: dhulnj2mbbb02.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:25 UTC	497	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 2032 Connection: close Date: Fri, 26 Apr 2024 15:57:26 GMT Last-Modified: Mon, 28 Feb 2022 13:25:13 GMT ETag: "62c5c103813d1f80ab54421fceac8aa8" x-amz-version-id: g9aHwoEnKXJNN0aCzgMt2xptjuBjIMbL Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 d405a04cd8ea9f4d044583a524ca1060.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-P6 X-Amz-Cf-Id: M5kVDgbAJftd8rE_JCCU0HZ7VMD_U7Bo7kbaqx6yebOJWppgYc_bGw==
2024-04-26 15:57:25 UTC	1530	IN	Data Raw: 2e 72 65 73 70 6f 6e 73 69 76 65 2d 74 61 62 73 2d 77 72 61 70 70 65 72 20 7b 09 63 6c 65 61 72 3a 20 62 6f 74 68 3b 20 09 7a 6f 6f 6d 3a 20 31 3b 0d 0a 7d 0d 0a 2e 72 65 73 70 6f 6e 73 69 76 65 2d 74 61 62 73 2d 77 72 61 70 70 65 72 3a 62 65 66 6f 72 65 2c 20 2e 72 65 73 70 6f 6e 73 69 76 65 2d 74 61 62 73 2d 77 72 61 70 70 65 72 3a 61 66 74 65 72 20 7b 20 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 3b 7d 0d 0a 2e 72 65 73 70 6f 6e 73 69 76 65 2d 74 61 62 73 2d 77 72 61 70 70 65 72 3a 61 66 74 65 72 20 7b 20 20 20 20 63 6c 65 61 72 3a 20 62 6f 74 68 3b 7d 0d 0a 0d 0a 2e 72 65 73 70 6f 6e 73 69 76 65 2d 74 61 62 73 5f 5f 6c 69 73 74 20 7b 0d 0a 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0d 0a 09 6a 75 73 74 69 66 79 Data Ascii: .responsive-tabs-wrapper {clear: both; zoom: 1;}.responsive-tabs-wrapper:before, .responsive-tabs-wrapper:after { content: ""; display: table;}.responsive-tabs-wrapper:after { clear: both;}.responsive-tabs__list {display: flex;justify
2024-04-26 15:57:25 UTC	502	IN	Data Raw: 69 64 20 23 63 66 64 30 63 66 3b 20 20 2a 2f 0d 0a 09 2f 2a 20 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 33 70 78 20 33 70 78 20 32 70 78 20 23 61 36 61 36 61 36 3b 20 2a 2f 0d 0a 09 2f 2a 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 33 70 78 20 33 70 78 20 32 70 78 20 23 61 36 61 36 61 36 3b 20 2a 2f 0d 0a 7d 0d 0a 0d 0a 0d 0a 2e 6d 61 69 6e 43 6f 6e 74 65 6e 74 20 2e 73 65 63 74 69 6f 6e 31 20 68 32 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 35 70 78 3b 7d 0d 0a 0d 0a 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 20 3a 20 32 38 35 70 78 29 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 20 3a 20 37 36 37 70 78 29 20 7b 0d 0a 0d 0a 2e 74 61 62 73 65 63 Data Ascii: id #cfd0cf; // -moz-box-shadow: 3px 3px 2px #a6a6a6; // box-shadow: 3px 3px 2px #a6a6a6; */}.mainContent .section1 h2{margin-top: 0; margin-bottom: 5px;}@media only screen and (min-width : 285px) and (max-width : 767px) {.tabsec

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:24 UTC	600	OUT	GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.min.css HTTP/1.1 Host: dhulnj2mbbb02.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:25 UTC	498	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 30747 Connection: close Date: Fri, 26 Apr 2024 15:57:26 GMT Last-Modified: Tue, 23 Jan 2018 07:46:19 GMT ETag: "f9811ccf464e2d58a859e323389d1674" x-amz-version-id: zRRlkJIxpvRV77te2dDTBdLleTCdjT24 Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 220c160e931ebb2d210c2607f9dec102.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-P6 X-Amz-Cf-Id: sZ36--MP1iiGbgt3nxbkEoFwvwQGJcp3fqqo_auqVdhdFfdtVFQzbg==
2024-04-26 15:57:25 UTC	15886	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 55 49 20 2d 20 76 31 2e 31 32 2e 31 20 2d 20 32 30 31 38 2d 30 31 2d 32 31 0a 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 75 69 2e 63 6f 6d 0a 2a 20 49 6e 63 6c 75 64 65 73 3a 20 64 72 61 67 67 61 62 6c 65 2e 63 73 73 2c 20 63 6f 72 65 2e 63 73 73 2c 20 72 65 73 69 7a 61 62 6c 65 2e 63 73 73 2c 20 73 65 6c 65 63 74 61 62 6c 65 2e 63 73 73 2c 20 73 6f 72 74 61 62 6c 65 2e 63 73 73 2c 20 61 63 63 6f 72 64 69 6f 6e 2e 63 73 73 2c 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 2e 63 73 73 2c 20 6d 65 6e 75 2e 63 73 73 2c 20 62 75 74 74 6f 6e 2e 63 73 73 2c 20 63 6f 6e 74 72 6f 6c 67 72 6f 75 70 2e 63 73 73 2c 20 63 68 65 63 6b 62 6f 78 72 61 64 69 6f 2e 63 73 73 2c 20 64 61 74 65 70 69 63 6b 65 72 2e 63 73 73 2c 20 64 69 61 6c 6f 67 Data Ascii: /! jQuery UI - v1.12.1 - 2018-01-21 http://jqueryui.com* Includes: draggable.css, core.css, resizable.css, selectable.css, sortable.css, accordion.css, autocomplete.css, menu.css, button.css, controlgroup.css, checkboxradio.css, datepicker.css, dialog
2024-04-26 15:57:25 UTC	104	IN	Data Raw: 69 67 68 74 3a 35 30 25 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 35 65 6d 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 3b 64 69 73 70 6c 61 79 3a 62 6c Data Ascii: ight:50%;font-size:.5em;padding:0;margin:0;text-align:center;position:absolute;cursor:default;display:bl
2024-04-26 15:57:25 UTC	1491	IN	Data Raw: 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 72 69 67 68 74 3a 30 7d 2e 75 69 2d 73 70 69 6e 6e 65 72 20 61 2e 75 69 2d 73 70 69 6e 6e 65 72 2d 62 75 74 74 6f 6e 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 75 69 2d 73 70 69 6e 6e 65 72 2d 75 70 7b 74 6f 70 3a 30 7d 2e 75 69 2d 73 70 69 6e 6e 65 72 2d 64 6f 77 6e 7b 62 6f 74 74 6f 6d 3a 30 7d 2e 75 69 2d 74 61 62 73 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 70 61 64 64 69 6e 67 3a 2e 32 65 6d 7d 2e 75 69 2d 74 61 62 73 20 2e 75 69 2d 74 61 62 73 2d 6e 61 76 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e Data Ascii: ock;overflow:hidden;right:0}.ui-spinner a.ui-spinner-button{border-top-style:none;border-bottom-style:none;border-right-style:none}.ui-spinner-up{top:0}.ui-spinner-down{bottom:0}.ui-tabs{position:relative;padding:.2em}.ui-tabs .ui-tabs-nav{margin:0;paddin
2024-04-26 15:57:25 UTC	13266	IN	Data Raw: 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 75 69 2d 77 69 64 67 65 74 2d 68 65 61 64 65 72 20 61 7b 63 6f 6c 6f 72 3a 23 33 33 33 7d 2e 75 69 2d 73 74 61 74 65 2d 64 65 66 61 75 6c 74 2c 2e 75 69 2d 77 69 64 67 65 74 2d 63 6f 6e 74 65 6e 74 20 2e 75 69 2d 73 74 61 74 65 2d 64 65 66 61 75 6c 74 2c 2e 75 69 2d 77 69 64 67 65 74 2d 68 65 61 64 65 72 20 2e 75 69 2d 73 74 61 74 65 2d 64 65 66 61 75 6c 74 2c 2e 75 69 2d 62 75 74 74 6f 6e 2c 68 74 6d 6c 20 2e 75 69 2d 62 75 74 74 6f 6e 2e 75 69 2d 73 74 61 74 65 2d 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 2c 68 74 6d 6c 20 2e 75 69 2d 62 75 74 74 6f 6e 2e 75 69 2d 73 74 61 74 65 2d 64 69 73 61 62 6c 65 64 3a 61 63 74 69 76 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 63 35 63 35 63 35 3b Data Ascii: ont-weight:bold}.ui-widget-header a{color:#333}.ui-state-default,.ui-widget-content .ui-state-default,.ui-widget-header .ui-state-default,.ui-button,html .ui-button.ui-state-disabled:hover,html .ui-button.ui-state-disabled:active{border:1px solid #c5c5c5;

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:24 UTC	556	OUT	GET /common/jquery.min.js HTTP/1.1 Host: dhulnj2mbbb02.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:25 UTC	512	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 86927 Connection: close Date: Fri, 26 Apr 2024 15:57:26 GMT Last-Modified: Sun, 15 Apr 2018 17:58:54 GMT ETag: "a46fb81762396b7bf2020774a2fb4d9e" x-amz-version-id: e_suS1cp3rhhb2e_6FcyeDUMRxhCw8Si Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 057ff4ba48365f422cbc1613181e9680.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-P6 X-Amz-Cf-Id: 6VcJQWXLYhFwM7IdGWgtZc4g3WvW7N-4ZZ8Pp4VbInYffQLDzWHcOA==
2024-04-26 15:57:25 UTC	15872	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 33 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 Data Ascii: /! jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery
2024-04-26 15:57:25 UTC	118	IN	Data Raw: 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 76 3a 31 3d 3d 3d 70 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 78 26 26 28 6d 26 26 28 28 63 3d 28 66 3d 70 5b 62 5d 7c 7c 28 70 5b 62 5d 3d 7b 7d 29 29 5b 70 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 66 5b 70 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 65 5d 3d 5b 54 2c 78 5d 29 2c 70 3d 3d 3d Data Ascii: me.toLowerCase()===v:1===p.nodeType)&&++x&&(m&&((c=(f=p[b]\|\|(p[b]={}))[p.uniqueID]\|\|(f[p.uniqueID]={}))[e]=[T,x]),p===
2024-04-26 15:57:25 UTC	995	IN	Data Raw: 74 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 28 78 2d 3d 69 29 3d 3d 3d 72 7c 7c 78 25 72 3d 3d 30 26 26 78 2f 72 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 69 3d 72 2e 70 73 65 75 64 6f 73 5b 65 5d 7c 7c 72 2e 73 65 74 46 69 6c 74 65 72 73 5b 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 6f 65 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 65 29 3b 72 65 74 75 72 6e 20 69 5b 62 5d 3f 69 28 74 29 3a 69 2e 6c 65 6e 67 74 68 3e 31 3f 28 6e 3d 5b 65 2c 65 2c 22 22 2c 74 5d 2c 72 2e 73 65 74 46 69 6c 74 65 72 73 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3f 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 2c Data Ascii: t))break;return(x-=i)===r\|\|x%r==0&&x/r>=0}}},PSEUDO:function(e,t){var n,i=r.pseudos[e]\|\|r.setFilters[e.toLowerCase()]\|\|oe.error("unsupported pseudo: "+e);return i[b]?i(t):i.length>1?(n=[e,e,"",t],r.setFilters.hasOwnProperty(e.toLowerCase())?se(function(e,
2024-04-26 15:57:25 UTC	16384	IN	Data Raw: 29 29 3d 3d 3d 65 7c 7c 30 3d 3d 3d 6e 2e 69 6e 64 65 78 4f 66 28 65 2b 22 2d 22 29 7d 77 68 69 6c 65 28 28 74 3d 74 2e 70 61 72 65 6e 74 4e 6f 64 65 29 26 26 31 3d 3d 3d 74 2e 6e 6f 64 65 54 79 70 65 29 3b 72 65 74 75 72 6e 21 31 7d 7d 29 2c 74 61 72 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 65 2e 6c 6f 63 61 74 69 6f 6e 26 26 65 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 72 65 74 75 72 6e 20 6e 26 26 6e 2e 73 6c 69 63 65 28 31 29 3d 3d 3d 74 2e 69 64 7d 2c 72 6f 6f 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 68 7d 2c 66 6f 63 75 73 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 64 2e 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 26 26 28 21 64 2e 68 61 73 46 6f 63 75 73 7c 7c 64 Data Ascii: ))===e\|\|0===n.indexOf(e+"-")}while((t=t.parentNode)&&1===t.nodeType);return!1}}),target:function(t){var n=e.location&&e.location.hash;return n&&n.slice(1)===t.id},root:function(e){return e===h},focus:function(e){return e===d.activeElement&&(!d.hasFocus\|\|d
2024-04-26 15:57:25 UTC	16384	IN	Data Raw: 2c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 28 6e 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 72 29 29 29 7b 74 72 79 7b 6e 3d 74 65 28 6e 29 7d 63 61 74 63 68 28 65 29 7b 7d 4b 2e 73 65 74 28 65 2c 74 2c 6e 29 7d 65 6c 73 65 20 6e 3d 76 6f 69 64 20 30 3b 72 65 74 75 72 6e 20 6e 7d 77 2e 65 78 74 65 6e 64 28 7b 68 61 73 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4b 2e 68 61 73 44 61 74 61 28 65 29 7c 7c 4a 2e 68 61 73 44 61 74 61 28 65 29 7d 2c 64 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 4b 2e 61 63 63 65 73 73 28 65 2c 74 2c 6e 29 7d 2c 72 65 6d 6f 76 65 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 4b 2e 72 65 6d 6f 76 65 28 65 2c 74 29 7d 2c 5f 64 61 74 61 3a 66 Data Ascii: ,"string"==typeof(n=e.getAttribute(r))){try{n=te(n)}catch(e){}K.set(e,t,n)}else n=void 0;return n}w.extend({hasData:function(e){return K.hasData(e)\|\|J.hasData(e)},data:function(e,t,n){return K.access(e,t,n)},removeData:function(e,t){K.remove(e,t)},_data:f
2024-04-26 15:57:25 UTC	1938	IN	Data Raw: 70 65 6e 64 28 65 29 7d 2c 6e 75 6c 6c 2c 65 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 72 65 70 6c 61 63 65 57 69 74 68 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 5b 5d 3b 72 65 74 75 72 6e 20 52 65 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 77 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 65 29 3c 30 26 26 28 77 2e 63 6c 65 61 6e 44 61 74 61 28 79 65 28 74 68 69 73 29 29 2c 6e 26 26 6e 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 74 2c 74 68 69 73 29 29 7d 2c 65 29 7d 7d 29 2c 77 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 Data Ascii: pend(e)},null,e,arguments.length)},replaceWith:function(){var e=[];return Re(this,arguments,function(t){var n=this.parentNode;w.inArray(this,e)<0&&(w.cleanData(ye(this)),n&&n.replaceChild(t,this))},e)}}),w.each({appendTo:"append",prependTo:"prepend",inser
2024-04-26 15:57:25 UTC	16384	IN	Data Raw: 6d 69 6e 57 69 64 74 68 3d 69 2c 73 2e 6d 61 78 57 69 64 74 68 3d 6f 29 29 2c 76 6f 69 64 20 30 21 3d 3d 61 3f 61 2b 22 22 3a 61 7d 66 75 6e 63 74 69 6f 6e 20 5f 65 28 65 2c 74 29 7b 72 65 74 75 72 6e 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 65 28 29 29 72 65 74 75 72 6e 28 74 68 69 73 2e 67 65 74 3d 74 29 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 64 65 6c 65 74 65 20 74 68 69 73 2e 67 65 74 7d 7d 7d 76 61 72 20 7a 65 3d 2f 5e 28 6e 6f 6e 65 7c 74 61 62 6c 65 28 3f 21 2d 63 5b 65 61 5d 29 2e 2b 29 2f 2c 58 65 3d 2f 5e 2d 2d 2f 2c 55 65 3d 7b 70 6f 73 69 74 69 6f 6e 3a 22 61 62 73 6f 6c 75 74 65 22 2c 76 69 73 69 62 69 6c 69 74 79 3a 22 68 69 64 64 65 6e 22 2c 64 69 73 70 6c 61 79 3a 22 62 6c 6f 63 6b 22 7d 2c Data Ascii: minWidth=i,s.maxWidth=o)),void 0!==a?a+"":a}function _e(e,t){return{get:function(){if(!e())return(this.get=t).apply(this,arguments);delete this.get}}}var ze=/^(none\|table(?!-c[ea]).+)/,Xe=/^--/,Ue={position:"absolute",visibility:"hidden",display:"block"},
2024-04-26 15:57:25 UTC	16384	IN	Data Raw: 64 7c 7c 21 4e 28 6e 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 22 6f 70 74 67 72 6f 75 70 22 29 29 29 7b 69 66 28 74 3d 77 28 6e 29 2e 76 61 6c 28 29 2c 61 29 72 65 74 75 72 6e 20 74 3b 73 2e 70 75 73 68 28 74 29 7d 72 65 74 75 72 6e 20 73 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 3d 65 2e 6f 70 74 69 6f 6e 73 2c 6f 3d 77 2e 6d 61 6b 65 41 72 72 61 79 28 74 29 2c 61 3d 69 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 61 2d 2d 29 28 28 72 3d 69 5b 61 5d 29 2e 73 65 6c 65 63 74 65 64 3d 77 2e 69 6e 41 72 72 61 79 28 77 2e 76 61 6c 48 6f 6f 6b 73 2e 6f 70 74 69 6f 6e 2e 67 65 74 28 72 29 2c 6f 29 3e 2d 31 29 26 26 28 6e 3d 21 30 29 3b 72 65 74 75 72 6e 20 6e 7c 7c 28 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 3d 2d 31 29 Data Ascii: d\|\|!N(n.parentNode,"optgroup"))){if(t=w(n).val(),a)return t;s.push(t)}return s},set:function(e,t){var n,r,i=e.options,o=w.makeArray(t),a=i.length;while(a--)((r=i[a]).selected=w.inArray(w.valHooks.option.get(r),o)>-1)&&(n=!0);return n\|\|(e.selectedIndex=-1)
2024-04-26 15:57:25 UTC	2468	IN	Data Raw: 65 74 75 72 6e 20 74 68 69 73 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 3b 77 68 69 6c 65 28 65 26 26 22 73 74 61 74 69 63 22 3d 3d 3d 77 2e 63 73 73 28 65 2c 22 70 6f 73 69 74 69 6f 6e 22 29 29 65 3d 65 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 3b 72 65 74 75 72 6e 20 65 7c 7c 62 65 7d 29 7d 7d 29 2c 77 2e 65 61 63 68 28 7b 73 63 72 6f 6c 6c 4c 65 66 74 3a 22 70 61 67 65 58 4f 66 66 73 65 74 22 2c 73 63 72 6f 6c 6c 54 6f 70 3a 22 70 61 67 65 59 4f 66 66 73 65 74 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 70 61 67 65 59 4f 66 66 73 65 74 22 3d 3d 3d 74 3b 77 2e 66 6e 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 72 29 7b 72 65 74 75 72 6e 20 7a 28 74 68 69 73 2c Data Ascii: eturn this.map(function(){var e=this.offsetParent;while(e&&"static"===w.css(e,"position"))e=e.offsetParent;return e\|\|be})}}),w.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(e,t){var n="pageYOffset"===t;w.fn[e]=function(r){return z(this,

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:25 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 15:57:25 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=54374 Date: Fri, 26 Apr 2024 15:57:25 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 15:57:25 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:26 UTC	592	OUT	GET /common/jquery-ui-1.12.1.netsuite/jquery-ui.theme.min.css HTTP/1.1 Host: dhulnj2mbbb02.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:26 UTC	498	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 13847 Connection: close Date: Fri, 26 Apr 2024 15:57:27 GMT Last-Modified: Tue, 23 Jan 2018 07:46:23 GMT ETag: "d065898a64d4aef8c1969dda0201772d" x-amz-version-id: 5KLRBb7THh.7M7dmk8N4SEOtaeB_SPwr Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 db92199760e6e1efe8937d831affcb84.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-P6 X-Amz-Cf-Id: D-4i5zcXz5V7k9L3cI9U0BN-Dt1Ta7eWRelBsbuT-IeQozmlIooUhA==
2024-04-26 15:57:26 UTC	13847	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 55 49 20 2d 20 76 31 2e 31 32 2e 31 20 2d 20 32 30 31 38 2d 30 31 2d 32 31 0a 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 75 69 2e 63 6f 6d 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 3b 20 4c 69 63 65 6e 73 65 64 20 4d 49 54 20 2a 2f 0a 0a 2e 75 69 2d 77 69 64 67 65 74 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 2e 75 69 2d 77 69 64 67 65 74 20 2e 75 69 2d 77 69 64 67 65 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 2e 75 69 2d 77 69 64 67 65 74 20 69 6e 70 75 74 2c 2e 75 69 2d 77 69 64 67 Data Ascii: /! jQuery UI - v1.12.1 - 2018-01-21 http://jqueryui.com* Copyright jQuery Foundation and other contributors; Licensed MIT */.ui-widget{font-family:Arial,Helvetica,sans-serif;font-size:1em}.ui-widget .ui-widget{font-size:1em}.ui-widget input,.ui-widg

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	40083
Entropy (8bit):	5.475179570887081
Encrypted:	false
SSDEEP:	768:0y72gUL5F1XzKY8g5LqGvdMaCw/0B1a9wY02zarwe0gG:c
MD5:	D88C3A3CEBD71D744D37965E06548595
SHA1:	8C6AB2D94974F876398AD58783BB9DFEE62E6393
SHA-256:	27021451F3ADA1A889E8663135A0605909EA101FE77011E0A13E242B01B40222
SHA-512:	EE7933D41E6EDE53D898BCB3BF7205029B28BA8BB4D00C9D3A632803DFA93DF16352134109358C494A7F8E1BA4B8677544C9712B49D89A2344D6ADFC6D87B736
Malicious:	false
Reputation:	low
URL:	"https://fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i\|Playfair+Display:400,400i,700,700i,900,900i"
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Montserrat';. font-style: italic;. font-weight: 100;. src: url(https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRxC7mw9c.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Montserrat';. font-style: italic;. font-weight: 100;. src: url(https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRzS7mw9c.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ vietnamese /.@font-face {. font-family: 'Montserrat';. font-style: italic;. font-weight: 100;. src: url(https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRxi7mw9c.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./ latin-ext */.@font-face {

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 777 x 189, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	54228
Entropy (8bit):	7.987267443596358
Encrypted:	false
SSDEEP:	1536:H1BrbxttmxLZ7Zdr/Fs3W0YuUGp5mCkj9JDp:H1BrbCLZ9x/FpQNYCkxNp
MD5:	DE71C370B1AD2BBB8F6DA9A69C6D6209
SHA1:	433D105F2C111808D19FB1F303F22EF1D5FD7E11
SHA-256:	98DB374E3BA9D5B9DC6C5E1AF5D481A6D660925AAC9250398858236BD581AEF7
SHA-512:	A94F8A4F1449649AC6822CF2C1B5AC4529CE78B267DA29FDD1A5E857DDC45E9C14F520900B144A981EAAE969DF35C635E79EBEC1A34EAA5D5C6ED5368011402B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.............wJ.%....sRGB.........gAMA......a.....pHYs..........o.d...iIDATx^....W..=.,.H...c`Y.....p.............[..<...&...A.NU..3.,.l....`..s..s...f.F.M....\|.{.R[6B.i%...Q....sNU..?'f.t!,!.Qa..kBX.}.....E..V.D.'.e...q.S0..]........".y..#G..9r...P...q`.......7@.hTX.G...........q...2....x....)8..9l..#G..9:....1.a,.......8. ....0mc....". .....ct....v].<..s..#G..9:.....lD.0#...a.........9.I:..H.....-l.3......r.{..9r..#G.2@3.D#..2.5..w.un..t..A!.$.HB.,...F...(X...8HY..N}...z#G..9r....#...{W..I]...+..........~....g..j8"F.Gq..Q7#. K....>....{S....Z..9r..#G...eX.05....4..;....on=..7.{.\...I{.........G-1&..&.%@ (nZ....C.#G..9r...y...T....!..~j..{.......F..;7.P..~t.3.....lk.4.u.~...)...9r..#G./6....d#A)b......Bm,.u.z{..:+.....b..E.5...>..hC...Ps[,...$....0.....#G..9r.......q.. ..N.;...?l1.][......<_w...m+R...C...K\k.....b._...J}..d[[X...5...9r..#G.h~#.F.....\.....8"...-...j.9......@...].m).5...T....n.I....v....-.:...J..9.F..9

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2032
Entropy (8bit):	5.153812516540824
Encrypted:	false
SSDEEP:	24:bUAmcAqXD0e81zH30P4RXhBicevIW0fudvwnHbYoS4vwUbYoSplVw2KBHqi/n:bPm3xe81IAZhACRUcU7EBHqi/n
MD5:	62C5C103813D1F80AB54421FCEAC8AA8
SHA1:	3913C6190C8DE0B107E1D0B7406524F313733904
SHA-256:	4A7B5ADBB2670CDA0A6C6F1A59B9AF6FC398FD1D9D6F3711EA1018B2814A59B2
SHA-512:	54E4059168A82D3161A82EB3E2698236E9B997FFB9693ADB705A830D80ACEE73F8AFA7BFCDA4F10C9766947F8A454289792E163E3A1458905F938E0936CAFD6E
Malicious:	false
Reputation:	low
URL:	https://dhulnj2mbbb02.cloudfront.net/look/order.css
Preview:	.responsive-tabs-wrapper {.clear: both; .zoom: 1;..}...responsive-tabs-wrapper:before, .responsive-tabs-wrapper:after { content: ""; display: table;}...responsive-tabs-wrapper:after { clear: both;}.....responsive-tabs__list {...display: flex;...justify-content: flex-start;...flex-direction: row;...flex-wrap: wrap-reverse;...margin: 0;...color: #535252;...padding: 0 0 0 10px;...position: relative;...clear: both;...font-weight: 600;..}...responsive-tabs__list__item {...display: inline-block;...background: #a5a8aa;...padding: 7px 20px;...margin-top: 0;...cursor: pointer;...font-size: 15pt;...width: 200px;...text-align: center;...white-space: nowrap;...overflow: hidden;...text-overflow: ellipsis;...border: 1px solid #535252;..}...responsive-tabs__list__item--active { background: #e31937; color: #fff; font-weight: 600; }...responsive-tabs__list__item:hover {background: #e31937; color: #ffffff;}.........responsive-tabs__list__item--active,...responsive-tabs__list__item--active:hover {

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2343)
Category:	downloaded
Size (bytes):	52916
Entropy (8bit):	5.51283890397623
Encrypted:	false
SSDEEP:	768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL
MD5:	575B5480531DA4D14E7453E2016FE0BC
SHA1:	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
SHA-256:	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
SHA-512:	174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
Malicious:	false
Reputation:	low
URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var n=this\|\|self,p=function(a,b){a=a.split(".");var c=n;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r\|\|u();v=v\|\|q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2\|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240\|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192\|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING\|\|[];w.TAGGING[a]=!0};var ba=Array.isArray,c

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:26 UTC	586	OUT	GET /common/extendfiles/filepreviewhandlingwithgatag.js HTTP/1.1 Host: dhulnj2mbbb02.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:26 UTC	549	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 8683 Connection: close Date: Fri, 26 Apr 2024 15:57:27 GMT Last-Modified: Mon, 07 Aug 2023 14:59:28 GMT ETag: "ae24a166f570a213c228a642b7c2a348" x-amz-server-side-encryption: AES256 x-amz-version-id: L9EfNaYSVGhHk9we4HFt_.9mTIhAPzKq Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 235b5870a1358beb9b75f12459f7f7c8.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-P6 X-Amz-Cf-Id: 4ZFAAlAHXu7IqlFcrwf-ywd5MeorBfuz1q13_CAdcYrFaihdNtLccQ==
2024-04-26 15:57:26 UTC	8683	IN	Data Raw: 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 3d 20 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 20 7c 7c 20 5b 5d 3b 0d 0a 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 20 7b 20 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 3b 20 7d 0d 0a 67 74 61 67 28 27 6a 73 27 2c 20 6e 65 77 20 44 61 74 65 28 29 29 3b 0d 0a 67 74 61 67 28 27 63 6f 6e 66 69 67 27 2c 20 27 55 41 2d 31 32 31 34 31 34 33 39 31 2d 32 27 29 3b 0d 0a 66 75 6e 63 74 69 6f 6e 20 69 6e 69 74 47 61 28 29 20 7b 0d 0a 20 20 20 20 69 66 20 28 77 69 6e 64 6f 77 2e 67 61 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 72 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 61 28 27 63 72 65 61 74 65 27 2c 20 27 55 41 2d 31 32 31 34 31 34 33 39 31 2d 32 27 2c 20 27 61 Data Ascii: window.dataLayer = window.dataLayer \|\| [];function gtag() { dataLayer.push(arguments); }gtag('js', new Date());gtag('config', 'UA-121414391-2');function initGa() { if (window.ga) { try { ga('create', 'UA-121414391-2', 'a

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:27 UTC	638	OUT	GET /approval/logos/6815832-PRODUCTION/logo.png HTTP/1.1 Host: dhulnj2mbbb02.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:27 UTC	499	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 54228 Connection: close Date: Fri, 26 Apr 2024 15:57:28 GMT Last-Modified: Tue, 03 Aug 2021 08:38:16 GMT ETag: "de71c370b1ad2bbb8f6da9a69c6d6209" x-amz-version-id: 7BkvJRHbbnEFzTF2jSYZxBYW52L9DYpc Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 d89efc5694f3aa0b4448beebf0d81dd8.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-P6 X-Amz-Cf-Id: GEOP58i3Kq9PMLp8WDPgYR-by2s0pqOwaLw5wDtgcZGMiYiA6Iw6cA==
2024-04-26 15:57:27 UTC	3576	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 09 00 00 00 bd 08 02 00 00 00 77 4a a6 25 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 d3 69 49 44 41 54 78 5e ec bd 07 9c 1c 57 99 ee 3d b2 2c cd 48 0e 18 16 63 60 59 ee c2 2e cb dd 70 b9 98 8b 09 bb fb dd dd bb df fd ee dd 05 5b d2 e4 3c a3 e0 04 26 ad 0d c6 41 9a 4e 55 d5 dd 33 92 2c 07 6c b0 0d 18 db 60 1b 9c 73 90 95 73 9c d8 93 93 66 14 46 1a 4d 9e 0e 15 fa 7c cf 7b de 9e 52 5b 36 42 ea 69 25 ab 9e df 51 a9 ba ba ea ad 73 4e 55 9f f7 3f 27 66 c4 74 21 2c 21 e2 51 61 8e 0a 6b 42 58 06 7d e4 10 b3 04 be 45 88 d2 56 b7 44 0c 27 c6 85 65 0a d3 12 71 ec 53 30 04 05 5d c4 0d 19 04 84 0d 0e Data Ascii: PNGIHDRwJ%sRGBgAMAapHYsodiIDATx^W=,Hc`Y.p[<&ANU3,l`ssfFM\|{R[6Bi%QsNU?'ft!,!QakBX}EVD'eqS0]
2024-04-26 15:57:27 UTC	16384	IN	Data Raw: e1 2e 1c 49 b4 a2 32 33 39 72 e4 c8 91 23 47 69 52 4a f5 46 f0 57 71 0b 8c 04 c4 78 69 eb 48 99 6b 63 b9 bf 3d d7 d7 92 af b6 95 28 a1 85 c1 f6 c2 aa d6 62 a5 a7 b8 66 df 7c ad 15 28 33 5f 0b e5 04 3b f2 03 ad a5 4a 43 d9 dd ef ac ab 8f 46 80 56 11 b8 36 50 91 15 b1 68 42 48 e0 8b 69 30 d3 98 f8 62 44 88 9f bf da 5f b4 6c 7d a9 d6 54 51 d3 93 e3 6e 2a a2 ce dd 0d 85 fe 86 82 44 68 04 2a 15 29 ed 85 be 03 05 55 9d 4b d4 5d df d5 5e eb 18 49 cc 14 90 88 2a 87 44 e4 93 f0 c8 8c c5 2c 9a 40 20 ac 13 91 d1 b7 56 54 58 93 42 1f 15 fa b0 d0 71 f3 28 e2 83 68 20 42 64 c0 d1 d9 13 f2 3f 1a a5 e6 5d 31 d9 27 ea 1e df bd b2 54 0c 36 09 7d 1c c7 e9 d9 d1 0b 03 96 c5 f3 75 e4 c8 91 23 47 8e d2 a3 53 64 23 28 2e e2 31 6e 99 b2 c6 a3 f1 31 21 56 fd be af 78 d9 76 50 51 Data Ascii: .I239r#GiRJFWqxiHkc=(bf\|(3_;JCFV6PhBHi0bD_l}TQnDh)UK]^I*D,@ VTXBq(h Bd?]1'T6}u#GSd#(.1n1!VxvPQ
2024-04-26 15:57:27 UTC	1024	IN	Data Raw: ea 6f 1c d1 3e 63 aa 97 d1 3c d7 77 c9 89 8b 3c 19 a2 7a f6 d0 8f 33 84 3f 2b 2e 51 09 6c 64 81 8d bc 99 a0 22 dd 37 23 e6 cb 1c 77 5f d9 5f fd 3f c5 c1 1d 64 87 ee 8c d4 18 b2 43 d5 29 c8 ae 1f c2 db f2 ce 3b ef 64 48 cd 98 31 03 db 8b 2f be d8 de 91 87 4f 4d b8 76 e5 ca 95 30 cb ef 1e 6f cf 41 3c 3a f6 d3 98 52 7b 7b 7b 22 0d a7 2e a4 7a e6 cc 99 9c 6f ac 8b 2e ba 68 eb d6 ad 09 d3 32 9f df 7f c7 e9 c8 ce 52 fe bd df 77 df 7d b8 7b 72 04 d2 25 d8 44 5a f0 32 dc 7b ef bd 9c 04 14 2c 7c 53 7c e4 1d de 9e 2d 21 1a 8f 3f fe b8 fd ba e2 41 cc 9e 3d 9b f7 4f 55 b3 66 cd 02 0b 46 69 b1 a0 73 5d 78 01 52 4e e6 71 42 d6 81 36 d2 0e b8 17 d4 73 49 44 f4 82 17 9e 32 84 12 03 8f 0c 1f 79 e7 7b df fb 5e 22 9b a4 ce 7e 7f 23 14 58 fc 17 06 95 5c 34 21 22 fc 36 d5 f9 Data Ascii: o>c<w<z3?+.Qld"7#w__?dC);dH1/OMv0oA<:R{{{".zo.h2Rw}{r%DZ2{,\|S\|-!?A=OUfFis]xRNqB6sID2y{^"~#X\4!"6
2024-04-26 15:57:27 UTC	16384	IN	Data Raw: ae 87 1a ca bd b5 79 5e b9 44 89 d2 59 e2 eb 06 1b 95 fa da 79 cc 1a 8c 67 fb 3b bf e5 eb 2c 5e 75 34 5f e9 2a f5 ee fe c9 fd 5b 0f 59 d4 b2 26 27 c4 96 eb eb 13 c9 51 7e 00 03 64 bf 72 62 45 4b 9f 14 71 3d 1e 0b 23 3d 94 45 f8 9e 50 f2 90 98 08 89 bd 4f 1e 78 28 bf 5f f9 cb c9 c0 47 0c ed 22 9a bb 48 99 19 5f 9a 21 96 cd 14 ca 9c d8 dd 33 2d 5f 56 d4 77 11 cd 82 0d 60 72 cd b0 3c d4 8e 16 51 66 c6 94 19 71 4f c6 98 f7 33 43 8f ff 48 4c f6 0a 73 d8 90 ec a5 47 c9 53 81 25 29 8d 27 27 94 ad 78 43 b0 e5 8f 78 55 56 ad 5a 85 37 18 45 18 7c 21 bd d7 72 9f 91 9f 3f 9e bc 70 55 66 66 e6 0b 2f bc 80 e2 9b 8b 30 dc 8b 6f 74 4e 09 c9 4f 2e 64 e1 f5 f1 33 4e 2e c4 4f 5e 7c 15 97 05 76 e9 f0 ec b3 cf b2 65 4e 3e 6e 67 67 78 ba 64 ff c6 df 78 e3 0d 44 7e ce 9c 39 76 Data Ascii: y^DYyg;,^u4_*[Y&'Q~drbEKq=#=EPOx(_G"H_!3-_Vw`r<QfqO3CHLsGS%)''xCxUVZ7E\|!r?pUff/0otNO.d3N.O^\|veN>nggxdxD~9v
2024-04-26 15:57:28 UTC	7112	IN	Data Raw: 5c fe 4f 62 60 8b 88 d2 5a bc f6 0f 5a 66 24 84 df b9 fc a9 d3 fe 39 2a bb 18 e2 ea 07 de c2 e3 1e 3c 78 30 99 1e b8 ae 22 e5 1f ed b5 d7 5e 0b 0f 9d 3c 6b 73 6a 42 6c 39 c2 1b 37 6e 64 cb 70 d2 b2 64 26 f1 11 c8 ae 59 79 bf f8 34 5c 65 a7 ee 5f fe e5 5f 22 91 08 e2 06 cb 5c 34 db 55 47 e9 ad 37 82 60 39 3b 3b 9b f9 ec 92 4b 2e 49 a6 8d 93 17 5f fe 93 9f fc 84 6d 22 da 27 88 27 67 17 d5 da 49 42 c2 93 45 d2 d8 ce a9 0a b9 7a 5c 3e 63 ff 9f fe e9 9f b8 46 6a fa 95 82 27 90 c3 46 a9 c9 b6 c0 06 d9 72 1a e5 b0 51 da e5 b0 d1 d9 16 75 16 0e 23 98 b4 7e ac 40 d9 26 2b 0d e8 dd 04 1d 81 8d 70 24 8c 8f c6 84 18 dc 35 f1 d4 a2 3e f7 9f c7 b4 8f 9a 9e 8c e8 b2 0c a1 cd 14 77 cb c9 b2 b5 59 51 9a 10 72 2e f0 88 a0 81 16 e5 98 6a 05 f3 11 15 1d 07 1c e7 55 c8 a4 75 Data Ascii: \Ob`ZZf$9*<x0"^<ksjBl97ndpd&Yy4\e__"\4UG7`9;;K.I_m"''gIBEz\>cFj'FrQu#~@&+p$5>wYQr.jUu
2024-04-26 15:57:28 UTC	9748	IN	Data Raw: 53 6f 74 9e 09 2e 05 05 06 15 0f d4 78 84 9f 31 e0 00 af 2f f6 65 90 5f 4d c6 4c aa 46 d2 c7 45 f4 a0 e8 78 b9 4d f9 7a 64 c5 17 c3 fe 8f 8f d1 a2 ad 33 e2 55 19 c2 35 43 78 01 25 89 29 1f f5 a4 15 fb e5 d2 22 c7 d3 4c 9a 03 d5 12 cd 88 29 e0 a1 59 c2 35 97 a2 41 6c 34 33 e6 cb 1c f1 5c 7e 24 f0 57 87 7f 99 2f 46 42 42 0f eb 3a 75 39 97 2f 78 52 1a ed c0 07 13 39 70 c1 c9 fe f1 c3 5b f4 f6 f6 4e f3 8f 5a 88 ff a0 c7 96 bb 63 b3 f1 27 9e 78 82 0b 08 de a6 d0 d6 83 4b 80 56 d7 5c 73 0d 5c 1d b9 be d3 d6 11 1b 19 c2 5b 14 e8 ff e7 ff fc 1f be bb 4c 59 a2 80 b3 4b ff 0b 4d f0 e8 fc 7a 64 67 67 23 7f 4e 50 e9 72 62 e1 09 e2 ad e0 29 a3 92 33 f6 54 65 bf 69 fc 11 d1 e3 31 92 fc ca bd 3f 7a 7c dc 16 3e 9e e0 2d b2 9d ba bd c3 97 db a4 85 8f fc aa 40 f8 ed f0 3e Data Ascii: Sot.x1/e_MLFExMzd3U5Cx%)"L)Y5Al43\~$W/FBB:u9/xR9p[NZc'xKV\s\[LYKMzdgg#NPrb)3Tei1?z\|>-@>

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:27 UTC	627	OUT	GET /common/no_files_found_basic.svg HTTP/1.1 Host: dhulnj2mbbb02.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:27 UTC	514	IN	HTTP/1.1 200 OK Content-Type: image/svg+xml Content-Length: 14028 Connection: close Date: Thu, 25 Apr 2024 16:59:19 GMT Last-Modified: Wed, 24 Jan 2018 06:46:25 GMT ETag: "85dd89d2b6651694e3873fa82bed5ad1" x-amz-version-id: ddN.4bUO17TJc68kRYrEHMITXgLREzUS Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 e05d936fdef606fcc5853057e1c28d58.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-P6 X-Amz-Cf-Id: vMPFEY3avIFJ26FHWhEcdIexGRjeSbeIw7wBuGHzyTyu0vhDIn61TA== Age: 82689
2024-04-26 15:57:27 UTC	11676	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 78 6d 6c 6e 73 3a 6c 75 63 69 64 3d 22 6c 75 63 69 64 22 20 77 69 64 74 68 3d 22 36 38 34 22 20 68 65 69 67 68 74 3d 22 39 34 36 2e 33 22 3e 3c 67 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 30 20 31 36 30 29 22 20 6c 75 63 69 64 3a 70 61 67 65 2d 74 61 62 2d 69 64 3d 22 32 78 4e 5a 35 74 77 6d 65 33 2e 46 22 3e 3c 70 61 74 68 20 64 3d 22 4d 35 32 30 2d 31 34 30 68 35 31 35 2e 32 4c 31 31 36 34 2d 31 31 2e 32 76 37 37 37 2e 35 48 35 32 30 7a 22 20 73 74 72 6f 6b 65 3d 22 23 31 62 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:lucid="lucid" width="684" height="946.3"><g transform="translate(-500 160)" lucid:page-tab-id="2xNZ5twme3.F"><path d="M520-140h515.2L1164-11.2v777.5H520z" stroke="#1b
2024-04-26 15:57:27 UTC	2352	IN	Data Raw: 34 34 34 34 34 34 34 34 2c 30 2c 30 2c 30 2e 30 31 30 38 35 30 36 39 34 34 34 34 34 34 34 34 34 34 2c 33 34 2e 32 38 38 31 39 34 34 34 34 34 34 34 34 34 2c 30 29 22 20 78 6c 69 6e 6b 3a 68 72 65 66 3d 22 23 72 22 2f 3e 3c 75 73 65 20 74 72 61 6e 73 66 6f 72 6d 3d 22 6d 61 74 72 69 78 28 30 2e 30 31 30 38 35 30 36 39 34 34 34 34 34 34 34 34 34 34 2c 30 2c 30 2c 30 2e 30 31 30 38 35 30 36 39 34 34 34 34 34 34 34 34 34 34 2c 33 38 2e 39 36 34 38 34 33 37 35 2c 30 29 22 20 78 6c 69 6e 6b 3a 68 72 65 66 3d 22 23 74 22 2f 3e 3c 75 73 65 20 74 72 61 6e 73 66 6f 72 6d 3d 22 6d 61 74 72 69 78 28 30 2e 30 31 30 38 35 30 36 39 34 34 34 34 34 34 34 34 34 34 2c 30 2c 30 2c 30 2e 30 31 30 38 35 30 36 39 34 34 34 34 34 34 34 34 34 34 2c 35 31 2e 32 34 37 38 32 39 38 36 Data Ascii: 44444444,0,0,0.010850694444444444,34.28819444444444,0)" xlink:href="#r"/><use transform="matrix(0.010850694444444444,0,0,0.010850694444444444,38.96484375,0)" xlink:href="#t"/><use transform="matrix(0.010850694444444444,0,0,0.010850694444444444,51.24782986

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:32 UTC	847	OUT	GET /favicon.ico HTTP/1.1 Host: vaultprod.suitextend.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _gid=GA1.2.168154857.1714147049; _gat_gtag_UA_121414391_2=1; _ga_W2VP5T9SKK=GS1.1.1714147049.1.0.1714147049.60.0.0; _ga=GA1.1.1718992256.1714147049
2024-04-26 15:57:33 UTC	162	IN	HTTP/1.1 404 Not Found Server: awselb/2.0 Date: Fri, 26 Apr 2024 15:57:33 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 0 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:33 UTC	807	OUT	POST /g/collect?v=2&tid=G-W2VP5T9SKK&cid=1718992256.1714147049&gtm=45je44o0v9125432902za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0 HTTP/1.1 Host: stats.g.doubleclick.net Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://vaultprod.suitextend.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:33 UTC	458	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: https://vaultprod.suitextend.net Date: Fri, 26 Apr 2024 15:57:33 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Access-Control-Allow-Credentials: true Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:33 UTC	1282	OUT	POST /g/collect?v=2&tid=G-W2VP5T9SKK&gtm=45je44o0v9125432902za200&_p=1714147047820&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=1718992256.1714147049&ul=en-us&sr=1280x1024&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&pscdl=noapi&_eu=EAAI&_s=1&sid=1714147049&sct=1&seg=0&dl=https%3A%2F%2Fvaultprod.suitextend.net%2Fv1%2Fapproval%2Fpurchaseorder%2F8ffd726d-a7b1B356a-8e78e5043e7d%3Fid%3D19102619%26rectype%3Dpurchord&dt=Order%20Artwork%20Approval&en=page_view&_fv=1&_ss=1&tfd=13957 HTTP/1.1 Host: analytics.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://vaultprod.suitextend.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:34 UTC	458	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: https://vaultprod.suitextend.net Date: Fri, 26 Apr 2024 15:57:33 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Access-Control-Allow-Credentials: true Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:34 UTC	884	OUT	POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&gjid=1108515948&_gid=168154857.1714147049&_u=YEBAAUAAAAAAACAAI~&z=126485715 HTTP/1.1 Host: stats.g.doubleclick.net Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://vaultprod.suitextend.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:34 UTC	602	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://vaultprod.suitextend.net Strict-Transport-Security: max-age=10886400; includeSubDomains; preload Date: Fri, 26 Apr 2024 15:57:34 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Last-Modified: Sun, 17 May 1998 03:00:00 GMT Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 2 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 15:57:34 UTC	2	IN	Data Raw: 31 67 Data Ascii: 1g

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:35 UTC	616	OUT	GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&gjid=1108515948&_gid=168154857.1714147049&_u=YEBAAUAAAAAAACAAI~&z=126485715 HTTP/1.1 Host: stats.g.doubleclick.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:35 UTC	531	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=10886400; includeSubDomains; preload Date: Fri, 26 Apr 2024 15:57:35 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Last-Modified: Sun, 17 May 1998 03:00:00 GMT X-Content-Type-Options: nosniff Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 2 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 15:57:35 UTC	2	IN	Data Raw: 31 67 Data Ascii: 1g

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:37 UTC	825	OUT	GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&_u=YEBAAUAAAAAAACAAI~&z=821082346 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://vaultprod.suitextend.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:37 UTC	539	IN	HTTP/1.1 200 OK P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Fri, 26 Apr 2024 15:57:37 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Content-Type: image/gif X-Content-Type-Options: nosniff Server: cafe Content-Length: 42 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 15:57:37 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2024-04-26 15:57:39 UTC	581	OUT	GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-121414391-2&cid=1718992256.1714147049&jid=754271224&_u=YEBAAUAAAAAAACAAI~&z=821082346 HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 15:57:39 UTC	539	IN	HTTP/1.1 200 OK P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Fri, 26 Apr 2024 15:57:39 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Content-Type: image/gif X-Content-Type-Options: nosniff Server: cafe Content-Length: 42 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-26 15:57:39 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b Data Ascii: GIF89a!,D;

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

Windows Analysis Report
https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord

Target ID:	0
Start time:	17:57:05
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	17:57:12
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2028,i,9065570476912844413,18113127387993915333,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	17:57:15
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vaultprod.suitextend.net/v1/approval/purchaseorder/8ffd726d-a7b1B356a-8e78e5043e7d?id=19102619&rectype=purchord"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre