Edit tour

Windows Analysis Report
Compliance KnowBe4 courses .xlsx

Overview

General Information

Sample name:	Compliance KnowBe4 courses .xlsx
Analysis ID:	1636458
MD5:	0ccffa9e3cff96f00f31e2227f2c5c05
SHA1:	0b90b2acb6c21e848f7b1981a11ceeb30b933a42
SHA256:	7437cd05c0fbb35584d3c5f7e276d531ac06a893877853dea078f1454a73acf6
Infos:

Detection

KnowBe4

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Yara detected KnowBe4 simulated phishing

Creates files inside the system directory

Deletes files inside the Windows folder

Sigma detected: Excel Network Connections

Sigma detected: Suspicious Office Outbound Connections

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64_ra

EXCEL.EXE (PID: 6276 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Compliance KnowBe4 courses .xlsx" MD5: 4A871771235598812032C822E6F68F19)

chrome.exe (PID: 740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu.knowbe4.com/app/modstore/detail?u=38a62e07-30ee-46f5-9ad1-5c56a9b6109c MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1832,i,18017191015662716795,15241963066366627990,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

splwow64.exe (PID: 5912 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)

chrome.exe (PID: 2852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu.knowbe4.com/app/modstore/detail?u=38a62e07-30ee-46f5-9ad1-5c56a9b6109c MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu.knowbe4.com/app/modstore/detail?u=5e8925d8-37e8-4a80-8132-1a298990c18c MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu.knowbe4.com/app/modstore/detail?u=67d070f2-dabd-48aa-8c90-fa3f3d5ffe1d MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu.knowbe4.com/app/modstore/detail?u=73f2bb42-88e5-4933-b9c0-613777ded9e2 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu.knowbe4.com/app/modstore/detail?u=39b04b52-997b-441b-bc60-17231799aabc MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu.knowbe4.com/app/modstore/detail?u=397c2c2b-9c11-425b-a847-c0cba8f0106a MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
2.17..script.csv	JoeSecurity_KnowBe4	Yara detected KnowBe4 simulated phishing	Joe Security
4.136..script.csv	JoeSecurity_KnowBe4	Yara detected KnowBe4 simulated phishing	Joe Security

Sigma Signatures

Sigma detected: Excel Network Connections

Source: Network Connection

Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.246.67, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6276, Protocol: tcp, SourceIp: 192.168.2.16, SourceIsIpv6: false, SourcePort: 49721

Sigma detected: Suspicious Office Outbound Connections

Source: Network Connection

Author: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.16, DestinationIsIpv6: false, DestinationPort: 49721, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6276, Protocol: tcp, SourceIp: 13.107.246.67, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-12T19:15:42.493536+0100	2028371	3	Unknown Traffic	192.168.2.16	49721	13.107.246.67	443	TCP
2025-03-12T19:15:50.839051+0100	2028371	3	Unknown Traffic	192.168.2.16	49729	13.107.246.67	443	TCP
2025-03-12T19:15:50.842469+0100	2028371	3	Unknown Traffic	192.168.2.16	49730	13.107.246.67	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected KnowBe4 simulated phishing

Source: Yara match	File source: 2.17..script.csv, type: HTML
Source: Yara match	File source: 4.136..script.csv, type: HTML

Source: unknown	HTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.218.251.176:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.217:443 -> 192.168.2.16:49774 version: TLS 1.2

Source: excel.exe

Memory has grown: Private usage: 1MB later: 67MB

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49721 -> 13.107.246.67:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49729 -> 13.107.246.67:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49730 -> 13.107.246.67:443

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/2.24.2sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/users/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/2.24.2sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/2.24.2sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/goals/5f3d24c16da26109540297f6 HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "d751713988987e9331980363e24189ce"
Source: global traffic	HTTP traffic detected: GET /sdk/evalx/5f3d24c16da26109540297f6/contexts/eyJrZXkiOiJldS5rbm93YmU0LmNvbTp1bmRlZmluZWQiLCJjdXN0b20iOnsiZW52aXJvbm1lbnQiOiJldS5rbm93YmU0LmNvbSJ9fQ HTTP/1.1Host: app.launchdarkly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "19770dbb"

Source: global traffic	DNS traffic detected: DNS query: eu.knowbe4.com
Source: global traffic	DNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: global traffic	DNS traffic detected: DNS query: app.launchdarkly.com
Source: global traffic	DNS traffic detected: DNS query: events.launchdarkly.com

Source: unknown

HTTP traffic detected: POST /events/diagnostic/5f3d24c16da26109540297f6 HTTP/1.1Host: events.launchdarkly.comConnection: keep-aliveContent-Length: 679sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36X-LaunchDarkly-User-Agent: JSClient/3.1.0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/jsonsec-ch-ua-mobile: ?0Accept: */*Origin: https://eu.knowbe4.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.knowbe4.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 13.107.246.67:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.218.251.176:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.217:443 -> 192.168.2.16:49774 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir740_555870041

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir740_555870041

Source: classification engine

Classification label: mal48.phis.winXLSX@46/174@16/87