Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/I2_RCR6B8lUnq8wnc9kfMg?domain=u44114957.ct.sendgrid.net

Overview

General Information

Sample URL:	https://url.us.m.mimecastprotect.com/s/I2_RCR6B8lUnq8wnc9kfMg?domain=u44114957.ct.sendgrid.net
Analysis ID:	1432315
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/I2_RCR6B8lUnq8wnc9kfMg?domain=u44114957.ct.sendgrid.net HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/Akjcmy83Tyqu4jiKkY0loKkW4h48tqcbO9gZhn_-k_uVAd2q7v_ttiOxkUuTQPEWo2JwpHrnbwT_9JpXWJTWzC-7nRCHVVxhXCSULg33_FfJnsc7KP7F9CuwM6Wb9_HW87mhsljLPOD-Yn3-MqNENmGdxV7uMSczlkzfVkuS9Yla9mFj_h15Y6l48kEIZBZSMFvvCwZcqFNCS0OZDXopH-D3MYbocvC-rm9EVi1OTSGimfE8XyEbR4tZNyX887bVXFo1wPQmK0en15VHlvSFpHCwGRCqy2qtK9wBVpW_XyjObYaNhEH6KhkoiL-RMTn3CJZLEbh3v9QdVkqzHtEQk1VGlLuqEY8SRs3xraRwEKNryn4dafudjuCS43-VNIPG7dbPG0RTLmU1L0ksJ-Acz4R-Ltf_Q3-F5r6y7htC-eUK_vvkV3ZFmtW0yQp_-4aWL_ikZDSpU1_tAoA7O3rQI_hkGK0jnUwG_lxleZB20zRhQuy1IprCLKt5KiIOgg1v-pXN5CMWl8RDuiMY144Yi_YJwUhFna8gECliLI9T_7dDEJ0-NIVARRIbfw59agRoYmyQ4J4e4rv5ub976KTaT3MQg3-q40ZmzUG4x4lO1ciQ3CW2vKjZr36lRB206Bt0ck7tOf20DFZ9l0JqLC8RCtApUBvv459ytMVb_t_KOD72LHNnzCNyTNb-zDL1Bva9F5xnhLTC4ekv1Cg5PiIpMoIY7vvau9j7E4_gZawxEZs2AzFgdxA-WA_SA27ahdyIuc-PzE3NvFJUTxTsAq9tX7Nq6qcHC4mdZxH5zZO3skP4vMIY7GcxecMEcFihwsuM2K6PIrySLLpS6UMBzY3N_vAkR77glb-n1eWutA-YlGE3x715w-fNspiDHvKNZ9E3F31CLbzxjPi9fvmFsoQsU55-mQxQsww_WJT7aMwnyX7hVU4_3rqxHWnVYq2cNCcN6ycY53JWmu_iRUJw9DOVV8-skIIFR6evVbu5T-zPWncBJAhjf4OqTo5-nll1rZrXaCMUeriQgWX0D5ehT4oynnKPAjc0RIa3zHMX2U5sidnvNanzwcVWzpRoijQuYkGYTM6RfG2JD7WtycYWuF-jGzbXEhTkOkEFP7D_EC6nCVMvtyeFRPrCDHnW9wmkaYlxAFvLZ8iL5qcaKEdU2Xcv1foDSnCEkx6pA3gObsDRpmZyNjh8oRZaFmK9gU1xTA0aBTVzckE3o_sf9Df3NSXLiQUI65XYgfHkfRZNkEYAsWrFzhVpVTsDQ83alfH6I7mtf69Ixc0jS9_u1uGi2SeQAlf-1Ds71KEB2iHf5186OdADPCQHu-aeErU7yZZOQmMYySGKP5YC6cV028nxISJUDFz9XyzK5y8YjMkwN0fnsbvTVGgt2z1mXZU5RNRzf1wDSj8Vc05uzWF3ntNK9utnfuw8mJuFIb8yLAhxrg60DrEcCV3e4PyQwKhtJchx4TsqXj-X1MhhjBj0nF-NeSpRZ4RBPGQDtERxWKknGmUodWqTWc4t1v22hNBJZWYjkuczaQ6DLyIqZEIjn-Cq8oXFJQV2kFQ1tuhjpuh2eqWss3wEU0HZFaaPOkY1aWVCdOKp_nR9UbtYjBf9D3DTcjT0ba7kXTwTVCxGV6UjeMc_yeYzGF5cqGCubdWLJc3Ak4x6U6Ky35QOvyjwxBoMSCCXRIPflCXIfyMYWnshBwFmonvwDG5EJ_Lm0UFjSxAVEj7Y36mv7MBt9Z4L-9QNfQejLP4qnnM1-0cfdN-cjVCZ3SzVqers2wUIhsz7mb3Mwr3PQKzCgz3Bc0PREaTlpDDfm3097IqYLOHnoWWD_IhTJtu8yjIurPFSzKWkNIH2fpCX4x-PNZlUkj2x5bw7jMfkKZ7P9dRdLJOl42KZvZRZr8UA3XcmBhwMlyv8jzdI1r5jkHtVjSdzuFJ83F-N29On6fAx6ckwKJi3KOidm64dcCLVUlqGTJpExY0HeKtmT4DBmTwkHg0VLYW-43wvKAgo-4d9x9_B5Sx7ZOxxEozoT97E70nfUG5yPtxZhaVI2iPbzMI9Xu9b5zepLazNzLsLbXGR5STzIzZVoWWP4anD4-4yRzYaukGwoxw5iOHcLiAwQ9rkLSF1zoRCveRq9IezLDfNRPTAhumyLtJoJNCa2QgjLMZx4e-e3I2IWFvM_gYt4mtbjJa6lj0YIo0fFQ6PUdriyENvb0WkprJpuMFLxGaR49vt9zVmA9mO_bva7wGfK-JdKrAchl75Qc5QJJmsJwsV_W6soHNey4lOt-E3CI_3IjqctGXn0Kd_rDvFFR2FAaklSU60cCxne-sEOa8GSFmdpE5DN9MDb_pzsvMOHF2LScC3zmREkNmjUaXdQdsJe4WJRJNmlXyuzjDWIVPAoWtVltXUvsEQCi4AQSowzIfedVAQXuhTvR6nwc7XCze6qfww8zFyqo1L34jiTyNeS8_aTCl83Y3YlrDcJiKCKYb4dyMSySV3wUxEBLq4MX_olOlhWqdTF3yftFzue1oxk1xEuTYoZn134mf9Mr6nO7RHG2dpbbDXl-Ab8wT1QNBh3XKM8oKX6kckfiOeQhWUrOC7bagUragD6wlsG4CUue4oymP6F9ey5D6qUCyAp3TlUrMNgVNPq4b7ce9fk1EABqtqiPFsUA6JB3pYk4plNMQrvuFK2MlCCaH-Dqw1KjXrUWsThNMfSE_TxYg9ZhC-Fg HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ttpwp?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCA HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /branding/09c6b1c12e27f5cc697efcdec77f1eee726fbaed/style.css?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCA&originalContextPath=ttpwp HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/runtime.5257ca6e429949972959.js HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/polyfills.5257ca6e429949972959.js HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/styles.5257ca6e429949972959.js HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/main.5257ca6e429949972959.js HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/languages/en.json HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /Content-Type: application/jsonx-context-route: ttpwpsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2 HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://security-us.mimecast.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://security-us.mimecast.com/ttpwp?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273 HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://security-us.mimecast.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://security-us.mimecast.com/ttpwp?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/mimecastlogo@2x.png HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /branding/09c6b1c12e27f5cc697efcdec77f1eee726fbaed/main-page-logo.png?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCA&originalContextPath=ttpwp HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/languages/en.json HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/ttp/url/get-page-data HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/mimecastlogo@2x.png HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /branding/09c6b1c12e27f5cc697efcdec77f1eee726fbaed/main-page-logo.png?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCA&originalContextPath=ttpwp HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/favicon.ico HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/favicon.ico HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: url.us.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: security-us.mimecast.com

Source: unknown

HTTP traffic detected: POST /api/ttp/url/get-page-data HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveContent-Length: 173sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, */*Content-Type: application/jsonx-context-route: ttpwpsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://security-us.mimecast.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not Foundx-content-type-options: nosniffx-xss-protection: 1; mode=blockx-frame-options: SAMEORIGINReferrer-Policy: no-referrerX-Robots-Tag: noindex, nofollowStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadContent-Type: text/html; charset=utf-8Content-Length: 180ETag: W/"b4-Rx6/Sa3RjWBf0k8YjdRg8WXd70U"Vary: Accept-EncodingDate: Fri, 26 Apr 2024 18:59:30 GMTConnection: close

Source: chromecache_63.2.dr	String found in binary or memory: http://www.mimecast.com/
Source: chromecache_63.2.dr	String found in binary or memory: https://community.mimecast.com/docs/DOC-241

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/29@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2444,i,15971310653574119148,10434369989334271885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/I2_RCR6B8lUnq8wnc9kfMg?domain=u44114957.ct.sendgrid.net"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2444,i,15971310653574119148,10434369989334271885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
205.139.111.113	url.us.m.mimecastprotect.com	United States	30031	MIMECAST-US	false
205.139.110.99	security-us.mimecast.com	United States	30031	MIMECAST-US	false
142.250.217.228	www.google.com	United States	15169	GOOGLEUS	false
207.211.31.110	unknown	United States	14135	NAVISITE-EAST-2US	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.214.172	true
url.us.m.mimecastprotect.com	205.139.111.113	true
security-us.mimecast.com	205.139.110.99	true
www.google.com	142.250.217.228	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://url.us.m.mimecastprotect.com/r/Akjcmy83Tyqu4jiKkY0loKkW4h48tqcbO9gZhn_-k_uVAd2q7v_ttiOxkUuTQPEWo2JwpHrnbwT_9JpXWJTWzC-7nRCHVVxhXCSULg33_FfJnsc7KP7F9CuwM6Wb9_HW87mhsljLPOD-Yn3-MqNENmGdxV7uMSczlkzfVkuS9Yla9mFj_h15Y6l48kEIZBZSMFvvCwZcqFNCS0OZDXopH-D3MYbocvC-rm9EVi1OTSGimfE8XyEbR4tZNyX887bVXFo1wPQmK0en15VHlvSFpHCwGRCqy2qtK9wBVpW_XyjObYaNhEH6KhkoiL-RMTn3CJZLEbh3v9QdVkqzHtEQk1VGlLuqEY8SRs3xraRwEKNryn4dafudjuCS43-VNIPG7dbPG0RTLmU1L0ksJ-Acz4R-Ltf_Q3-F5r6y7htC-eUK_vvkV3ZFmtW0yQp_-4aWL_ikZDSpU1_tAoA7O3rQI_hkGK0jnUwG_lxleZB20zRhQuy1IprCLKt5KiIOgg1v-pXN5CMWl8RDuiMY144Yi_YJwUhFna8gECliLI9T_7dDEJ0-NIVARRIbfw59agRoYmyQ4J4e4rv5ub976KTaT3MQg3-q40ZmzUG4x4lO1ciQ3CW2vKjZr36lRB206Bt0ck7tOf20DFZ9l0JqLC8RCtApUBvv459ytMVb_t_KOD72LHNnzCNyTNb-zDL1Bva9F5xnhLTC4ekv1Cg5PiIpMoIY7vvau9j7E4_gZawxEZs2AzFgdxA-WA_SA27ahdyIuc-PzE3NvFJUTxTsAq9tX7Nq6qcHC4mdZxH5zZO3skP4vMIY7GcxecMEcFihwsuM2K6PIrySLLpS6UMBzY3N_vAkR77glb-n1eWutA-YlGE3x715w-fNspiDHvKNZ9E3F31CLbzxjPi9fvmFsoQsU55-mQxQsww_WJT7aMwnyX7hVU4_3rqxHWnVYq2cNCcN6ycY53JWmu_iRUJw9DOVV8-skIIFR6evVbu5T-zPWncBJAhjf4OqTo5-nll1rZrXaCMUeriQgWX0D5ehT4oynnKPAjc0RIa3zHMX2U5sidnvNanzwcVWzpRoijQuYkGYTM6RfG2JD7WtycYWuF-jGzbXEhTkOkEFP7D_EC6nCVMvtyeFRPrCDHnW9wmkaYlxAFvLZ8iL5qcaKEdU2Xcv1foDSnCEkx6pA3gObsDRpmZyNjh8oRZaFmK9gU1xTA0aBTVzckE3o_sf9Df3NSXLiQUI65XYgfHkfRZNkEYAsWrFzhVpVTsDQ83alfH6I7mtf69Ixc0jS9_u1uGi2SeQAlf-1Ds71KEB2iHf5186OdADPCQHu-aeErU7yZZOQmMYySGKP5YC6cV028nxISJUDFz9XyzK5y8YjMkwN0fnsbvTVGgt2z1mXZU5RNRzf1wDSj8Vc05uzWF3ntNK9utnfuw8mJuFIb8yLAhxrg60DrEcCV3e4PyQwKhtJchx4TsqXj-X1MhhjBj0nF-NeSpRZ4RBPGQDtERxWKknGmUodWqTWc4t1v22hNBJZWYjkuczaQ6DLyIqZEIjn-Cq8oXFJQV2kFQ1tuhjpuh2eqWss3wEU0HZFaaPOkY1aWVCdOKp_nR9UbtYjBf9D3DTcjT0ba7kXTwTVCxGV6UjeMc_yeYzGF5cqGCubdWLJc3Ak4x6U6Ky35QOvyjwxBoMSCCXRIPflCXIfyMYWnshBwFmonvwDG5EJ_Lm0UFjSxAVEj7Y36mv7MBt9Z4L-9QNfQejLP4qnnM1-0cfdN-cjVCZ3SzVqers2wUIhsz7mb3Mwr3PQKzCgz3Bc0PREaTlpDDfm3097IqYLOHnoWWD_IhTJtu8yjIurPFSzKWkNIH2fpCX4x-PNZlUkj2x5bw7jMfkKZ7P9dRdLJOl42KZvZRZr8UA3XcmBhwMlyv8jzdI1r5jkHtVjSdzuFJ83F-N29On6fAx6ckwKJi3KOidm64dcCLVUlqGTJpExY0HeKtmT4DBmTwkHg0VLYW-43wvKAgo-4d9x9_B5Sx7ZOxxEozoT97E70nfUG5yPtxZhaVI2iPbzMI9Xu9b5zepLazNzLsLbXGR5STzIzZVoWWP4anD4-4yRzYaukGwoxw5iOHcLiAwQ9rkLSF1zoRCveRq9IezLDfNRPTAhumyLtJoJNCa2QgjLMZx4e-e3I2IWFvM_gYt4mtbjJa6lj0YIo0fFQ6PUdriyENvb0WkprJpuMFLxGaR49vt9zVmA9mO_bva7wGfK-JdKrAchl75Qc5QJJmsJwsV_W6soHNey4lOt-E3CI_3IjqctGXn0Kd_rDvFFR2FAaklSU60cCxne-sEOa8GSFmdpE5DN9MDb_pzsvMOHF2LScC3zmREkNmjUaXdQdsJe4WJRJNmlXyuzjDWIVPAoWtVltXUvsEQCi4AQSowzIfedVAQXuhTvR6nwc7XCze6qfww8zFyqo1L34jiTyNeS8_aTCl83Y3YlrDcJiKCKYb4dyMSySV3wUxEBLq4MX_olOlhWqdTF3yftFzue1oxk1xEuTYoZn134mf9Mr6nO7RHG2dpbbDXl-Ab8wT1QNBh3XKM8oKX6kckfiOeQhWUrOC7bagUragD6wlsG4CUue4oymP6F9ey5D6qUCyAp3TlUrMNgVNPq4b7ce9fk1EABqtqiPFsUA6JB3pYk4plNMQrvuFK2MlCCaH-Dqw1KjXrUWsThNMfSE_TxYg9ZhC-Fg	false	Avira URL Cloud: safe	unknown
https://security-us.mimecast.com/ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2	false		high
https://security-us.mimecast.com/ttpwp/resources/runtime.5257ca6e429949972959.js	false		high
https://security-us.mimecast.com/ttpwp/resources/images/mimecastlogo@2x.png	false		high
https://security-us.mimecast.com/ttpwp/resources/images/favicon.ico	false		high
https://security-us.mimecast.com/ttpwp/resources/styles.5257ca6e429949972959.js	false		high
https://security-us.mimecast.com/api/ttp/url/get-page-data	false		high
https://security-us.mimecast.com/branding/09c6b1c12e27f5cc697efcdec77f1eee726fbaed/style.css?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCA&originalContextPath=ttpwp	false		high
https://security-us.mimecast.com/ttpwp/resources/main.5257ca6e429949972959.js	false		high
https://security-us.mimecast.com/ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273	false		high
https://security-us.mimecast.com/branding/09c6b1c12e27f5cc697efcdec77f1eee726fbaed/main-page-logo.png?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCA&originalContextPath=ttpwp	false		high
https://url.us.m.mimecastprotect.com/s/I2_RCR6B8lUnq8wnc9kfMg?domain=u44114957.ct.sendgrid.net	false		unknown
https://security-us.mimecast.com/ttpwp?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCA	false		high
https://security-us.mimecast.com/ttpwp/resources/polyfills.5257ca6e429949972959.js	false		high
https://security-us.mimecast.com/ttpwp/resources/languages/en.json	false		high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 53	ASCII text, with very long lines (65536), with no line terminators	A792F7BBECA0147C515D7ECAA5479B83	B6B6AB4BA9403B8934E36EF587C612F86180D18B	FA9682F24595628BABEF9DAC52F38DCB373C4EBA5E555339CC0666B67EEADDAE
Chrome Cache Entry: 54	PNG image data, 278 x 28, 8-bit/color RGBA, non-interlaced	07B8BD39C8F13A94F1CCD97F7653D428	FE66A7D2E3671B1543D0386A6FC6B3B33E8D9F1B	8E1D77F207216CE9BEE61B3DF07A4D368A83409EB166816B5A9A197B9FFBEB9C
Chrome Cache Entry: 55	Web Open Font Format (Version 2), TrueType, length 37608, version 1.0	E5231978386520AFD0019A8F5D007882	5E06725A18323ED9372E3E488D4F6DF1A56B3091	71BF29B23EAACC10ACE4DB7E3711FD8F16F199F8F5F8FF5895A0BB0C13546509
Chrome Cache Entry: 56	ASCII text, with very long lines (65536), with no line terminators	0AF2F9447CC29B13B5986BB0B2DF1201	18A26C55CB12A8CB5A40738D63EBBADFF9C9E157	DD23B2D3B699647A55640F98703B96CF76473C19969E11AB05653DBDF5ABCE0C
Chrome Cache Entry: 57	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	44385673EEF386EC121603CD302FD05F	C15A6D61054FFB16D8DF4DA943B545349FC82631	069E8A1E31ABA074CC28BC9D6D54C67495BD42A02115DC232BE7C8D9F83E40A8
Chrome Cache Entry: 58	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	44385673EEF386EC121603CD302FD05F	C15A6D61054FFB16D8DF4DA943B545349FC82631	069E8A1E31ABA074CC28BC9D6D54C67495BD42A02115DC232BE7C8D9F83E40A8
Chrome Cache Entry: 59	PNG image data, 300 x 120, 8-bit/color RGB, non-interlaced	59134773D6A96B1B62C36FFB96BE6AC6	A1542BED1D798CE8C791A83EB35A0FA8F5F936D3	7E57D2D0F7369027226A1E2E7C21102C29D9102E3E5F85BE174857A29AB084BA
Chrome Cache Entry: 60	JSON data	BEC66575E1C280E5041EFB0665141845	42893859EA2DE523193BD7CBD4173E52E9B402C1	0367BF9BDDF7F8747008FA412393A70E505BBFB63A0F6CEF23D319EE932B786A
Chrome Cache Entry: 61	JSON data	BEC66575E1C280E5041EFB0665141845	42893859EA2DE523193BD7CBD4173E52E9B402C1	0367BF9BDDF7F8747008FA412393A70E505BBFB63A0F6CEF23D319EE932B786A
Chrome Cache Entry: 62	PNG image data, 300 x 120, 8-bit/color RGB, non-interlaced	59134773D6A96B1B62C36FFB96BE6AC6	A1542BED1D798CE8C791A83EB35A0FA8F5F936D3	7E57D2D0F7369027226A1E2E7C21102C29D9102E3E5F85BE174857A29AB084BA
Chrome Cache Entry: 63	HTML document, ASCII text, with very long lines (4193)	FC09C1F197B311A7D4C1345E203280DC	A64BFE6E40CF1C80337667066908D7E424426F4A	79FB75AD78C58D5CB8272EC4C18078EECEB250655469DC473535165F4236B4CB
Chrome Cache Entry: 64	ASCII text, with very long lines (1492), with no line terminators	3AD4DE7EFFAAC3D0048EF54F8491451F	B807DD524C22B9F6241B1EF14AD6902D5C9D9215	6C36E59711DF161A3D7A2D6FB3E5C17A8767A2F42AEADD9BF166830FDB8ACD5E
Chrome Cache Entry: 65	ASCII text, with very long lines (65536), with no line terminators	5F0D3A7E853059D6E1BF72263336A1B6	1D2860B87C7C0DFBC8A4BB72733BFA811108826D	C1C6725B64EE8DDB255DE008BDFFB528CB91B10DE40B67737E0B6DD9C47C6096
Chrome Cache Entry: 66	ASCII text, with very long lines (4422)	E754DA7ECBDF5252348B557D064AE89B	C46614FF36E8723F02281D668D6C40A7F4FBAE11	9AE9C6C79E74DFD850AC37D1E5FD0FFF26C16219D77D5324F557EF987EA6C3EB
Chrome Cache Entry: 67	Web Open Font Format (Version 2), TrueType, length 137104, version 331.-31196	DBF1FC91F1BEEC2915123257EA4D58EF	D2A6D5D31334F6D0831F1C17D26E23FE0AA6A8DB	8D4D29042C23B5FCBED3AF690421776DE0F8AD3D308D66E24A9D80BCC8CCB522
Chrome Cache Entry: 68	HTML document, ASCII text	B574A8D3BC4C6A4FE57E89008E9645A3	471EBF49ADD18D605FD24F188DD460F165DDEF45	3237A8FE51F94BBF3E3E38E4A8E0DC1A643F5DFB5C49D265A8B456CD646D6FCC
Chrome Cache Entry: 69	PNG image data, 278 x 28, 8-bit/color RGBA, non-interlaced	07B8BD39C8F13A94F1CCD97F7653D428	FE66A7D2E3671B1543D0386A6FC6B3B33E8D9F1B	8E1D77F207216CE9BEE61B3DF07A4D368A83409EB166816B5A9A197B9FFBEB9C

There are no high impact signatures.

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/I2_RCR6B8lUnq8wnc9kfMg?domain=u44114957.ct.sendgrid.net HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/Akjcmy83Tyqu4jiKkY0loKkW4h48tqcbO9gZhn_-k_uVAd2q7v_ttiOxkUuTQPEWo2JwpHrnbwT_9JpXWJTWzC-7nRCHVVxhXCSULg33_FfJnsc7KP7F9CuwM6Wb9_HW87mhsljLPOD-Yn3-MqNENmGdxV7uMSczlkzfVkuS9Yla9mFj_h15Y6l48kEIZBZSMFvvCwZcqFNCS0OZDXopH-D3MYbocvC-rm9EVi1OTSGimfE8XyEbR4tZNyX887bVXFo1wPQmK0en15VHlvSFpHCwGRCqy2qtK9wBVpW_XyjObYaNhEH6KhkoiL-RMTn3CJZLEbh3v9QdVkqzHtEQk1VGlLuqEY8SRs3xraRwEKNryn4dafudjuCS43-VNIPG7dbPG0RTLmU1L0ksJ-Acz4R-Ltf_Q3-F5r6y7htC-eUK_vvkV3ZFmtW0yQp_-4aWL_ikZDSpU1_tAoA7O3rQI_hkGK0jnUwG_lxleZB20zRhQuy1IprCLKt5KiIOgg1v-pXN5CMWl8RDuiMY144Yi_YJwUhFna8gECliLI9T_7dDEJ0-NIVARRIbfw59agRoYmyQ4J4e4rv5ub976KTaT3MQg3-q40ZmzUG4x4lO1ciQ3CW2vKjZr36lRB206Bt0ck7tOf20DFZ9l0JqLC8RCtApUBvv459ytMVb_t_KOD72LHNnzCNyTNb-zDL1Bva9F5xnhLTC4ekv1Cg5PiIpMoIY7vvau9j7E4_gZawxEZs2AzFgdxA-WA_SA27ahdyIuc-PzE3NvFJUTxTsAq9tX7Nq6qcHC4mdZxH5zZO3skP4vMIY7GcxecMEcFihwsuM2K6PIrySLLpS6UMBzY3N_vAkR77glb-n1eWutA-YlGE3x715w-fNspiDHvKNZ9E3F31CLbzxjPi9fvmFsoQsU55-mQxQsww_WJT7aMwnyX7hVU4_3rqxHWnVYq2cNCcN6ycY53JWmu_iRUJw9DOVV8-skIIFR6evVbu5T-zPWncBJAhjf4OqTo5-nll1rZrXaCMUeriQgWX0D5ehT4oynnKPAjc0RIa3zHMX2U5sidnvNanzwcVWzpRoijQuYkGYTM6RfG2JD7WtycYWuF-jGzbXEhTkOkEFP7D_EC6nCVMvtyeFRPrCDHnW9wmkaYlxAFvLZ8iL5qcaKEdU2Xcv1foDSnCEkx6pA3gObsDRpmZyNjh8oRZaFmK9gU1xTA0aBTVzckE3o_sf9Df3NSXLiQUI65XYgfHkfRZNkEYAsWrFzhVpVTsDQ83alfH6I7mtf69Ixc0jS9_u1uGi2SeQAlf-1Ds71KEB2iHf5186OdADPCQHu-aeErU7yZZOQmMYySGKP5YC6cV028nxISJUDFz9XyzK5y8YjMkwN0fnsbvTVGgt2z1mXZU5RNRzf1wDSj8Vc05uzWF3ntNK9utnfuw8mJuFIb8yLAhxrg60DrEcCV3e4PyQwKhtJchx4TsqXj-X1MhhjBj0nF-NeSpRZ4RBPGQDtERxWKknGmUodWqTWc4t1v22hNBJZWYjkuczaQ6DLyIqZEIjn-Cq8oXFJQV2kFQ1tuhjpuh2eqWss3wEU0HZFaaPOkY1aWVCdOKp_nR9UbtYjBf9D3DTcjT0ba7kXTwTVCxGV6UjeMc_yeYzGF5cqGCubdWLJc3Ak4x6U6Ky35QOvyjwxBoMSCCXRIPflCXIfyMYWnshBwFmonvwDG5EJ_Lm0UFjSxAVEj7Y36mv7MBt9Z4L-9QNfQejLP4qnnM1-0cfdN-cjVCZ3SzVqers2wUIhsz7mb3Mwr3PQKzCgz3Bc0PREaTlpDDfm3097IqYLOHnoWWD_IhTJtu8yjIurPFSzKWkNIH2fpCX4x-PNZlUkj2x5bw7jMfkKZ7P9dRdLJOl42KZvZRZr8UA3XcmBhwMlyv8jzdI1r5jkHtVjSdzuFJ83F-N29On6fAx6ckwKJi3KOidm64dcCLVUlqGTJpExY0HeKtmT4DBmTwkHg0VLYW-43wvKAgo-4d9x9_B5Sx7ZOxxEozoT97E70nfUG5yPtxZhaVI2iPbzMI9Xu9b5zepLazNzLsLbXGR5STzIzZVoWWP4anD4-4yRzYaukGwoxw5iOHcLiAwQ9rkLSF1zoRCveRq9IezLDfNRPTAhumyLtJoJNCa2QgjLMZx4e-e3I2IWFvM_gYt4mtbjJa6lj0YIo0fFQ6PUdriyENvb0WkprJpuMFLxGaR49vt9zVmA9mO_bva7wGfK-JdKrAchl75Qc5QJJmsJwsV_W6soHNey4lOt-E3CI_3IjqctGXn0Kd_rDvFFR2FAaklSU60cCxne-sEOa8GSFmdpE5DN9MDb_pzsvMOHF2LScC3zmREkNmjUaXdQdsJe4WJRJNmlXyuzjDWIVPAoWtVltXUvsEQCi4AQSowzIfedVAQXuhTvR6nwc7XCze6qfww8zFyqo1L34jiTyNeS8_aTCl83Y3YlrDcJiKCKYb4dyMSySV3wUxEBLq4MX_olOlhWqdTF3yftFzue1oxk1xEuTYoZn134mf9Mr6nO7RHG2dpbbDXl-Ab8wT1QNBh3XKM8oKX6kckfiOeQhWUrOC7bagUragD6wlsG4CUue4oymP6F9ey5D6qUCyAp3TlUrMNgVNPq4b7ce9fk1EABqtqiPFsUA6JB3pYk4plNMQrvuFK2MlCCaH-Dqw1KjXrUWsThNMfSE_TxYg9ZhC-Fg HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ttpwp?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCA HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /branding/09c6b1c12e27f5cc697efcdec77f1eee726fbaed/style.css?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCA&originalContextPath=ttpwp HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/runtime.5257ca6e429949972959.js HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/polyfills.5257ca6e429949972959.js HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/styles.5257ca6e429949972959.js HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/main.5257ca6e429949972959.js HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/languages/en.json HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /Content-Type: application/jsonx-context-route: ttpwpsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2 HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://security-us.mimecast.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://security-us.mimecast.com/ttpwp?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273 HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://security-us.mimecast.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://security-us.mimecast.com/ttpwp?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCAAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/mimecastlogo@2x.png HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /branding/09c6b1c12e27f5cc697efcdec77f1eee726fbaed/main-page-logo.png?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCA&originalContextPath=ttpwp HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/languages/en.json HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/ttp/url/get-page-data HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/mimecastlogo@2x.png HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /branding/09c6b1c12e27f5cc697efcdec77f1eee726fbaed/main-page-logo.png?tkn=3.jycdMPcORdlwC-e8hsni3iQTPbShah4cwssJWykrXASGCtIb1xs6x6fJyy1t5kCD1byipQxxDtTbtKUe0emssGUmt2SyhwtTw_Bln0uTKgsoyp_bkfA3T6tdWSc1ZN_QeKZ-8fYOT0WuYHD0ekm4FgHT9ocPRo9Ju5gnEf9ViOQjcan7N2X0z2ySB0kxx_QL.myuNHANzrJC5JwZP4auzCA&originalContextPath=ttpwp HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/favicon.ico HTTP/1.1Host: security-us.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/favicon.ico HTTP/1.1Host: security-us.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: url.us.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: security-us.mimecast.com

Source: unknown

Source: global traffic

Source: chromecache_63.2.dr	String found in binary or memory: http://www.mimecast.com/
Source: chromecache_63.2.dr	String found in binary or memory: https://community.mimecast.com/docs/DOC-241

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49741 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/29@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2444,i,15971310653574119148,10434369989334271885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/I2_RCR6B8lUnq8wnc9kfMg?domain=u44114957.ct.sendgrid.net"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2444,i,15971310653574119148,10434369989334271885,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1432315
Product:	CloudBasic
Start time:	20:58:02
Start date:	26.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/I2_RCR6B8lUnq8wnc9kfMg?domain=u44114957.ct.sendgrid.net

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://url.us.m.mimecastprotect.com/s/I2_RCR6B8lUnq8wnc9kfMg?domain=u44114957.ct.sendgrid.net

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/I2_RCR6B8lUnq8wnc9kfMg?domain=u44114957.ct.sendgrid.net