Edit tour

Windows Analysis Report
https://ctomarketing.my.salesforce.com/sfc/p/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ

Overview

General Information

Sample URL:	https://ctomarketing.my.salesforce.com/sfc/p/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ
Analysis ID:	1335502
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Queries the volume information (name, serial number etc) of a device

Queries disk information (often used to detect virtual machines)

Tries to load missing DLLs

May sleep (evasive loops) to hinder dynamic analysis

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2168 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 64 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2424,i,8523597381814020525,9221820702295129008,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

svchost.exe (PID: 5352 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

chrome.exe (PID: 5840 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ctomarketing.my.salesforce.com/sfc/p/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2023-10-05-06; NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg

Source: unknown

HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49735 version: TLS 1.2

Source: C:\Windows\System32\svchost.exe

Section loaded: pcwum.dll

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_2168_615533788

Jump to behavior

Source: C:\Windows\System32\svchost.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS

Jump to behavior

Source: classification engine

Classification label: clean2.win@17/28@10/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2424,i,8523597381814020525,9221820702295129008,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ctomarketing.my.salesforce.com/sfc/p/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2424,i,8523597381814020525,9221820702295129008,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: chromecache_82.2.dr

Binary or memory string: selectListOption:a.getReference("c.handleSelectOption"),updateAriaAttributes:a.getReference("c.updateAriaAttributes"),matchFunc:a.getReference("v.matchFunc"),disableMatch:a.getReference("v.disableMatch"),setDefaultHighlight:a.getReference("v.setDefaultHighlight"),showEmptyList:a.getReference("v.showEmptyList")}});if(c){var c=$A.createComponentFromConfig({descriptor:"markup://ui:autocompletePanel",localId:"panel",valueProvider:a}),e=c.get("v.body");e.push(b);c.set("v.body",e);b=c}d.push(b);a.set("v.body",

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Windows\System32\svchost.exe TID: 3708

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: svchost.exe, 00000001.00000002.2971766368.000001689DE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2970368495.000001689882B000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	2 Virtualization/Sandbox Evasion	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	21 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://ctomarketing.my.salesforce.com/sfc/p/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
http://polymer.github.io/PATENTS.txt	0%	Avira URL Cloud	safe
http://crl.ver)	0%	Avira URL Cloud	safe
http://polymer.github.io/LICENSE.txt	0%	Avira URL Cloud	safe
http://polymer.github.io/AUTHORS.txt	0%	Avira URL Cloud	safe
http://polymer.github.io/CONTRIBUTORS.txt	0%	Avira URL Cloud	safe
http://polymer.github.io/PATENTS.txt	0%	Virustotal		Browse
http://polymer.github.io/CONTRIBUTORS.txt	0%	Virustotal		Browse
http://polymer.github.io/LICENSE.txt	0%	Virustotal		Browse
http://polymer.github.io/AUTHORS.txt	0%	Virustotal		Browse

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.253.62.84	true	false	high
www.google.com	172.253.62.147	true	false	high
clients.l.google.com	142.251.167.101	true	false	high
st1.edge.sfdc-yfeipo.edge2.salesforce.com	34.226.36.51	true	false	high
ctomarketing.my.salesforce.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://ctomarketing.my.salesforce.com/sfc/p/#20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ	false	high
https://ctomarketing.file.force.com/sfc/dist/version/renditionDownload?rendition=JPGZ&versionId=068N2000002SijJ&operationContext=DELIVERY&contentId=05TN2000002vdgm&page=3&d=/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ&oid=00D20000000NKSY&dpt=null&viewId=	false	high
https://ctomarketing.my.salesforce.com/visualforce/session?url=https%3A%2F%2Fctomarketing.lightning.force.com%2Faura%3Fr%3D0%26ui-content-components-forceContent-contentDistributionViewer.ContentDistributionViewer.getContentDistributionInfo%3D1	false	high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false	high
https://ctomarketing.my.salesforce.com/favicon.ico	false	high
https://ctomarketing.my.salesforce.com/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/_slds/icons/doctype-sprite/svg/symbols.svg?cache=10.7.0	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
https://ctomarketing.my.salesforce.com/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/aura?r=0&ui-content-components-forceContent-contentDistributionViewer.ContentDistributionViewer.getContentDistributionInfo=1	false	high
https://ctomarketing.my.salesforce.com/lightning/lightning.out.delegate.js?v=1698850538618	false	high
https://ctomarketing.my.salesforce.com/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22forceContent%3AcontentDistributionApp%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2FforceContent%3AcontentDistributionApp%22%3A%22c4KEkiJuOIBJ_mU0_Njxxw%22%7D%2C%22styleContext%22%3A%7B%22c%22%3A%22webkit%22%2C%22x%22%3A%5B%22isDesktop%22%5D%2C%22tokens%22%3A%5B%22markup%3A%2F%2Fforce%3AsldsTokens%22%2C%22markup%3A%2F%2Fforce%3Abase%22%2C%22markup%3A%2F%2Fforce%3AformFactorLarge%22%5D%2C%22tuid%22%3A%22fScABq6Qai41I3BrnkLuhw%22%2C%22cuid%22%3A707439855%7D%2C%22pathPrefix%22%3A%22%2Fsfc%2Fld%2F20000000NKSY%2Fa%2FN20000008mp3%2F9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ%22%7D/app.css?2=	false	high
https://ctomarketing.my.salesforce.com/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/aura?r=1&ui-content-components-forceContent-previewInfoProvider.PreviewInfoProvider.getPreviewInfo=1	false	high
https://ctomarketing.file.force.com/sfc/dist/version/renditionDownload?rendition=JPGZ&versionId=068N2000002SijJ&operationContext=DELIVERY&contentId=05TN2000002vdgm&page=0&d=/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ&oid=00D20000000NKSY&dpt=null&viewId=	false	high
https://ctomarketing.my.salesforce.com/sCSS/59.0/sprites/1695142662000/Theme2/default/gc/contentDistribution.css	false	high
https://ctomarketing.my.salesforce.com/static/111213/sfc/javascript/lib/AC_OETags.js	false	high
https://ctomarketing.my.salesforce.com/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/auraCmpDef?_au=c4KEkiJuOIBJ_mU0_Njxxw&_c=false&_density=VIEW_ONE&_ff=DESKTOP&_l=true&_l10n=en_US&_lrmc=-386269907&_style=707439855&aura.app=markup://forceContent:contentDistributionApp&aura.mode=PROD&_def=markup://lightning:iconSvgTemplatesUtility&_uid=LATEST	false	high
https://ctomarketing.my.salesforce.com/visualforce/session?url=https%3A%2F%2Fctomarketing.lightning.force.com%2Faura%3Fr%3D1%26ui-content-components-forceContent-previewInfoProvider.PreviewInfoProvider.getPreviewInfo%3D1	false	high
https://ctomarketing.my.salesforce.com/sfc/p/	false	high
https://ctomarketing.my.salesforce.com/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/forceContent/contentDistributionApp.app?aura.format=JSON&aura.formatAdapter=LIGHTNING_OUT	false	high
https://ctomarketing.file.force.com/sfc/dist/version/renditionDownload?rendition=JPGZ&versionId=068N2000002SijJ&operationContext=DELIVERY&contentId=05TN2000002vdgm&page=1&d=/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ&oid=00D20000000NKSY&dpt=null&viewId=	false	high
https://ctomarketing.my.salesforce.com/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22forceContent%3AcontentDistributionApp%22%2C%22serializationVersion%22%3A%221-246.15.3-3.0.4-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2FforceContent%3AcontentDistributionApp%22%3A%22c4KEkiJuOIBJ_mU0_Njxxw%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22-386269907%22%7D/appcore.js?2=	false	high
https://ctomarketing.my.salesforce.com/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22forceContent%3AcontentDistributionApp%22%2C%22fwuid%22%3A%22MDM0c01pMVUtd244bVVLc2VRYzQ2UWRkdk8xRWxIam5GeGw0LU1mRHRYQ3cyNDYuMTUuMy0zLjAuNA%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2FforceContent%3AcontentDistributionApp%22%3A%22c4KEkiJuOIBJ_mU0_Njxxw%22%7D%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%2Fsfc%2Fld%2F20000000NKSY%2Fa%2FN20000008mp3%2F9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22-386269907%22%7D/bootstrap.js?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..GbAFScCaeZi6wCZDL9fQTd_yxaTnXGZMgjOvEr_Oc_g	false	high
https://ctomarketing.my.salesforce.com/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22forceContent%3AcontentDistributionApp%22%2C%22fwuid%22%3A%22MDM0c01pMVUtd244bVVLc2VRYzQ2UWRkdk8xRWxIam5GeGw0LU1mRHRYQ3cyNDYuMTUuMy0zLjAuNA%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2FforceContent%3AcontentDistributionApp%22%3A%22c4KEkiJuOIBJ_mU0_Njxxw%22%7D%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%2Fsfc%2Fld%2F20000000NKSY%2Fa%2FN20000008mp3%2F9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22-386269907%22%7D/inline.js?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..GbAFScCaeZi6wCZDL9fQTd_yxaTnXGZMgjOvEr_Oc_g	false	high
https://ctomarketing.my.salesforce.com/sfc/p/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ	false	high
https://ctomarketing.my.salesforce.com/lightning/lightning.out.js	false	high
https://ctomarketing.file.force.com/sfc/dist/version/renditionDownload?rendition=JPGZ&versionId=068N2000002SijJ&operationContext=DELIVERY&contentId=05TN2000002vdgm&page=2&d=/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ&oid=00D20000000NKSY&dpt=null&viewId=	false	high
https://ctomarketing.my.salesforce.com/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22forceContent%3AcontentDistributionApp%22%2C%22fwuid%22%3A%22MDM0c01pMVUtd244bVVLc2VRYzQ2UWRkdk8xRWxIam5GeGw0LU1mRHRYQ3cyNDYuMTUuMy0zLjAuNA%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2FforceContent%3AcontentDistributionApp%22%3A%22c4KEkiJuOIBJ_mU0_Njxxw%22%7D%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%2Fsfc%2Fld%2F20000000NKSY%2Fa%2FN20000008mp3%2F9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22-386269907%22%7D/resources.js?pv=1698713104000-544226810&rv=1698729520000	false	high
https://ctomarketing.lightning.force.com/aura?r=0&ui-content-components-forceContent-contentDistributionViewer.ContentDistributionViewer.getContentDistributionInfo=1	false	high
https://ctomarketing.my.salesforce.com/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22forceContent%3AcontentDistributionApp%22%2C%22serializationVersion%22%3A%221-246.15.3-3.0.4-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2FforceContent%3AcontentDistributionApp%22%3A%22c4KEkiJuOIBJ_mU0_Njxxw%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22-386269907%22%7D/app.js?2=	false	high
https://ctomarketing.my.salesforce.com/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/auraFW/javascript/MDM0c01pMVUtd244bVVLc2VRYzQ2UWRkdk8xRWxIam5GeGw0LU1mRHRYQ3cyNDYuMTUuMy0zLjAuNA/aura_prod.js	false	high
https://ctomarketing.my.salesforce.com/auraCmpDef?_au=c4KEkiJuOIBJ_mU0_Njxxw&_c=false&_def=markup://lightning:iconSvgTemplatesUtility&_density=VIEW_ONE&_ff=DESKTOP&_l=true&_l10n=en_US&_lrmc=-386269907&_style=707439855&_uid=z2Q0fb8s8BO9NUaVsc-7MA&aura.app=markup://forceContent:contentDistributionApp&aura.mode=PROD	false	high
https://ctomarketing.my.salesforce.com/sCSS/59.0/sprites/1695142662000/Theme3/default/gc/contentDistribution.css	false	high
https://ctomarketing.lightning.force.com/aura?r=1&ui-content-components-forceContent-previewInfoProvider.PreviewInfoProvider.getPreviewInfo=1	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	chromecache_84.2.dr	false		high
http://momentjs.com/guides/#/warnings/zone/	chromecache_84.2.dr	false		high
http://polymer.github.io/PATENTS.txt	chromecache_84.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://g.live.com/odclientsettings/ProdV21C:	svchost.exe, 00000001.00000003.2111096438.000001689DD00000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr	false		high
http://crl.ver)	svchost.exe, 00000001.00000002.2971629406.000001689DE00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://momentjs.com/guides/#/warnings/add-inverted-param/	chromecache_84.2.dr	false		high
http://polymer.github.io/LICENSE.txt	chromecache_84.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://momentjs.com/guides/#/warnings/dst-shifted/	chromecache_84.2.dr	false		high
http://polymer.github.io/AUTHORS.txt	chromecache_84.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://g.live.com/odclientsettings/Prod1C:	qmgr.db.1.dr	false		high
http://momentjs.com/guides/#/warnings/js-date/	chromecache_84.2.dr	false		high
http://momentjs.com/guides/#/warnings/define-locale/	chromecache_84.2.dr	false		high
http://polymer.github.io/CONTRIBUTORS.txt	chromecache_84.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.lightningdesignsystem.com/resources/icons/	chromecache_80.2.dr	false		high
http://momentjs.com/guides/#/warnings/min-max/	chromecache_84.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.167.101	clients.l.google.com	United States	15169	GOOGLEUS	false
172.253.63.94	unknown	United States	15169	GOOGLEUS	false
172.253.62.84	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
34.226.36.51	st1.edge.sfdc-yfeipo.edge2.salesforce.com	United States	14618	AMAZON-AESUS	false
172.253.62.147	www.google.com	United States	15169	GOOGLEUS	false
172.253.115.95	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.16
192.168.2.6
127.0.0.1

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1335502
Start date and time:	2023-11-01 15:54:45 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ctomarketing.my.salesforce.com/sfc/p/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@17/28@10/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.251.167.94, 34.104.35.123, 69.192.108.161
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, clientservices.googleapis.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
15:55:35	API Interceptor	2x Sleep call for process: svchost.exe modified

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.7479212485981278
Encrypted:	false
SSDEEP:	1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0w:9JZj5MiKNnNhoxuU
MD5:	E947127312636B7C91C8A9A2EE134300
SHA1:	F2C36575B11A57DDCD2480D6576BC982D7AEEA44
SHA-256:	1EC391C91426F3688D46245E290ED209BD14BD9122D8D20E4D0245B57F429ABA
SHA-512:	08A899FDC5B74F1CFA882DB740E70882770E92A67B696950FF18D9879C8BEE21AE2173E763B4A53C51ABDC82559E8ED88D28D77A10304A25BDBD3A444B688366
Malicious:	false
Reputation:	low
Preview:	...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: svchost.exe, 00000001.00000002.2971629406.000001689DE00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: svchost.exe, 00000001.00000002.2971766368.000001689DE4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2971870973.000001689DE61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/
Source: svchost.exe, 00000001.00000002.2971870973.000001689DE61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/808
Source: svchost.exe, 00000001.00000002.2971870973.000001689DE61000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/F808
Source: qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5
Source: qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000001.00000002.2971041448.0000016899102000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2971870973.000001689DE61000.00000004.00000020.00020000.00000000.sdmp, edb.log.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/axx2pfbv7uq6qptuqj7vcp4aku_2023.10.12.0/g
Source: svchost.exe, 00000001.00000002.2971041448.0000016899102000.00000004.00000020.00020000.00000000.sdmp, qmgr.db.1.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 00000001.00000002.2971870973.000001689DE8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com:80
Source: qmgr.db.1.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: chromecache_84.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/add-inverted-param/
Source: chromecache_84.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/define-locale/
Source: chromecache_84.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/dst-shifted/
Source: chromecache_84.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/js-date/
Source: chromecache_84.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/min-max/
Source: chromecache_84.2.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/zone/
Source: chromecache_84.2.dr	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_84.2.dr	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_84.2.dr	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_84.2.dr	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_84.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: qmgr.db.1.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
Source: svchost.exe, 00000001.00000003.2111096438.000001689DD00000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
Source: chromecache_80.2.dr	String found in binary or memory: https://www.lightningdesignsystem.com/resources/icons/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11046)
Category:	downloaded
Size (bytes):	11202
Entropy (8bit):	5.1736802073748605
Encrypted:	false
SSDEEP:	192:VYKgNxbqOPzx9k5qz4wKJWONJTDRT+YGLEVj06pN8:wNAO714HQL006pq
MD5:	9F7ACC1956CE07431C262B4AD9125C63
SHA1:	7639033A3B7260313EB334BA4CE76411CF79D684
SHA-256:	DBE9852814C46A8DA6DA12FF49F4887FA70CADDE16C878957C0B6BA4AA1045EC
SHA-512:	DA85D6057FB9D42754DB7FA30C13AA2F88548319AE18FE14DB9C4F4979206D87C69656EBF69C06FC5D52E58C48F32BC94F3CEFD6754534FDB025816B26F93D1A
Malicious:	false
Reputation:	low
URL:	https://ctomarketing.my.salesforce.com/sCSS/59.0/sprites/1695142662000/Theme3/default/gc/contentDistribution.css
Preview:	/. This code is for Internal Salesforce use only, and subject to change without notice.. * Customers shouldn't reference this file in any web pages.. */.body.distributionPasswordPage{height:100%;margin:0;padding:0;background:rgb(51,51,51)}.container{display:inherit;zoom:1}.container_unused{display:none !important}#container_sidebar{position:absolute;width:205px;z-index:10}#container_content{display:block;padding-left:5px;zoom:1}#container_pageFooter{clear:both}.setupTab #container_sidebar{width:230px;padding-left:0}.setupTab #container_content{margin-left:25px}.setupTab #container_sidebar h2{margin:0;margin-top:15px}.setupTab .mTreeSelection{padding-top:0}.setupTab .bPageBlock .pbHeader .pbHelp{width:auto}body .ptBreadcrumb{margin-bottom:4px}.contentPageBlock .cbPageTitle{margin:0}.contentPageBlock .toolbar .x-toolbar{background:#eee url(/sfc/images/toolbar_bg.gif) repeat-x scroll left top;border-bottom:1px solid #999}#deliveryWizard .cpbBody{padding:0 !important}#deliveryWizard .bu

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 1, 2023 15:55:35.726064920 CET	63808	53	192.168.2.6	1.1.1.1
Nov 1, 2023 15:55:35.726455927 CET	64968	53	192.168.2.6	1.1.1.1
Nov 1, 2023 15:55:35.727866888 CET	60734	53	192.168.2.6	1.1.1.1
Nov 1, 2023 15:55:35.728411913 CET	57350	53	192.168.2.6	1.1.1.1
Nov 1, 2023 15:55:35.810009003 CET	53	49736	1.1.1.1	192.168.2.6
Nov 1, 2023 15:55:35.819077969 CET	53	63808	1.1.1.1	192.168.2.6
Nov 1, 2023 15:55:35.820147038 CET	53	64968	1.1.1.1	192.168.2.6
Nov 1, 2023 15:55:35.820257902 CET	53	60734	1.1.1.1	192.168.2.6
Nov 1, 2023 15:55:35.821611881 CET	53	57350	1.1.1.1	192.168.2.6
Nov 1, 2023 15:55:36.395283937 CET	53	61764	1.1.1.1	192.168.2.6
Nov 1, 2023 15:55:36.805375099 CET	58750	53	192.168.2.6	1.1.1.1
Nov 1, 2023 15:55:36.805505991 CET	60617	53	192.168.2.6	1.1.1.1
Nov 1, 2023 15:55:36.906232119 CET	53	60617	1.1.1.1	192.168.2.6
Nov 1, 2023 15:55:36.908576012 CET	53	58750	1.1.1.1	192.168.2.6
Nov 1, 2023 15:55:38.163500071 CET	51342	53	192.168.2.6	1.1.1.1
Nov 1, 2023 15:55:38.163712025 CET	63565	53	192.168.2.6	1.1.1.1
Nov 1, 2023 15:55:38.256207943 CET	53	51342	1.1.1.1	192.168.2.6
Nov 1, 2023 15:55:38.256325960 CET	53	63565	1.1.1.1	192.168.2.6
Nov 1, 2023 15:55:40.623874903 CET	56414	53	192.168.2.6	1.1.1.1
Nov 1, 2023 15:55:40.624280930 CET	49909	53	192.168.2.6	1.1.1.1
Nov 1, 2023 15:55:40.722752094 CET	53	56414	1.1.1.1	192.168.2.6
Nov 1, 2023 15:55:40.724093914 CET	53	49909	1.1.1.1	192.168.2.6

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:36 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2023-10-05-06; NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
2023-11-01 14:55:36 UTC	1	OUT	Data Raw: 20 Data Ascii:

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:38 UTC	32	OUT	POST /sfc/p/ HTTP/1.1 Host: ctomarketing.my.salesforce.com Connection: keep-alive Content-Length: 95 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://ctomarketing.my.salesforce.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://ctomarketing.my.salesforce.com/sfc/p/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=t4lLxHjGEe6_MaO29AW4Ag; BrowserId_sec=t4lLxHjGEe6_MaO29AW4Ag
2023-11-01 14:55:38 UTC	34	OUT	Data Raw: 63 6f 6d 70 6f 73 69 74 65 50 61 67 65 4e 61 6d 65 3d 32 30 30 30 30 30 30 30 4e 4b 53 59 25 32 46 61 25 32 46 4e 32 30 30 30 30 30 30 38 6d 70 33 25 32 46 39 5f 69 67 6b 32 6b 32 4c 4b 70 33 6e 6f 6b 48 37 6a 75 4f 4d 35 35 71 51 68 57 71 68 38 4c 59 6b 4d 53 2e 74 71 4e 41 38 56 51 Data Ascii: compositePageName=20000000NKSY%2Fa%2FN20000008mp3%2F9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:38 UTC	34	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff Content-Security-Policy: upgrade-insecure-requests X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: no-cache,must-revalidate,max-age=0,no-store,private X-Robots-Tag: noindex, nofollow, noarchive X-Robots-Tag: noindex, nofollow, noarchive Vary: Accept-Encoding Server: sfdcedge X-SFDC-Request-Id: 45a18250af0db33aa6f58cfca6347dc0
2023-11-01 14:55:38 UTC	34	IN	Data Raw: 37 64 66 37 0d 0a 0a 0a 0a 20 20 20 20 0a 20 20 20 20 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 0a 0a 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 0a 09 09 0a 09 09 0a 09 09 09 3c 74 69 74 6c 65 3e 53 61 6c 65 73 66 6f 72 63 65 3c 2f 74 69 74 6c 65 3e 0a 09 09 09 0a 09 09 0a 09 0a Data Ascii: 7df7 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><title>Salesforce</title>
2023-11-01 14:55:38 UTC	50	IN	Data Raw: 20 73 65 6c 65 63 74 20 5c 5c 22 78 5c 5c 22 2e 22 2c 22 45 6d 70 74 79 46 69 6c 74 65 72 65 64 46 65 65 64 4d 65 73 73 61 67 65 22 3a 22 54 68 69 73 20 76 69 65 77 20 64 6f 65 73 6e 5c 27 74 20 68 61 76 65 20 61 6e 79 20 63 6f 6e 74 65 6e 74 2e 20 54 72 79 20 61 6e 6f 74 68 65 72 20 66 69 6c 74 65 72 2c 20 61 6e 64 20 73 65 65 20 77 68 61 74 20 70 6f 70 73 20 75 70 2e 22 2c 22 53 74 6f 72 61 67 65 4c 69 6d 69 74 45 78 63 65 65 64 65 64 43 68 61 74 74 65 72 4f 6e 6c 79 22 3a 22 54 68 65 20 73 74 6f 72 61 67 65 20 6c 69 6d 69 74 20 68 61 73 20 62 65 65 6e 20 65 78 63 65 65 64 65 64 2e 20 50 6c 65 61 73 65 20 64 65 6c 65 74 65 20 75 6e 75 73 65 64 20 66 69 6c 65 73 20 6f 72 20 3c 61 20 68 72 65 66 3d 5c 5c 22 7b 30 7d 5c 5c 22 3e 63 6f 6e 74 61 63 74 20 75 Data Ascii: select \\"x\\".","EmptyFilteredFeedMessage":"This view doesn\'t have any content. Try another filter, and see what pops up.","StorageLimitExceededChatterOnly":"The storage limit has been exceeded. Please delete unused files or <a href=\\"{0}\\">contact u
2023-11-01 14:55:38 UTC	66	IN	Data Raw: 20 6c 6f 63 6b 65 64 20 66 6f 72 20 75 70 64 61 74 65 20 61 6e 64 20 63 61 6e 6e 6f 74 20 62 65 20 75 70 64 61 74 65 64 2e 22 2c 22 43 72 65 61 74 65 46 65 65 64 45 6e 74 69 74 79 53 74 61 74 75 73 4e 6f 74 41 6c 6c 6f 77 65 64 22 3a 22 22 2c 22 46 65 65 64 50 6f 73 74 0d 0a 34 63 65 63 0d 0a 42 6f 6f 6b 6d 61 72 6b 54 6f 6f 6c 74 69 70 22 3a 22 42 6f 6f 6b 6d 61 72 6b 20 74 68 69 73 20 70 6f 73 74 22 2c 22 49 6e 76 61 6c 69 64 52 65 6c 61 74 65 64 52 65 63 6f 72 64 46 6f 72 4e 6f 6e 43 6f 6e 74 65 6e 74 50 6f 73 74 22 3a 22 46 65 65 64 20 69 74 65 6d 20 74 79 70 65 20 7b 30 7d 20 63 61 6e 6e 6f 74 20 73 65 74 20 52 65 6c 61 74 65 64 52 65 63 6f 72 64 49 64 2e 22 2c 22 46 65 65 64 50 6f 73 74 55 6e 6c 69 6b 65 56 65 72 62 22 3a 22 55 6e 6c 69 6b 65 22 2c Data Ascii: locked for update and cannot be updated.","CreateFeedEntityStatusNotAllowed":"","FeedPost4cecBookmarkTooltip":"Bookmark this post","InvalidRelatedRecordForNonContentPost":"Feed item type {0} cannot set RelatedRecordId.","FeedPostUnlikeVerb":"Unlike",
2023-11-01 14:55:38 UTC	82	IN	Data Raw: 7b 30 7d 20 74 6f 20 61 20 62 6c 61 6e 6b 20 76 61 6c 75 65 22 2c 22 53 6b 69 70 50 61 73 74 54 68 65 46 65 65 64 4f 6e 54 61 62 62 69 6e 67 4c 69 6e 6b 22 3a 22 53 6b 69 70 20 46 65 65 64 22 2c 22 4d 6f 72 65 43 6f 6d 6d 65 6e 74 73 22 3a 22 4d 6f 72 65 20 63 6f 6d 6d 65 6e 74 73 22 2c 22 43 61 6e 6e 6f 74 56 65 72 69 66 79 55 6e 6b 6e 6f 77 6e 45 72 72 6f 72 22 3a 22 53 6f 6d 65 74 68 69 6e 67 20 77 65 6e 74 20 77 72 6f 6e 67 2e 20 52 65 74 72 79 69 6e 67 20 79 6f 75 72 20 6c 61 73 74 20 61 63 74 69 6f 6e 20 6d 69 67 68 74 20 63 6c 65 61 72 20 69 74 20 75 70 2e 20 4f 74 68 65 72 77 69 73 65 2c 20 63 6f 6e 74 61 63 74 20 43 75 73 74 6f 6d 65 72 20 53 75 70 70 6f 72 74 2e 22 2c 22 47 72 6f 75 70 53 65 6c 65 63 74 6f 72 50 6c 61 63 65 68 6f 6c 64 65 72 22 Data Ascii: {0} to a blank value","SkipPastTheFeedOnTabbingLink":"Skip Feed","MoreComments":"More comments","CannotVerifyUnknownError":"Something went wrong. Retrying your last action might clear it up. Otherwise, contact Customer Support.","GroupSelectorPlaceholder"

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:39 UTC	98	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:39 GMT Content-Type: application/x-javascript Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: public,max-age=10368000 Expires: Thu, 29 Feb 2024 14:55:39 GMT Last-Modified: Mon, 25 Jul 2016 17:58:09 GMT Vary: Accept-Encoding Server: sfdcedge X-SFDC-Request-Id: 5ef585c8de61c3bf737e2563dc0f0476 X-SFDC-Edge-Cache: MISS
2023-11-01 14:55:39 UTC	98	IN	Data Raw: 39 31 61 0d 0a 2f 2f 20 6d 61 6b 65 20 73 75 72 65 20 77 65 20 64 6f 6e 27 74 20 72 65 64 65 66 69 6e 65 20 74 68 65 20 61 70 69 20 69 66 20 61 6c 72 65 61 64 79 20 70 72 65 73 65 6e 74 0a 69 66 20 28 21 77 69 6e 64 6f 77 2e 24 4c 69 67 68 74 6e 69 6e 67 29 20 7b 0a 09 24 4c 69 67 68 74 6e 69 6e 67 20 3d 20 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 09 09 2f 2f 20 64 65 6c 65 67 61 74 65 20 73 74 61 74 75 73 0a 09 09 76 61 72 20 64 65 6c 65 67 61 74 65 4c 6f 61 64 65 64 20 3d 20 66 61 6c 73 65 3b 0a 09 09 0a 09 09 2f 2f 20 71 75 65 75 65 20 74 6f 20 73 74 6f 72 65 20 75 6e 2d 64 65 6c 65 67 61 74 65 64 20 63 61 6c 6c 73 0a 09 09 76 61 72 20 63 61 6c 6c 51 75 65 75 65 20 3d 20 5b 5d 3b 0a 09 09 0a 09 09 2f 2f 20 75 74 69 6c 20 6d 65 74 68 6f 64 73 0a 09 09 Data Ascii: 91a// make sure we don't redefine the api if already presentif (!window.$Lightning) {$Lightning = (function() {// delegate statusvar delegateLoaded = false;// queue to store un-delegated callsvar callQueue = [];// util methods

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:36 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-A1JsgTTDV-CqVRiFXqEdQw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 01 Nov 2023 14:55:36 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6148 X-Daystart: 28536 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-01 14:55:36 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 34 38 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 38 35 33 36 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6148" elapsed_seconds="28536"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-01 14:55:36 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-01 14:55:36 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:40 UTC	117	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:40 GMT Content-Type: image/x-icon Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: public,max-age=3888000 Expires: Sat, 16 Dec 2023 13:53:28 GMT Server: sfdcedge X-SFDC-Request-Id: 3489aa8df5366d030d25ae48d6ba55a2 X-SFDC-Edge-Cache: HIT
2023-11-01 14:55:40 UTC	117	IN	Data Raw: 31 35 33 36 0d 0a 00 00 01 00 02 00 10 10 00 00 00 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 dc 9d 00 17 dc 9d 00 5f dc 9d 00 69 dc 9d 00 27 dc 9d 00 03 ff ff ff 01 ff ff ff Data Ascii: 1536 h& ( @_i'

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:40 UTC	123	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4e 5a 6c 79 65 59 76 6c 33 6b 57 57 79 33 6a 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 34 33 63 39 36 63 37 33 61 35 65 33 31 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: NZlyeYvl3kWWy3jP.1Context: a643c96c73a5e319
2023-11-01 14:55:40 UTC	123	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-11-01 14:55:40 UTC	123	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4e 5a 6c 79 65 59 76 6c 33 6b 57 57 79 33 6a 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 34 33 63 39 36 63 37 33 61 35 65 33 31 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 48 30 69 33 2b 35 6f 74 67 46 67 41 5a 36 4a 73 41 68 45 78 66 4b 76 36 72 46 39 35 63 66 73 7a 79 61 70 6a 77 48 42 54 74 61 51 38 72 57 52 53 46 61 48 4e 45 58 77 45 38 30 31 39 47 71 64 74 4e 53 4e 35 2f 30 6f 6c 52 76 6b 73 61 71 6f 32 46 68 4a 6b 61 4c 36 58 6e 34 70 6e 63 36 36 51 33 4c 35 52 67 52 44 78 62 4c 55 41 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: NZlyeYvl3kWWy3jP.2Context: a643c96c73a5e319<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZH0i3+5otgFgAZ6JsAhExfKv6rF95cfszyapjwHBTtaQ8rWRSFaHNEXwE8019GqdtNSN5/0olRvksaqo2FhJkaL6Xn4pnc66Q3L5RgRDxbLUA
2023-11-01 14:55:40 UTC	124	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4e 5a 6c 79 65 59 76 6c 33 6b 57 57 79 33 6a 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 34 33 63 39 36 63 37 33 61 35 65 33 31 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: NZlyeYvl3kWWy3jP.3Context: a643c96c73a5e319<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-11-01 14:55:40 UTC	124	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-11-01 14:55:40 UTC	124	IN	Data Raw: 4d 53 2d 43 56 3a 20 38 46 62 59 68 54 76 38 4e 45 36 6e 44 4c 33 67 46 71 45 36 4c 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 8FbYhTv8NE6nDL3gFqE6Lg.0Payload parsing failed.

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:41 UTC	258	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:41 GMT Content-Type: image/x-icon Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: public,max-age=3888000 Expires: Sat, 16 Dec 2023 13:53:28 GMT Server: sfdcedge X-SFDC-Request-Id: 768a3ad662066ab2c082dc90cf798b8e X-SFDC-Edge-Cache: HIT
2023-11-01 14:55:41 UTC	259	IN	Data Raw: 31 35 33 36 0d 0a 00 00 01 00 02 00 10 10 00 00 00 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 dc 9d 00 17 dc 9d 00 5f dc 9d 00 69 dc 9d 00 27 dc 9d 00 03 ff ff ff 01 ff ff ff Data Ascii: 1536 h& ( @_i'

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:36 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 01 Nov 2023 14:55:36 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: script-src 'report-sample' 'nonce-ce0E6eapu-ChFfZDhY6tBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-01 14:55:36 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-01 14:55:36 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:42 UTC	1328	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:42 GMT Content-Type: text/javascript;charset=UTF-8 Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: private,max-age=31536000,immutable Expires: Thu, 29 Feb 2024 14:55:41 GMT X-Robots-Tag: noindex, nofollow, noarchive Vary: Origin, Accept-Encoding Last-Modified: Tue, 31 Oct 2023 14:55:41 GMT Server: sfdcedge X-SFDC-Request-Id: 78306c1955185c9e6a103905998d8966 X-SFDC-Edge-Cache: MISS
2023-11-01 14:55:42 UTC	1328	IN	Data Raw: 32 36 33 62 0d 0a 74 79 70 65 6f 66 20 41 75 72 61 20 3d 3d 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 20 26 26 20 28 41 75 72 61 20 3d 20 7b 7d 29 3b 0a 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 0a 09 20 66 75 6e 63 74 69 6f 6e 20 69 6e 69 74 41 63 63 65 73 73 52 65 73 6f 75 72 63 65 73 28 29 20 7b 0a 09 09 09 20 24 41 2e 63 6f 6d 70 6f 6e 65 6e 74 53 65 72 76 69 63 65 2e 61 64 64 4d 6f 64 75 6c 65 28 27 6d 61 72 6b 75 70 3a 2f 2f 66 6f 72 63 65 3a 63 75 73 74 6f 6d 50 65 72 6d 73 27 2c 20 27 66 6f 72 63 65 2f 63 75 73 74 6f 6d 50 65 72 6d 73 27 2c 20 5b 27 65 78 70 6f 72 74 73 27 5d 2c 20 6e 75 6c 6c 2c 20 7b 7d 29 3b 20 0a 09 09 09 20 24 41 2e 63 6f 6d 70 6f 6e 65 6e 74 53 65 72 76 69 63 65 2e 61 64 64 4d 6f 64 75 6c 65 28 27 6d 61 72 6b 75 70 3a 2f 2f Data Ascii: 263btypeof Aura === "undefined" && (Aura = {});(function() { function initAccessResources() { $A.componentService.addModule('markup://force:customPerms', 'force/customPerms', ['exports'], null, {}); $A.componentService.addModule('markup://

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:42 UTC	3444	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:42 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: no-cache,must-revalidate,max-age=0,no-store,private X-Robots-Tag: noindex, nofollow, noarchive Vary: Origin, Accept-Encoding Expires: Tue, 01 Nov 2022 14:55:41 GMT Last-Modified: Tue, 01 Nov 2022 14:55:41 GMT Link: </sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22forceContent%3AcontentDistributionApp%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2FforceContent%3AcontentDistributionApp%22%3A%22c4KEkiJuOIBJ_mU0_Njxxw%22%7D%2C%22styleContext%22%3A%7B%22c%22%3A%22webkit%22%2C%22x%22%3A%5B%22isDesktop%22%5D%2C%22tokens%22%3A%5B%22markup%3A%2F%2Fforce%3AsldsTokens%22%2C%22markup%3A%2F%2Fforce%3Abase%22%2C%22markup%3A%2F%2Fforce%3AformFactorLarge%22%5D%2C%22tuid%22%3A%22fScABq6Qai41I3BrnkLuhw%22%2C%22cuid%22%3A707439855%7D%2C%22pathPrefix%22%3A%22%2Fsfc%2Fld%2F20000000NKSY%2Fa%2FN20000008mp3%2F9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ%22%7D/app.css?2=>;rel=preload;as=style;nopush,</sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/auraFW/javascript/MDM0c01pMVUtd244bVVLc2VRYzQ2UWRkdk8xRWxIam5GeGw0LU1mRHRYQ3cyNDYuMTUuMy0zLjAuNA/aura_prod.js>;rel=preload;as=script;nopush,</sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22forceContent%3AcontentDistributionApp%22%2C%22serializationVersion%22%3A%221-246.15.3-3.0.4-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2FforceContent%3AcontentDistributionApp%22%3A%22c4KEkiJuOIBJ_mU0_Njxxw%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22-386269907%22%7D/appcore.js?2=>;rel=preload;as=script;nopush,</sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22forceContent%3AcontentDistributionApp%22%2C%22serializationVersion%22%3A%221-246.15.3-3.0.4-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2FforceContent%3AcontentDistributionApp%22%3A%22c4KEkiJuOIBJ_mU0_Njxxw%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22-386269907%22%7D/app.js?2=>;rel=preload;as=script;nopush Content-Security-Policy: default-src 'self'; script-src 'self' chrome-extension: 'unsafe-inline' 'unsafe-eval' .canary.lwc.dev .vf.force.com blob: https://ssl.gstatic.com/accessibility/ https://.arcgis.com; object-src 'self' https://ctomarketing.file.force.com; style-src 'self' blob: chrome-extension: 'unsafe-inline' https://assets.lusha.co .vf.force.com https://ctomarketing.file.force.com; img-src 'self' data: blob: https://assets.lusha.co wss://app.fastcall.com https: .vf.force.com; media-src 'self' https://.amazonaws.com/ https://assets.lusha.co .vf.force.com https://ctomarketing.file.force.com https://ctomarketing.my.salesforce.com/content/session; frame-ancestors 'self'; frame-src blob: mailto: https://assets.lusha.co https: .vf.force.com https://.arcgis.com; font-src 'self' https: data: https://assets.lusha.co .vf.force.com; connect-src 'self' https://api.bluetail.salesforce.com https://staging.bluetail.salesforce.com https://preprod.bluetail.salesforce.com https://assets.lusha.co https://ctomarketing.my.salesforce-scrt.com blob: .vf.force.com https://o11y.sfproxy-core1.sfdc-5pakla.svc.sfdcfc.net/ui-telemetry https://.arcgis.com https://*.api.salesforce.com/ https://ctomarketing.file.force.com https://ctomarketing.my.salesforce-setup.com; base-uri 'self' X-FRAME-OPTIONS: SAMEORIGIN Server: sfdcedge X-SFDC-Request-Id: 00216cd3dd09c0378a3eee9597aa8da5 X-SFDC-Edge-Cache: MISS
2023-11-01 14:55:42 UTC	3448	IN	Data Raw: 37 31 31 63 0d 0a 0a 20 20 20 20 7b 22 63 6c 69 65 6e 74 4c 69 62 72 61 72 69 65 73 22 3a 5b 22 2f 73 66 63 2f 6c 64 2f 32 30 30 30 30 30 30 30 4e 4b 53 59 2f 61 2f 4e 32 30 30 30 30 30 30 38 6d 70 33 2f 39 5f 69 67 6b 32 6b 32 4c 4b 70 33 6e 6f 6b 48 37 6a 75 4f 4d 35 35 71 51 68 57 71 68 38 4c 59 6b 4d 53 2e 74 71 4e 41 38 56 51 2f 6a 73 6c 69 62 72 61 72 79 2f 31 36 39 38 36 31 31 37 34 32 30 30 30 2f 75 69 2d 61 6e 61 6c 79 74 69 63 73 2d 72 65 70 6f 72 74 69 6e 67 2f 45 63 6c 61 69 72 4e 47 2e 6a 73 22 5d 2c 22 64 65 6c 65 67 61 74 65 56 65 72 73 69 6f 6e 22 3a 22 4d 44 4d 30 63 30 31 70 4d 56 55 74 64 32 34 34 62 56 56 4c 63 32 56 52 59 7a 51 32 55 57 52 6b 64 6b 38 78 52 57 78 49 61 6d 35 47 65 47 77 30 4c 55 31 6d 52 48 52 59 51 33 63 79 4e 44 59 Data Ascii: 711c {"clientLibraries":["/sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/jslibrary/1698611742000/ui-analytics-reporting/EclairNG.js"],"delegateVersion":"MDM0c01pMVUtd244bVVLc2VRYzQ2UWRkdk8xRWxIam5GeGw0LU1mRHRYQ3cyNDY
2023-11-01 14:55:42 UTC	3460	IN	Data Raw: 22 73 61 6c 65 73 5f 62 6f 74 73 22 2c 22 73 61 6c 65 73 5f 65 69 6e 73 74 65 69 6e 22 2c 22 73 61 6c 65 73 66 6f 72 63 65 49 64 65 6e 74 69 74 79 22 2c 22 73 61 6c 65 73 66 6f 72 63 65 5f 61 73 73 69 73 74 61 6e 74 22 2c 22 73 61 73 73 5f 73 65 72 76 69 63 65 5f 63 61 74 61 6c 6f 67 22 2c 22 73 63 72 74 22 2c 22 73 63 72 74 5f 73 65 74 75 70 22 2c 22 73 65 61 72 63 68 5f 64 69 61 6c 6f 67 22 2c 22 73 65 61 72 63 68 5f 66 69 6c 74 65 72 73 22 2c 22 73 65 61 72 63 68 5f 69 6e 73 74 72 75 6d 65 6e 74 61 74 69 6f 6e 22 2c 22 73 65 61 72 63 68 5f 6c 69 67 68 74 6e 69 6e 67 22 2c 22 73 65 61 72 63 68 5f 6e 61 76 69 67 61 74 69 6f 6e 22 2c 22 73 65 61 72 63 68 5f 6e 6c 73 22 2c 22 73 65 61 72 63 68 5f 72 65 73 75 6c 74 73 22 2c 22 73 65 61 72 63 68 5f 73 65 74 Data Ascii: "sales_bots","sales_einstein","salesforceIdentity","salesforce_assistant","sass_service_catalog","scrt","scrt_setup","search_dialog","search_filters","search_instrumentation","search_lightning","search_navigation","search_nls","search_results","search_set
2023-11-01 14:55:42 UTC	3572	IN	Data Raw: 48 65 61 6c 74 68 43 6c 6f 75 64 2e 6f 72 67 48 61 73 41 52 43 41 6e 63 68 6f 72 4e 6f 64 65 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 50 75 62 6c 69 63 53 65 63 74 6f 72 2e 75 73 65 72 48 61 73 50 73 63 4c 70 69 41 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 56 6f 69 63 65 2e 75 73 65 72 48 61 73 56 6f 69 63 65 4f 75 74 62 6f 75 6e 64 22 0d 0a 33 66 66 38 0d 0a 3a 66 61 6c 73 65 2c 22 45 69 6e 73 74 65 69 6e 53 65 61 72 63 68 2e 6f 72 67 43 61 6e 48 61 76 65 45 69 6e 73 74 65 69 6e 53 65 61 72 63 68 43 53 50 69 6c 6f 74 22 3a 66 61 6c 73 65 2c 22 52 65 63 6f 72 64 73 2e 53 74 61 74 65 43 6f 75 6e 74 72 79 50 69 63 6b 6c 69 73 74 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 4d 61 69 6c 41 70 70 2e 6f 72 67 48 61 73 4e 65 77 49 46 54 45 6e 61 62 6c Data Ascii: HealthCloud.orgHasARCAnchorNodeEnabled":false,"PublicSector.userHasPscLpiAccess":false,"Voice.userHasVoiceOutbound"3ff8:false,"EinsteinSearch.orgCanHaveEinsteinSearchCSPilot":false,"Records.StateCountryPicklistEnabled":false,"MailApp.orgHasNewIFTEnabl
2023-11-01 14:55:42 UTC	3588	IN	Data Raw: 39 32 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 31 35 34 2d 31 30 2d 32 38 22 7d 2c 22 39 33 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 31 35 36 2d 34 2d 32 37 22 7d 2c 22 39 34 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 31 35 39 2d 34 2d 32 30 22 7d 2c 22 39 35 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 31 36 30 2d 31 2d 31 30 22 7d 2c 22 39 36 0d 0a 63 30 30 30 0d 0a 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 31 36 31 2d 39 2d 34 22 7d 2c 22 39 37 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 31 36 33 2d 33 2d 32 39 22 7d 2c 22 39 38 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 31 36 35 2d 36 2d 35 22 7d 2c 22 39 39 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 31 36 36 2d 38 2d 32 37 22 7d 2c 22 31 30 30 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 31 36 39 2d 34 2d 38 Data Ascii: 92":{"_start":"1154-10-28"},"93":{"_start":"1156-4-27"},"94":{"_start":"1159-4-20"},"95":{"_start":"1160-1-10"},"96c000":{"_start":"1161-9-4"},"97":{"_start":"1163-3-29"},"98":{"_start":"1165-6-5"},"99":{"_start":"1166-8-27"},"100":{"_start":"1169-4-8
2023-11-01 14:55:42 UTC	3748	IN	Data Raw: 74 65 67 72 61 74 69 6f 6e 5f 64 69 73 61 62 6c 65 64 5f 65 72 72 6f 72 5f 6d 65 73 73 61 67 65 22 3a 22 4c 69 6e 6b 65 64 49 6e 20 53 61 6c 65 73 20 4e 61 76 69 67 61 74 6f 72 20 69 73 20 74 75 72 6e 65 64 20 6f 66 66 20 69 6e 20 53 65 74 75 70 2e 20 54 6f 20 61 64 76 61 6e 63 65 20 74 68 65 20 63 61 64 65 6e 63 65 2c 20 75 73 65 20 74 68 65 20 57 6f 72 6b 20 51 75 65 75 65 20 6f 72 20 43 61 64 65 6e 63 65 20 53 74 65 70 73 20 6c 69 73 74 20 74 6f 20 6d 61 72 6b 20 74 68 69 73 20 73 74 65 70 20 63 6f 6d 70 6c 65 74 65 20 6f 72 20 73 6b 69 70 20 74 68 65 20 73 74 65 70 20 69 6e 20 53 61 6c 65 73 66 6f 72 63 65 2e 22 7d 2c 22 43 61 73 65 49 6e 74 65 72 61 63 74 69 6f 6e 22 3a 7b 22 50 75 62 6c 69 73 68 65 72 48 65 61 64 69 6e 67 4c 61 62 65 6c 4c 6f 67 43 Data Ascii: tegration_disabled_error_message":"LinkedIn Sales Navigator is turned off in Setup. To advance the cadence, use the Work Queue or Cadence Steps list to mark this step complete or skip the step in Salesforce."},"CaseInteraction":{"PublisherHeadingLabelLogC
2023-11-01 14:55:42 UTC	3764	IN	Data Raw: 74 72 6f 6c 22 3a 7b 22 69 6e 61 63 74 69 76 65 43 61 70 69 74 61 6c 69 7a 65 64 22 3a 22 49 6e 61 63 74 69 76 65 22 2c 22 63 6c 65 61 72 22 3a 22 43 6c 65 61 72 22 2c 22 6c 6f 61 64 69 6e 67 22 3a 22 4c 6f 61 64 69 6e 67 22 2c 22 72 65 71 75 69 72 65 64 22 3a 22 72 65 71 75 69 72 65 64 22 2c 22 61 63 74 69 76 65 43 61 70 69 74 61 6c 69 7a 65 64 22 3a 22 41 63 74 69 76 65 22 7d 2c 22 50 72 6f 6a 65 63 74 44 65 73 6b 74 6f 70 5f 4c 69 73 74 76 69 65 77 46 69 6c 74 65 72 22 3a 7b 22 45 72 72 6f 72 4d 69 73 73 69 6e 67 4f 70 65 72 61 6e 64 22 3a 22 59 6f 75 72 20 66 69 6c 74 65 72 20 69 73 20 6d 69 73 73 69 6e 67 20 61 6e 20 6f 70 65 72 61 6e 64 2e 22 2c 22 45 51 55 41 4c 53 22 3a 22 65 71 75 61 6c 73 22 2c 22 53 54 41 52 54 53 5f 57 49 54 48 22 3a 22 73 74 Data Ascii: trol":{"inactiveCapitalized":"Inactive","clear":"Clear","loading":"Loading","required":"required","activeCapitalized":"Active"},"ProjectDesktop_ListviewFilter":{"ErrorMissingOperand":"Your filter is missing an operand.","EQUALS":"equals","STARTS_WITH":"st
2023-11-01 14:55:42 UTC	3926	IN	Data Raw: 73 73 61 67 65 5f 54 69 74 6c 65 22 3a 22 44 69 73 63 61 72 64 20 63 68 61 6e 67 65 73 3f 22 2c 22 69 6e 6c 69 6e 65 45 64 69 74 4c 65 61 76 65 4d 65 73 73 61 67 65 5f 53 74 61 79 42 75 74 74 6f 6e 22 3a 22 43 6f 6e 74 69 6e 75 65 20 45 64 69 74 69 6e 67 22 2c 22 69 6e 6c 69 6e 65 45 64 69 74 4c 65 61 76 65 4d 65 73 73 61 67 65 5f 4c 65 61 76 65 42 75 74 74 6f 6e 22 0d 0a 39 35 39 37 0d 0a 3a 22 44 69 73 63 61 72 64 20 43 68 61 6e 67 65 73 22 2c 22 69 6e 6c 69 6e 65 45 64 69 74 4c 65 61 76 65 4d 65 73 73 61 67 65 5f 42 6f 64 79 4d 65 73 73 61 67 65 22 3a 22 59 6f 75 27 76 65 20 6d 61 64 65 20 63 68 61 6e 67 65 73 20 69 6e 20 74 68 65 20 64 65 74 61 69 6c 73 20 70 61 6e 65 6c 2e 22 2c 22 69 6e 6c 69 6e 65 45 64 69 74 4c 65 61 76 65 4d 65 73 73 61 67 65 5f Data Ascii: ssage_Title":"Discard changes?","inlineEditLeaveMessage_StayButton":"Continue Editing","inlineEditLeaveMessage_LeaveButton"9597:"Discard Changes","inlineEditLeaveMessage_BodyMessage":"You've made changes in the details panel.","inlineEditLeaveMessage_
2023-11-01 14:55:42 UTC	3942	IN	Data Raw: 53 65 6e 74 4e 6f 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 22 3a 22 57 65 27 72 65 20 73 74 69 6c 6c 20 73 65 6e 64 69 6e 67 20 79 6f 75 72 20 65 6d 61 69 6c 2e 22 2c 22 42 72 61 6e 63 68 4f 75 74 63 6f 6d 65 53 75 63 63 65 73 73 22 3a 22 59 65 73 22 2c 22 50 6c 61 74 66 6f 72 6d 53 63 72 65 65 6e 46 6c 6f 77 46 61 69 6c 65 64 22 3a 22 52 75 6e 20 53 63 72 65 65 6e 20 46 6c 6f 77 20 46 61 69 6c 65 64 22 2c 22 4c 69 6e 6b 65 64 49 6e 43 6f 6e 6e 65 63 74 69 6f 6e 43 6f 6d 70 6c 65 74 65 64 22 3a 22 53 65 6e 64 20 43 6f 6e 6e 65 63 74 69 6f 6e 20 52 65 71 75 65 73 74 20 43 6f 6d 70 6c 65 74 65 22 2c 22 4d 61 6b 65 41 43 61 6c 6c 22 3a 22 43 61 6c 6c 22 2c 22 43 72 65 61 74 65 54 61 73 6b 43 6f 6d 70 6c 65 74 65 64 22 3a 22 53 74 65 70 20 43 6f 6d 70 6c 65 74 65 Data Ascii: SentNoConfirmation":"We're still sending your email.","BranchOutcomeSuccess":"Yes","PlatformScreenFlowFailed":"Run Screen Flow Failed","LinkedInConnectionCompleted":"Send Connection Request Complete","MakeACall":"Call","CreateTaskCompleted":"Step Complete
2023-11-01 14:55:42 UTC	3958	IN	Data Raw: 6f 72 64 65 72 20 61 74 20 63 68 65 63 6b 6f 75 74 5c 6e 20 20 20 20 20 20 20 20 22 2c 22 53 65 74 4b 65 79 48 65 6c 70 22 3a 22 53 68 6f 77 73 20 61 20 63 6f 6e 66 69 67 75 72 65 64 20 73 65 74 20 6f 66 20 70 61 79 6d 65 6e 74 20 6d 65 74 68 6f 64 73 20 61 74 20 63 68 65 63 6b 6f 75 74 2e 20 46 69 6e 64 20 74 68 65 20 6b 65 79 20 6f 6e 20 74 68 65 20 4d 65 72 63 68 61 6e 74 20 41 63 63 6f 75 6e 74 20 72 65 6c 61 74 65 64 20 6c 69 73 74 20 70 61 67 65 2e 22 2c 22 53 65 74 4b 65 79 4c 61 62 65 6c 22 3a 22 50 61 79 6d 65 6e 74 20 4d 65 74 68 6f 64 20 53 65 74 20 4b 65 79 22 2c 22 53 65 74 4b 65 79 50 6c 61 63 65 68 6f 6c 64 65 72 4c 61 62 65 6c 22 3a 22 45 78 61 6d 70 6c 65 3a 20 41 4d 45 52 2d 55 53 22 2c 22 4d 65 74 68 6f 64 54 79 70 65 4d 69 73 73 69 6e Data Ascii: order at checkout\n ","SetKeyHelp":"Shows a configured set of payment methods at checkout. Find the key on the Merchant Account related list page.","SetKeyLabel":"Payment Method Set Key","SetKeyPlaceholderLabel":"Example: AMER-US","MethodTypeMissin

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:42 UTC	3604	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:42 GMT Content-Type: text/javascript;charset=UTF-8 Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: no-cache,must-revalidate,max-age=0,no-store,private Expires: Tue, 01 Nov 2022 14:55:42 GMT X-Robots-Tag: noindex, nofollow, noarchive Vary: Origin, Accept-Encoding Last-Modified: Tue, 01 Nov 2022 14:55:42 GMT Server: sfdcedge X-SFDC-Request-Id: 50237070c2cd91ec140ef2c38262fe4d X-SFDC-Edge-Cache: MISS
2023-11-01 14:55:42 UTC	3605	IN	Data Raw: 37 64 65 63 0d 0a 0a 20 20 20 20 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 4c 6f 63 61 6c 65 44 61 74 61 28 6d 6f 6d 65 6e 74 29 7b 0a 0a 0a 20 20 20 20 20 6d 6f 6d 65 6e 74 2e 64 65 66 69 6e 65 4c 6f 63 61 6c 65 28 27 65 6e 2d 67 62 27 2c 20 7b 0a 20 20 20 20 20 20 20 20 20 6d 6f 6e 74 68 73 20 3a 20 27 4a 61 6e 75 61 72 79 5f 46 65 62 72 75 61 72 79 5f 4d 61 72 63 68 5f 41 70 72 69 6c 5f 4d 61 79 5f 4a 75 6e 65 5f 4a 75 6c 79 5f 41 75 67 75 73 74 5f 53 65 70 74 65 6d 62 65 72 5f 4f 63 74 6f 62 65 72 5f 4e 6f 76 65 6d 62 65 72 5f 44 65 63 65 6d 62 65 72 27 2e 73 70 6c 69 74 28 27 5f 27 29 2c 0a 20 20 20 20 20 20 20 20 20 6d 6f 6e 74 68 73 53 68 6f 72 74 20 3a 20 27 4a 61 6e 5f 46 65 62 5f 4d 61 72 5f 41 Data Ascii: 7dec (function(){ function loadLocaleData(moment){ moment.defineLocale('en-gb', { months : 'January_February_March_April_May_June_July_August_September_October_November_December'.split('_'), monthsShort : 'Jan_Feb_Mar_A
2023-11-01 14:55:42 UTC	3620	IN	Data Raw: 72 6d 5f 6e 6f 74 69 66 69 63 61 74 69 6f 6e 73 22 2c 22 72 75 6e 74 69 6d 65 5f 70 6c 61 74 66 6f 72 6d 5f 6f 70 74 69 6d 69 7a 65 72 22 2c 22 72 75 6e 74 69 6d 65 5f 70 6c 61 74 66 6f 72 6d 5f 70 72 65 66 63 65 6e 74 65 72 22 2c 22 72 75 6e 74 69 6d 65 5f 70 6c 61 74 66 6f 72 6d 5f 70 72 69 76 61 63 79 5f 61 6e 61 6c 79 74 69 63 73 22 2c 22 72 75 6e 74 69 6d 65 5f 70 6c 61 74 66 6f 72 6d 5f 70 72 69 76 61 63 79 63 65 6e 74 65 72 22 2c 22 72 75 6e 74 69 6d 65 5f 70 6c 61 74 66 6f 72 6d 5f 73 61 6c 65 73 66 6f 72 63 65 68 75 62 22 2c 22 72 75 6e 74 69 6d 65 5f 70 6c 61 74 66 6f 72 6d 5f 73 66 64 78 22 2c 22 72 75 6e 74 69 6d 65 5f 70 6c 61 74 66 6f 72 6d 5f 74 65 73 74 68 69 73 74 6f 72 79 22 2c 22 72 75 6e 74 69 6d 65 5f 70 6c 61 74 66 6f 72 6d 5f 75 6e Data Ascii: rm_notifications","runtime_platform_optimizer","runtime_platform_prefcenter","runtime_platform_privacy_analytics","runtime_platform_privacycenter","runtime_platform_salesforcehub","runtime_platform_sfdx","runtime_platform_testhistory","runtime_platform_un
2023-11-01 14:55:42 UTC	3780	IN	Data Raw: 31 77 77 22 7d 2c 22 6d 61 72 6b 75 70 3a 2f 2f 72 75 6e 74 69 6d 65 5f 73 61 6c 65 73 5f 6c 65 61 64 3a 72 65 63 6f 72 64 54 79 70 65 4f 75 74 70 75 74 54 65 78 74 22 3a 7b 22 75 69 64 22 3a 22 61 30 59 65 6f 74 45 4a 64 4b 72 6a 73 61 43 63 49 57 47 49 57 41 22 7d 2c 22 6d 61 72 6b 75 70 3a 2f 2f 72 75 6e 74 69 6d 65 0d 0a 34 30 30 30 0d 0a 5f 68 65 6c 6c 6f 5f 73 74 75 64 69 6f 3a 73 74 75 64 69 6f 4c 61 75 6e 63 68 65 72 22 3a 7b 22 75 69 64 22 3a 22 7a 68 37 5a 49 44 30 67 46 37 53 43 42 5a 49 46 6c 69 6a 50 78 41 22 7d 2c 22 6d 61 72 6b 75 70 3a 2f 2f 66 6c 65 78 69 70 61 67 65 3a 72 65 63 6f 72 64 48 6f 6d 65 4c 65 66 74 53 69 64 65 62 61 72 54 65 6d 70 6c 61 74 65 44 65 73 6b 74 6f 70 32 22 3a 7b 22 75 69 64 22 3a 22 58 69 36 76 54 4a 32 41 42 56 Data Ascii: 1ww"},"markup://runtime_sales_lead:recordTypeOutputText":{"uid":"a0YeotEJdKrjsaCcIWGIWA"},"markup://runtime4000_hello_studio:studioLauncher":{"uid":"zh7ZID0gF7SCBZIFlijPxA"},"markup://flexipage:recordHomeLeftSidebarTemplateDesktop2":{"uid":"Xi6vTJ2ABV
2023-11-01 14:55:42 UTC	3796	IN	Data Raw: 6b 75 70 3a 2f 2f 75 69 3a 64 61 74 61 54 61 62 6c 65 48 65 61 64 65 72 22 3a 7b 22 75 69 64 22 3a 22 44 68 59 6e 42 32 64 7a 63 65 30 6e 6e 55 6b 42 49 6c 59 58 4e 41 22 7d 2c 22 6d 61 72 6b 75 70 3a 2f 2f 66 6c 65 78 69 70 61 67 65 3a 74 61 62 32 22 3a 7b 22 75 69 64 22 3a 22 45 62 42 74 6c 35 79 59 78 78 37 63 61 59 50 76 4e 53 51 44 4a 77 0d 0a 38 32 30 65 0d 0a 22 7d 2c 22 6d 61 72 6b 75 70 3a 2f 2f 72 75 6e 74 69 6d 65 5f 71 75 69 70 3a 71 75 69 70 43 61 72 64 4c 69 67 68 74 6e 69 6e 67 22 3a 7b 22 75 69 64 22 3a 22 66 49 42 65 77 76 72 44 4b 52 46 47 74 4b 2d 6c 48 79 56 31 54 41 22 7d 2c 22 6d 61 72 6b 75 70 3a 2f 2f 66 6c 65 78 69 70 61 67 65 3a 62 61 73 65 46 6c 65 78 69 70 61 67 65 52 65 67 69 6f 6e 43 6c 61 73 73 22 3a 7b 22 75 69 64 22 3a 22 Data Ascii: kup://ui:dataTableHeader":{"uid":"DhYnB2dzce0nnUkBIlYXNA"},"markup://flexipage:tab2":{"uid":"EbBtl5yYxx7caYPvNSQDJw820e"},"markup://runtime_quip:quipCardLightning":{"uid":"fIBewvrDKRFGtK-lHyV1TA"},"markup://flexipage:baseFlexipageRegionClass":{"uid":"
2023-11-01 14:55:42 UTC	3812	IN	Data Raw: 65 62 72 75 61 72 79 22 2c 22 73 68 6f 72 74 4e 61 6d 65 22 3a 22 46 65 62 22 7d 2c 7b 22 66 75 6c 6c 4e 61 6d 65 22 3a 22 4d 61 72 63 68 22 2c 22 73 68 6f 72 74 4e 61 6d 65 22 3a 22 4d 61 72 22 7d 2c 7b 22 66 75 6c 6c 4e 61 6d 65 22 3a 22 41 70 72 69 6c 22 2c 22 73 68 6f 72 74 4e 61 6d 65 22 3a 22 41 70 72 22 7d 2c 7b 22 66 75 6c 6c 4e 61 6d 65 22 3a 22 4d 61 79 22 2c 22 73 68 6f 72 74 4e 61 6d 65 22 3a 22 4d 61 79 22 7d 2c 7b 22 66 75 6c 6c 4e 61 6d 65 22 3a 22 4a 75 6e 65 22 2c 22 73 68 6f 72 74 4e 61 6d 65 22 3a 22 4a 75 6e 22 7d 2c 7b 22 66 75 6c 6c 4e 61 6d 65 22 3a 22 4a 75 6c 79 22 2c 22 73 68 6f 72 74 4e 61 6d 65 22 3a 22 4a 75 6c 22 7d 2c 7b 22 66 75 6c 6c 4e 61 6d 65 22 3a 22 41 75 67 75 73 74 22 2c 22 73 68 6f 72 74 4e 61 6d 65 22 3a 22 41 75 Data Ascii: ebruary","shortName":"Feb"},{"fullName":"March","shortName":"Mar"},{"fullName":"April","shortName":"Apr"},{"fullName":"May","shortName":"May"},{"fullName":"June","shortName":"Jun"},{"fullName":"July","shortName":"Jul"},{"fullName":"August","shortName":"Au
2023-11-01 14:55:42 UTC	3963	IN	Data Raw: 6c 65 64 22 3a 74 72 75 65 2c 22 69 73 4c 56 4d 49 6e 41 70 70 42 75 69 6c 64 65 72 45 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 52 65 6c 61 74 65 64 4c 69 73 74 41 64 76 61 6e 63 65 64 47 72 69 64 22 3a 74 72 75 65 2c 22 53 70 6c 69 74 56 69 65 77 4d 61 73 73 41 63 74 69 6f 6e 73 22 3a 74 72 75 65 2c 22 44 72 6c 56 69 65 77 41 6c 6c 22 3a 74 72 75 65 2c 22 44 72 6c 56 69 65 77 41 6c 6c 51 75 69 63 6b 46 69 6c 74 65 72 73 22 3a 74 72 75 65 2c 22 69 73 4c 57 43 4f 62 6a 65 63 74 48 6f 6d 65 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 52 65 6c 61 74 65 64 4c 69 73 74 53 6d 6f 6f 74 68 53 63 72 6f 6c 6c 69 6e 67 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 69 73 52 65 6c 61 74 65 64 4c 69 73 74 53 6d 6f 6f 74 68 53 63 72 6f 6c 6c 69 6e 67 44 69 73 61 Data Ascii: led":true,"isLVMInAppBuilderEnabled":true,"RelatedListAdvancedGrid":true,"SplitViewMassActions":true,"DrlViewAll":true,"DrlViewAllQuickFilters":true,"isLWCObjectHomeEnabled":false,"RelatedListSmoothScrollingEnabled":false,"isRelatedListSmoothScrollingDisa
2023-11-01 14:55:42 UTC	3979	IN	Data Raw: 2c 22 4e 75 6d 62 65 72 54 72 65 6e 64 69 6e 67 55 70 22 3a 22 7b 30 7d 20 69 6e 63 72 65 61 73 65 64 20 62 79 20 7b 31 7d 22 2c 22 44 61 74 65 54 72 65 6e 64 69 6e 67 44 6f 77 6e 22 3a 22 7b 30 7d 20 70 75 73 68 65 64 20 62 79 20 7b 31 7d 20 64 61 79 73 22 7d 2c 22 4c 69 67 68 74 6e 69 6e 67 4c 6f 6f 6b 75 70 22 3a 7b 22 61 64 64 22 3a 22 41 64 64 22 2c 22 73 65 61 72 63 68 50 6c 61 63 65 68 6f 6c 64 65 72 22 3a 22 53 65 61 72 63 68 2e 2e 2e 22 2c 22 70 61 6e 65 6c 48 65 61 64 65 72 4d 6f 62 69 6c 65 22 3a 22 52 65 6c 61 74 65 20 7b 30 7d 20 54 6f 22 2c 22 6e 6f 41 63 63 65 73 73 22 3a 22 4e 6f 20 61 63 63 65 73 73 22 2c 22 73 65 61 72 63 68 4f 62 6a 65 63 74 73 50 6c 61 63 65 68 6f 6c 64 65 72 22 3a 22 53 65 61 72 63 68 20 7b 30 7d 2e 2e 2e 22 2c 22 73 Data Ascii: ,"NumberTrendingUp":"{0} increased by {1}","DateTrendingDown":"{0} pushed by {1} days"},"LightningLookup":{"add":"Add","searchPlaceholder":"Search...","panelHeaderMobile":"Relate {0} To","noAccess":"No access","searchObjectsPlaceholder":"Search {0}...","s
2023-11-01 14:55:42 UTC	3995	IN	Data Raw: 72 73 65 74 75 70 5f 6d 79 5f 73 65 74 74 69 6e 67 73 2e 68 74 6d 26 74 79 70 65 3d 35 5c 22 20 74 61 72 67 65 74 3d 5c 22 5f 62 6c 61 6e 6b 5c 22 3e 53 61 6c 65 73 66 6f 72 63 65 20 48 65 6c 70 3c 5c 2f 61 3e 2e 22 2c 22 45 6d 61 69 6c 41 64 6d 69 6e 41 63 74 69 6f 6e 4e 65 65 64 65 64 22 3a 22 57 65 20 63 61 6e 27 74 20 73 65 6e 64 20 74 68 69 73 20 65 6d 61 69 6c 20 62 65 63 61 75 73 65 20 77 65 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 73 65 6e 64 65 72 27 73 20 6d 61 69 6c 62 6f 78 2e 20 43 6f 6e 74 61 63 74 20 79 6f 75 72 20 65 6d 61 69 6c 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 20 49 66 20 79 6f 75 20 75 73 65 20 61 20 73 68 61 72 65 64 20 6d 61 69 6c 62 6f 78 2c 20 6d 61 6b 65 20 73 75 72 65 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 20 68 Data Ascii: rsetup_my_settings.htm&type=5\" target=\"_blank\">Salesforce Help<\/a>.","EmailAdminActionNeeded":"We can't send this email because we can't find the sender's mailbox. Contact your email administrator. If you use a shared mailbox, make sure your account h
2023-11-01 14:55:42 UTC	4011	IN	Data Raw: 6e 63 65 64 22 3a 22 45 6d 61 69 6c 20 62 6f 75 6e 63 65 64 2e 20 55 70 64 61 74 65 20 74 68 65 20 65 6d 61 69 6c 20 61 64 64 72 65 73 73 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 22 7d 2c 22 53 65 61 72 63 68 44 69 73 63 6f 76 65 72 79 49 6e 73 69 67 68 74 73 22 3a 7b 22 4e 6f 43 6f 6e 63 65 70 74 75 61 6c 51 75 65 72 79 52 65 73 75 6c 74 73 4d 65 73 73 61 67 65 22 3a 22 5c 6e 20 20 20 20 20 20 20 20 57 65 20 69 6e 74 65 72 70 72 65 74 65 64 20 79 6f 75 72 20 73 65 61 72 63 68 20 61 73 20 61 20 6e 61 74 75 72 61 6c 20 6c 61 6e 67 75 61 67 65 20 73 65 61 72 63 68 2c 20 61 6e 64 20 77 65 20 64 69 64 6e 5c 75 32 30 31 39 74 20 66 69 6e 64 20 61 6e 79 20 72 65 73 75 6c 74 73 2e 20 42 75 74 20 79 6f 75 20 63 61 6e 20 74 72 79 20 61 20 6b 65 79 77 6f 72 64 Data Ascii: nced":"Email bounced. Update the email address and try again."},"SearchDiscoveryInsights":{"NoConceptualQueryResultsMessage":"\n We interpreted your search as a natural language search, and we didn\u2019t find any results. But you can try a keyword
2023-11-01 14:55:42 UTC	4027	IN	Data Raw: 65 22 2c 22 73 6f 72 74 4e 6f 6e 65 22 3a 22 53 6f 72 74 65 64 3a 20 4e 6f 6e 65 22 7d 2c 22 52 65 63 65 6e 74 41 63 74 69 76 69 74 79 46 69 65 6c 64 22 3a 7b 22 49 6e 74 65 6c 6c 69 67 65 6e 63 65 50 61 6e 65 6c 41 73 73 69 73 74 69 76 65 54 65 78 74 22 3a 22 41 63 74 69 76 69 74 79 20 49 6e 73 69 67 68 74 73 20 53 75 6d 6d 61 72 79 3a 20 7b 30 7d 22 7d 2c 22 45 78 63 65 70 74 69 6f 6e 22 3a 7b 22 4e 6f 41 63 63 65 73 73 45 78 63 65 70 74 69 6f 6e 5f 64 65 73 63 22 3a 22 59 6f 75 20 64 6f 20 6e 6f 74 20 68 61 76 65 20 74 68 65 20 6c 65 76 65 6c 20 6f 66 20 61 63 63 65 73 73 20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 70 65 72 66 6f 72 6d 20 74 68 65 20 6f 70 65 72 61 74 69 6f 6e 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 2e 20 50 6c 65 61 73 65 20 63 6f 6e Data Ascii: e","sortNone":"Sorted: None"},"RecentActivityField":{"IntelligencePanelAssistiveText":"Activity Insights Summary: {0}"},"Exception":{"NoAccessException_desc":"You do not have the level of access necessary to perform the operation you requested. Please con
2023-11-01 14:55:42 UTC	4043	IN	Data Raw: 74 79 6c 65 53 68 65 65 74 73 29 3b 0a 09 09 63 75 72 72 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 65 72 72 6f 72 22 2c 6f 6e 4c 6f 61 64 53 74 79 6c 65 53 68 65 65 74 73 45 72 72 6f 72 29 3b 0a 09 09 63 75 72 72 65 6e 74 2e 68 72 65 66 20 3d 20 63 75 72 72 65 6e 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 68 72 65 66 22 29 3b 0a 09 7d 0a 7d 0a 0a 66 75 6e 63 74 69 6f 6e 20 72 65 77 72 69 74 65 43 73 73 56 61 72 73 28 63 73 73 2c 20 76 61 72 4c 6f 6f 6b 75 70 29 20 7b 0a 09 76 61 72 20 56 41 52 5f 42 45 47 49 4e 4e 49 4e 47 20 3d 20 22 76 61 72 28 2d 2d 22 2c 0a 09 09 56 41 52 5f 50 41 54 54 45 52 4e 20 3d 20 2f 76 61 72 5c 28 2d 2d 5b 5e 2d 5d 2b 2d 28 2e 2a 3f 29 5c 29 2f 67 2c 0a 09 09 73 74 61 72 74 49 6e 64 Data Ascii: tyleSheets);current.addEventListener("error",onLoadStyleSheetsError);current.href = current.getAttribute("data-href");}}function rewriteCssVars(css, varLookup) {var VAR_BEGINNING = "var(--",VAR_PATTERN = /var\(--[^-]+-(.*?)\)/g,startInd

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:43 UTC	5007	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:42 GMT Content-Type: text/javascript;charset=UTF-8 Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: no-cache,must-revalidate,max-age=0,no-store,private Expires: Tue, 01 Nov 2022 14:55:42 GMT X-Robots-Tag: noindex, nofollow, noarchive Vary: Origin, Accept-Encoding Last-Modified: Tue, 01 Nov 2022 14:55:42 GMT Server: sfdcedge X-SFDC-Request-Id: d2054592bb4096ace6918cef89346374 X-SFDC-Edge-Cache: MISS
2023-11-01 14:55:43 UTC	5008	IN	Data Raw: 38 30 30 30 0d 0a 77 69 6e 64 6f 77 2e 41 75 72 61 20 7c 7c 20 28 77 69 6e 64 6f 77 2e 41 75 72 61 20 3d 20 7b 7d 29 3b 0a 77 69 6e 64 6f 77 2e 41 75 72 61 2e 62 6f 6f 74 73 74 72 61 70 20 7c 7c 20 28 77 69 6e 64 6f 77 2e 41 75 72 61 2e 62 6f 6f 74 73 74 72 61 70 20 3d 20 7b 7d 29 3b 0a 77 69 6e 64 6f 77 2e 41 75 72 61 2e 61 70 70 42 6f 6f 74 73 74 72 61 70 20 3d 20 7b 22 64 61 74 61 22 3a 7b 22 61 70 70 22 3a 7b 22 63 6f 6d 70 6f 6e 65 6e 74 44 65 66 22 3a 7b 22 64 65 73 63 72 69 70 74 6f 72 22 3a 22 6d 61 72 6b 75 70 3a 2f 2f 66 6f 72 63 65 43 6f 6e 74 65 6e 74 3a 63 6f 6e 74 65 6e 74 44 69 73 74 72 69 62 75 74 69 6f 6e 41 70 70 22 7d 2c 22 63 72 65 61 74 69 6f 6e 50 61 74 68 22 3a 22 2f 2a 5b 30 5d 22 7d 7d 2c 22 6d 64 35 22 3a 22 32 30 32 33 42 45 39 Data Ascii: 8000window.Aura \|\| (window.Aura = {});window.Aura.bootstrap \|\| (window.Aura.bootstrap = {});window.Aura.appBootstrap = {"data":{"app":{"componentDef":{"descriptor":"markup://forceContent:contentDistributionApp"},"creationPath":"/*[0]"}},"md5":"2023BE9
2023-11-01 14:55:43 UTC	5023	IN	Data Raw: 35 22 7d 2c 22 32 32 32 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 38 30 34 2d 32 2d 31 31 22 7d 2c 22 32 32 33 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 38 31 38 2d 34 2d 32 32 22 7d 2c 22 32 32 34 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 38 33 30 2d 31 32 2d 31 30 22 7d 2c 22 32 32 35 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 38 34 34 2d 31 32 2d 32 22 7d 2c 22 32 32 36 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 38 34 38 2d 32 2d 32 38 22 7d 2c 22 32 32 37 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 38 35 34 2d 31 31 2d 32 37 22 7d 2c 22 32 32 38 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 38 36 30 2d 33 2d 31 38 22 7d 2c 22 32 32 39 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 31 38 36 31 2d 32 2d 31 39 22 7d 2c 22 32 33 30 22 3a 7b 22 5f 73 74 61 72 74 22 3a 22 Data Ascii: 5"},"222":{"_start":"1804-2-11"},"223":{"_start":"1818-4-22"},"224":{"_start":"1830-12-10"},"225":{"_start":"1844-12-2"},"226":{"_start":"1848-2-28"},"227":{"_start":"1854-11-27"},"228":{"_start":"1860-3-18"},"229":{"_start":"1861-2-19"},"230":{"_start":"
2023-11-01 14:55:43 UTC	5215	IN	Data Raw: 69 6f 6e 73 50 6c 75 72 61 6c 22 3a 22 49 74 65 6d 73 20 7b 30 7d 20 6d 6f 76 65 64 20 74 6f 20 74 68 65 20 6c 69 73 74 20 7b 31 7d 22 2c 22 6d 69 6e 45 72 72 6f 72 53 69 6e 67 75 6c 61 72 22 3a 22 53 65 6c 65 63 74 20 61 74 20 6c 65 61 73 74 20 31 20 6f 70 74 69 6f 6e 22 2c 22 6f 70 74 69 6f 6e 4c 6f 63 6b 41 73 73 69 73 74 69 76 65 54 65 78 74 22 3a 22 3a 20 69 74 65 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 6d 6f 76 65 64 20 66 72 6f 6d 20 7b 30 7d 22 2c 22 72 65 71 75 69 72 65 64 45 72 72 6f 72 22 3a 22 41 6e 20 6f 70 74 69 6f 6e 20 6d 75 73 74 20 62 65 20 73 65 6c 65 63 74 65 64 22 2c 22 6d 61 78 48 65 6c 70 22 3a 22 20 5b 61 6e 64 20 61 20 6d 61 78 69 6d 75 6d 20 6f 66 20 7b 30 7d 5d 22 2c 22 6d 69 6e 45 72 72 6f 72 50 6c 75 72 61 6c 22 3a 22 53 65 Data Ascii: ionsPlural":"Items {0} moved to the list {1}","minErrorSingular":"Select at least 1 option","optionLockAssistiveText":": item cannot be removed from {0}","requiredError":"An option must be selected","maxHelp":" [and a maximum of {0}]","minErrorPlural":"Se
2023-11-01 14:55:43 UTC	5231	IN	Data Raw: 61 73 73 69 67 6e 65 65 20 64 6f 65 73 6e 27 74 20 68 61 76 65 20 61 6e 79 20 53 61 6c 65 73 20 45 6e 67 61 67 65 6d 65 6e 74 20 70 65 72 6d 69 73 73 69 6f 6e 73 2e 20 41 73 6b 20 79 6f 75 72 20 53 61 6c 65 73 66 6f 72 63 65 20 61 64 6d 69 6e 20 66 6f 72 20 68 65 6c 70 2e 22 2c 22 50 61 72 64 6f 74 4d 65 72 67 65 46 69 65 6c 64 52 65 6e 64 65 72 69 6e 67 45 72 72 6f 72 22 3a 22 54 68 65 20 6d 65 72 67 65 20 66 69 65 6c 64 20 55 6e 73 75 62 73 63 72 69 62 65 64 20 63 61 6e 27 74 20 62 65 20 75 73 65 64 20 69 6e 20 61 75 74 6f 6d 61 74 65 64 20 65 6d 61 69 6c 73 2e 20 41 73 6b 20 79 6f 75 72 20 61 64 6d 69 6e 20 74 6f 20 72 65 6d 6f 76 65 20 74 68 61 74 20 66 69 65 6c 64 20 66 72 6f 6d 20 65 6d 61 69 6c 20 74 65 6d 70 6c 61 74 65 20 61 6e 64 20 74 72 79 20 Data Ascii: assignee doesn't have any Sales Engagement permissions. Ask your Salesforce admin for help.","PardotMergeFieldRenderingError":"The merge field Unsubscribed can't be used in automated emails. Ask your admin to remove that field from email template and try
2023-11-01 14:55:43 UTC	5247	IN	Data Raw: 75 74 22 3a 22 52 22 2c 22 67 49 6e 70 75 74 22 3a 22 47 22 2c 22 62 49 6e 70 75 74 22 3a 22 42 22 2c 22 67 72 65 65 6e 41 62 62 72 22 3a 22 47 72 65 65 6e 22 7d 2c 22 43 6f 6e 74 61 63 74 4c 65 61 64 49 6e 73 70 65 63 74 6f 72 45 72 72 6f 72 73 22 3a 7b 22 53 65 6e 64 45 6d 61 69 6c 4e 6f 74 43 6f 6e 66 69 67 75 72 65 64 22 3a 22 47 6c 6f 62 61 6c 20 41 63 74 69 6f 6e 20 66 6f 72 20 53 65 6e 64 20 45 6d 61 69 6c 20 69 73 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 22 7d 2c 22 41 70 70 72 6f 76 61 6c 50 72 6f 63 65 73 73 41 63 74 69 6f 6e 73 22 3a 7b 22 68 69 67 68 6c 69 67 68 74 4e 61 6d 65 22 3a 22 7b 30 7d 20 41 70 70 72 6f 76 61 6c 22 7d 2c 22 53 61 76 65 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 22 3a 7b 22 43 6f 6e 66 6c 69 63 74 69 6e 67 46 69 65 6c Data Ascii: ut":"R","gInput":"G","bInput":"B","greenAbbr":"Green"},"ContactLeadInspectorErrors":{"SendEmailNotConfigured":"Global Action for Send Email is not configured."},"ApprovalProcessActions":{"highlightName":"{0} Approval"},"SaveConfirmation":{"ConflictingFiel
2023-11-01 14:55:43 UTC	5455	IN	Data Raw: 41 63 74 69 6f 6e 73 22 3a 7b 22 41 64 64 69 74 69 6f 6e 61 6c 52 65 63 6f 72 64 41 63 74 69 6f 6e 73 22 3a 22 41 64 64 69 74 69 6f 6e 61 6c 20 52 65 63 6f 72 64 20 41 63 74 69 6f 6e 73 22 2c 22 54 6f 61 73 74 65 72 4d 65 73 73 61 67 65 43 72 65 61 74 65 22 3a 22 7b 30 7d 20 5c 22 7b 31 7d 5c 22 20 77 61 73 20 63 72 65 61 74 65 64 2e 22 2c 22 54 6f 61 73 74 65 72 4d 65 73 73 61 67 65 55 70 64 61 74 65 22 3a 22 7b 30 7d 20 5c 22 7b 31 7d 5c 22 20 77 61 73 20 73 61 76 65 64 2e 22 2c 22 54 6f 61 73 74 65 72 4d 65 73 73 61 67 65 43 72 65 61 74 65 57 69 74 68 6f 75 74 4e 61 6d 65 22 3a 22 7b 30 7d 20 77 61 73 20 63 72 65 61 74 65 64 2e 22 2c 22 54 6f 61 73 74 65 72 4d 65 73 73 61 67 65 55 70 64 61 74 65 57 69 74 68 6f 75 74 4e 61 6d 65 22 3a 22 7b 30 7d 20 77 Data Ascii: Actions":{"AdditionalRecordActions":"Additional Record Actions","ToasterMessageCreate":"{0} \"{1}\" was created.","ToasterMessageUpdate":"{0} \"{1}\" was saved.","ToasterMessageCreateWithoutName":"{0} was created.","ToasterMessageUpdateWithoutName":"{0} w

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:44 UTC	10207	OUT	POST /sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/aura?r=0&ui-content-components-forceContent-contentDistributionViewer.ContentDistributionViewer.getContentDistributionInfo=1 HTTP/1.1 Host: ctomarketing.my.salesforce.com Connection: keep-alive Content-Length: 924 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept: / Origin: https://ctomarketing.my.salesforce.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ctomarketing.my.salesforce.com/sfc/p/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=t4lLxHjGEe6_MaO29AW4Ag; BrowserId_sec=t4lLxHjGEe6_MaO29AW4Ag
2023-11-01 14:55:44 UTC	10208	OUT	Data Raw: 6d 65 73 73 61 67 65 3d 25 37 42 25 32 32 61 63 74 69 6f 6e 73 25 32 32 25 33 41 25 35 42 25 37 42 25 32 32 69 64 25 32 32 25 33 41 25 32 32 36 25 33 42 61 25 32 32 25 32 43 25 32 32 64 65 73 63 72 69 70 74 6f 72 25 32 32 25 33 41 25 32 32 73 65 72 76 69 63 65 43 6f 6d 70 6f 6e 65 6e 74 25 33 41 25 32 46 25 32 46 75 69 2e 63 6f 6e 74 65 6e 74 2e 63 6f 6d 70 6f 6e 65 6e 74 73 2e 66 6f 72 63 65 43 6f 6e 74 65 6e 74 2e 63 6f 6e 74 65 6e 74 44 69 73 74 72 69 62 75 74 69 6f 6e 56 69 65 77 65 72 2e 43 6f 6e 74 65 6e 74 44 69 73 74 72 69 62 75 74 69 6f 6e 56 69 65 77 65 72 43 6f 6e 74 72 6f 6c 6c 65 72 25 32 46 41 43 54 49 4f 4e 25 32 34 67 65 74 43 6f 6e 74 65 6e 74 44 69 73 74 72 69 62 75 74 69 6f 6e 49 6e 66 6f 25 32 32 25 32 43 25 32 32 63 61 6c 6c 69 6e 67 Data Ascii: message=%7B%22actions%22%3A%5B%7B%22id%22%3A%226%3Ba%22%2C%22descriptor%22%3A%22serviceComponent%3A%2F%2Fui.content.components.forceContent.contentDistributionViewer.ContentDistributionViewerController%2FACTION%24getContentDistributionInfo%22%2C%22calling

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:45 UTC	10209	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:45 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: no-cache,must-revalidate,max-age=0,no-store,private X-Robots-Tag: noindex, nofollow, noarchive Vary: Origin, Accept-Encoding Expires: Tue, 01 Nov 2022 14:55:45 GMT Last-Modified: Tue, 01 Nov 2022 14:55:45 GMT Server-Timing: Total;dur=127 Timing-Allow-Origin: * Server: sfdcedge X-SFDC-Request-Id: 873f6de05a550b9a2cddb113a0779741
2023-11-01 14:55:45 UTC	10210	IN	Data Raw: 37 31 31 0d 0a 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 7b 22 69 64 22 3a 22 36 3b 61 22 2c 22 73 74 61 74 65 22 3a 22 53 55 43 43 45 53 53 22 2c 22 72 65 74 75 72 6e 56 61 6c 75 65 22 3a 7b 22 73 68 6f 77 50 72 65 76 69 65 77 22 3a 74 72 75 65 2c 22 61 6c 6c 6f 77 50 44 46 44 6f 77 6e 6c 6f 61 64 22 3a 66 61 6c 73 65 2c 22 76 65 72 73 69 6f 6e 49 64 22 3a 22 30 36 38 4e 32 30 30 30 30 30 32 53 69 6a 4a 49 41 53 22 2c 22 76 69 65 77 49 64 22 3a 22 30 35 48 4e 32 30 30 30 30 30 30 49 43 53 58 4d 41 34 22 2c 22 64 6f 63 49 64 22 3a 22 30 36 39 4e 32 30 30 30 30 30 32 41 5a 5a 64 49 41 4f 22 2c 22 61 6c 6c 6f 77 4f 72 69 67 69 6e 61 6c 44 6f 77 6e 6c 6f 61 64 22 3a 74 72 75 65 2c 22 6e 61 6d 65 22 3a 22 51 75 61 6e 74 65 78 61 20 43 75 73 74 6f 6d 73 20 61 6e 64 Data Ascii: 711{"actions":[{"id":"6;a","state":"SUCCESS","returnValue":{"showPreview":true,"allowPDFDownload":false,"versionId":"068N2000002SijJIAS","viewId":"05HN2000000ICSXMA4","docId":"069N2000002AZZdIAO","allowOriginalDownload":true,"name":"Quantexa Customs and

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ctomarketing.my.salesforce.com/sfc/p/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Windows Analysis Report
https://ctomarketing.my.salesforce.com/sfc/p/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:45 UTC	10211	OUT	POST /sfc/ld/20000000NKSY/a/N20000008mp3/9_igk2k2LKp3nokH7juOM55qQhWqh8LYkMS.tqNA8VQ/aura?r=1&ui-content-components-forceContent-previewInfoProvider.PreviewInfoProvider.getPreviewInfo=1 HTTP/1.1 Host: ctomarketing.my.salesforce.com Connection: keep-alive Content-Length: 1045 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept: / Origin: https://ctomarketing.my.salesforce.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ctomarketing.my.salesforce.com/sfc/p/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=t4lLxHjGEe6_MaO29AW4Ag; BrowserId_sec=t4lLxHjGEe6_MaO29AW4Ag
2023-11-01 14:55:45 UTC	10212	OUT	Data Raw: 6d 65 73 73 61 67 65 3d 25 37 42 25 32 32 61 63 74 69 6f 6e 73 25 32 32 25 33 41 25 35 42 25 37 42 25 32 32 69 64 25 32 32 25 33 41 25 32 32 36 30 25 33 42 61 25 32 32 25 32 43 25 32 32 64 65 73 63 72 69 70 74 6f 72 25 32 32 25 33 41 25 32 32 73 65 72 76 69 63 65 43 6f 6d 70 6f 6e 65 6e 74 25 33 41 25 32 46 25 32 46 75 69 2e 63 6f 6e 74 65 6e 74 2e 63 6f 6d 70 6f 6e 65 6e 74 73 2e 66 6f 72 63 65 43 6f 6e 74 65 6e 74 2e 70 72 65 76 69 65 77 49 6e 66 6f 50 72 6f 76 69 64 65 72 2e 50 72 65 76 69 65 77 49 6e 66 6f 50 72 6f 76 69 64 65 72 43 6f 6e 74 72 6f 6c 6c 65 72 25 32 46 41 43 54 49 4f 4e 25 32 34 67 65 74 50 72 65 76 69 65 77 49 6e 66 6f 25 32 32 25 32 43 25 32 32 63 61 6c 6c 69 6e 67 44 65 73 63 72 69 70 74 6f 72 25 32 32 25 33 41 25 32 32 55 4e 4b 4e Data Ascii: message=%7B%22actions%22%3A%5B%7B%22id%22%3A%2260%3Ba%22%2C%22descriptor%22%3A%22serviceComponent%3A%2F%2Fui.content.components.forceContent.previewInfoProvider.PreviewInfoProviderController%2FACTION%24getPreviewInfo%22%2C%22callingDescriptor%22%3A%22UNKN

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:46 UTC	10215	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:46 GMT Content-Type: application/json;charset=UTF-8 Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: no-cache,must-revalidate,max-age=0,no-store,private X-Robots-Tag: noindex, nofollow, noarchive Vary: Origin, Accept-Encoding Expires: Tue, 01 Nov 2022 14:55:46 GMT Last-Modified: Tue, 01 Nov 2022 14:55:46 GMT Server-Timing: Total;dur=290 Timing-Allow-Origin: * Server: sfdcedge X-SFDC-Request-Id: 18f26ad76734d87c0f7e9894a2674719
2023-11-01 14:55:46 UTC	10216	IN	Data Raw: 61 66 39 0d 0a 7b 22 61 63 74 69 6f 6e 73 22 3a 5b 7b 22 69 64 22 3a 22 36 30 3b 61 22 2c 22 73 74 61 74 65 22 3a 22 53 55 43 43 45 53 53 22 2c 22 72 65 74 75 72 6e 56 61 6c 75 65 22 3a 7b 22 72 65 63 6f 72 64 49 64 22 3a 22 30 36 39 4e 32 30 30 30 30 30 32 41 5a 5a 64 49 41 4f 22 2c 22 76 65 72 73 69 6f 6e 4e 75 6d 62 65 72 22 3a 31 2c 22 66 6f 72 6d 61 74 22 3a 22 4a 50 47 22 2c 22 73 74 61 74 75 73 22 3a 22 41 56 41 49 4c 41 42 4c 45 22 2c 22 70 61 67 65 43 6f 75 6e 74 22 3a 34 2c 22 70 72 65 76 69 65 77 55 72 6c 73 22 3a 5b 22 68 74 74 70 73 3a 2f 2f 63 74 6f 6d 61 72 6b 65 74 69 6e 67 2e 66 69 6c 65 2e 66 6f 72 63 65 2e 63 6f 6d 2f 73 66 63 2f 64 69 73 74 2f 76 65 72 73 69 6f 6e 2f 72 65 6e 64 69 74 69 6f 6e 44 6f 77 6e 6c 6f 61 64 3f 72 65 6e 64 69 Data Ascii: af9{"actions":[{"id":"60;a","state":"SUCCESS","returnValue":{"recordId":"069N2000002AZZdIAO","versionNumber":1,"format":"JPG","status":"AVAILABLE","pageCount":4,"previewUrls":["https://ctomarketing.file.force.com/sfc/dist/version/renditionDownload?rendi

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:37 UTC	5	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:37 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Set-Cookie: CookieConsentPolicy=0:1; path=/; expires=Thu, 31-Oct-2024 14:55:37 GMT; Max-Age=31536000 Set-Cookie: LSKey-c$CookieConsentPolicy=0:1; path=/; expires=Thu, 31-Oct-2024 14:55:37 GMT; Max-Age=31536000 Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff Content-Security-Policy: upgrade-insecure-requests X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: no-cache,must-revalidate,max-age=0,no-store,private Set-Cookie: BrowserId=t4lLxHjGEe6_MaO29AW4Ag; domain=.salesforce.com; path=/; expires=Thu, 31-Oct-2024 14:55:37 GMT; Max-Age=31536000 Set-Cookie: BrowserId_sec=t4lLxHjGEe6_MaO29AW4Ag; domain=.salesforce.com; path=/; expires=Thu, 31-Oct-2024 14:55:37 GMT; Max-Age=31536000; secure; SameSite=None X-Robots-Tag: noindex, nofollow, noarchive Vary: Accept-Encoding Server: sfdcedge X-SFDC-Request-Id: f10cb08c4fe85196ce36353698024191 X-SFDC-Edge-Cache: MISS
2023-11-01 14:55:37 UTC	6	IN	Data Raw: 35 34 66 0d 0a 0a 0a 0a 20 20 20 20 0a 20 20 20 20 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 0a 0a 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 0a 09 09 0a 09 09 0a 09 09 09 3c 74 69 74 6c 65 3e 53 61 6c 65 73 66 6f 72 63 65 3c 2f 74 69 74 6c 65 3e 0a 09 09 09 0a 09 09 0a 09 0a 09 Data Ascii: 54f <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><title>Salesforce</title>

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:47 UTC	10221	IN	HTTP/1.1 200 OK Cache-Control: private,max-age=604800 Content-Type: text/plain X-Goog-Safety-Encoding: base64 X-Goog-Safety-Content-Type: application/x-protobuf Vary: X-Origin Vary: Referer Date: Wed, 01 Nov 2023 14:55:47 GMT Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Origin,Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-01 14:55:47 UTC	10221	IN	Data Raw: 31 30 0d 0a 43 67 6b 4b 42 77 33 51 4d 6d 4a 64 47 67 41 3d 0d 0a Data Ascii: 10CgkKBw3QMmJdGgA=
2023-11-01 14:55:47 UTC	10221	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:47 UTC	10267	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 75 51 35 79 63 72 39 6f 45 61 35 52 74 4e 44 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 66 62 65 62 35 62 61 39 66 62 65 34 30 61 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: suQ5ycr9oEa5RtND.1Context: 2fbeb5ba9fbe40a7
2023-11-01 14:55:47 UTC	10267	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-11-01 14:55:47 UTC	10267	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 73 75 51 35 79 63 72 39 6f 45 61 35 52 74 4e 44 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 66 62 65 62 35 62 61 39 66 62 65 34 30 61 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 48 30 69 33 2b 35 6f 74 67 46 67 41 5a 36 4a 73 41 68 45 78 66 4b 76 36 72 46 39 35 63 66 73 7a 79 61 70 6a 77 48 42 54 74 61 51 38 72 57 52 53 46 61 48 4e 45 58 77 45 38 30 31 39 47 71 64 74 4e 53 4e 35 2f 30 6f 6c 52 76 6b 73 61 71 6f 32 46 68 4a 6b 61 4c 36 58 6e 34 70 6e 63 36 36 51 33 4c 35 52 67 52 44 78 62 4c 55 41 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: suQ5ycr9oEa5RtND.2Context: 2fbeb5ba9fbe40a7<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZH0i3+5otgFgAZ6JsAhExfKv6rF95cfszyapjwHBTtaQ8rWRSFaHNEXwE8019GqdtNSN5/0olRvksaqo2FhJkaL6Xn4pnc66Q3L5RgRDxbLUA
2023-11-01 14:55:47 UTC	10268	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 73 75 51 35 79 63 72 39 6f 45 61 35 52 74 4e 44 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 66 62 65 62 35 62 61 39 66 62 65 34 30 61 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: suQ5ycr9oEa5RtND.3Context: 2fbeb5ba9fbe40a7<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-11-01 14:55:47 UTC	10270	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-11-01 14:55:47 UTC	10270	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 76 66 4d 55 4c 4b 6f 51 6b 6d 43 2b 2f 45 65 50 38 61 4e 4b 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: XvfMULKoQkmC+/EeP8aNKA.0Payload parsing failed.

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:48 UTC	10308	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:48 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: public,max-age=10368000 Expires: Thu, 29 Feb 2024 14:55:48 GMT X-Robots-Tag: noindex, nofollow, noarchive Last-Modified: Fri, 13 Nov 2020 02:02:33 GMT Vary: Accept-Encoding Server: sfdcedge X-SFDC-Request-Id: 9831a10e7633ff121bf25d9bcfeea292 X-SFDC-Edge-Cache: MISS
2023-11-01 14:55:48 UTC	10308	IN	Data Raw: 37 65 30 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 73 76 67 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 53 56 47 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 47 72 61 70 68 69 63 73 2f 53 56 47 2f 31 2e 31 2f 44 54 44 2f 73 76 67 31 31 2e 64 74 64 22 3e 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 64 69 73 70 6c 61 79 3d 22 6e 6f 6e 65 22 3e 3c 73 79 6d 62 6f 6c 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 36 20 36 34 22 20 69 64 3d 22 61 69 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 Data Ascii: 7e0a<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" display="none"><symbol viewBox="0 0 56 64" id="ai" xmlns="http://www
2023-11-01 14:55:48 UTC	10324	IN	Data Raw: 39 37 31 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 31 30 2e 31 30 37 20 33 37 2e 34 36 36 76 31 36 2e 34 31 39 68 32 31 2e 35 32 31 56 33 37 2e 34 36 36 48 31 30 2e 31 30 37 7a 6d 36 2e 34 35 38 20 31 35 2e 30 37 38 68 2d 34 2e 39 36 37 76 2d 33 2e 35 38 68 34 2e 39 36 37 76 33 2e 35 38 7a 6d 30 2d 35 2e 30 31 32 68 2d 34 2e 39 36 37 76 2d 33 2e 35 37 39 68 34 2e 39 36 37 76 33 2e 35 37 39 7a 6d 30 2d 35 2e 30 31 31 68 2d 34 2e 39 36 37 76 2d 33 2e 35 38 68 34 2e 39 36 37 76 33 2e 35 38 7a 6d 31 33 2e 36 33 32 20 31 30 2e 30 32 33 48 31 38 2e 30 34 32 76 2d 33 2e 35 38 68 31 32 2e 31 35 35 76 33 2e 35 38 7a 6d 30 2d 35 2e 30 31 32 48 31 38 2e 30 34 32 76 2d 33 2e 35 37 39 68 31 32 2e 31 35 35 76 33 2e 35 37 39 7a 6d 30 2d 35 2e 30 31 31 48 31 38 2e 30 34 32 Data Ascii: 971"/><path d="M10.107 37.466v16.419h21.521V37.466H10.107zm6.458 15.078h-4.967v-3.58h4.967v3.58zm0-5.012h-4.967v-3.579h4.967v3.579zm0-5.011h-4.967v-3.58h4.967v3.58zm13.632 10.023H18.042v-3.58h12.155v3.58zm0-5.012H18.042v-3.579h12.155v3.579zm0-5.011H18.042
2023-11-01 14:55:48 UTC	10388	IN	Data Raw: 2e 31 2d 35 2e 34 2d 33 2e 32 2d 37 2e 33 7a 4d 32 30 20 35 32 2e 35 63 2d 32 2e 33 20 30 2d 34 2e 36 2d 31 2d 36 2e 32 2d 32 2e 37 2d 31 2e 36 2d 31 2e 37 2d 32 2e 34 2d 34 2d 32 2e 33 2d 36 2e 33 2e 33 2d 34 2e 33 20 33 2e 37 2d 37 2e 37 20 37 2e 39 2d 0d 0a 33 30 31 31 0d 0a 37 2e 39 68 2e 35 63 34 2e 37 20 30 20 38 2e 35 20 33 2e 38 20 38 2e 35 20 38 2e 35 76 38 2e 34 48 32 30 7a 22 2f 3e 3c 2f 73 79 6d 62 6f 6c 3e 3c 73 79 6d 62 6f 6c 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 36 20 36 34 22 20 69 64 3d 22 71 75 69 70 5f 73 6c 69 64 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 63 6c 69 70 2d 72 75 6c 65 Data Ascii: .1-5.4-3.2-7.3zM20 52.5c-2.3 0-4.6-1-6.2-2.7-1.6-1.7-2.4-4-2.3-6.3.3-4.3 3.7-7.7 7.9-30117.9h.5c4.7 0 8.5 3.8 8.5 8.5v8.4H20z"/></symbol><symbol viewBox="0 0 56 64" id="quip_slide" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:48 UTC	11201	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff Content-Security-Policy: upgrade-insecure-requests X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: must-revalidate,no-cache,no-store Vary: Accept-Encoding Server: sfdcedge X-SFDC-Request-Id: ccc2bf9dfc4835c517be29ea6ba27ee6 X-SFDC-Edge-Cache: MISS
2023-11-01 14:55:48 UTC	11201	IN	Data Raw: 32 0d 0a 0a 0a 0d 0a 35 31 63 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 50 52 41 47 4d 41 22 20 43 4f 4e 54 45 4e 54 3d 22 4e 4f 2d 43 41 43 48 45 22 3e 0a 0a 0a 0a 0a 0a 3c 73 63 72 69 70 74 3e 0a 66 75 6e 63 74 69 6f 6e 20 72 65 64 69 72 65 63 74 4f 6e 4c 6f 61 64 28 29 20 7b 0a 69 66 20 28 74 68 69 73 2e 53 66 64 63 41 70 70 20 26 26 20 74 68 69 73 2e 53 66 64 63 41 70 70 Data Ascii: 251c<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"><script>function redirectOnLoad() {if (this.SfdcApp && this.SfdcApp

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:48 UTC	11891	IN	HTTP/1.1 200 OK Date: Wed, 01 Nov 2023 14:55:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Strict-Transport-Security: max-age=63072000; includeSubDomains X-Content-Type-Options: nosniff Content-Security-Policy: upgrade-insecure-requests X-Robots-Tag: none Referrer-Policy: origin-when-cross-origin Cache-Control: must-revalidate,no-cache,no-store Vary: Accept-Encoding Server: sfdcedge X-SFDC-Request-Id: 3150d760f74b4731163bca863fe1befb X-SFDC-Edge-Cache: MISS
2023-11-01 14:55:48 UTC	11892	IN	Data Raw: 32 0d 0a 0a 0a 0d 0a 34 64 34 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 50 52 41 47 4d 41 22 20 43 4f 4e 54 45 4e 54 3d 22 4e 4f 2d 43 41 43 48 45 22 3e 0a 0a 0a 0a 0a 0a 3c 73 63 72 69 70 74 3e 0a 66 75 6e 63 74 69 6f 6e 20 72 65 64 69 72 65 63 74 4f 6e 4c 6f 61 64 28 29 20 7b 0a 69 66 20 28 74 68 69 73 2e 53 66 64 63 41 70 70 20 26 26 20 74 68 69 73 2e 53 66 64 63 41 70 70 Data Ascii: 24d4<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"><script>function redirectOnLoad() {if (this.SfdcApp && this.SfdcApp

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:51 UTC	16290	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KFCftek9p95fbFt&MD=yVfsLwsz HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-01 14:55:51 UTC	16322	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 055f88af-3c05-4f46-9963-40a6f985ad87 MS-RequestId: bc2f06cf-f862-425d-98bc-39a045c016de MS-CV: MeM17eER50ejtvXa.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 01 Nov 2023 14:55:50 GMT Connection: close Content-Length: 24490
2023-11-01 14:55:51 UTC	16323	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-01 14:55:51 UTC	16338	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	kBytes transferred	Direction	Data
2023-11-01 14:55:54 UTC	20129	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900C4F3 X-BM-CBT: 1696488253 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581D X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900C4F3 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-c X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 516 Connection: Keep-Alive Cache-Control: no-cache Cookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1
2023-11-01 14:55:54 UTC	20131	OUT	Data Raw: 3c Data Ascii: <
2023-11-01 14:55:54 UTC	20131	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 38 31 43 36 31 45 30 39 34 39 38 44 34 31 43 43 39 37 43 44 42 42 41 33 35 34 38 32 34 45 44 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 33 35 31 41 41 38 32 41 45 39 30 43 34 36 36 39 39 46 35 42 31 46 45 33 34 32 42 45 37 45 31 30 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>81C61E09498D41CC97CDBBA354824ED1</CID><Events><E><T>Event.ClientInst</T><IG>351AA82AE90C46699F5B1FE342BE7E10</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2023-11-01 14:55:54 UTC	20211	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 93FEF5216AA94A5B902EF43706EAD3D1 Ref B: PAOEDGE0507 Ref C: 2023-11-01T14:55:54Z Date: Wed, 01 Nov 2023 14:55:54 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.40a6dc17.1698850554.977ce2f