Edit tour

Windows Analysis Report
Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx

Overview

General Information

Sample name:	Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx
Analysis ID:	1435294
MD5:	c1d8f73c861ad2a669d071bff85076b0
SHA1:	0d17bf6668bf7571cf9a52322c5a6d94c1129299
SHA256:	eb9e15df65eb4971a370731558163c9f24f849475f5a7a3c1f2a557a548770db
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Document misses a certain OLE stream usually present in this Microsoft Office document type

IP address seen in connection with other malware

Classification

Process Tree

System is w7x64

EXCEL.EXE (PID: 1884 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)

chrome.exe (PID: 200 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 1272 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1240,i,11634466219794985678,4912698025010066161,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 3744 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 3940 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 3480 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1260,i,1358086589368310172,12834293717432727040,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 3488 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 3424 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1272,i,4941910042198906798,14307021731387216113,131072 /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 2060 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 3024 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1348,i,5730947123427631772,2944053335706487817,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 3104 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 3304 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 2404 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1108,i,12411054581442439668,13136626987919913711,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 3492 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://netsuite.custhelp.com/app/answers/detail/a_id/73898" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 2652 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=892,i,14382479072840613400,10629495472375794697,131072 /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html	HTTP Parser: No favicon
Source: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html	HTTP Parser: No favicon
Source: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html	HTTP Parser: No favicon
Source: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html#main-content	HTTP Parser: No favicon
Source: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html#main-content	HTTP Parser: No favicon
Source: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html#main-content	HTTP Parser: No favicon

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: Joe Sandbox View	IP Address: 18.238.49.47 18.238.49.47
Source: Joe Sandbox View	IP Address: 18.238.49.99 18.238.49.99
Source: Joe Sandbox View	IP Address: 18.238.49.126 18.238.49.126
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: global traffic	HTTP traffic detected: GET /notice?domain=netsuite.com&c=teconsent&js=bb&noticeType=bb&text=true&pcookie&gtm=1 HTTP/1.1Host: consent.truste.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://developers.suitecommerce.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=0a2b&referer=https://developers.suitecommerce.com HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://developers.suitecommerce.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /asset/notice.js/v/v1.7-3281 HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"Origin: https://developers.suitecommerce.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://developers.suitecommerce.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get?name=crossdomain.html&domain=netsuite.com HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://developers.suitecommerce.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=0a2b&referer=https://developers.suitecommerce.com HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=b4f6&referer=https://developers.suitecommerce.com HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://developers.suitecommerce.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=b4f6&referer=https://developers.suitecommerce.com HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=04d8&referer=https://developers.suitecommerce.com HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://developers.suitecommerce.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=8408&referer=https://developers.suitecommerce.com HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://developers.suitecommerce.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=04d8&referer=https://developers.suitecommerce.com HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=8408&referer=https://developers.suitecommerce.com HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=954e&referer=https://developers.suitecommerce.com HTTP/1.1Host: consent.trustarc.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://developers.suitecommerce.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=954e&referer=https://developers.suitecommerce.com HTTP/1.1Host: consent.trustarc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: sheet3.xml.rels	String found in binary or memory: <Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId8" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink" Target="https://www.akdyusa.com/search?page=1" TargetMode="External"/><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink" Target="https://www.youtube.com/watch?v=0rST36LBcEg" TargetMode="External"/><Relationship Id="rId7" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink" Target="https://www.henrybear.com/" TargetMode="External"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink" Target="https://developers.suitecommerce.com/index.html" TargetMode="External"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink" Target="https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html" TargetMode="External"/><Relationship Id="rId6" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink" Target="http://suiteapp.com/business-needs/Payment-Acceptance" TargetMode="External"/><Relationship Id="rId11" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/printerSettings" Target="../printerSettings/printerSettings3.bin"/><Relationship Id="rId5" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink" Target="https://cluse.com/" TargetMode="External"/><Relationship Id="rId10" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink" Target="https://www.tdxpert.com/" TargetMode="External"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink" Target="https://www.flexitog.com/" TargetMode="External"/><Relationship Id="rId9" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink" Target="https://netsuite-my.sharepoint.com/:b:/p/rkrajci/EfnTfQEMnk5Ju63hPSla3aUBi5QQgdTnEHgt1TdLo-6kMw?e=zttWrf" TargetMode="External"/></Relationships> equals www.youtube.com (Youtube)
Source: sharedStrings.xml	String found in binary or memory: Each theme can look very different with the user-friendly Site Management Tools (SMT).</t></si><si><t>Why do you have different websites (for branding, different countries, different tax ID's, other)?</t></si><si><t>Or can you send me a list of those domains after the call</t></si><si><t>https://www.youtube.com/watch?v=0rST36LBcEg</t></si><si><t>If a customer logs into both sites, do they share their account or have to reregister?</t></si><si><t>What percent of the ecommerce revenue comes across each site?</t></si><si><t>This can help us understand if it's worth replace all sites. equals www.youtube.com (Youtube)
Source: sharedStrings.xml	String found in binary or memory: You can go to builtwith.com to find out.</t></si><si><t>Misspellings</t></si><si><t>Facet Search</t></si><si><t>Type ahead search</t></si><si><t>Type ahead suggested categories (Nextopia, SLI, Endecca)</t></si><si><t>Matrix item support</t></si><si><t>Product Recommendations (Certona)</t></si><si><t>Product Reviews (Like BazaarVoice / PowerReviews)</t></si><si><t>Q&A (TurnTo)</t></si><si><t>Live Chat (LivePerson, Velaro)</t></si><si><t>Wish Lists</t></si><si><t>Inventory Displayed on Product Detail page</t></si><si><t>Buy online pickup in store</t></si><si><t>Pinterest, Facebook, Other</t></si><si><t>Store locator</t></si><si><t>Affiliate</t></si><si><t>Blog (WordPress)</t></si><si><t>Gift Certificates Electronic</t></si><si><t>Videos (YouTube)</t></si><si><t>Downloadable Products</t></si><si><t>Downloadable Products with DRM (www.editionguard.com)</t></si><si><t>Kits</t></si><si><t>Configurable products (Verenia)</t></si><si><t>Subscription products (Monexa, Upaya, First Hosted Limited FHL)</t></si><si><t>Warranty's</t></si><si><t>Customer picks delivery date (i.e. Flowers delivered on bday exact date)</t></si><si><t>A/B Testing (Optimizely)</t></si><si><t>Content Delivery Network (CDN) (Akamai, Amazon)</t></si><si><t>Personalization (Optimizely)</t></si><si><t>Detect country IP routing (MaxMind)</t></si><si><t>Google Trusted Store?</t></si><si><t>https?</t></si><si><t>ETF/ACH</t></si><si><t>Payment types at checkout</t></si><si><t>Is site public or need a log in</t></si><si><t>Opening Questions</t></si><si><t> equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: developers.suitecommerce.com
Source: global traffic	DNS traffic detected: DNS query: s.go-mpulse.net
Source: global traffic	DNS traffic detected: DNS query: consent.truste.com
Source: global traffic	DNS traffic detected: DNS query: consent.trustarc.com
Source: global traffic	DNS traffic detected: DNS query: c.go-mpulse.net
Source: global traffic	DNS traffic detected: DNS query: 173bf10a.akstat.io
Source: global traffic	DNS traffic detected: DNS query: x5qjnyixeeujqzrtphxa-f-1ae67ca9a-clientnsv4-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: 173bf110.akstat.io
Source: global traffic	DNS traffic detected: DNS query: trial-eum-clientnsv4-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: trial-eum-clienttons-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: 191-96-150-225_s-23-200-0-185_ts-1714649591-clienttons-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: x5qjnyixzaaauzrtph3q-peru40-c59057d55-clientnsv4-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: 191-96-150-225_s-23-200-0-189_ts-1714649681-clienttons-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: x5qjnyixzaabgzrtpjka-pom4j9-506af2c47-clientnsv4-s.akamaihd.net

Source: chromecache_170.3.dr	String found in binary or memory: http://consent.trustarc.com/noticemsg?
Source: sharedStrings.xml	String found in binary or memory: http://suiteapp.com/business-needs/Payment-Acceptance
Source: chromecache_173.3.dr	String found in binary or memory: http://www.oracle.com
Source: chromecache_173.3.dr	String found in binary or memory: http://www.oracle.comCopyright
Source: sharedStrings.xml	String found in binary or memory: http://wwwnui.akamai.com/gnet/globe/index.html
Source: chromecache_170.3.dr	String found in binary or memory: https://api-js-log.trustarc.com/error
Source: sharedStrings.xml	String found in binary or memory: https://cluse.com/
Source: chromecache_170.3.dr	String found in binary or memory: https://consent-pref.trustarc.com?type=netsuite_production_v2&layout=default_eu
Source: chromecache_170.3.dr	String found in binary or memory: https://consent.trustarc.com/
Source: chromecache_170.3.dr	String found in binary or memory: https://consent.trustarc.com/bannermsg?
Source: chromecache_170.3.dr	String found in binary or memory: https://consent.trustarc.com/log
Source: chromecache_175.3.dr	String found in binary or memory: https://consent.truste.com/notice?domain=netsuite.com&c=teconsent&js=bb&noticeType=bb&text=true&pcoo
Source: sharedStrings.xml	String found in binary or memory: https://developers.suitecommerce.com/?Key=Search&q=seo
Source: sharedStrings.xml	String found in binary or memory: https://developers.suitecommerce.com/index.html
Source: sharedStrings.xml	String found in binary or memory: https://developers.suitecommerce.com/performance
Source: sharedStrings.xml	String found in binary or memory: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html
Source: sharedStrings.xml	String found in binary or memory: https://docs.woocommerce.com/document/pci-dss-compliance-and-woocommerce/
Source: sharedStrings.xml	String found in binary or memory: https://magento.com/sites/default/files/Magento_Enterprise_Edition_2.1_Feature_List_06.15.16.pdf
Source: sharedStrings.xml	String found in binary or memory: https://netsuite-my.sharepoint.com/:b:/p/rkrajci/EfnTfQEMnk5Ju63hPSla3aUBi5QQgdTnEHgt1TdLo-6kMw?e=zt
Source: sharedStrings.xml	String found in binary or memory: https://netsuite.custhelp.com/app/answers/detail/a_id/73898
Source: sharedStrings.xml	String found in binary or memory: https://netsuite.sharepoint.com/:f:/s/suitesuccessforcommerce/Epsm-sMPa3xCsPuAUpVMSzMBHUALYapWgE07bE
Source: sharedStrings.xml	String found in binary or memory: https://oradocs-corp.documents.us2.oraclecloud.com/documents/link/LDDB2A32B38A7322A6B67CD1F6C3FF17C1
Source: chromecache_184.3.dr	String found in binary or memory: https://system.netsuite.com/app/help/helpcenter.nl?fid=article_163657338975.html#:~:text=Extension%2
Source: chromecache_184.3.dr	String found in binary or memory: https://system.netsuite.com/app/help/helpcenter.nl?fid=section_158695491035.html
Source: sharedStrings.xml	String found in binary or memory: https://www.akdyusa.com/search?page=1
Source: sharedStrings.xml	String found in binary or memory: https://www.cnbc.com/2015/05/27/high-tech-attacks-high-cost-data-breaches-cost-average-of-38-million
Source: sharedStrings.xml	String found in binary or memory: https://www.flexitog.com/
Source: chromecache_175.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-D4PTW6P1YZ
Source: sharedStrings.xml	String found in binary or memory: https://www.henrybear.com/
Source: chromecache_184.3.dr	String found in binary or memory: https://www.netsuite.com
Source: chromecache_184.3.dr	String found in binary or memory: https://www.oracle.com/legal/copyright.html
Source: chromecache_184.3.dr	String found in binary or memory: https://www.oracle.com/legal/privacy/
Source: chromecache_184.3.dr	String found in binary or memory: https://www.oracle.com/legal/terms.html
Source: sharedStrings.xml	String found in binary or memory: https://www.tdxpert.com/
Source: sharedStrings.xml	String found in binary or memory: https://www.youtube.com/watch?v=0rST36LBcEg

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49180
Source: unknown	Network traffic detected: HTTP traffic on port 49231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49215
Source: unknown	Network traffic detected: HTTP traffic on port 49180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49210
Source: unknown	Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49176
Source: unknown	Network traffic detected: HTTP traffic on port 49190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49193
Source: unknown	Network traffic detected: HTTP traffic on port 49222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49190
Source: unknown	Network traffic detected: HTTP traffic on port 49208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49208
Source: unknown	Network traffic detected: HTTP traffic on port 49215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49228

System Summary

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Source: Screenshot number: 4

Screenshot OCR: enable editing of quotes by customerwould require SCA and a significant customization USS 20-30K.

Source: FE2D.tmp.0.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: mal48.winXLSX@58/57@66/6

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR5F9C.tmp

Jump to behavior

Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx

OLE indicator, Workbook stream: true

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1240,i,11634466219794985678,4912698025010066161,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html"
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1260,i,1358086589368310172,12834293717432727040,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1272,i,4941910042198906798,14307021731387216113,131072 /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1348,i,5730947123427631772,2944053335706487817,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html"
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1108,i,12411054581442439668,13136626987919913711,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://netsuite.custhelp.com/app/answers/detail/a_id/73898"
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=892,i,14382479072840613400,10629495472375794697,131072 /prefetch:8
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1240,i,11634466219794985678,4912698025010066161,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1260,i,1358086589368310172,12834293717432727040,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1272,i,4941910042198906798,14307021731387216113,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1348,i,5730947123427631772,2944053335706487817,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1108,i,12411054581442439668,13136626987919913711,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=892,i,14382479072840613400,10629495472375794697,131072 /prefetch:8	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet4.xml
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet5.xml
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet6.xml
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet3.xml.rels
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet4.xml.rels
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet5.xml.rels
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings3.bin
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings4.bin
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings5.bin
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = customXml/item3.xml
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = customXml/itemProps3.xml
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = docProps/custom.xml
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = customXml/_rels/item3.xml.rels
Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	Initial sample: OLE zip file path = customXml/item2.xml

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 File and Directory Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
173bf110.akstat.io	0%	Virustotal	Browse
s.go-mpulse.net	0%	Virustotal	Browse
173bf10a.akstat.io	0%	Virustotal	Browse
c.go-mpulse.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://www.akdyusa.com/search?page=1	0%	Avira URL Cloud	safe
https://www.flexitog.com/	0%	Avira URL Cloud	safe
https://netsuite.sharepoint.com/:f:/s/suitesuccessforcommerce/Epsm-sMPa3xCsPuAUpVMSzMBHUALYapWgE07bE	0%	Avira URL Cloud	safe
http://www.oracle.comCopyright	0%	Avira URL Cloud	safe
https://www.henrybear.com/	0%	Avira URL Cloud	safe
http://suiteapp.com/business-needs/Payment-Acceptance	0%	Avira URL Cloud	safe
https://netsuite-my.sharepoint.com/:b:/p/rkrajci/EfnTfQEMnk5Ju63hPSla3aUBi5QQgdTnEHgt1TdLo-6kMw?e=zt	0%	Avira URL Cloud	safe
https://www.flexitog.com/	0%	Virustotal		Browse
https://www.henrybear.com/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
consent.truste.com	18.164.96.99	true	false		high
www.google.com	172.217.1.4	true	false		high
consent.trustarc.com	18.238.49.126	true	false		high
x5qjnyixeeujqzrtphxa-f-1ae67ca9a-clientnsv4-s.akamaihd.net	unknown	unknown	false		high
s.go-mpulse.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
trial-eum-clienttons-s.akamaihd.net	unknown	unknown	false		high
191-96-150-225_s-23-200-0-185_ts-1714649591-clienttons-s.akamaihd.net	unknown	unknown	false		high
173bf110.akstat.io	unknown	unknown	false	0%, Virustotal, Browse	unknown
developers.suitecommerce.com	unknown	unknown	false		high
173bf10a.akstat.io	unknown	unknown	false	0%, Virustotal, Browse	unknown
x5qjnyixzaabgzrtpjka-pom4j9-506af2c47-clientnsv4-s.akamaihd.net	unknown	unknown	false		high
191-96-150-225_s-23-200-0-189_ts-1714649681-clienttons-s.akamaihd.net	unknown	unknown	false		high
trial-eum-clientnsv4-s.akamaihd.net	unknown	unknown	false		high
c.go-mpulse.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
x5qjnyixzaaauzrtph3q-peru40-c59057d55-clientnsv4-s.akamaihd.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
https://consent.trustarc.com/log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=8408&referer=https://developers.suitecommerce.com	false	high
https://consent.truste.com/notice?domain=netsuite.com&c=teconsent&js=bb&noticeType=bb&text=true&pcookie&gtm=1	false	high
https://consent.trustarc.com/asset/notice.js/v/v1.7-3281	false	high
https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html#main-content	false	high
https://consent.trustarc.com/log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=0a2b&referer=https://developers.suitecommerce.com	false	high
https://consent.trustarc.com/get?name=crossdomain.html&domain=netsuite.com	false	high
https://consent.trustarc.com/log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=04d8&referer=https://developers.suitecommerce.com	false	high
https://consent.trustarc.com/log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=954e&referer=https://developers.suitecommerce.com	false	high
https://consent.trustarc.com/log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=b4f6&referer=https://developers.suitecommerce.com	false	high
https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://consent.trustarc.com/	chromecache_170.3.dr	false		high
http://consent.trustarc.com/noticemsg?	chromecache_170.3.dr	false		high
http://wwwnui.akamai.com/gnet/globe/index.html	sharedStrings.xml	false		high
http://www.oracle.com	chromecache_173.3.dr	false		high
https://www.netsuite.com	chromecache_184.3.dr	false		high
https://netsuite.custhelp.com/app/answers/detail/a_id/73898	sharedStrings.xml	false		high
https://www.akdyusa.com/search?page=1	sharedStrings.xml	false	Avira URL Cloud: safe	unknown
https://www.cnbc.com/2015/05/27/high-tech-attacks-high-cost-data-breaches-cost-average-of-38-million	sharedStrings.xml	false		high
https://consent.trustarc.com/bannermsg?	chromecache_170.3.dr	false		high
https://docs.woocommerce.com/document/pci-dss-compliance-and-woocommerce/	sharedStrings.xml	false		high
https://www.oracle.com/legal/privacy/	chromecache_184.3.dr	false		high
https://netsuite.sharepoint.com/:f:/s/suitesuccessforcommerce/Epsm-sMPa3xCsPuAUpVMSzMBHUALYapWgE07bE	sharedStrings.xml	false	Avira URL Cloud: safe	unknown
https://magento.com/sites/default/files/Magento_Enterprise_Edition_2.1_Feature_List_06.15.16.pdf	sharedStrings.xml	false		high
https://system.netsuite.com/app/help/helpcenter.nl?fid=section_158695491035.html	chromecache_184.3.dr	false		high
https://cluse.com/	sharedStrings.xml	false		high
http://www.oracle.comCopyright	chromecache_173.3.dr	false	Avira URL Cloud: safe	unknown
https://www.flexitog.com/	sharedStrings.xml	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://developers.suitecommerce.com/?Key=Search&q=seo	sharedStrings.xml	false		high
https://developers.suitecommerce.com/performance	sharedStrings.xml	false		high
https://api-js-log.trustarc.com/error	chromecache_170.3.dr	false		high
https://www.oracle.com/legal/copyright.html	chromecache_184.3.dr	false		high
https://oradocs-corp.documents.us2.oraclecloud.com/documents/link/LDDB2A32B38A7322A6B67CD1F6C3FF17C1	sharedStrings.xml	false		high
https://system.netsuite.com/app/help/helpcenter.nl?fid=article_163657338975.html#:~:text=Extension%2	chromecache_184.3.dr	false		high
https://www.henrybear.com/	sharedStrings.xml	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.oracle.com/legal/terms.html	chromecache_184.3.dr	false		high
https://www.youtube.com/watch?v=0rST36LBcEg	sharedStrings.xml	false		high
https://developers.suitecommerce.com/index.html	sharedStrings.xml	false		high
https://consent.truste.com/notice?domain=netsuite.com&c=teconsent&js=bb&noticeType=bb&text=true&pcoo	chromecache_175.3.dr	false		high
https://consent-pref.trustarc.com?type=netsuite_production_v2&layout=default_eu	chromecache_170.3.dr	false		high
https://consent.trustarc.com/log	chromecache_170.3.dr	false		high
https://netsuite-my.sharepoint.com/:b:/p/rkrajci/EfnTfQEMnk5Ju63hPSla3aUBi5QQgdTnEHgt1TdLo-6kMw?e=zt	sharedStrings.xml	false	Avira URL Cloud: safe	unknown
http://suiteapp.com/business-needs/Payment-Acceptance	sharedStrings.xml	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.238.49.47	unknown	United States	16509	AMAZON-02US	false
172.217.1.4	www.google.com	United States	15169	GOOGLEUS	false
18.238.49.99	unknown	United States	16509	AMAZON-02US	false
18.238.49.126	consent.trustarc.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.164.96.99	consent.truste.com	United States	3	MIT-GATEWAYSUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1435294
Start date and time:	2024-05-02 13:31:41 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	6
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx
Detection:	MAL
Classification:	mal48.winXLSX@58/57@66/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .xlsx Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Browse link: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html Browse: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html#main-content Browse link: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html Browse: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html#main-content Browse link: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html Browse: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html#main-content Browse link: https://netsuite.custhelp.com/app/answers/detail/a_id/73898 Browse: https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html#main-content Scroll down Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, vga.dll, WMIADAP.exe
Excluded IPs from analysis (whitelisted): 142.251.33.163, 142.251.32.78, 172.253.63.84, 172.217.165.14, 34.104.35.123, 23.33.40.152, 23.33.40.132, 104.76.100.170, 23.60.4.132, 23.200.0.12, 23.200.0.19, 23.200.0.185, 23.200.0.189, 23.200.0.10
Excluded domains from analysis (whitelisted): ip46.go-mpulse.net.edgekey.net, ds-developers.suitecommerce.com.edgekey.net, accounts.google.com, clientservices.googleapis.com, a1024.dscg.akamai.net, wildcard46.akstat.io.edgekey.net, e4518.dscapi7.akamaiedge.net, a248.b.akamai.net, clients2.google.com, redirector.gvt1.com, edgedl.me.gvt1.com, e100210.dscx.akamaiedge.net, wildcard46.go-mpulse.net.edgekey.net, clients.l.google.com, e4518.dscx.akamaiedge.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
18.238.49.126	https://jagurihgroup.com/wader/steerable/?a=dj7BxaR5P3DM9rD	Get hash	malicious	Phisher	Browse
	https://cthompson-vsc16.coupacloud.com/quotes/external_responses/b30e6941a7e0553e0d3b5d318c8a406aefe85fa0bd4d5e844560a248434cc9ccd28fbee0140d9980/terms?response_intend=true	Get hash	malicious	Unknown	Browse
	Zimbra Web Client Sign In13.htm	Get hash	malicious	Unknown	Browse
	https://sicurezza.poste.3-90-45-250.cprapid.com/	Get hash	malicious	HTMLPhisher	Browse
	https://logrhythm.com/	Get hash	malicious	Unknown	Browse
	http://p2.194-48-251-67.cprapid.com/	Get hash	malicious	HTMLPhisher	Browse
239.255.255.250	8DMUHFukm8.exe	Get hash	malicious	Unknown	Browse
	MejqsB9tx9.exe	Get hash	malicious	Amadey	Browse
	OUZXNOqKXg.exe	Get hash	malicious	RisePro Stealer	Browse
	0BzQNa8hYd.exe	Get hash	malicious	RisePro Stealer	Browse
	SecuriteInfo.com.W32.MSIL_Kryptik.KXQ.gen.Eldorado.28696.3484.exe	Get hash	malicious	FormBook	Browse
	original INV_PDF.gz.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	Jkxkt.exe	Get hash	malicious	Unknown	Browse
	Notice.xls	Get hash	malicious	Unknown	Browse
	Notice.xls	Get hash	malicious	Unknown	Browse
	S0R0rNBVni.exe	Get hash	malicious	Unknown	Browse
18.238.49.47	https://jagurihgroup.com/wader/steerable/?a=dj7BxaR5P3DM9rD	Get hash	malicious	Phisher	Browse
	https://cthompson-vsc16.coupacloud.com/quotes/external_responses/b30e6941a7e0553e0d3b5d318c8a406aefe85fa0bd4d5e844560a248434cc9ccd28fbee0140d9980/terms?response_intend=true	Get hash	malicious	Unknown	Browse
	https://cthompson-vsc16.coupacloud.com/quotes/external_responses/b30e6941a7e0553e0d3b5d318c8a406aefe85fa0bd4d5e844560a248434cc9ccd28fbee0140d9980/terms?response_intend=true	Get hash	malicious	Unknown	Browse
	Zimbra Web Client Sign In13.htm	Get hash	malicious	Unknown	Browse
	GoTo Webinar Opener (2).exe	Get hash	malicious	Unknown	Browse
	https://logrhythm.com/	Get hash	malicious	Unknown	Browse
	http://p2.194-48-251-67.cprapid.com/	Get hash	malicious	HTMLPhisher	Browse
18.238.49.99	https://jagurihgroup.com/wader/steerable/?a=dj7BxaR5P3DM9rD	Get hash	malicious	Phisher	Browse
	https://www.canva.com/design/DAGAKNghr4A/3gUMtWRotAcalbbQiAq1GQ/edit?utm_content=DAGAKNghr4A&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	HTMLPhisher	Browse
	https://ergv54ergrz.s3.amazonaws.com/uhdigth1.html	Get hash	malicious	Unknown	Browse
	Zimbra Web Client Sign In13.htm	Get hash	malicious	Unknown	Browse
	https://www.sharevault.net/panajax/index.jsp?et=iaebe&uno=d53d1e12-04bb-4756-9e67-8d688dccc59d&svid=6876	Get hash	malicious	Unknown	Browse
	https://aolserv.pages.dev/robots.txtIP:	Get hash	malicious	HTMLPhisher	Browse
	GoTo Webinar Opener (2).exe	Get hash	malicious	Unknown	Browse
	FW PO # 40115285.msg	Get hash	malicious	HTMLPhisher	Browse
	https://wetransfer.zendesk.com/hc/en-us/articles/204909429?utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01	Get hash	malicious	Unknown	Browse
	https://www.canva.com/design/DAF8Uvq-1MA/-6vkRHXp8bl9cSmhMgAWZA/view?utm_content=DAF8Uvq-1MA&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
consent.truste.com	http://www.ibm.com/procurement/esi	Get hash	malicious	Unknown	Browse	18.154.227.53
	https://exchange.xforce.ibmcloud.com	Get hash	malicious	Xmrig	Browse	13.32.230.2
	https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00a2-2401/Bct/g-00e9/l-00e4:4e5156/ct2_0/1/lu?sid=TV2%3A77KSjIGlP&c=E,1,oEV6T_FZXfcwsLJPdLRKsm5UxG5l1_dNlD0IFImFpjO05VML-T178ZPmvZqk5ormfZ0PuJEmGpb9jj51uxHqZ7XbQK5xoBbVXlPrmcKyudGsVoZJQcz-cg,,&typo=1	Get hash	malicious	Unknown	Browse	18.154.227.53
	https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-0098-2401/Bct/g-00d8/l-00d2:b28c1/ct0_0/1/ms?sid=TV2%3AEWPsrBiiO	Get hash	malicious	Unknown	Browse	13.32.230.2
	https://exchange.xforce.ibmcloud.com/url/22.hosted-by.198xd.com	Get hash	malicious	Xmrig	Browse	143.204.165.87
	http://anaintercontinental-tokyo-anaintercontinental-tokyo.xclusivejamz.com.ng/#YmFucXVldC5tZWV0aW5nQGFuYWludGVyY29udGluZW50YWwtdG9reW8uanA=	Get hash	malicious	Unknown	Browse	13.32.230.20
	http://descoinc.com	Get hash	malicious	Unknown	Browse	18.66.218.31
	https://www.commlc.com/salle-de-presse/philips/item/controle-technique-2019	Get hash	malicious	GRQ Scam	Browse	13.32.121.112
	https://www.commlc.com/salle-de-presse/philips/item/controle-technique-2019	Get hash	malicious	Unknown	Browse	18.66.218.103
	https://adoring-fermi.195-154-22-125.plesk.page/	Get hash	malicious	Unknown	Browse	143.204.98.43
consent.trustarc.com	HQuxVxuLV.ps1	Get hash	malicious	NetSupport RAT	Browse	52.84.125.82
	http://links.notification.intuit.com/ls/click?upn=u001.Hu9nToJLxsJSQR8ZHWn8Ib7JikYF6PNXv5VK-2BAfeSpVHPRNy-2BFDtJ-2BhNUfKXTverofrKjvXVKH4ba5KbTX-2BS4cJKy7Enmy8u6eh2CdWGxyzuDXSNuhEOHexkioQw-2FudfiL8pwtrGO-2B-2FODNZxf5mnErvLFWshyylCmWqSzM0qU3joTnNOavJWT7bqoCisg6MZz-2B3Zt4FmVIMpI8pLotOGqfSbkFmZdhA1qOrgG3wnW67VV3oEMhLKhMYcq1LwwyP9HHMD_f256X-2B29OCVUNc78JDDZ6vR6pvYF2aSvVZx3xKDTYHd649XbW4fzDlnYfEWs3sNN0SOUytsbxR9GfeKqEcpWxYrr8wIVTx1d8dhrjuwVmUMCLpDkceKVHmedFYHurY11fIfRlBnLBIlC1g2GaERMv7J6N-2FRjDbuRO2F-2Fa0wlmoSlnbWhuva5QRt0U7oKGauae6mD3oeeRAL7CgByTOojyoPMxVieq0XztWD-2FFws1qnocc8ysEbWHVe7h5cbe0mb9I4o7TZJ9y1sRcrONmaWsiXaH8rpJCz-2FFzR-2FH-2FLfBQUQf3BHA8959dPPmxy4vs-2BXGpRO-2FA89yQZuEOsLF5Ve4ThpGd7i-2FHDBFstBP5OwLa4I-2Bmqe9cU-2FlDfDhMxvpNl1drZtWLAVLAAsxORGJ-2FMws91eb-2BlsMMf3BdGZ4rnXq0CB2F8nU7h65gSacYlvDZ-2Bh-2F7YGh-2BKHX2I8KhI-2BzetL6vuth9F-2BMgYCWF63o6SRNs8lR9bIomQLbcFUCao1-2FuRz7DBaQgE9uhEU-2BWW3qnv8wA7O3oi7Q86P0xxrrOxPkveWmEzO64T1i8S3q0r-2Fb866XRYFT3LS-2BJECAYWBH-2BfiZBIPTlDoXDyDKJz8TLrBQ9dOPGXwBNERkC8EyybAwzTQ7-2FNmxd8wsw9CWKA1lky3swBOAynYwukhCC-2BDFv3oUk9l3bbJyK9r8G2lPfAMB6r5Jv7wvPrCow3X-2B8Z-2B9JIDVe7YbcMb3hHlDrSWwrq8hCeuEJy5qYiJI1c-2FUFwCJYVG6nhicD5AHC8tzB7oF9MeoP0k-2FanlkQYV6BiVqPcFjDMMyLnw93qnFpiCyaFfcuMig2uI8J5WAPcmjDiCuItV6KRwWys9M0AC1m5EN467rzuo0uXJUI5jU7gFx8SwPNX63kPN7xPmFSGsHBL4VsqBWcrFQmeufMjfDE7AoDvqIY5U-3D	Get hash	malicious	Unknown	Browse	18.239.225.14
	https://windows360help.com/?domain=amateurok.com	Get hash	malicious	Unknown	Browse	18.239.225.21
	http://www.ibm.com/procurement/esi	Get hash	malicious	Unknown	Browse	52.85.151.27
	https://jagurihgroup.com/wader/steerable/?a=dj7BxaR5P3DM9rD	Get hash	malicious	Phisher	Browse	18.238.49.126
	https://cthompson-vsc16.coupacloud.com/quotes/external_responses/b30e6941a7e0553e0d3b5d318c8a406aefe85fa0bd4d5e844560a248434cc9ccd28fbee0140d9980/terms?response_intend=true	Get hash	malicious	Unknown	Browse	18.238.49.126
	https://cthompson-vsc16.coupacloud.com/quotes/external_responses/b30e6941a7e0553e0d3b5d318c8a406aefe85fa0bd4d5e844560a248434cc9ccd28fbee0140d9980/terms?response_intend=true	Get hash	malicious	Unknown	Browse	18.238.49.47
	Zimbra Web Client Sign In13.htm	Get hash	malicious	Unknown	Browse	18.238.49.126
	Zimbra Web Client Sign Inbd.htm	Get hash	malicious	Unknown	Browse	18.154.206.83
	https://sicurezza.poste.3-90-45-250.cprapid.com/	Get hash	malicious	HTMLPhisher	Browse	18.238.49.126

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	Aqua.arm7-20240502-1008.elf	Get hash	malicious	Mirai	Browse	34.243.160.129
	Notice.xls	Get hash	malicious	Unknown	Browse	76.76.21.21
	Notice.xls	Get hash	malicious	Unknown	Browse	76.76.21.21
	Notice.xls	Get hash	malicious	Unknown	Browse	76.76.21.21
	JlvRdFpwOD.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse	108.138.113.167
	eLoKWZOH3U.elf	Get hash	malicious	Mirai, Okiru	Browse	34.243.160.129
	9SZz5GcVp4.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	3l23Ly4zK0.elf	Get hash	malicious	Mirai	Browse	34.243.160.129
	Frf44IJLfc.elf	Get hash	malicious	Mirai, Okiru	Browse	54.247.62.1
	s0OiWhT1or.elf	Get hash	malicious	Unknown	Browse	54.171.230.55
MIT-GATEWAYSUS	https://www.postermywall.com/index.php/posterbuilder/view/2ce9c49c8ff31b813c516187dd74b5b6/0	Get hash	malicious	HTMLPhisher	Browse	18.164.96.87
	http://www.multipli.com.au	Get hash	malicious	Unknown	Browse	18.164.96.82
	https://herozheng.com/	Get hash	malicious	Unknown	Browse	18.164.116.40
	https://broken-rain-1a74.1rwvvy66.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	18.164.124.125
	aduLTc2Dny.elf	Get hash	malicious	Mirai	Browse	18.33.248.20
	H0RZizYUEv.elf	Get hash	malicious	Mirai	Browse	19.162.23.46
	hCwh5R02fs.elf	Get hash	malicious	Mirai	Browse	19.174.6.94
	https://wywljs.com/	Get hash	malicious	Unknown	Browse	18.164.96.24
	https://xdywna.com/	Get hash	malicious	Unknown	Browse	18.164.96.24
	https://workdrive.zohoexternal.com/external/2c63de0fdd4c89e3b1929ff054753df29586989db597aec11b0424839e9707da/download	Get hash	malicious	Unknown	Browse	18.160.18.110
AMAZON-02US	Aqua.arm7-20240502-1008.elf	Get hash	malicious	Mirai	Browse	34.243.160.129
	Notice.xls	Get hash	malicious	Unknown	Browse	76.76.21.21
	Notice.xls	Get hash	malicious	Unknown	Browse	76.76.21.21
	Notice.xls	Get hash	malicious	Unknown	Browse	76.76.21.21
	JlvRdFpwOD.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse	108.138.113.167
	eLoKWZOH3U.elf	Get hash	malicious	Mirai, Okiru	Browse	34.243.160.129
	9SZz5GcVp4.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	3l23Ly4zK0.elf	Get hash	malicious	Mirai	Browse	34.243.160.129
	Frf44IJLfc.elf	Get hash	malicious	Mirai, Okiru	Browse	54.247.62.1
	s0OiWhT1or.elf	Get hash	malicious	Unknown	Browse	54.171.230.55
AMAZON-02US	Aqua.arm7-20240502-1008.elf	Get hash	malicious	Mirai	Browse	34.243.160.129
	Notice.xls	Get hash	malicious	Unknown	Browse	76.76.21.21
	Notice.xls	Get hash	malicious	Unknown	Browse	76.76.21.21
	Notice.xls	Get hash	malicious	Unknown	Browse	76.76.21.21
	JlvRdFpwOD.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse	108.138.113.167
	eLoKWZOH3U.elf	Get hash	malicious	Mirai, Okiru	Browse	34.243.160.129
	9SZz5GcVp4.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	3l23Ly4zK0.elf	Get hash	malicious	Mirai	Browse	34.243.160.129
	Frf44IJLfc.elf	Get hash	malicious	Mirai, Okiru	Browse	54.247.62.1
	s0OiWhT1or.elf	Get hash	malicious	Unknown	Browse	54.171.230.55

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\FE2D.tmp

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	1536
Entropy (8bit):	1.1464700112623651
Encrypted:	false
SSDEEP:	3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
MD5:	72F5C05B7EA8DD6059BF59F50B22DF33
SHA1:	D5AF52E129E15E3A34772806F6C5FBF132E7408E
SHA-256:	1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
SHA-512:	6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF436E4BF708717BC0.TMP

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\~$Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx

Download File

Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	165
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:	3:vZ/FFDJw2fV:vBFFGS
MD5:	797869BB881CFBCDAC2064F92B26E46F
SHA1:	61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
SHA-256:	D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
SHA-512:	1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
Malicious:	false
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	8
Entropy (8bit):	2.5
Encrypted:	false
SSDEEP:	3:x:x
MD5:	402E7A087747CB56C718BDE84651F96A
SHA1:	7CE01F6381463362CF6AEF2F843A59261E8F5587
SHA-256:	662EFAF46C617DDBCB8FF4A2A8F64CFFD3D93630F1003F8E66511F369B87730F
SHA-512:	5080D776D0B123F20E97D44472EF2343BC022105AA67FC802B71668BAEB74A81530355589D50B1142165D17EF995AEAC196B6C15136D518A1EC0ABFA13C91D10
Malicious:	false
URL:	https://191-96-150-225_s-23-200-0-189_ts-1714649681-clienttons-s.akamaihd.net/eum/results.txt
Preview:	Success!

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3518)
Category:	downloaded
Size (bytes):	14700
Entropy (8bit):	5.481009622620608
Encrypted:	false
SSDEEP:	384:l5gLzdqzMKLNrLGKai/YsK7dawq5mM9QFjz3G/qTMy4:l6LxetaKKRtM9Q5z33Tj4
MD5:	5840A0D98E0D86186E601DEF5611D326
SHA1:	04A6FB8CE7CFA01F33F77CD832C72C3BA8D54B81
SHA-256:	19F2C8B9FCFA6E7E2ADD532C4C1391F68A041E18FCE8C69C1E9A5A8E1BC23355
SHA-512:	FD66714D359B019B48FD9CCEBBDFD5651DC1D293056F78D774F16360F31317BC8FBC26D7A975BECE7FA316B7A6B87F98136132D0B37B6B043560132142B41D7C
Malicious:	false
URL:	https://consent.truste.com/notice?domain=netsuite.com&c=teconsent&js=bb&noticeType=bb&text=true&pcookie&gtm=1
Preview:	function _truste_eumap(){truste=self.truste\|\|{};truste.eu\|\|(truste.eu={});truste.util\|\|(truste.util={});.truste.util.error=function(p,l,o){o=o\|\|{};var n=l&&l.toString()\|\|"",e=o.caller\|\|"";if(l&&l.stack){n+="\n"+l.stack.match(/(@\|at)[^\n\r\t]/)[0]+"\n"+l.stack.match(/(@\|at)[^\n\r\t]$/)[0].}truste.util.trace(p,n,o);if(truste.util.debug\|\|!l&&!p){return}var d={apigwlambdaUrl:"https://api-js-log.trustarc.com/error",enableJsLog:false};.if(d.enableJsLog){delete o.caller;delete o.mod;delete o.domain;delete o.authority;o.msg=p;var m=new (self.XMLHttpRequest\|\|self.XDomainRequest\|\|self.ActiveXObject)("MSXML2.XMLHTTP.3.0");.m.open("POST",d.apigwlambdaUrl,true);m.setRequestHeader&&m.setRequestHeader("Content-type","application/json");.m.send(truste.util.getJSON({info:truste.util.getJSON(o)\|\|"",error:n,caller:e}))}};truste.util.trace=function(){if(self.console&&console.log&&(this.debug\|\|this.debug!==false&&(self.location.hostname.indexOf(".")<0\|\|self.location.hostname.indexOf(".truste-svc.net")>0)

Chrome Cache Entry: 171

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	2383
Entropy (8bit):	4.922868351555221
Encrypted:	false
SSDEEP:	48:Y1hzsbTPBudX0tVtptBujtLBt53ZtUtitcxntm1et9t49tKKt5HAtCVdc1wGPPjK:qdXIVtn4L/5ouqtm1izmKW5sCVOTPLWN
MD5:	124D1A79D0F74AFCAB21CB7FFC677CB8
SHA1:	25AF9C4CB0A17C2A276665A60178918CC58AE5D4
SHA-256:	4381FDA71D81EA98C7D97477BB5284186C9075EBB2BE8062EB067DAC24A16FC5
SHA-512:	A3FCCBEACB3F14CA95A305AE2DDB6BBD0AE2C744D1B9AD8B24073F13F66AEDAE2EBE35CC5031005716FE9ECE26820205D81297FABC6F42D7D6A452DC966D97B4
Malicious:	false
URL:	"https://c.go-mpulse.net/api/config.json?key=5D697-4BC54-45AAD-AD9FA-EACF4&d=developers.suitecommerce.com&t=5715499&v=1.720.0&sl=0&si=3f00bb6a-576c-471f-921e-656ed2709c48-scuw5q&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=658821"
Preview:	{"h.key":"5D697-4BC54-45AAD-AD9FA-EACF4","h.d":"developers.suitecommerce.com","h.t":1714649680592,"h.cr":"3cb0ebd7a7abe49ea37855195f16f4296110c46d-b650873a-f962c5ee","session_id":"67577315-6613-4735-adb5-004a9410c174","site_domain":"developers.suitecommerce.com","beacon_url":"//173bf110.akstat.io/","autorun":true,"instrument_xhr":true,"beacon_interval":60,"BW":{"enabled":false},"RT":{"cookie":null,"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"Errors":{"enabled":true,"monitorTimeout":false,"monitorEvents":false,"maxErrors":10,"sendInterval":1000},"Continuity":{"enabled":true},"PageParams":{"xhr":"subresource","pageGroups":[{"type":"Regexp","parameter1":"/index.html","parameter2":"Home Page","on":["navigation"]},{"type":"Regexp","parameter1":"/getting-started.html","parameter2":"Getting Started","on":["navigation"]},{"type":"Regexp","parameter1":"/architecture.html","parameter2":"Architecture","on":["navigation"]},{"type":"Regexp","parameter1":"/example-custom

Chrome Cache Entry: 172

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2383
Entropy (8bit):	4.919056034014961
Encrypted:	false
SSDEEP:	48:Y1FV9zsbTPBudX0tVtptBujtLBt53ZtUtitcxntm1et9t49tKKt5HAtCVdc1wGPO:KbdXIVtn4L/5ouqtm1izmKW5sCVOTPLK
MD5:	F120985E3A7E7695B5FC55A507FFDBDF
SHA1:	7CD5D5F5834B373194A26894DE6DBBDFCB76FD70
SHA-256:	C5BF3473F105942584731B9989DDD2BA864B1227EE1FCC74250526504E816427
SHA-512:	A7DC4A0F465DA5C1F08471B12AD7696FC8AEB3C6F0C8F26B8A459B953ED9C88EB24F6FFA9B9D90397661A84616D4B77E84EA7176B590285F5B8A99D14B34EFC2
Malicious:	false
Preview:	{"h.key":"5D697-4BC54-45AAD-AD9FA-EACF4","h.d":"developers.suitecommerce.com","h.t":1714649681117,"h.cr":"4c464a4481cc2a30ebef37acdd203fe4e14cb681-b650873a-f962c5ee","session_id":"0f0584d2-4db7-40c9-a234-88d434757271","site_domain":"developers.suitecommerce.com","beacon_url":"//173bf110.akstat.io/","autorun":true,"instrument_xhr":true,"beacon_interval":60,"BW":{"enabled":false},"RT":{"cookie":null,"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"Errors":{"enabled":true,"monitorTimeout":false,"monitorEvents":false,"maxErrors":10,"sendInterval":1000},"Continuity":{"enabled":true},"PageParams":{"xhr":"subresource","pageGroups":[{"type":"Regexp","parameter1":"/index.html","parameter2":"Home Page","on":["navigation"]},{"type":"Regexp","parameter1":"/getting-started.html","parameter2":"Getting Started","on":["navigation"]},{"type":"Regexp","parameter1":"/architecture.html","parameter2":"Architecture","on":["navigation"]},{"type":"Regexp","parameter1":"/example-custom

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 11 tables, 1st "GSUB", 18 names, Macintosh, Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved.ojuxiconFont_RgRegula
Category:	downloaded
Size (bytes):	313576
Entropy (8bit):	6.562513353287231
Encrypted:	false
SSDEEP:	6144:4Dy1fUBcyAm0OmdlYEiP3necEo9uGvc7vFPWE:kssBcbm0Omu4IE
MD5:	B4BCD43AA4B066A5CF753300C8DD3C47
SHA1:	4D5CDFDFAD80DD5AE6EE95A65C5BDA758286640B
SHA-256:	D0FF7F7FC286BFED232F2579851357632B60872FCA7042D743F2D3DE89D97031
SHA-512:	F67B6ECFDFBD0276BF79133A5FBAA8562EEDF56810956E0914EB72B20DD602963044147624FAAADC8EE5007AA62444A65A5101A50D1D07AB65BF4535A3D33897
Malicious:	false
URL:	https://developers.suitecommerce.com/assets/ojuxIconFont_Rg.ttf
Preview:	...........0GSUB{.Rs...8....OS/2V@x....h...Vcmapn.#....4..<.glyf.Y........].head2..........6hhea!.$&.......$hmtxY@.U.......tloca..zD.......xmaxp........... name......T....0post.hq...W...q....................................]............_.<...........$......$.........................]...".............................0.>..DFLT..latn............................liga...............................&.f..... .\.......@.x.......L.........L.~.......F.x.......8.h.......(.X.........H.x.......6.d.........J.x.......0.^.........D.r........X.........8.d.........@.l.........H.t.......$.P.\|.......,.X..........T.~.......&.P.z.......".L.v.........H.r.........D.n...... . @ j . . .!.!4!\!.!.!.!."$"L"t".".".#.#<#d#.#.#.$.$,$T$\|$.$.$.%.%D%l%.%.%.&.&4&\&.&.&.&.'$'L't'.'.'.(.(<(d(.(.(.).))P)v).).)..4Z....+.+>+d+.+.+.+.,",H,n,.,.,.-.-,-R-x-.-.-....6.\.......././@/f/./././.0$0J0p0.0.0.1.1&1J1n1.1.1.1.2"2F2j2.2.2.2.3.3B3f3.3.3.3.4.4>4b4.4.4.4.5.5:5^5.5.5.5.6.666Z6~6.6.6.7.727V7z7.7.7.8.8.8R8v8.8.8.9.9*

Chrome Cache Entry: 174

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 42356, version 1.0
Category:	downloaded
Size (bytes):	42356
Entropy (8bit):	7.995394125366334
Encrypted:	true
SSDEEP:	768:xQEaSesfuw1+x5AVbS7wq/kg81prAkSZUvsWRPQt/T+ixN7SNDQMo+p7:xLaSDug+x6hS7wq/kprAkIo4tyO7E7
MD5:	9B94490D49CF8D985DF210EB4CBE7266
SHA1:	2669280AA8A53E9F9A06033754D5792DC34EA80F
SHA-256:	0BA1D1ADD1865C52C8F2ED3711394487805D790DDB4618EF011123C990DDDB1B
SHA-512:	1976978A4F715043A6F5AF77FC77502CF1FFABB2669E6330A00D51AD92F1248A620800B8E03F32047C6DDE6B3744D4F5ED16BB19F75A4A1F1A2AE336580A7533
Malicious:	false
URL:	https://developers.suitecommerce.com/assets/OracleSans-Bd.woff2
Preview:	wOF2.......t......................................T...4....`.....r..W..........6.$.....N.. ..`. ..9[..q.q.]......I....C..s.zT..m.76.t...WS......"c..$...P......0YM.0..2so.l..8....jt....d.K....Z+.<.%oD.....Vty...~..4..fwX.\....b.....t.....?.tT.z..ds4/........,n,_.c..>...V.h..j5@H4.~.A...:.s.3&^.E.G:.<.......8.!B.6.....Wd@$.{T.. ...@./N\|m...rEt...N.n......'.bm..H.)~..=3{.KR@......0....-x".H.}x.V..?..P2."..8"F...l.Q.Em...Ey...X.9.3y.....; ..r...l.f'j-a...l.\8......1.E.....(.T.@......c...vu....V..n.....Ek..}.<.R'e.x..h.T......6{\|.H....6..@..l.b.6:..^............`...s......u8L..F..3.....Q.nUO.;.._\|....]K..g.7..v......1.\.......T..9 ..N...-.K....?o!.K,.=..s...v..l...m.fK..U4......n+.^\|./=.;.....K.k.+..]...)9.O%.+-OVZFZ..../....._...xvs....... V..`E,O. E....p......+..{U.}....r..B.-..dib.7...c.s.....Gk../...a. 0U......,.fA.T.Z.mR...r..:..\|.6..e.....5.......L.{.q....o...E[..\|..._%..A\|"..._Z......-...j.....V...;l.d..@..TT........V...}y...~..A~6.

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	6338
Entropy (8bit):	4.4168705059412785
Encrypted:	false
SSDEEP:	192:FXKpyfFeFFF8rrSFi9jAHd6ANSUZJq9ijLcsDxI/Ky3:F3FeFFF8KFil5v0q
MD5:	49786DCFA79C6DC853E73D7B730D0A28
SHA1:	ED0D082A119F8F9280DF6356DBFBE03E0374B2C1
SHA-256:	42355C10FD6D5F3623D671B7823FE0883F2B08C965E9D26986BBE36349D66181
SHA-512:	FC635CD19632A9FA1FC5C7E489E7A3D684F13C13414AEF164D7AC57FDC7C3B8A92DFB1E03BC20B2C3BBB0DEC59A0D4F94872882F652DB1B1590752FB4B0C14DA
Malicious:	false
URL:	https://developers.suitecommerce.com/assets/js/analyticshandler.js
Preview:	/. Copyright (c) 2020 Oracle and/or its affiliates... There are five things we need to do:. 1. Check if the user is human (done in the include via UA checking). 2. If yes, fetch the cookie consent . 3. Create the Truste/Oracle interface. 4. Ask for consent to use GA. 5. If yes, fetch GA./.const analytics = {};..analytics.buildScriptTag = function buildScriptTag (options) {. const scriptPromise = new Promise((resolve, reject) => {. const script = document.createElement('script');.. script.onload = resolve;. script.onerror = reject;. if (options.defer) {script.defer = true};. if (options.async) {script.async = true};. if (options.url) {script.src = options.url};. if (options.content) {script.text = options.content};.. document.head.appendChild(script);. }).. return scriptPromise.}..analytics.fetchTruste = function fetchTruste () {. return analytics.buildScriptTag({. url: 'https://consent.tru

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	8
Entropy (8bit):	2.5
Encrypted:	false
SSDEEP:	3:x:x
MD5:	402E7A087747CB56C718BDE84651F96A
SHA1:	7CE01F6381463362CF6AEF2F843A59261E8F5587
SHA-256:	662EFAF46C617DDBCB8FF4A2A8F64CFFD3D93630F1003F8E66511F369B87730F
SHA-512:	5080D776D0B123F20E97D44472EF2343BC022105AA67FC802B71668BAEB74A81530355589D50B1142165D17EF995AEAC196B6C15136D518A1EC0ABFA13C91D10
Malicious:	false
URL:	https://x5qjnyixzaaauzrtph3q-peru40-c59057d55-clientnsv4-s.akamaihd.net/eum/results.txt
Preview:	Success!

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	2226
Entropy (8bit):	4.901077009991036
Encrypted:	false
SSDEEP:	48:Y1gzsbTPBudX0tVtptBujtLBt53ZtUtitcxntm1et9t49tKKt5HAtCVdc1wGP5:JdXIVtn4L/5ouqtm1izmKW5sCVOTP5
MD5:	F4F9244BB4457FFA85D203DD185F2F0E
SHA1:	6F45A6AAC3E52F5DD769A7A01E2A4A22C61B068A
SHA-256:	4DDEA6F3C0D3AE8DA4E0585E9D8D68CC3F7A9FA2CBA2B64F07C29B1CEB8E146B
SHA-512:	6C72CF67C9CC6790947B2E196ADDA6A0F50F599CB99853ABEAB1D7A04F16DB71AA2E5A11B38A0BB454B5E2466BEBED10458E9D3B7B2FC983D5DBB30DD6A742F2
Malicious:	false
URL:	"https://c.go-mpulse.net/api/config.json?key=5D697-4BC54-45AAD-AD9FA-EACF4&d=developers.suitecommerce.com&t=5715499&v=1.720.0&sl=0&si=db3397c3-544a-4ad8-9ec5-87b77c709559-scuw5q&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=658821"
Preview:	{"h.key":"5D697-4BC54-45AAD-AD9FA-EACF4","h.d":"developers.suitecommerce.com","h.t":1714649680583,"h.cr":"94a994abdcb2fa216b221285b1af36f299bfe763-b650873a-f962c5ee","session_id":"a0a0119e-86aa-4f52-896f-b7f0d6ce0502","site_domain":"developers.suitecommerce.com","beacon_url":"//173bf110.akstat.io/","autorun":true,"instrument_xhr":true,"beacon_interval":60,"BW":{"enabled":false},"RT":{"cookie":null,"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"Errors":{"enabled":true,"monitorTimeout":false,"monitorEvents":false,"maxErrors":10,"sendInterval":1000},"Continuity":{"enabled":true},"PageParams":{"xhr":"subresource","pageGroups":[{"type":"Regexp","parameter1":"/index.html","parameter2":"Home Page","on":["navigation"]},{"type":"Regexp","parameter1":"/getting-started.html","parameter2":"Getting Started","on":["navigation"]},{"type":"Regexp","parameter1":"/architecture.html","parameter2":"Architecture","on":["navigation"]},{"type":"Regexp","parameter1":"/example-custom

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.5
Encrypted:	false
SSDEEP:	3:x:x
MD5:	402E7A087747CB56C718BDE84651F96A
SHA1:	7CE01F6381463362CF6AEF2F843A59261E8F5587
SHA-256:	662EFAF46C617DDBCB8FF4A2A8F64CFFD3D93630F1003F8E66511F369B87730F
SHA-512:	5080D776D0B123F20E97D44472EF2343BC022105AA67FC802B71668BAEB74A81530355589D50B1142165D17EF995AEAC196B6C15136D518A1EC0ABFA13C91D10
Malicious:	false
Preview:	Success!

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel
Category:	downloaded
Size (bytes):	9662
Entropy (8bit):	2.155534286459707
Encrypted:	false
SSDEEP:	24:9ca+fvjvasIFaykxa/RaEmEa7FaEa7FaWa5ra7FaWaR/a7FaGa7FaLiHa7FaJSc5:9KfvjmVYe2RGGaPwLTE
MD5:	0381AB8B739FB060B854860D13170B08
SHA1:	4D8A7BFB43AFB7A735A74AE0D04BEAC6CDE8F45E
SHA-256:	67F086542749C073550172268856E257E86295E9C61042737849D07DF353056E
SHA-512:	5A20C307D49225C9BAD1261F624374E2EC7F59CA31E61BB81D34C95B9FBC4FF55B85EEB5FAA156A89EDD313AFC9CDC282D246840DEF6C1A03645984BCBAF9100
Malicious:	false
URL:	https://developers.suitecommerce.com/favicon.ico
Preview:	......00.... ..%......(...0...`..... ......$............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 180

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	2383
Entropy (8bit):	4.923535667559472
Encrypted:	false
SSDEEP:	48:Y1cHWzsbTPBudX0tVtptBujtLBt53ZtUtitcxntm1et9t49tKKt5HAtCVdc1wGPO:lHUdXIVtn4L/5ouqtm1izmKW5sCVOTPO
MD5:	C494AA4688563006950C65B494622CCE
SHA1:	99BF39A3BB3B8C83D651A3DA0C1AFAE0A38080BB
SHA-256:	94959FCDA971F7658E814A3647D54838487081E5E49752E9D92175E3DC7508B8
SHA-512:	1FE5FFD30BCBF4FA5DA6CA969336E5E1C6FFBDCC23A9A31041EA3955D83471E600C3F243E446E3EE73064473CB05CE2090C49AE2B916D9BD2CFA54F76E219E5E
Malicious:	false
URL:	"https://c.go-mpulse.net/api/config.json?key=5D697-4BC54-45AAD-AD9FA-EACF4&d=developers.suitecommerce.com&t=5715499&v=1.720.0&sl=0&si=5369a2b8-b26e-49d3-94f8-a0b2a2ba39a0-scuw39&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=658821"
Preview:	{"h.key":"5D697-4BC54-45AAD-AD9FA-EACF4","h.d":"developers.suitecommerce.com","h.t":1714649590642,"h.cr":"8360790ac6f1208d5df1e9e2b122427f48c1d53a-b650873a-f962c5ee","session_id":"8e05495a-1403-435e-b658-83660ec30df0","site_domain":"developers.suitecommerce.com","beacon_url":"//173bf110.akstat.io/","autorun":true,"instrument_xhr":true,"beacon_interval":60,"BW":{"enabled":false},"RT":{"cookie":null,"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"Errors":{"enabled":true,"monitorTimeout":false,"monitorEvents":false,"maxErrors":10,"sendInterval":1000},"Continuity":{"enabled":true},"PageParams":{"xhr":"subresource","pageGroups":[{"type":"Regexp","parameter1":"/index.html","parameter2":"Home Page","on":["navigation"]},{"type":"Regexp","parameter1":"/getting-started.html","parameter2":"Getting Started","on":["navigation"]},{"type":"Regexp","parameter1":"/architecture.html","parameter2":"Architecture","on":["navigation"]},{"type":"Regexp","parameter1":"/example-custom

Chrome Cache Entry: 181

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel
Category:	dropped
Size (bytes):	9662
Entropy (8bit):	2.155534286459707
Encrypted:	false
SSDEEP:	24:9ca+fvjvasIFaykxa/RaEmEa7FaEa7FaWa5ra7FaWaR/a7FaGa7FaLiHa7FaJSc5:9KfvjmVYe2RGGaPwLTE
MD5:	0381AB8B739FB060B854860D13170B08
SHA1:	4D8A7BFB43AFB7A735A74AE0D04BEAC6CDE8F45E
SHA-256:	67F086542749C073550172268856E257E86295E9C61042737849D07DF353056E
SHA-512:	5A20C307D49225C9BAD1261F624374E2EC7F59CA31E61BB81D34C95B9FBC4FF55B85EEB5FAA156A89EDD313AFC9CDC282D246840DEF6C1A03645984BCBAF9100
Malicious:	false
Preview:	......00.... ..%......(...0...`..... ......$............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 182

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2383
Entropy (8bit):	4.9276404971583565
Encrypted:	false
SSDEEP:	48:Y1KfzsbTPBudX0tVtptBujtLBt53ZtUtitcxntm1et9t49tKKt5HAtCVdc1wGPP2:ZLdXIVtn4L/5ouqtm1izmKW5sCVOTPLK
MD5:	7A4927B47A53BE984808A8A90F7ED978
SHA1:	7CB5431F60AAE376643A8C3DC921546E4458BE2A
SHA-256:	A362335CA033C4BFF551F125DA154748069875C197BF2C25A4163D7F31A50894
SHA-512:	EB28E3084F6DF66E076FB70BC9BF8D7ABE5EE19DAB49602645C33A98DDD722DA24F63F5AEF91DACB596C0705536B220ABF0460C15FBB3C6F4AC6C5A63759B20C
Malicious:	false
Preview:	{"h.key":"5D697-4BC54-45AAD-AD9FA-EACF4","h.d":"developers.suitecommerce.com","h.t":1714649586914,"h.cr":"1877c36a14f2fb9fa921c7c90cd50334839708f7-b650873a-f962c5ee","session_id":"952a4b3c-2a39-4c1a-8374-5df39a2924b6","site_domain":"developers.suitecommerce.com","beacon_url":"//173bf110.akstat.io/","autorun":true,"instrument_xhr":true,"beacon_interval":60,"BW":{"enabled":false},"RT":{"cookie":null,"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"Errors":{"enabled":true,"monitorTimeout":false,"monitorEvents":false,"maxErrors":10,"sendInterval":1000},"Continuity":{"enabled":true},"PageParams":{"xhr":"subresource","pageGroups":[{"type":"Regexp","parameter1":"/index.html","parameter2":"Home Page","on":["navigation"]},{"type":"Regexp","parameter1":"/getting-started.html","parameter2":"Getting Started","on":["navigation"]},{"type":"Regexp","parameter1":"/architecture.html","parameter2":"Architecture","on":["navigation"]},{"type":"Regexp","parameter1":"/example-custom

Chrome Cache Entry: 183

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	8
Entropy (8bit):	2.5
Encrypted:	false
SSDEEP:	3:x:x
MD5:	402E7A087747CB56C718BDE84651F96A
SHA1:	7CE01F6381463362CF6AEF2F843A59261E8F5587
SHA-256:	662EFAF46C617DDBCB8FF4A2A8F64CFFD3D93630F1003F8E66511F369B87730F
SHA-512:	5080D776D0B123F20E97D44472EF2343BC022105AA67FC802B71668BAEB74A81530355589D50B1142165D17EF995AEAC196B6C15136D518A1EC0ABFA13C91D10
Malicious:	false
URL:	https://x5qjnyixzaabgzrtpjka-pom4j9-506af2c47-clientnsv4-s.akamaihd.net/eum/results.txt
Preview:	Success!

Chrome Cache Entry: 184

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (9329)
Category:	downloaded
Size (bytes):	24614
Entropy (8bit):	5.639360317281595
Encrypted:	false
SSDEEP:	384:kHbtFYEmEo0+fIZn3oMosoWsC0npYoLVlEEx/gBNKWozRE5K5oIDB:73XWw3LXCXZoC5K5oIt
MD5:	4DE0C4B061EA81C6D49982BE922EF18F
SHA1:	5692459DEFC1EB1213EADAFD9A05D0EA4C954992
SHA-256:	4A5305168A0D185AED525D0C4389A547FB7813538147EBEB3F83B21354F336DD
SHA-512:	DDE42B5B760911434C9B7393B8B5CBFCE5B65B50EF2996AE4423DFC5DDB5747F0FD706CD41E0FE6E2D1B249B4520BE9A88057F27578B3FDF05E4E2C2F0127D22
Malicious:	false
URL:	https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html
Preview:	<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><style>body,h1,h2,p,ul{margin:0;padding:0}body{font:400 16px/1.5 -apple-system,BlinkMacSystemFont,"Segoe UI","Segoe UI Symbol","Segoe UI Emoji","Apple Color Emoji",Roboto,Helvetica,Arial,sans-serif;color:#1a1816;background-color:#fdfdfd;-webkit-text-size-adjust:100%;-webkit-font-feature-settings:"kern" 1;-moz-font-feature-settings:"kern" 1;-o-font-feature-settings:"kern" 1;font-feature-settings:"kern" 1;font-kerning:normal;display:flex;min-height:100vh;flex-direction:column}h1,h2,p,ul{margin-bottom:15px}main{display:block}img{max-width:100%;vertical-align:middle}ul{margin-left:30px}h1,h2{font-weight:400}a{color:#c54a39;text-decoration:none}a:visited{color:#1756a9}.wrapper{max-width:-webkit-calc(800px - (30px));max-width:calc(800px - (30px));margin-right:auto;margin-left:auto;padding-right:15px;padding-left:15px}@media screen and (min-width:800px){.wrapper{max-wi

Chrome Cache Entry: 185

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	8
Entropy (8bit):	2.5
Encrypted:	false
SSDEEP:	3:x:x
MD5:	402E7A087747CB56C718BDE84651F96A
SHA1:	7CE01F6381463362CF6AEF2F843A59261E8F5587
SHA-256:	662EFAF46C617DDBCB8FF4A2A8F64CFFD3D93630F1003F8E66511F369B87730F
SHA-512:	5080D776D0B123F20E97D44472EF2343BC022105AA67FC802B71668BAEB74A81530355589D50B1142165D17EF995AEAC196B6C15136D518A1EC0ABFA13C91D10
Malicious:	false
URL:	https://191-96-150-225_s-23-200-0-185_ts-1714649591-clienttons-s.akamaihd.net/eum/results.txt
Preview:	Success!

Chrome Cache Entry: 186

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	C source, ASCII text, with very long lines (65103)
Category:	downloaded
Size (bytes):	209939
Entropy (8bit):	5.366006952026174
Encrypted:	false
SSDEEP:	3072:1P6RsHIwj0PdUgdbs8kvdYkODdlm9AZoZXs+eSc:1msHIxHMvd8dtZoZDc
MD5:	FA4C76A7FDE62B18054CF7EB8E946012
SHA1:	B20150066A879D2B78DD3D4908F4ACD148EE66F8
SHA-256:	09EBD7F407439990AAC227E70DA23E1A819E8E30282928E324370805F480BEC4
SHA-512:	D72F5D078675C7ADBF6BFC1980712542A10668AEC9163137A2EC70A5E117F8FFDD0F06A6C4C6636E35C04F2754F33D40C65C59D452AFAA8EA4A382F24F200ABD
Malicious:	false
URL:	https://s.go-mpulse.net/boomerang/5D697-4BC54-45AAD-AD9FA-EACF4
Preview:	/. Copyright (c) 2011, Yahoo! Inc. All rights reserved.. * Copyright (c) 2011-2012, Log-Normal, Inc. All rights reserved.. * Copyright (c) 2012-2017, SOASTA, Inc. All rights reserved.. * Copyright (c) 2017, Akamai Technologies, Inc. All rights reserved.. * Copyrights licensed under the BSD License. See the accompanying LICENSE.txt file for terms.. /./ Boomerang Version: 1.720.0 b17966bb92f8ac2ddcda4ac1d9c0aaea6d2eda7b */..BOOMR_start=(new Date).getTime();function BOOMR_check_doc_domain(e){if(window){if(!e){if(window.parent===window\|\|!document.getElementById("boomr-if-as"))return;if(window.BOOMR&&BOOMR.boomerang_frame&&BOOMR.window)try{BOOMR.boomerang_frame.document.domain!==BOOMR.window.document.domain&&(BOOMR.boomerang_frame.document.domain=BOOMR.window.document.domain)}catch(t){BOOMR.isCrossOriginError(t)\|\|BOOMR.addError(t,"BOOMR_check_doc_domain.domainFix")}e=document.domain}if(e&&-1!==e.indexOf(".")&&window.parent){try{window.parent.document;return}catch(t){try{document.doma

Chrome Cache Entry: 187

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	2383
Entropy (8bit):	4.9113831865921
Encrypted:	false
SSDEEP:	48:Y1doe3wzsbTPBudX0tVtptBujtLBt53ZtUtitcxntm1et9t49tKKt5HAtCVdc1wR:FddXIVtn4L/5ouqtm1izmKW5sCVOTPLK
MD5:	77B53EBA0C35E0A3B9D6FA4BB004B425
SHA1:	36FDE025AE3E2AE62968A73AE11F92396E193385
SHA-256:	D9718FED2133BFC39577B3E3D92B7EDEF7C5B2F01804CE82E44097DB25666BCC
SHA-512:	98E0F284C14E7573CB1CC532FA72A6F2620DFC8B33DA89A0C1C3F3B99BC2B86B289E53722DAD39F778E34DF776CF689125D0D0400B0B5ED14EBEB7FC4A805F91
Malicious:	false
URL:	"https://c.go-mpulse.net/api/config.json?key=5D697-4BC54-45AAD-AD9FA-EACF4&d=developers.suitecommerce.com&t=5715499&v=1.720.0&sl=0&si=4807e435-d5d3-4092-8d9f-8a0b10e931c7-scuw62&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=658821"
Preview:	{"h.key":"5D697-4BC54-45AAD-AD9FA-EACF4","h.d":"developers.suitecommerce.com","h.t":1714649691948,"h.cr":"0343e711baca934e66a62b0cd014a9cf7fa5f01f-b650873a-f962c5ee","session_id":"e7416c5b-ecd7-455d-a467-1401e50a0e69","site_domain":"developers.suitecommerce.com","beacon_url":"//173bf110.akstat.io/","autorun":true,"instrument_xhr":true,"beacon_interval":60,"BW":{"enabled":false},"RT":{"cookie":null,"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"Errors":{"enabled":true,"monitorTimeout":false,"monitorEvents":false,"maxErrors":10,"sendInterval":1000},"Continuity":{"enabled":true},"PageParams":{"xhr":"subresource","pageGroups":[{"type":"Regexp","parameter1":"/index.html","parameter2":"Home Page","on":["navigation"]},{"type":"Regexp","parameter1":"/getting-started.html","parameter2":"Getting Started","on":["navigation"]},{"type":"Regexp","parameter1":"/architecture.html","parameter2":"Architecture","on":["navigation"]},{"type":"Regexp","parameter1":"/example-custom

Chrome Cache Entry: 188

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2226
Entropy (8bit):	4.909956035026343
Encrypted:	false
SSDEEP:	48:Y1TDWIBYzsbTPBudX0tVtptBujtLBt53ZtUtitcxntm1et9t49tKKt5HAtCVdc1l:2WIBidXIVtn4L/5ouqtm1izmKW5sCVOl
MD5:	579F6B93609EAAED32D07A5C45AD43A4
SHA1:	7FF155A6A7CB922E5EEAEE1EC56D50A2666EECDD
SHA-256:	4D29ACE1D8B0F21AB3ECE00868488277BFECC0E6B06C61A8FA1047922C047314
SHA-512:	0539CE2A02551B09F2896506421562E0BAE437EA446578A383C4C78CACCD12561A6D6C9B54EE8B4263E9A30FD8A4498960321C2E848279EFEA175A41712EF11C
Malicious:	false
Preview:	{"h.key":"5D697-4BC54-45AAD-AD9FA-EACF4","h.d":"developers.suitecommerce.com","h.t":1714649591031,"h.cr":"fca4f6af6e733409395032333982d4058c8117ba-b650873a-f962c5ee","session_id":"f3aff89a-1805-4d24-998b-a32bfe559104","site_domain":"developers.suitecommerce.com","beacon_url":"//173bf110.akstat.io/","autorun":true,"instrument_xhr":true,"beacon_interval":60,"BW":{"enabled":false},"RT":{"cookie":null,"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"Errors":{"enabled":true,"monitorTimeout":false,"monitorEvents":false,"maxErrors":10,"sendInterval":1000},"Continuity":{"enabled":true},"PageParams":{"xhr":"subresource","pageGroups":[{"type":"Regexp","parameter1":"/index.html","parameter2":"Home Page","on":["navigation"]},{"type":"Regexp","parameter1":"/getting-started.html","parameter2":"Getting Started","on":["navigation"]},{"type":"Regexp","parameter1":"/architecture.html","parameter2":"Architecture","on":["navigation"]},{"type":"Regexp","parameter1":"/example-custom

Chrome Cache Entry: 189

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 41356, version 1.0
Category:	downloaded
Size (bytes):	41356
Entropy (8bit):	7.9949657468099655
Encrypted:	true
SSDEEP:	768:Tic7bBJHVraG4ZLOeYx73bBu3qIshvewVM4nwyJA4UNuLQad8AU+3:mWNZYG4lq3bBu3qd5rwyy9NuL/d7UA
MD5:	F1B1D6A70DE292E6BA91DBD46B5C9F4A
SHA1:	3B7C14294598CBA428F70A7FC4AD21038B822E78
SHA-256:	2D48FD20F3CFAE65A992BA4C06CBE30F58C0612EA3CBB1B04D47451BB555A49C
SHA-512:	493670B000819FE837786E516D388617489987061E604CF10E28DE3363565A9FFADB6F2013DBFA1FCC768EDDB677247942633B366302223CD54F2381B9FE6502
Malicious:	false
URL:	https://developers.suitecommerce.com/assets/OracleSans-Lt.woff2
Preview:	wOF2...............l...'..........................T...^....`.....r..W.....X..3.6.$.....N.. ..`. ...[N.q..k-.p.....+/.W".[.7+.w8....4...S...e.....Td.@.n....z(v..eEe7....Z..1RJZ.......G..YPp.\E.n.zv..D!.=..X.`..F\|-o....w~...+. ..;2.i...=..v4G.Bk.H..r...=...9=c.....P......W..i./....<.4_?q.".O.JA.F..f./.En...k...Z.%...hg!....!#.,.......G8....Y.6e..I./I..1........$.....T(....R......6A..9.8.,..T<.._.s.......?.w...%K.....1`...a..9...0.L....."..l.FlD..(.7.s.$z.....f,...X..F.H......h....f..{}.S....D.E"@.. EJ.t.#....3......g{.T:Wr.....\|...Sv..+c\T....yH...P-.<#"...t.d....r..@2....<.O..l......:._Ew...N<v...f.Oa..O^.T.rW.N.2.f...w......p.pT.".[k).{...@......@1[..Ia..RH.\}:....Tu..$..8d..<3..b....K...z.../F.....CZ.V=P.PBb...#.X.)..J....AU.....d.....''_..O.*.....Z.y.}\|..uU5I-.m.e.`9\..V.N.Hr..........X.p.;^....... w'.......F...@...}Y3..1..@.(.6......5..\...:....+5W..?.-.............d._.UUU...'...n.rk.......j.V......8r,.v..26{...m..n..}..W...........)CR..$

Chrome Cache Entry: 190

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2026)
Category:	downloaded
Size (bytes):	94921
Entropy (8bit):	5.296832239618737
Encrypted:	false
SSDEEP:	1536:y53yD3SBrE6PMGBKEbA75CKxBK4Ca1z3eol+6F5WcQStmvbyF0M:LAE6UGBKi0BKTaxeofuM
MD5:	78CF569CD2C33A1BDB1AAA174318959F
SHA1:	2D7F6C6F39AB4779630464A800280A4E3B172D66
SHA-256:	5EEB76ABBD17B81BC8A7F6722BE1F0B980897BCE2C1FE38BBE9F126573486D25
SHA-512:	2460B9F57C1C88C9E4D8A21F79185C48006EC9EEC425A960AB43B8D6F08D5C1E392F713B709294CE7454C3B90F2D9A33D82E9B4560291A0AD0C2263E67C85B3C
Malicious:	false
URL:	https://consent.trustarc.com/asset/notice.js/v/v1.7-3281
Preview:	function _truste_eu(){function t(){var g=truste.eu.bindMap;g.feat.isConsentRetrieved=g.feat.crossDomain?g.feat.isConsentRetrieved:!0;if(!t.done&&truste.util.isConsentResolved()){t.done=!0;var k=function(){var a=(new Date).getTime(),c=truste.util.readCookie(truste.eu.COOKIE_REPOP,!0),d=truste.eu.bindMap.popTime;return d&&d!=c&&a>=d}();k&&(g.feat.dropPopCookie=!0);truste.eu.ccpa.initialize();truste.eu.gpp.initialize();truste.eu.gpcDntAutoOptOut();truste.eu.gcm();var a=function(){var a=truste.eu.bindMap;.if(a.feat.consentResolution){var c=truste.util.readCookie(truste.eu.COOKIE_GDPR_PREF_NAME,!0);if(c&&(c=c.split(":"),!RegExp(a.behavior+"."+a.behaviorManager).test(c[2])&&(/(,us\|none)/i.test(c[2])\|\|"eu"==a.behaviorManager&&/implied.eu/i.test(c[2]))))return!0}return!1};truste.util.fireCustomEvent("truste-cookie",g.prefCookie);truste.eu.isGPCDNTEvent()?g.feat.dntShowUI&&"expressed"==g.behavior&&truste.util.executeOnCondition(function(){return g.prefCookie\|\|g.feat.gpp.gppApplies&&null==truste

Chrome Cache Entry: 191

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.5
Encrypted:	false
SSDEEP:	3:x:x
MD5:	402E7A087747CB56C718BDE84651F96A
SHA1:	7CE01F6381463362CF6AEF2F843A59261E8F5587
SHA-256:	662EFAF46C617DDBCB8FF4A2A8F64CFFD3D93630F1003F8E66511F369B87730F
SHA-512:	5080D776D0B123F20E97D44472EF2343BC022105AA67FC802B71668BAEB74A81530355589D50B1142165D17EF995AEAC196B6C15136D518A1EC0ABFA13C91D10
Malicious:	false
Preview:	Success!

Chrome Cache Entry: 192

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	2226
Entropy (8bit):	4.912661363045511
Encrypted:	false
SSDEEP:	48:Y1tX0zsbTPBudX0tVtptBujtLBt53ZtUtitcxntm1et9t49tKKt5HAtCVdc1wGP5:uXedXIVtn4L/5ouqtm1izmKW5sCVOTP5
MD5:	AE7561CE3B08ECEC05548E1E22B22281
SHA1:	7F56E62319B7F1A5F3C5D47793DCEBA20D80BB57
SHA-256:	070DC57506BAFE9DDD9EA92313993FF4C800F9808F7B1C95CFDFFF18CAAEDF3E
SHA-512:	18F95C79E667E19F4BDBD2E5EB1421BE50950277F8F0159AAA0FAB7AE528C6E6B7F0A6B153A95160C69B13A8B15C244764BEDD038C71398746C6FAFCE0639FB4
Malicious:	false
URL:	"https://c.go-mpulse.net/api/config.json?key=5D697-4BC54-45AAD-AD9FA-EACF4&d=developers.suitecommerce.com&t=5715499&v=1.720.0&sl=0&si=1eaa5630-6467-4986-9627-91515efc83cc-scuw30&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=658821"
Preview:	{"h.key":"5D697-4BC54-45AAD-AD9FA-EACF4","h.d":"developers.suitecommerce.com","h.t":1714649586275,"h.cr":"f4887b8936e6bd4df19968587f827a1187d9d755-b650873a-f962c5ee","session_id":"52122e7c-f548-4570-bba1-31071c96b9db","site_domain":"developers.suitecommerce.com","beacon_url":"//173bf10a.akstat.io/","autorun":true,"instrument_xhr":true,"beacon_interval":60,"BW":{"enabled":false},"RT":{"cookie":null,"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"Errors":{"enabled":true,"monitorTimeout":false,"monitorEvents":false,"maxErrors":10,"sendInterval":1000},"Continuity":{"enabled":true},"PageParams":{"xhr":"subresource","pageGroups":[{"type":"Regexp","parameter1":"/index.html","parameter2":"Home Page","on":["navigation"]},{"type":"Regexp","parameter1":"/getting-started.html","parameter2":"Getting Started","on":["navigation"]},{"type":"Regexp","parameter1":"/architecture.html","parameter2":"Architecture","on":["navigation"]},{"type":"Regexp","parameter1":"/example-custom

Chrome Cache Entry: 193

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (48800)
Category:	downloaded
Size (bytes):	48801
Entropy (8bit):	4.692569281338819
Encrypted:	false
SSDEEP:	384:vm9vgOaQCsy6QW9InGo0qhwgK+E1+HjLTK8Jxq7kdsZS2yHur/fRJoGgaYBX3z:gDQtJ0sE1d87q77Zhr5A3z
MD5:	D1C2E8E1513A4E0E8449932AEEC0C107
SHA1:	1B2987355CE04957B366A08A898A6E845B3AF0F9
SHA-256:	2F99627FD9D21F55424DB9180D4BA1D3DC064A0D298072D47B18714B66EC46F1
SHA-512:	4DC7BDF297231991D1358AAA20356FF6A77965DA25ADDE31879118FF2F073E670E4D82BA1EACF812E3EF529C558E21CA8E2768FD7746B6882C16E06B4F84C383
Malicious:	false
URL:	https://developers.suitecommerce.com/assets/css/icon-font.css
Preview:	/! Copyright (c) 2019, 2021 Oracle and/or its affiliates. All rights reserved. /.oj-ux-icon,[class=oj-ux-],[class^=oj-ux-]{font-family:"ojuxIconFont" !important;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;font-style:normal;font-variant:normal;font-weight:400;line-height:1;speak:none;text-transform:none}[class=oj-ux-].oj-ux-icon-size-2x{font-size:0.5rem !important;font-weight:100}[class=oj-ux-].oj-ux-icon-size-4x{font-size:1rem !important;font-weight:200}[class=oj-ux-].oj-ux-icon-size-5x{font-size:1.25rem !important;font-weight:300}[class=oj-ux-].oj-ux-icon-size-6x{font-size:1.5rem !important;font-weight:400}[class=oj-ux-].oj-ux-icon-size-9x{font-size:2.25rem !important;font-weight:500}[class=oj-ux-].oj-ux-icon-size-12x{font-size:3rem !important;font-weight:600}[class=oj-ux-].oj-ux-icon-size-16x{font-size:4rem !important;font-weight:700}[class=oj-ux-].oj-ux-icon-size-18x{font-size:4.5rem !important;font-weight:800}[class=oj-ux-].oj-ux-icon-size-23x{f

Chrome Cache Entry: 194

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.5
Encrypted:	false
SSDEEP:	3:x:x
MD5:	402E7A087747CB56C718BDE84651F96A
SHA1:	7CE01F6381463362CF6AEF2F843A59261E8F5587
SHA-256:	662EFAF46C617DDBCB8FF4A2A8F64CFFD3D93630F1003F8E66511F369B87730F
SHA-512:	5080D776D0B123F20E97D44472EF2343BC022105AA67FC802B71668BAEB74A81530355589D50B1142165D17EF995AEAC196B6C15136D518A1EC0ABFA13C91D10
Malicious:	false
Preview:	Success!

Chrome Cache Entry: 195

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2226
Entropy (8bit):	4.908236564083018
Encrypted:	false
SSDEEP:	48:Y1WVXjzsbTPBudX0tVtptBujtLBt53ZtUtitcxntm1et9t49tKKt5HAtCVdc1wGx:3fdXIVtn4L/5ouqtm1izmKW5sCVOTP5
MD5:	62325ACCAF942CF87649D300987647D4
SHA1:	A4261693836F2CDF433F5AD4ADFBFD169176B78E
SHA-256:	C6DC5090CC0BB138A2B36C0A65EF61556AEC578D0A7D9853090BC85BD1AAC9E3
SHA-512:	9685C1D7758EC4525BED3875BA53D7F3DEE8764075EA6FB20678B59933F4AB7B64A6A22DDB185C00BC68FE17D324B62B490A4DD0DFC4CF8EA0BB5FD33B1D9881
Malicious:	false
Preview:	{"h.key":"5D697-4BC54-45AAD-AD9FA-EACF4","h.d":"developers.suitecommerce.com","h.t":1714649692342,"h.cr":"dfccb421aca0085b83a34745b28e67270d33a9f5-b650873a-f962c5ee","session_id":"8934c1a7-c90a-45de-b555-87d25f7cf547","site_domain":"developers.suitecommerce.com","beacon_url":"//173bf110.akstat.io/","autorun":true,"instrument_xhr":true,"beacon_interval":60,"BW":{"enabled":false},"RT":{"cookie":null,"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"Errors":{"enabled":true,"monitorTimeout":false,"monitorEvents":false,"maxErrors":10,"sendInterval":1000},"Continuity":{"enabled":true},"PageParams":{"xhr":"subresource","pageGroups":[{"type":"Regexp","parameter1":"/index.html","parameter2":"Home Page","on":["navigation"]},{"type":"Regexp","parameter1":"/getting-started.html","parameter2":"Getting Started","on":["navigation"]},{"type":"Regexp","parameter1":"/architecture.html","parameter2":"Architecture","on":["navigation"]},{"type":"Regexp","parameter1":"/example-custom

Chrome Cache Entry: 196

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.5
Encrypted:	false
SSDEEP:	3:x:x
MD5:	402E7A087747CB56C718BDE84651F96A
SHA1:	7CE01F6381463362CF6AEF2F843A59261E8F5587
SHA-256:	662EFAF46C617DDBCB8FF4A2A8F64CFFD3D93630F1003F8E66511F369B87730F
SHA-512:	5080D776D0B123F20E97D44472EF2343BC022105AA67FC802B71668BAEB74A81530355589D50B1142165D17EF995AEAC196B6C15136D518A1EC0ABFA13C91D10
Malicious:	false
Preview:	Success!

Chrome Cache Entry: 197

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 41512, version 1.0
Category:	downloaded
Size (bytes):	41512
Entropy (8bit):	7.994907090582396
Encrypted:	true
SSDEEP:	768:WegRFJjJIg5Oas6JxY5fln44N0UF7FEoQCtwZlxDYpnQBChN1EhTy6:GjIJas6JxYU4N0UeIwNY5phfk
MD5:	FB29E87AD4C2C521D8C130ED4BE6F6CE
SHA1:	959D319AD52E87A45D1550F0DBF72846FC1B02C3
SHA-256:	0ABC65911840D86019C5E62403DBE5AD1B91CA6B1FA861A4346F9C6972752124
SHA-512:	B9D0C943D6A4A8B38882134841B812F26F2D2C9FB90FE7EDFEE47C66988E40D1FC1F6A2D357A55124DF87E1482ED91EAABC5CD21123E183FB29EDC7D1C76175D
Malicious:	false
URL:	https://developers.suitecommerce.com/assets/OracleSans-Rg.woff2
Preview:	wOF2.......(.......X..............................T........`.....r..W.....L..T.6.$.....N.. ..`. ..c[i.q.....P.s?.7....=.Ir...Z..L.<.<r..e.....L...I...fo...P..1R.@.Olv.D...L.Jd..em...Ge..<h.......0..`...Tz..;.L..5.._.e..7q......l...\..qc.......\|J...K.......f..Zk..F..H9.&g..A.N.. .p..e........dg_x./.....lXUz..-.......#..p.HH.i..-...?f'.\..$.j.....:.viPD...E...!.F..N.G..@.....&1........3s...^6j.....`........V....[..]e....+.;Y.B8......Kb...;...sk.7.}....}...m.+..PD,....A........{.\.w..E..BW......[.m...w.]....c@..^g <y!.E,..X.I.....c.S....7.x....5..G..I%.O.6.!.$.4.@..zI.h..C.D..~.hOL.....~..(_f...T@.]-6.LX3\[.X...IG.OZ...%...Q...t...n........N........}.......__.>..e.B3.Z..^.d.=U^.S.K. ...9.j..n....(.h.;..t~..].c]p..c..B..^.X...\......w....S$8.XIuG.l......_.2]a...Q.pW..m..o..kJ..-.?.N#d.....l./.6@.]..........=.._JI..1.^c....+gy........E_..G......pxx.PN.....u.d...r..........{O>.C/...U....w..2,.v.s..c.J#../#....;...[..2d.....G. ...a...

Chrome Cache Entry: 198

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2178), with no line terminators
Category:	downloaded
Size (bytes):	2178
Entropy (8bit):	5.216854247225728
Encrypted:	false
SSDEEP:	48:Ed+UePCCRJw2Gb7IsQTfm7CPqjfubEEfpcGbpCBOxm:EdfeqCR0vymOPXNXs
MD5:	4D5EF1646D4ED9C5B01DFE7460C84083
SHA1:	A4A25442AE7A2612611B3815128CC437A5AEBAAF
SHA-256:	4E02FDA4BDFBDF9DF0E3523B8B2B385AFBD007A3F8318E0E640F8D0A0DA100BE
SHA-512:	2E6C05DCB0EA44B4DDB24C35FA72FE2555676C9CE3726D98E0519B794426279B00E77378595BF49CE9E75555124F4107D7A412AF43001C1B47FA5D600578D985
Malicious:	false
URL:	https://consent.trustarc.com/get?name=crossdomain.html&domain=netsuite.com
Preview:	<html><head><script>!function(){var e,t,a,r,n,o="truste.consent.",i=function(e){var t,a={},e=a._url=e;if(e=(a._query=e.replace(/^[^;?#][;?#]/,"")).replace(/[#;?&]+/g,"&"))for(e=e.split("&"),t=e.length;0<t--;){var r=e[t].split("="),n=r.shift();a[n]\|\|(a[n]=r.length?decodeURIComponent(r.join("=")):"")}return a}(location.href).domain;function s(e,t){var a=JSON.stringify({source:"preference_manager",message:e,data:t});top.postMessage(a,""),parent.postMessage(a,"*")}function c(e){var t=null;try{var a=self.localStorage;t=a.getItem?a.getItem(e):a[e]}catch(e){}return t&&JSON.parse(t)\|\|null}function p(e){try{var t=o+e,a=c(t);if(!a)return null;if(new Date(a.expires)<new Date)try{return self.localStorage.removeItem(t),null}catch(e){return null}return a}catch(e){}return null}function l(e,t){var a=c(e);!t.popTime&&a&&a.popTime&&(t.popTime=a.popTime);var r="string"==typeof t\|\|t instanceof String?t:JSON.stringify(t);try{var n=self.localStorage;n.setItem?n.setItem(e,r):n[e]=r}catch(e){}}void 0!==i&&s

Chrome Cache Entry: 199

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (26292)
Category:	downloaded
Size (bytes):	26293
Entropy (8bit):	4.977203639568985
Encrypted:	false
SSDEEP:	384:FiUzfCWZzbw9jXgaBGhwq6CgnUymVHwIhT98cnGYcIZmUT9wO:Fi+Qkx5
MD5:	D0031FB1A4DE13F6EE77E6D339BA573A
SHA1:	305B555DE3C603583651AFEF19EF37FC1FC97C62
SHA-256:	8209B51DEA1B6D1BD0660F91AD80B6543F08FF2D29E1BEE820C2A02084659294
SHA-512:	822DF0B7684C90EE538A04B2EB2873DF4300BD23EC95D736D639565697C980AD951D6F9C096FF5E1573F1B4129FC5CA34B88A43687D71E2B146FC6C004A6496F
Malicious:	false
URL:	https://developers.suitecommerce.com/assets/css/style.css
Preview:	.highlight .c{color:#998;font-style:italic}.highlight .err{color:#a61717;background-color:#e3d2d2}.highlight .k{font-weight:bold}.highlight .o{font-weight:bold}.highlight .cm{color:#998;font-style:italic}.highlight .cp{color:#999;font-weight:bold}.highlight .c1{color:#998;font-style:italic}.highlight .cs{color:#999;font-weight:bold;font-style:italic}.highlight .gd{color:#000;background-color:#fdd}.highlight .gd .x{color:#000;background-color:#faa}.highlight .ge{font-style:italic}.highlight .gr{color:#a00}.highlight .gh{color:#999}.highlight .gi{color:#000;background-color:#dfd}.highlight .gi .x{color:#000;background-color:#afa}.highlight .go{color:#888}.highlight .gp{color:#555}.highlight .gs{font-weight:bold}.highlight .gu{color:#aaa}.highlight .gt{color:#a00}.highlight .kc{font-weight:bold}.highlight .kd{font-weight:bold}.highlight .kp{font-weight:bold}.highlight .kr{font-weight:bold}.highlight .kt{color:#458;font-weight:bold}.highlight .m{color:#099}.highlight .s{color:#d14}.highlig

Chrome Cache Entry: 200

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2226
Entropy (8bit):	4.900261522704766
Encrypted:	false
SSDEEP:	48:Y1BzsbTPBudX0tVtptBujtLBt53ZtUtitcxntm1et9t49tKKt5HAtCVdc1wGP5:KdXIVtn4L/5ouqtm1izmKW5sCVOTP5
MD5:	65B58ABA8E28896F4578D414E3BDD2E0
SHA1:	4417AD1087B762D5F3B93E9C6D9D4052D24689FF
SHA-256:	AA6E447A245828B272B95E35B98712E15BEDB69C4515FE3F57CAC7C85263BA39
SHA-512:	E9CED7D4413BBFB22D8A50B47EC5C4A59123775BBDD72D76982703C9296504532410AC1AF4E12DEAF58A075D0A1A257BCA97573EE27F0AF1D25D95E61EF46459
Malicious:	false
Preview:	{"h.key":"5D697-4BC54-45AAD-AD9FA-EACF4","h.d":"developers.suitecommerce.com","h.t":1714649681106,"h.cr":"64d4ad851caa6687504e13a5d8c5c0e3845deb07-b650873a-f962c5ee","session_id":"53ae1d05-30ff-4b22-af27-a19cf6246f21","site_domain":"developers.suitecommerce.com","beacon_url":"//173bf110.akstat.io/","autorun":true,"instrument_xhr":true,"beacon_interval":60,"BW":{"enabled":false},"RT":{"cookie":null,"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"Errors":{"enabled":true,"monitorTimeout":false,"monitorEvents":false,"maxErrors":10,"sendInterval":1000},"Continuity":{"enabled":true},"PageParams":{"xhr":"subresource","pageGroups":[{"type":"Regexp","parameter1":"/index.html","parameter2":"Home Page","on":["navigation"]},{"type":"Regexp","parameter1":"/getting-started.html","parameter2":"Getting Started","on":["navigation"]},{"type":"Regexp","parameter1":"/architecture.html","parameter2":"Architecture","on":["navigation"]},{"type":"Regexp","parameter1":"/example-custom

Static File Info

General

File type:	Microsoft Excel 2007+
Entropy (8bit):	7.802254397438724
TrID:	Excel Microsoft Office Open XML Format document (40004/1) 83.33% ZIP compressed archive (8000/1) 16.67%
File name:	Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx
File size:	71'973 bytes
MD5:	c1d8f73c861ad2a669d071bff85076b0
SHA1:	0d17bf6668bf7571cf9a52322c5a6d94c1129299
SHA256:	eb9e15df65eb4971a370731558163c9f24f849475f5a7a3c1f2a557a548770db
SHA512:	af06a0181437a2c9fca59d9f9fa493842f314420e74ba07af147e87023f7e1809b7457b3a5166668bcf640f5fc76f4590ebdc6622ba3b6c1ee0981e4d7d060ac
SSDEEP:	1536:eRFKbJh1yW7uPgM4yccW8cfsyObcfaCkICcHme:8FKdhh784dbi4aCkIie
TLSH:	C063F13CC655EE88C22BD8BDA10E05F694481592B5B2E8E71844F79C2FA5DDB079F07C
File Content Preview:	PK..........!...Md............[Content_Types].xml ...(.........................................................................................................................................................................................................

File Icon


Icon Hash:	2562ab89a7b7bfbf

Static OLE Info

General

Document Type:	OpenXML
Number of OLE Files:	1

OLE File "Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	True
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	False

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 2, 2024 13:33:01.755460978 CEST	49165	443	192.168.2.22	172.217.1.4
May 2, 2024 13:33:01.755491018 CEST	443	49165	172.217.1.4	192.168.2.22
May 2, 2024 13:33:01.755549908 CEST	49165	443	192.168.2.22	172.217.1.4
May 2, 2024 13:33:01.756016016 CEST	49165	443	192.168.2.22	172.217.1.4
May 2, 2024 13:33:01.756026030 CEST	443	49165	172.217.1.4	192.168.2.22
May 2, 2024 13:33:01.988032103 CEST	443	49165	172.217.1.4	192.168.2.22
May 2, 2024 13:33:01.988909960 CEST	49165	443	192.168.2.22	172.217.1.4
May 2, 2024 13:33:01.988920927 CEST	443	49165	172.217.1.4	192.168.2.22
May 2, 2024 13:33:01.989782095 CEST	443	49165	172.217.1.4	192.168.2.22
May 2, 2024 13:33:01.989830017 CEST	49165	443	192.168.2.22	172.217.1.4
May 2, 2024 13:33:01.996500015 CEST	49165	443	192.168.2.22	172.217.1.4
May 2, 2024 13:33:01.996578932 CEST	443	49165	172.217.1.4	192.168.2.22
May 2, 2024 13:33:02.190731049 CEST	49165	443	192.168.2.22	172.217.1.4
May 2, 2024 13:33:02.190741062 CEST	443	49165	172.217.1.4	192.168.2.22
May 2, 2024 13:33:02.390762091 CEST	49165	443	192.168.2.22	172.217.1.4
May 2, 2024 13:33:03.307508945 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:03.307576895 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.315932989 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:03.321394920 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:03.321441889 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.507714033 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.508028030 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:03.508055925 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.509077072 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.509088993 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.509131908 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:03.511233091 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:03.511308908 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.511666059 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:03.511687994 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.724153996 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.724230051 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:03.770893097 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.770925999 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.770934105 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.770951986 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.770987988 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.771013021 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:03.771034002 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:03.771045923 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:03.771075010 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:03.814102888 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:05.431273937 CEST	49171	443	192.168.2.22	18.164.96.99
May 2, 2024 13:33:05.431296110 CEST	443	49171	18.164.96.99	192.168.2.22
May 2, 2024 13:33:05.883565903 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:05.883594036 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:05.883665085 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:05.883759022 CEST	49175	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:05.883790970 CEST	443	49175	18.238.49.126	192.168.2.22
May 2, 2024 13:33:05.883843899 CEST	49175	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:05.884130955 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:05.884147882 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:05.884254932 CEST	49175	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:05.884269953 CEST	443	49175	18.238.49.126	192.168.2.22
May 2, 2024 13:33:05.931576967 CEST	49176	443	192.168.2.22	18.238.49.99
May 2, 2024 13:33:05.931607962 CEST	443	49176	18.238.49.99	192.168.2.22
May 2, 2024 13:33:05.931667089 CEST	49176	443	192.168.2.22	18.238.49.99
May 2, 2024 13:33:05.944847107 CEST	49176	443	192.168.2.22	18.238.49.99
May 2, 2024 13:33:05.944859982 CEST	443	49176	18.238.49.99	192.168.2.22
May 2, 2024 13:33:06.068483114 CEST	443	49175	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.068751097 CEST	49175	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.068761110 CEST	443	49175	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.069722891 CEST	443	49175	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.069773912 CEST	49175	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.070779085 CEST	49175	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.070837975 CEST	443	49175	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.071001053 CEST	49175	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.071008921 CEST	443	49175	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.074491024 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.074754953 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.074764967 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.076343060 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.076400995 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.078424931 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.078512907 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.078561068 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.078567982 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.124946117 CEST	443	49176	18.238.49.99	192.168.2.22
May 2, 2024 13:33:06.125288010 CEST	49176	443	192.168.2.22	18.238.49.99
May 2, 2024 13:33:06.125310898 CEST	443	49176	18.238.49.99	192.168.2.22
May 2, 2024 13:33:06.126327038 CEST	443	49176	18.238.49.99	192.168.2.22
May 2, 2024 13:33:06.126383066 CEST	49176	443	192.168.2.22	18.238.49.99
May 2, 2024 13:33:06.126703978 CEST	49176	443	192.168.2.22	18.238.49.99
May 2, 2024 13:33:06.126765013 CEST	443	49176	18.238.49.99	192.168.2.22
May 2, 2024 13:33:06.126853943 CEST	49176	443	192.168.2.22	18.238.49.99
May 2, 2024 13:33:06.126861095 CEST	443	49176	18.238.49.99	192.168.2.22
May 2, 2024 13:33:06.256416082 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.256437063 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.256616116 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.256629944 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.256639004 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.256664991 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.256683111 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.271296024 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.271305084 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.271336079 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.271353006 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.271374941 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.271379948 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.271384954 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.271400928 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.271418095 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.271492958 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.276124954 CEST	443	49175	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.276187897 CEST	49175	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.311445951 CEST	443	49176	18.238.49.99	192.168.2.22
May 2, 2024 13:33:06.311530113 CEST	49176	443	192.168.2.22	18.238.49.99
May 2, 2024 13:33:06.311542988 CEST	443	49176	18.238.49.99	192.168.2.22
May 2, 2024 13:33:06.311582088 CEST	443	49176	18.238.49.99	192.168.2.22
May 2, 2024 13:33:06.311707020 CEST	49176	443	192.168.2.22	18.238.49.99
May 2, 2024 13:33:06.312271118 CEST	49176	443	192.168.2.22	18.238.49.99
May 2, 2024 13:33:06.312283039 CEST	443	49176	18.238.49.99	192.168.2.22
May 2, 2024 13:33:06.318541050 CEST	443	49175	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.318669081 CEST	443	49175	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.318715096 CEST	49175	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.332870007 CEST	49175	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.332884073 CEST	443	49175	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.338119030 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.338126898 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.338161945 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.338187933 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.338219881 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.338237047 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.338262081 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.338593006 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.355231047 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.355254889 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.355293989 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.355299950 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.355350018 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.355356932 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.362193108 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.371262074 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.371309042 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.371341944 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.371349096 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.371360064 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.371402979 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.383655071 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.383748055 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.383780956 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.383796930 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.383799076 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.383837938 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.384001970 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.384017944 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.384027004 CEST	443	49174	18.238.49.126	192.168.2.22
May 2, 2024 13:33:06.384049892 CEST	49174	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:06.457308054 CEST	49180	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:06.457353115 CEST	443	49180	18.238.49.47	192.168.2.22
May 2, 2024 13:33:06.457403898 CEST	49180	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:06.457720995 CEST	49180	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:06.457751036 CEST	443	49180	18.238.49.47	192.168.2.22
May 2, 2024 13:33:06.637451887 CEST	443	49180	18.238.49.47	192.168.2.22
May 2, 2024 13:33:06.746517897 CEST	49180	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:06.746532917 CEST	443	49180	18.238.49.47	192.168.2.22
May 2, 2024 13:33:06.747608900 CEST	443	49180	18.238.49.47	192.168.2.22
May 2, 2024 13:33:06.747622013 CEST	443	49180	18.238.49.47	192.168.2.22
May 2, 2024 13:33:06.747659922 CEST	49180	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:06.748997927 CEST	49180	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:06.749063015 CEST	443	49180	18.238.49.47	192.168.2.22
May 2, 2024 13:33:06.749131918 CEST	49180	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:06.749138117 CEST	443	49180	18.238.49.47	192.168.2.22
May 2, 2024 13:33:06.846780062 CEST	443	49180	18.238.49.47	192.168.2.22
May 2, 2024 13:33:06.846868992 CEST	443	49180	18.238.49.47	192.168.2.22
May 2, 2024 13:33:06.846889019 CEST	49180	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:06.847054958 CEST	49180	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:06.847531080 CEST	49180	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:06.847542048 CEST	443	49180	18.238.49.47	192.168.2.22
May 2, 2024 13:33:10.254014015 CEST	49190	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:10.254044056 CEST	443	49190	18.238.49.126	192.168.2.22
May 2, 2024 13:33:10.254127979 CEST	49190	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:10.308487892 CEST	49190	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:10.308528900 CEST	443	49190	18.238.49.126	192.168.2.22
May 2, 2024 13:33:10.488327026 CEST	443	49190	18.238.49.126	192.168.2.22
May 2, 2024 13:33:10.488635063 CEST	49190	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:10.488646030 CEST	443	49190	18.238.49.126	192.168.2.22
May 2, 2024 13:33:10.489017963 CEST	443	49190	18.238.49.126	192.168.2.22
May 2, 2024 13:33:10.489377022 CEST	49190	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:10.489444017 CEST	443	49190	18.238.49.126	192.168.2.22
May 2, 2024 13:33:10.489521027 CEST	49190	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:10.536112070 CEST	443	49190	18.238.49.126	192.168.2.22
May 2, 2024 13:33:10.744874954 CEST	443	49190	18.238.49.126	192.168.2.22
May 2, 2024 13:33:10.745069981 CEST	443	49190	18.238.49.126	192.168.2.22
May 2, 2024 13:33:10.745193958 CEST	49190	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:10.745918036 CEST	49190	443	192.168.2.22	18.238.49.126
May 2, 2024 13:33:10.745937109 CEST	443	49190	18.238.49.126	192.168.2.22
May 2, 2024 13:33:10.751141071 CEST	49193	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:10.751177073 CEST	443	49193	18.238.49.47	192.168.2.22
May 2, 2024 13:33:10.751247883 CEST	49193	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:10.751440048 CEST	49193	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:10.751457930 CEST	443	49193	18.238.49.47	192.168.2.22
May 2, 2024 13:33:10.931662083 CEST	443	49193	18.238.49.47	192.168.2.22
May 2, 2024 13:33:10.932282925 CEST	49193	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:10.932296991 CEST	443	49193	18.238.49.47	192.168.2.22
May 2, 2024 13:33:10.932626009 CEST	443	49193	18.238.49.47	192.168.2.22
May 2, 2024 13:33:10.935245037 CEST	49193	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:10.935302973 CEST	443	49193	18.238.49.47	192.168.2.22
May 2, 2024 13:33:10.935389042 CEST	49193	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:10.980124950 CEST	443	49193	18.238.49.47	192.168.2.22
May 2, 2024 13:33:11.116036892 CEST	443	49193	18.238.49.47	192.168.2.22
May 2, 2024 13:33:11.116445065 CEST	443	49193	18.238.49.47	192.168.2.22
May 2, 2024 13:33:11.116504908 CEST	49193	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:11.117299080 CEST	49193	443	192.168.2.22	18.238.49.47
May 2, 2024 13:33:11.117307901 CEST	443	49193	18.238.49.47	192.168.2.22
May 2, 2024 13:33:11.966317892 CEST	443	49165	172.217.1.4	192.168.2.22
May 2, 2024 13:33:11.966382027 CEST	443	49165	172.217.1.4	192.168.2.22
May 2, 2024 13:33:11.966465950 CEST	49165	443	192.168.2.22	172.217.1.4
May 2, 2024 13:33:11.986536980 CEST	49165	443	192.168.2.22	172.217.1.4
May 2, 2024 13:33:11.986541986 CEST	443	49165	172.217.1.4	192.168.2.22
May 2, 2024 13:34:40.249563932 CEST	49208	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.249612093 CEST	443	49208	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.249653101 CEST	49208	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.250684977 CEST	49208	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.250701904 CEST	443	49208	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.281181097 CEST	49210	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.281204939 CEST	443	49210	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.281263113 CEST	49210	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.284305096 CEST	49210	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.284327984 CEST	443	49210	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.437768936 CEST	443	49208	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.463099957 CEST	49208	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.463130951 CEST	443	49208	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.466761112 CEST	443	49208	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.466816902 CEST	49208	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.469660997 CEST	443	49210	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.469830036 CEST	49208	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.470004082 CEST	443	49208	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.470205069 CEST	49208	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.470221043 CEST	443	49208	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.471216917 CEST	49210	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.471225977 CEST	443	49210	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.472055912 CEST	443	49210	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.472111940 CEST	49210	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.474723101 CEST	49210	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.474761963 CEST	443	49210	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.474919081 CEST	49210	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.474925041 CEST	443	49210	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.676156044 CEST	443	49208	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.676211119 CEST	49208	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.678246975 CEST	49210	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.688746929 CEST	443	49208	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.688925028 CEST	443	49208	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.688976049 CEST	49208	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.689796925 CEST	49208	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.689807892 CEST	443	49208	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.727994919 CEST	443	49210	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.728127003 CEST	443	49210	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.728179932 CEST	49210	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.730866909 CEST	49210	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:40.730878115 CEST	443	49210	18.238.49.126	192.168.2.22
May 2, 2024 13:34:40.923666954 CEST	49215	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:40.923688889 CEST	443	49215	18.238.49.99	192.168.2.22
May 2, 2024 13:34:40.923755884 CEST	49215	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:40.923964977 CEST	49216	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:40.924006939 CEST	443	49216	18.238.49.99	192.168.2.22
May 2, 2024 13:34:40.924057961 CEST	49216	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:40.925554991 CEST	49215	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:40.925570011 CEST	443	49215	18.238.49.99	192.168.2.22
May 2, 2024 13:34:40.944200993 CEST	49216	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:40.944226027 CEST	443	49216	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.104887009 CEST	443	49215	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.105328083 CEST	49215	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:41.105338097 CEST	443	49215	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.106463909 CEST	443	49215	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.106547117 CEST	49215	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:41.106995106 CEST	49215	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:41.107050896 CEST	443	49215	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.107278109 CEST	49215	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:41.107285976 CEST	443	49215	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.124398947 CEST	443	49216	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.124671936 CEST	49216	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:41.124692917 CEST	443	49216	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.125752926 CEST	443	49216	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.125799894 CEST	49216	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:41.126286030 CEST	49216	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:41.126343966 CEST	443	49216	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.126732111 CEST	49216	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:41.126739979 CEST	443	49216	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.289261103 CEST	443	49215	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.289388895 CEST	443	49215	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.289470911 CEST	49215	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:41.308770895 CEST	443	49216	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.308995962 CEST	443	49216	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.309068918 CEST	49216	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:41.320585012 CEST	49215	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:41.320596933 CEST	443	49215	18.238.49.99	192.168.2.22
May 2, 2024 13:34:41.320807934 CEST	49216	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:41.320832968 CEST	443	49216	18.238.49.99	192.168.2.22
May 2, 2024 13:34:43.503339052 CEST	49222	443	192.168.2.22	172.217.1.4
May 2, 2024 13:34:43.503432035 CEST	443	49222	172.217.1.4	192.168.2.22
May 2, 2024 13:34:43.503510952 CEST	49222	443	192.168.2.22	172.217.1.4
May 2, 2024 13:34:43.668376923 CEST	49222	443	192.168.2.22	172.217.1.4
May 2, 2024 13:34:43.668405056 CEST	443	49222	172.217.1.4	192.168.2.22
May 2, 2024 13:34:43.904551983 CEST	443	49222	172.217.1.4	192.168.2.22
May 2, 2024 13:34:43.982274055 CEST	49222	443	192.168.2.22	172.217.1.4
May 2, 2024 13:34:43.982299089 CEST	443	49222	172.217.1.4	192.168.2.22
May 2, 2024 13:34:43.983411074 CEST	443	49222	172.217.1.4	192.168.2.22
May 2, 2024 13:34:43.983419895 CEST	443	49222	172.217.1.4	192.168.2.22
May 2, 2024 13:34:43.983496904 CEST	49222	443	192.168.2.22	172.217.1.4
May 2, 2024 13:34:43.993233919 CEST	49222	443	192.168.2.22	172.217.1.4
May 2, 2024 13:34:43.993316889 CEST	443	49222	172.217.1.4	192.168.2.22
May 2, 2024 13:34:44.208118916 CEST	443	49222	172.217.1.4	192.168.2.22
May 2, 2024 13:34:44.208230019 CEST	49222	443	192.168.2.22	172.217.1.4
May 2, 2024 13:34:51.615820885 CEST	49228	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:51.615869999 CEST	443	49228	18.238.49.126	192.168.2.22
May 2, 2024 13:34:51.615927935 CEST	49228	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:51.616615057 CEST	49228	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:51.616631031 CEST	443	49228	18.238.49.126	192.168.2.22
May 2, 2024 13:34:51.797225952 CEST	443	49228	18.238.49.126	192.168.2.22
May 2, 2024 13:34:51.797462940 CEST	49228	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:51.797487020 CEST	443	49228	18.238.49.126	192.168.2.22
May 2, 2024 13:34:51.797811985 CEST	443	49228	18.238.49.126	192.168.2.22
May 2, 2024 13:34:51.798887968 CEST	49228	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:51.798962116 CEST	443	49228	18.238.49.126	192.168.2.22
May 2, 2024 13:34:51.799137115 CEST	49228	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:51.840118885 CEST	443	49228	18.238.49.126	192.168.2.22
May 2, 2024 13:34:52.050479889 CEST	443	49228	18.238.49.126	192.168.2.22
May 2, 2024 13:34:52.050558090 CEST	443	49228	18.238.49.126	192.168.2.22
May 2, 2024 13:34:52.050610065 CEST	49228	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:52.051233053 CEST	49228	443	192.168.2.22	18.238.49.126
May 2, 2024 13:34:52.051249027 CEST	443	49228	18.238.49.126	192.168.2.22
May 2, 2024 13:34:52.054526091 CEST	49231	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:52.054538012 CEST	443	49231	18.238.49.99	192.168.2.22
May 2, 2024 13:34:52.054608107 CEST	49231	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:52.054781914 CEST	49231	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:52.054786921 CEST	443	49231	18.238.49.99	192.168.2.22
May 2, 2024 13:34:52.233577967 CEST	443	49231	18.238.49.99	192.168.2.22
May 2, 2024 13:34:52.233928919 CEST	49231	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:52.233953953 CEST	443	49231	18.238.49.99	192.168.2.22
May 2, 2024 13:34:52.234261990 CEST	443	49231	18.238.49.99	192.168.2.22
May 2, 2024 13:34:52.234580994 CEST	49231	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:52.234637976 CEST	443	49231	18.238.49.99	192.168.2.22
May 2, 2024 13:34:52.234735012 CEST	49231	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:52.276119947 CEST	443	49231	18.238.49.99	192.168.2.22
May 2, 2024 13:34:52.416966915 CEST	443	49231	18.238.49.99	192.168.2.22
May 2, 2024 13:34:52.417032957 CEST	443	49231	18.238.49.99	192.168.2.22
May 2, 2024 13:34:52.417166948 CEST	49231	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:52.418416977 CEST	49231	443	192.168.2.22	18.238.49.99
May 2, 2024 13:34:52.418421984 CEST	443	49231	18.238.49.99	192.168.2.22
May 2, 2024 13:34:53.891578913 CEST	443	49222	172.217.1.4	192.168.2.22
May 2, 2024 13:34:53.891659021 CEST	443	49222	172.217.1.4	192.168.2.22
May 2, 2024 13:34:53.891704082 CEST	49222	443	192.168.2.22	172.217.1.4
May 2, 2024 13:34:55.400089025 CEST	49222	443	192.168.2.22	172.217.1.4
May 2, 2024 13:34:55.400125980 CEST	443	49222	172.217.1.4	192.168.2.22

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 2, 2024 13:32:55.680268049 CEST	53	62751	8.8.8.8	192.168.2.22
May 2, 2024 13:32:55.726876974 CEST	53	49881	8.8.8.8	192.168.2.22
May 2, 2024 13:32:55.727658033 CEST	53	52781	8.8.8.8	192.168.2.22
May 2, 2024 13:32:56.452580929 CEST	53	65510	8.8.8.8	192.168.2.22
May 2, 2024 13:33:01.636662960 CEST	58105	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:01.670159101 CEST	64928	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:01.672554016 CEST	57390	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:01.672635078 CEST	58095	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:01.727067947 CEST	53	58105	8.8.8.8	192.168.2.22
May 2, 2024 13:33:01.760445118 CEST	53	64928	8.8.8.8	192.168.2.22
May 2, 2024 13:33:02.860846996 CEST	50446	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:02.860846996 CEST	55939	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:03.183906078 CEST	49608	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:03.184530973 CEST	61486	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:03.275017023 CEST	53	61486	8.8.8.8	192.168.2.22
May 2, 2024 13:33:03.296451092 CEST	53	49608	8.8.8.8	192.168.2.22
May 2, 2024 13:33:05.737565041 CEST	50568	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:05.779767036 CEST	61467	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:05.795387030 CEST	61618	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:05.805454969 CEST	54422	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:05.829164982 CEST	52074	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:05.829629898 CEST	50337	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:05.847888947 CEST	53	50568	8.8.8.8	192.168.2.22
May 2, 2024 13:33:05.876780033 CEST	53	61467	8.8.8.8	192.168.2.22
May 2, 2024 13:33:05.892877102 CEST	53	61618	8.8.8.8	192.168.2.22
May 2, 2024 13:33:05.894093037 CEST	53	54422	8.8.8.8	192.168.2.22
May 2, 2024 13:33:06.339207888 CEST	56329	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:06.342684031 CEST	63469	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:06.431392908 CEST	53	63469	8.8.8.8	192.168.2.22
May 2, 2024 13:33:06.436681986 CEST	53	56329	8.8.8.8	192.168.2.22
May 2, 2024 13:33:06.444433928 CEST	51828	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:06.444850922 CEST	53406	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:06.467889071 CEST	56345	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:06.468094110 CEST	51870	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:06.469089985 CEST	65009	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:06.469304085 CEST	64956	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:06.653914928 CEST	53	64956	8.8.8.8	192.168.2.22
May 2, 2024 13:33:07.012053967 CEST	54521	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:07.012332916 CEST	49750	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:10.769434929 CEST	56207	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:10.769491911 CEST	51955	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:10.972460985 CEST	51014	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:10.972683907 CEST	49690	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:10.973032951 CEST	60169	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:10.973172903 CEST	53060	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:11.060457945 CEST	53	49690	8.8.8.8	192.168.2.22
May 2, 2024 13:33:11.067157984 CEST	53	53060	8.8.8.8	192.168.2.22
May 2, 2024 13:33:11.440196037 CEST	49949	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:11.440393925 CEST	54027	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:11.450217962 CEST	63950	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:11.450359106 CEST	58257	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:11.623215914 CEST	53	54027	8.8.8.8	192.168.2.22
May 2, 2024 13:33:11.634021044 CEST	53	58257	8.8.8.8	192.168.2.22
May 2, 2024 13:33:11.986910105 CEST	49478	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:11.987124920 CEST	49288	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:12.080482006 CEST	61598	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:12.080660105 CEST	58754	53	192.168.2.22	8.8.8.8
May 2, 2024 13:33:12.082613945 CEST	53	49288	8.8.8.8	192.168.2.22
May 2, 2024 13:33:12.200440884 CEST	53	58754	8.8.8.8	192.168.2.22
May 2, 2024 13:33:15.632550955 CEST	53	54615	8.8.8.8	192.168.2.22
May 2, 2024 13:34:37.365865946 CEST	53	49520	8.8.8.8	192.168.2.22
May 2, 2024 13:34:37.387720108 CEST	53	50702	8.8.8.8	192.168.2.22
May 2, 2024 13:34:37.391300917 CEST	53	51951	8.8.8.8	192.168.2.22
May 2, 2024 13:34:38.049093962 CEST	53	57998	8.8.8.8	192.168.2.22
May 2, 2024 13:34:39.521369934 CEST	61564	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:39.522670031 CEST	51384	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.088895082 CEST	53785	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.089011908 CEST	55277	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.089344025 CEST	51183	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.089523077 CEST	57027	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.179315090 CEST	53	55277	8.8.8.8	192.168.2.22
May 2, 2024 13:34:40.193352938 CEST	53	53785	8.8.8.8	192.168.2.22
May 2, 2024 13:34:40.658276081 CEST	56156	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.658514977 CEST	60971	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.720841885 CEST	56308	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.725406885 CEST	51268	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.755996943 CEST	59475	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.756772995 CEST	62930	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.770320892 CEST	61008	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.770495892 CEST	59514	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.851000071 CEST	53	62930	8.8.8.8	192.168.2.22
May 2, 2024 13:34:40.858005047 CEST	53	59514	8.8.8.8	192.168.2.22
May 2, 2024 13:34:40.868685961 CEST	53	61008	8.8.8.8	192.168.2.22
May 2, 2024 13:34:40.913136959 CEST	53077	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.913453102 CEST	53188	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.913675070 CEST	54333	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:40.913944006 CEST	55388	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:41.000850916 CEST	53	53188	8.8.8.8	192.168.2.22
May 2, 2024 13:34:41.001305103 CEST	53	55388	8.8.8.8	192.168.2.22
May 2, 2024 13:34:41.414318085 CEST	54154	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:41.414479017 CEST	53602	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:41.601089954 CEST	53	53602	8.8.8.8	192.168.2.22
May 2, 2024 13:34:41.938451052 CEST	60981	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:41.938577890 CEST	51161	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:42.021384001 CEST	50357	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:42.021497011 CEST	58291	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:42.026365042 CEST	53	60981	8.8.8.8	192.168.2.22
May 2, 2024 13:34:42.032747030 CEST	53	51161	8.8.8.8	192.168.2.22
May 2, 2024 13:34:42.141491890 CEST	53	58291	8.8.8.8	192.168.2.22
May 2, 2024 13:34:44.651921034 CEST	64762	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:44.652085066 CEST	53063	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:44.930756092 CEST	53	53063	8.8.8.8	192.168.2.22
May 2, 2024 13:34:48.898729086 CEST	49339	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:48.898917913 CEST	60994	53	192.168.2.22	8.8.8.8
May 2, 2024 13:34:48.992640972 CEST	53	60994	8.8.8.8	192.168.2.22
May 2, 2024 13:34:55.731769085 CEST	53	60228	8.8.8.8	192.168.2.22

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 2, 2024 13:33:01.760513067 CEST	192.168.2.22	8.8.8.8	d01d	(Port unreachable)	Destination Unreachable
May 2, 2024 13:34:44.931469917 CEST	192.168.2.22	8.8.8.8	d0dd	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 2, 2024 13:33:01.636662960 CEST	192.168.2.22	8.8.8.8	0xa2e1	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:01.670159101 CEST	192.168.2.22	8.8.8.8	0x97b7	Standard query (0)	www.google.com	65	IN (0x0001)	false
May 2, 2024 13:33:01.672554016 CEST	192.168.2.22	8.8.8.8	0x22e8	Standard query (0)	developers.suitecommerce.com	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:01.672635078 CEST	192.168.2.22	8.8.8.8	0x4945	Standard query (0)	developers.suitecommerce.com	65	IN (0x0001)	false
May 2, 2024 13:33:02.860846996 CEST	192.168.2.22	8.8.8.8	0x4ac3	Standard query (0)	s.go-mpulse.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:02.860846996 CEST	192.168.2.22	8.8.8.8	0x2a8d	Standard query (0)	s.go-mpulse.net	65	IN (0x0001)	false
May 2, 2024 13:33:03.183906078 CEST	192.168.2.22	8.8.8.8	0xb0fd	Standard query (0)	consent.truste.com	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:03.184530973 CEST	192.168.2.22	8.8.8.8	0xefe4	Standard query (0)	consent.truste.com	65	IN (0x0001)	false
May 2, 2024 13:33:05.737565041 CEST	192.168.2.22	8.8.8.8	0x6f32	Standard query (0)	consent.trustarc.com	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:05.779767036 CEST	192.168.2.22	8.8.8.8	0x104	Standard query (0)	consent.trustarc.com	65	IN (0x0001)	false
May 2, 2024 13:33:05.795387030 CEST	192.168.2.22	8.8.8.8	0xa7ee	Standard query (0)	consent.trustarc.com	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:05.805454969 CEST	192.168.2.22	8.8.8.8	0xa12d	Standard query (0)	consent.trustarc.com	65	IN (0x0001)	false
May 2, 2024 13:33:05.829164982 CEST	192.168.2.22	8.8.8.8	0x9184	Standard query (0)	c.go-mpulse.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:05.829629898 CEST	192.168.2.22	8.8.8.8	0x4d8d	Standard query (0)	c.go-mpulse.net	65	IN (0x0001)	false
May 2, 2024 13:33:06.339207888 CEST	192.168.2.22	8.8.8.8	0x6102	Standard query (0)	consent.trustarc.com	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:06.342684031 CEST	192.168.2.22	8.8.8.8	0x2827	Standard query (0)	consent.trustarc.com	65	IN (0x0001)	false
May 2, 2024 13:33:06.444433928 CEST	192.168.2.22	8.8.8.8	0x4662	Standard query (0)	c.go-mpulse.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:06.444850922 CEST	192.168.2.22	8.8.8.8	0x98fa	Standard query (0)	c.go-mpulse.net	65	IN (0x0001)	false
May 2, 2024 13:33:06.467889071 CEST	192.168.2.22	8.8.8.8	0xa75b	Standard query (0)	173bf10a.akstat.io	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:06.468094110 CEST	192.168.2.22	8.8.8.8	0x8186	Standard query (0)	173bf10a.akstat.io	65	IN (0x0001)	false
May 2, 2024 13:33:06.469089985 CEST	192.168.2.22	8.8.8.8	0x703c	Standard query (0)	x5qjnyixeeujqzrtphxa-f-1ae67ca9a-clientnsv4-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:06.469304085 CEST	192.168.2.22	8.8.8.8	0x1276	Standard query (0)	x5qjnyixeeujqzrtphxa-f-1ae67ca9a-clientnsv4-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:33:07.012053967 CEST	192.168.2.22	8.8.8.8	0xb04c	Standard query (0)	developers.suitecommerce.com	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:07.012332916 CEST	192.168.2.22	8.8.8.8	0x79fa	Standard query (0)	developers.suitecommerce.com	65	IN (0x0001)	false
May 2, 2024 13:33:10.769434929 CEST	192.168.2.22	8.8.8.8	0xbc55	Standard query (0)	173bf110.akstat.io	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:10.769491911 CEST	192.168.2.22	8.8.8.8	0x7501	Standard query (0)	173bf110.akstat.io	65	IN (0x0001)	false
May 2, 2024 13:33:10.972460985 CEST	192.168.2.22	8.8.8.8	0xaac7	Standard query (0)	trial-eum-clientnsv4-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:10.972683907 CEST	192.168.2.22	8.8.8.8	0x1383	Standard query (0)	trial-eum-clientnsv4-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:33:10.973032951 CEST	192.168.2.22	8.8.8.8	0x5291	Standard query (0)	trial-eum-clienttons-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:10.973172903 CEST	192.168.2.22	8.8.8.8	0xce30	Standard query (0)	trial-eum-clienttons-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:33:11.440196037 CEST	192.168.2.22	8.8.8.8	0x5e51	Standard query (0)	191-96-150-225_s-23-200-0-185_ts-1714649591-clienttons-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:11.440393925 CEST	192.168.2.22	8.8.8.8	0x95c9	Standard query (0)	191-96-150-225_s-23-200-0-185_ts-1714649591-clienttons-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:33:11.450217962 CEST	192.168.2.22	8.8.8.8	0xe59f	Standard query (0)	x5qjnyixzaaauzrtph3q-peru40-c59057d55-clientnsv4-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:11.450359106 CEST	192.168.2.22	8.8.8.8	0x5d3a	Standard query (0)	x5qjnyixzaaauzrtph3q-peru40-c59057d55-clientnsv4-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:33:11.986910105 CEST	192.168.2.22	8.8.8.8	0x7ec3	Standard query (0)	191-96-150-225_s-23-200-0-185_ts-1714649591-clienttons-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:11.987124920 CEST	192.168.2.22	8.8.8.8	0xaca5	Standard query (0)	191-96-150-225_s-23-200-0-185_ts-1714649591-clienttons-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:33:12.080482006 CEST	192.168.2.22	8.8.8.8	0xc534	Standard query (0)	x5qjnyixzaaauzrtph3q-peru40-c59057d55-clientnsv4-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:12.080660105 CEST	192.168.2.22	8.8.8.8	0xe531	Standard query (0)	x5qjnyixzaaauzrtph3q-peru40-c59057d55-clientnsv4-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:34:39.521369934 CEST	192.168.2.22	8.8.8.8	0xfbdd	Standard query (0)	developers.suitecommerce.com	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:39.522670031 CEST	192.168.2.22	8.8.8.8	0xd8ae	Standard query (0)	developers.suitecommerce.com	65	IN (0x0001)	false
May 2, 2024 13:34:40.088895082 CEST	192.168.2.22	8.8.8.8	0x4be1	Standard query (0)	consent.trustarc.com	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.089011908 CEST	192.168.2.22	8.8.8.8	0xad80	Standard query (0)	consent.trustarc.com	65	IN (0x0001)	false
May 2, 2024 13:34:40.089344025 CEST	192.168.2.22	8.8.8.8	0x409c	Standard query (0)	c.go-mpulse.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.089523077 CEST	192.168.2.22	8.8.8.8	0x53f1	Standard query (0)	c.go-mpulse.net	65	IN (0x0001)	false
May 2, 2024 13:34:40.658276081 CEST	192.168.2.22	8.8.8.8	0xbb47	Standard query (0)	c.go-mpulse.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.658514977 CEST	192.168.2.22	8.8.8.8	0x6886	Standard query (0)	c.go-mpulse.net	65	IN (0x0001)	false
May 2, 2024 13:34:40.720841885 CEST	192.168.2.22	8.8.8.8	0xdc7a	Standard query (0)	173bf110.akstat.io	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.725406885 CEST	192.168.2.22	8.8.8.8	0xbb3e	Standard query (0)	173bf110.akstat.io	65	IN (0x0001)	false
May 2, 2024 13:34:40.755996943 CEST	192.168.2.22	8.8.8.8	0xf696	Standard query (0)	x5qjnyixeeujqzrtphxa-f-1ae67ca9a-clientnsv4-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.756772995 CEST	192.168.2.22	8.8.8.8	0x476d	Standard query (0)	x5qjnyixeeujqzrtphxa-f-1ae67ca9a-clientnsv4-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:34:40.770320892 CEST	192.168.2.22	8.8.8.8	0x3a9b	Standard query (0)	consent.trustarc.com	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.770495892 CEST	192.168.2.22	8.8.8.8	0xd804	Standard query (0)	consent.trustarc.com	65	IN (0x0001)	false
May 2, 2024 13:34:40.913136959 CEST	192.168.2.22	8.8.8.8	0xfba3	Standard query (0)	trial-eum-clientnsv4-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.913453102 CEST	192.168.2.22	8.8.8.8	0xc6dc	Standard query (0)	trial-eum-clientnsv4-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:34:40.913675070 CEST	192.168.2.22	8.8.8.8	0xdde1	Standard query (0)	trial-eum-clienttons-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.913944006 CEST	192.168.2.22	8.8.8.8	0xcd4f	Standard query (0)	trial-eum-clienttons-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:34:41.414318085 CEST	192.168.2.22	8.8.8.8	0x6f87	Standard query (0)	191-96-150-225_s-23-200-0-189_ts-1714649681-clienttons-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:41.414479017 CEST	192.168.2.22	8.8.8.8	0xe46b	Standard query (0)	191-96-150-225_s-23-200-0-189_ts-1714649681-clienttons-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:34:41.938451052 CEST	192.168.2.22	8.8.8.8	0x3d1f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:41.938577890 CEST	192.168.2.22	8.8.8.8	0xd019	Standard query (0)	www.google.com	65	IN (0x0001)	false
May 2, 2024 13:34:42.021384001 CEST	192.168.2.22	8.8.8.8	0x33cc	Standard query (0)	191-96-150-225_s-23-200-0-189_ts-1714649681-clienttons-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:42.021497011 CEST	192.168.2.22	8.8.8.8	0x31f8	Standard query (0)	191-96-150-225_s-23-200-0-189_ts-1714649681-clienttons-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:34:44.651921034 CEST	192.168.2.22	8.8.8.8	0xdfc6	Standard query (0)	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47-clientnsv4-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:44.652085066 CEST	192.168.2.22	8.8.8.8	0xa355	Standard query (0)	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47-clientnsv4-s.akamaihd.net	65	IN (0x0001)	false
May 2, 2024 13:34:48.898729086 CEST	192.168.2.22	8.8.8.8	0x7bf6	Standard query (0)	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47-clientnsv4-s.akamaihd.net	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:48.898917913 CEST	192.168.2.22	8.8.8.8	0x1ab0	Standard query (0)	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47-clientnsv4-s.akamaihd.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 2, 2024 13:33:01.727067947 CEST	8.8.8.8	192.168.2.22	0xa2e1	No error (0)	www.google.com		172.217.1.4	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:01.760445118 CEST	8.8.8.8	192.168.2.22	0x97b7	No error (0)	www.google.com			65	IN (0x0001)	false
May 2, 2024 13:33:01.777544975 CEST	8.8.8.8	192.168.2.22	0x4945	No error (0)	developers.suitecommerce.com	ds-developers.suitecommerce.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:01.874645948 CEST	8.8.8.8	192.168.2.22	0x22e8	No error (0)	developers.suitecommerce.com	ds-developers.suitecommerce.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:02.948350906 CEST	8.8.8.8	192.168.2.22	0x2a8d	No error (0)	s.go-mpulse.net	ip46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:02.957360029 CEST	8.8.8.8	192.168.2.22	0x4ac3	No error (0)	s.go-mpulse.net	ip46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:03.296451092 CEST	8.8.8.8	192.168.2.22	0xb0fd	No error (0)	consent.truste.com		18.164.96.99	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:03.296451092 CEST	8.8.8.8	192.168.2.22	0xb0fd	No error (0)	consent.truste.com		18.164.96.50	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:03.296451092 CEST	8.8.8.8	192.168.2.22	0xb0fd	No error (0)	consent.truste.com		18.164.96.92	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:03.296451092 CEST	8.8.8.8	192.168.2.22	0xb0fd	No error (0)	consent.truste.com		18.164.96.34	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:05.847888947 CEST	8.8.8.8	192.168.2.22	0x6f32	No error (0)	consent.trustarc.com		18.238.49.126	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:05.847888947 CEST	8.8.8.8	192.168.2.22	0x6f32	No error (0)	consent.trustarc.com		18.238.49.47	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:05.847888947 CEST	8.8.8.8	192.168.2.22	0x6f32	No error (0)	consent.trustarc.com		18.238.49.62	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:05.847888947 CEST	8.8.8.8	192.168.2.22	0x6f32	No error (0)	consent.trustarc.com		18.238.49.99	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:05.892877102 CEST	8.8.8.8	192.168.2.22	0xa7ee	No error (0)	consent.trustarc.com		18.238.49.99	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:05.892877102 CEST	8.8.8.8	192.168.2.22	0xa7ee	No error (0)	consent.trustarc.com		18.238.49.126	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:05.892877102 CEST	8.8.8.8	192.168.2.22	0xa7ee	No error (0)	consent.trustarc.com		18.238.49.47	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:05.892877102 CEST	8.8.8.8	192.168.2.22	0xa7ee	No error (0)	consent.trustarc.com		18.238.49.62	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:05.917112112 CEST	8.8.8.8	192.168.2.22	0x4d8d	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:05.926461935 CEST	8.8.8.8	192.168.2.22	0x9184	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:06.436681986 CEST	8.8.8.8	192.168.2.22	0x6102	No error (0)	consent.trustarc.com		18.238.49.47	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:06.436681986 CEST	8.8.8.8	192.168.2.22	0x6102	No error (0)	consent.trustarc.com		18.238.49.126	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:06.436681986 CEST	8.8.8.8	192.168.2.22	0x6102	No error (0)	consent.trustarc.com		18.238.49.99	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:06.436681986 CEST	8.8.8.8	192.168.2.22	0x6102	No error (0)	consent.trustarc.com		18.238.49.62	A (IP address)	IN (0x0001)	false
May 2, 2024 13:33:06.532587051 CEST	8.8.8.8	192.168.2.22	0x98fa	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:06.541745901 CEST	8.8.8.8	192.168.2.22	0x4662	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:06.555840969 CEST	8.8.8.8	192.168.2.22	0x8186	No error (0)	173bf10a.akstat.io	wildcard46.akstat.io.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:06.564064026 CEST	8.8.8.8	192.168.2.22	0xa75b	No error (0)	173bf10a.akstat.io	wildcard46.akstat.io.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:06.653914928 CEST	8.8.8.8	192.168.2.22	0x1276	No error (0)	x5qjnyixeeujqzrtphxa-f-1ae67ca9a-clientnsv4-s.akamaihd.net	x5qjnyixeeujqzrtphxa-f-1ae67ca9a.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:06.653914928 CEST	8.8.8.8	192.168.2.22	0x1276	No error (0)	x5qjnyixeeujqzrtphxa-f-1ae67ca9a.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:06.654664040 CEST	8.8.8.8	192.168.2.22	0x703c	No error (0)	x5qjnyixeeujqzrtphxa-f-1ae67ca9a-clientnsv4-s.akamaihd.net	x5qjnyixeeujqzrtphxa-f-1ae67ca9a.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:06.654664040 CEST	8.8.8.8	192.168.2.22	0x703c	No error (0)	x5qjnyixeeujqzrtphxa-f-1ae67ca9a.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:07.135051966 CEST	8.8.8.8	192.168.2.22	0x79fa	No error (0)	developers.suitecommerce.com	ds-developers.suitecommerce.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:07.173382998 CEST	8.8.8.8	192.168.2.22	0xb04c	No error (0)	developers.suitecommerce.com	ds-developers.suitecommerce.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:10.866045952 CEST	8.8.8.8	192.168.2.22	0x7501	No error (0)	173bf110.akstat.io	wildcard46.akstat.io.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:10.867708921 CEST	8.8.8.8	192.168.2.22	0xbc55	No error (0)	173bf110.akstat.io	wildcard46.akstat.io.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.060457945 CEST	8.8.8.8	192.168.2.22	0x1383	No error (0)	trial-eum-clientnsv4-s.akamaihd.net	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.067157984 CEST	8.8.8.8	192.168.2.22	0xce30	No error (0)	trial-eum-clienttons-s.akamaihd.net	trial-eum.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.067157984 CEST	8.8.8.8	192.168.2.22	0xce30	No error (0)	trial-eum.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.069071054 CEST	8.8.8.8	192.168.2.22	0x5291	No error (0)	trial-eum-clienttons-s.akamaihd.net	trial-eum.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.069071054 CEST	8.8.8.8	192.168.2.22	0x5291	No error (0)	trial-eum.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.071898937 CEST	8.8.8.8	192.168.2.22	0xaac7	No error (0)	trial-eum-clientnsv4-s.akamaihd.net	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.620955944 CEST	8.8.8.8	192.168.2.22	0x5e51	No error (0)	191-96-150-225_s-23-200-0-185_ts-1714649591-clienttons-s.akamaihd.net	191.96.150.225_s-23.200.0.185_ts-1714649591.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.620955944 CEST	8.8.8.8	192.168.2.22	0x5e51	No error (0)	191.96.150.225_s-23.200.0.185_ts-1714649591.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.623215914 CEST	8.8.8.8	192.168.2.22	0x95c9	No error (0)	191-96-150-225_s-23-200-0-185_ts-1714649591-clienttons-s.akamaihd.net	191.96.150.225_s-23.200.0.185_ts-1714649591.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.623215914 CEST	8.8.8.8	192.168.2.22	0x95c9	No error (0)	191.96.150.225_s-23.200.0.185_ts-1714649591.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.634021044 CEST	8.8.8.8	192.168.2.22	0x5d3a	No error (0)	x5qjnyixzaaauzrtph3q-peru40-c59057d55-clientnsv4-s.akamaihd.net	x5qjnyixzaaauzrtph3q-peru40-c59057d55.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.634021044 CEST	8.8.8.8	192.168.2.22	0x5d3a	No error (0)	x5qjnyixzaaauzrtph3q-peru40-c59057d55.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.658951998 CEST	8.8.8.8	192.168.2.22	0xe59f	No error (0)	x5qjnyixzaaauzrtph3q-peru40-c59057d55-clientnsv4-s.akamaihd.net	x5qjnyixzaaauzrtph3q-peru40-c59057d55.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:11.658951998 CEST	8.8.8.8	192.168.2.22	0xe59f	No error (0)	x5qjnyixzaaauzrtph3q-peru40-c59057d55.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:12.082613945 CEST	8.8.8.8	192.168.2.22	0xaca5	No error (0)	191-96-150-225_s-23-200-0-185_ts-1714649591-clienttons-s.akamaihd.net	191.96.150.225_s-23.200.0.185_ts-1714649591.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:12.082613945 CEST	8.8.8.8	192.168.2.22	0xaca5	No error (0)	191.96.150.225_s-23.200.0.185_ts-1714649591.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:12.170746088 CEST	8.8.8.8	192.168.2.22	0x7ec3	No error (0)	191-96-150-225_s-23-200-0-185_ts-1714649591-clienttons-s.akamaihd.net	191.96.150.225_s-23.200.0.185_ts-1714649591.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:12.170746088 CEST	8.8.8.8	192.168.2.22	0x7ec3	No error (0)	191.96.150.225_s-23.200.0.185_ts-1714649591.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:12.179244995 CEST	8.8.8.8	192.168.2.22	0xc534	No error (0)	x5qjnyixzaaauzrtph3q-peru40-c59057d55-clientnsv4-s.akamaihd.net	x5qjnyixzaaauzrtph3q-peru40-c59057d55.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:12.179244995 CEST	8.8.8.8	192.168.2.22	0xc534	No error (0)	x5qjnyixzaaauzrtph3q-peru40-c59057d55.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:12.200440884 CEST	8.8.8.8	192.168.2.22	0xe531	No error (0)	x5qjnyixzaaauzrtph3q-peru40-c59057d55-clientnsv4-s.akamaihd.net	x5qjnyixzaaauzrtph3q-peru40-c59057d55.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:33:12.200440884 CEST	8.8.8.8	192.168.2.22	0xe531	No error (0)	x5qjnyixzaaauzrtph3q-peru40-c59057d55.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:39.616946936 CEST	8.8.8.8	192.168.2.22	0xd8ae	No error (0)	developers.suitecommerce.com	ds-developers.suitecommerce.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:39.618819952 CEST	8.8.8.8	192.168.2.22	0xfbdd	No error (0)	developers.suitecommerce.com	ds-developers.suitecommerce.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:40.177476883 CEST	8.8.8.8	192.168.2.22	0x53f1	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:40.186353922 CEST	8.8.8.8	192.168.2.22	0x409c	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:40.193352938 CEST	8.8.8.8	192.168.2.22	0x4be1	No error (0)	consent.trustarc.com		18.238.49.126	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.193352938 CEST	8.8.8.8	192.168.2.22	0x4be1	No error (0)	consent.trustarc.com		18.238.49.47	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.193352938 CEST	8.8.8.8	192.168.2.22	0x4be1	No error (0)	consent.trustarc.com		18.238.49.62	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.193352938 CEST	8.8.8.8	192.168.2.22	0x4be1	No error (0)	consent.trustarc.com		18.238.49.99	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.746536016 CEST	8.8.8.8	192.168.2.22	0x6886	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:40.754930019 CEST	8.8.8.8	192.168.2.22	0xbb47	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:40.813374996 CEST	8.8.8.8	192.168.2.22	0xbb3e	No error (0)	173bf110.akstat.io	wildcard46.akstat.io.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:40.818017960 CEST	8.8.8.8	192.168.2.22	0xdc7a	No error (0)	173bf110.akstat.io	wildcard46.akstat.io.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:40.851000071 CEST	8.8.8.8	192.168.2.22	0x476d	No error (0)	x5qjnyixeeujqzrtphxa-f-1ae67ca9a-clientnsv4-s.akamaihd.net	x5qjnyixeeujqzrtphxa-f-1ae67ca9a.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:40.851000071 CEST	8.8.8.8	192.168.2.22	0x476d	No error (0)	x5qjnyixeeujqzrtphxa-f-1ae67ca9a.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:40.868685961 CEST	8.8.8.8	192.168.2.22	0x3a9b	No error (0)	consent.trustarc.com		18.238.49.99	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.868685961 CEST	8.8.8.8	192.168.2.22	0x3a9b	No error (0)	consent.trustarc.com		18.238.49.62	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.868685961 CEST	8.8.8.8	192.168.2.22	0x3a9b	No error (0)	consent.trustarc.com		18.238.49.126	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:40.868685961 CEST	8.8.8.8	192.168.2.22	0x3a9b	No error (0)	consent.trustarc.com		18.238.49.47	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:41.000850916 CEST	8.8.8.8	192.168.2.22	0xc6dc	No error (0)	trial-eum-clientnsv4-s.akamaihd.net	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:41.001305103 CEST	8.8.8.8	192.168.2.22	0xcd4f	No error (0)	trial-eum-clienttons-s.akamaihd.net	trial-eum.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:41.001305103 CEST	8.8.8.8	192.168.2.22	0xcd4f	No error (0)	trial-eum.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:41.005368948 CEST	8.8.8.8	192.168.2.22	0xf696	No error (0)	x5qjnyixeeujqzrtphxa-f-1ae67ca9a-clientnsv4-s.akamaihd.net	x5qjnyixeeujqzrtphxa-f-1ae67ca9a.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:41.005368948 CEST	8.8.8.8	192.168.2.22	0xf696	No error (0)	x5qjnyixeeujqzrtphxa-f-1ae67ca9a.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:41.009506941 CEST	8.8.8.8	192.168.2.22	0xdde1	No error (0)	trial-eum-clienttons-s.akamaihd.net	trial-eum.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:41.009506941 CEST	8.8.8.8	192.168.2.22	0xdde1	No error (0)	trial-eum.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:41.012059927 CEST	8.8.8.8	192.168.2.22	0xfba3	No error (0)	trial-eum-clientnsv4-s.akamaihd.net	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:41.597656965 CEST	8.8.8.8	192.168.2.22	0x6f87	No error (0)	191-96-150-225_s-23-200-0-189_ts-1714649681-clienttons-s.akamaihd.net	191.96.150.225_s-23.200.0.189_ts-1714649681.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:41.597656965 CEST	8.8.8.8	192.168.2.22	0x6f87	No error (0)	191.96.150.225_s-23.200.0.189_ts-1714649681.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:41.601089954 CEST	8.8.8.8	192.168.2.22	0xe46b	No error (0)	191-96-150-225_s-23-200-0-189_ts-1714649681-clienttons-s.akamaihd.net	191.96.150.225_s-23.200.0.189_ts-1714649681.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:41.601089954 CEST	8.8.8.8	192.168.2.22	0xe46b	No error (0)	191.96.150.225_s-23.200.0.189_ts-1714649681.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:42.026365042 CEST	8.8.8.8	192.168.2.22	0x3d1f	No error (0)	www.google.com		172.217.1.4	A (IP address)	IN (0x0001)	false
May 2, 2024 13:34:42.032747030 CEST	8.8.8.8	192.168.2.22	0xd019	No error (0)	www.google.com			65	IN (0x0001)	false
May 2, 2024 13:34:42.119950056 CEST	8.8.8.8	192.168.2.22	0x33cc	No error (0)	191-96-150-225_s-23-200-0-189_ts-1714649681-clienttons-s.akamaihd.net	191.96.150.225_s-23.200.0.189_ts-1714649681.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:42.119950056 CEST	8.8.8.8	192.168.2.22	0x33cc	No error (0)	191.96.150.225_s-23.200.0.189_ts-1714649681.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:42.141491890 CEST	8.8.8.8	192.168.2.22	0x31f8	No error (0)	191-96-150-225_s-23-200-0-189_ts-1714649681-clienttons-s.akamaihd.net	191.96.150.225_s-23.200.0.189_ts-1714649681.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:42.141491890 CEST	8.8.8.8	192.168.2.22	0x31f8	No error (0)	191.96.150.225_s-23.200.0.189_ts-1714649681.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:44.855335951 CEST	8.8.8.8	192.168.2.22	0xdfc6	No error (0)	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47-clientnsv4-s.akamaihd.net	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:44.855335951 CEST	8.8.8.8	192.168.2.22	0xdfc6	No error (0)	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:44.930756092 CEST	8.8.8.8	192.168.2.22	0xa355	No error (0)	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47-clientnsv4-s.akamaihd.net	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:44.930756092 CEST	8.8.8.8	192.168.2.22	0xa355	No error (0)	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:48.992640972 CEST	8.8.8.8	192.168.2.22	0x1ab0	No error (0)	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47-clientnsv4-s.akamaihd.net	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:48.992640972 CEST	8.8.8.8	192.168.2.22	0x1ab0	No error (0)	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:49.377151966 CEST	8.8.8.8	192.168.2.22	0x7bf6	No error (0)	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47-clientnsv4-s.akamaihd.net	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)	false
May 2, 2024 13:34:49.377151966 CEST	8.8.8.8	192.168.2.22	0x7bf6	No error (0)	x5qjnyixzaabgzrtpjka-pom4j9-506af2c47.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

consent.truste.com

consent.trustarc.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.22	49171	18.164.96.99	443	1272	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:33:03 UTC	613	OUT	GET /notice?domain=netsuite.com&c=teconsent&js=bb&noticeType=bb&text=true&pcookie&gtm=1 HTTP/1.1 Host: consent.truste.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://developers.suitecommerce.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:33:03 UTC	471	IN	HTTP/1.1 200 OK Content-Type: text/javascript; charset=UTF-8 Content-Length: 14700 Connection: close Date: Thu, 02 May 2024 11:33:03 GMT Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 6e202b767e6bdee837ba15ada7e3120e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P5 X-Amz-Cf-Id: i-h3D1kJkE-XTin_Xmv9md570t1gNDWaabEvH7CR31qgnvF1RgikNw== Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: max-age=3600 Vary: Origin
2024-05-02 11:33:03 UTC	14700	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 74 72 75 73 74 65 5f 65 75 6d 61 70 28 29 7b 74 72 75 73 74 65 3d 73 65 6c 66 2e 74 72 75 73 74 65 7c 7c 7b 7d 3b 74 72 75 73 74 65 2e 65 75 7c 7c 28 74 72 75 73 74 65 2e 65 75 3d 7b 7d 29 3b 74 72 75 73 74 65 2e 75 74 69 6c 7c 7c 28 74 72 75 73 74 65 2e 75 74 69 6c 3d 7b 7d 29 3b 0a 74 72 75 73 74 65 2e 75 74 69 6c 2e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 70 2c 6c 2c 6f 29 7b 6f 3d 6f 7c 7c 7b 7d 3b 76 61 72 20 6e 3d 6c 26 26 6c 2e 74 6f 53 74 72 69 6e 67 28 29 7c 7c 22 22 2c 65 3d 6f 2e 63 61 6c 6c 65 72 7c 7c 22 22 3b 69 66 28 6c 26 26 6c 2e 73 74 61 63 6b 29 7b 6e 2b 3d 22 5c 6e 22 2b 6c 2e 73 74 61 63 6b 2e 6d 61 74 63 68 28 2f 28 40 7c 61 74 29 5b 5e 5c 6e 5c 72 5c 74 5d 2a 2f 29 5b 30 5d 2b 22 5c 6e 22 2b 6c 2e Data Ascii: function _truste_eumap(){truste=self.truste\|\|{};truste.eu\|\|(truste.eu={});truste.util\|\|(truste.util={});truste.util.error=function(p,l,o){o=o\|\|{};var n=l&&l.toString()\|\|"",e=o.caller\|\|"";if(l&&l.stack){n+="\n"+l.stack.match(/(@\|at)[^\n\r\t]*/)[0]+"\n"+l.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.22	49175	18.238.49.126	443	1272	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:33:06 UTC	761	OUT	GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=0a2b&referer=https://developers.suitecommerce.com HTTP/1.1 Host: consent.trustarc.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://developers.suitecommerce.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:33:06 UTC	1475	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 43 Connection: close Date: Thu, 02 May 2024 11:33:06 GMT Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Security-Policy: object-src 'none'; frame-ancestors https://.trustarc.com https://.prod.internal.trustarc.com https://.trustarc.eu https://.prod.internal.trustarc.eu https://.staging.internal.trustarc.com https://.trustarc-svc.net https://.truste-svc.net https://.qa.truste-svc.net https://.dev.truste-svc.net http://localhost: https://.nymity.com https://.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: cross-origin Expect-CT: enforce, max-age=60 Permissions-Policy: geolocation=(), camera=(), speaker=(), microphone=(), vibrate=() Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Cache: Miss from cloudfront Via: 1.1 92d8afc92e3597d245b2f6480cd44220.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: uJ4xtOvUtg_XQRja-lpVITsoKwcAIhlsrPf7MmtwCEQDdijA7DNvjA== Vary: Origin
2024-05-02 11:33:06 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 db df ef 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.22	49174	18.238.49.126	443	1272	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:33:06 UTC	603	OUT	GET /asset/notice.js/v/v1.7-3281 HTTP/1.1 Host: consent.trustarc.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" Origin: https://developers.suitecommerce.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://developers.suitecommerce.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:33:06 UTC	582	IN	HTTP/1.1 200 OK Content-Type: text/javascript Content-Length: 94921 Connection: close Date: Thu, 02 May 2024 10:52:52 GMT Last-Modified: Thu, 2 May 2024 01:55:11 GMT Pragma: public Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 2784337ad1bef2f5343cdf0842e12a80.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: wIbxOv7Emkxg7oemCRlBwj3dEWXCxrbg3lp9Vpw022URoP57m9SsVQ== Age: 2414 Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: max-age=2592000 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: *
2024-05-02 11:33:06 UTC	15802	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 74 72 75 73 74 65 5f 65 75 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 76 61 72 20 67 3d 74 72 75 73 74 65 2e 65 75 2e 62 69 6e 64 4d 61 70 3b 67 2e 66 65 61 74 2e 69 73 43 6f 6e 73 65 6e 74 52 65 74 72 69 65 76 65 64 3d 67 2e 66 65 61 74 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 3f 67 2e 66 65 61 74 2e 69 73 43 6f 6e 73 65 6e 74 52 65 74 72 69 65 76 65 64 3a 21 30 3b 69 66 28 21 74 2e 64 6f 6e 65 26 26 74 72 75 73 74 65 2e 75 74 69 6c 2e 69 73 43 6f 6e 73 65 6e 74 52 65 73 6f 6c 76 65 64 28 29 29 7b 74 2e 64 6f 6e 65 3d 21 30 3b 76 61 72 20 6b 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2c 63 3d 74 72 75 73 74 65 2e 75 74 69 6c 2e 72 65 61 64 43 6f 6f 6b 69 Data Ascii: function _truste_eu(){function t(){var g=truste.eu.bindMap;g.feat.isConsentRetrieved=g.feat.crossDomain?g.feat.isConsentRetrieved:!0;if(!t.done&&truste.util.isConsentResolved()){t.done=!0;var k=function(){var a=(new Date).getTime(),c=truste.util.readCooki
2024-05-02 11:33:06 UTC	16384	IN	Data Raw: 6c 65 6e 67 74 68 29 7b 76 61 72 20 64 3d 2b 63 5b 32 5d 3b 72 65 74 75 72 6e 2b 63 5b 31 5d 3d 3d 3d 61 26 26 64 3d 3d 3d 62 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 64 28 61 29 7b 76 61 72 20 62 3d 52 65 67 45 78 70 28 22 56 65 72 73 69 6f 6e 5b 2f 5d 2e 2a 20 53 61 66 61 72 69 5b 2f 5d 22 2c 0a 22 69 67 22 29 2e 65 78 65 63 28 61 29 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 6c 65 6e 67 74 68 3f 21 66 28 61 29 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 65 28 61 29 7b 72 65 74 75 72 6e 28 61 3d 52 65 67 45 78 70 28 22 5e 4d 6f 7a 69 6c 6c 61 5b 2f 5d 5b 2e 5c 5c 64 5d 2b 20 5b 28 5d 4d 61 63 69 6e 74 6f 73 68 3b 2e 2a 4d 61 63 20 4f 53 20 58 20 5b 5f 5c 5c 64 5d 2b 5b 29 5d 20 41 70 70 6c 65 57 65 62 4b 69 74 5b 2f 5d 5b 2e 5c 5c 64 5d 2b 20 5b Data Ascii: length){var d=+c[2];return+c[1]===a&&d===b}return!1}function d(a){var b=RegExp("Version[/].* Safari[/]","ig").exec(a);return b&&b.length?!f(a):!1}function e(a){return(a=RegExp("^Mozilla[/][.\\d]+ [(]Macintosh;.*Mac OS X [_\\d]+[)] AppleWebKit[/][.\\d]+ [
2024-05-02 11:33:06 UTC	16384	IN	Data Raw: 6f 77 2e 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 3b 61 3d 7b 73 6f 75 72 63 65 3a 22 6e 6f 74 69 63 65 5f 6a 73 22 2c 6d 65 73 73 61 67 65 3a 61 2c 64 61 74 61 3a 62 7d 3b 66 6f 72 28 76 61 72 20 66 20 69 6e 20 64 29 61 5b 66 5d 3d 64 5b 66 5d 3b 63 26 26 63 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 70 6f 73 74 4d 65 73 73 61 67 65 26 26 63 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 65 28 61 29 2c 22 2a 22 29 7d 3b 74 72 75 73 74 65 2e 65 75 2e 61 64 64 43 6c 6f 73 65 42 75 74 74 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 22 69 72 6d 22 3d 3d 3d 62 2c 65 3d 74 72 75 73 74 65 2e 75 74 69 6c 2e 76 61 6c 69 64 43 6f 6e 73 65 6e 74 28 61 2e 70 72 65 66 43 6f 6f 6b 69 65 29 7c 7c 61 2e Data Ascii: ow.JSON.stringify;a={source:"notice_js",message:a,data:b};for(var f in d)a[f]=d[f];c&&c.contentWindow.postMessage&&c.contentWindow.postMessage(e(a),"*")};truste.eu.addCloseButton=function(a,b,c){var d="irm"===b,e=truste.util.validConsent(a.prefCookie)\|\|a.
2024-05-02 11:33:06 UTC	16384	IN	Data Raw: 65 6e 74 4e 6f 64 65 26 26 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 61 29 3b 73 65 6c 66 2e 6f 6e 62 65 66 6f 72 65 75 6e 6c 6f 61 64 3d 3d 74 72 75 73 74 65 2e 65 75 2e 6f 6e 42 65 66 6f 72 65 55 6e 6c 6f 61 64 26 26 28 73 65 6c 66 2e 6f 6e 62 65 66 6f 72 65 75 6e 6c 6f 61 64 3d 6e 75 6c 6c 29 7d 3b 74 72 75 73 74 65 2e 65 75 2e 73 68 6f 77 43 4d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 76 61 72 20 62 2c 63 2c 64 3d 22 66 61 6c 73 65 22 3d 3d 61 3f 22 74 72 75 73 74 65 5f 76 69 73 69 62 69 6c 69 74 79 5f 68 69 64 64 65 6e 22 3a 61 3f 22 74 72 75 73 74 65 5f 76 69 73 69 62 69 6c 69 74 79 5f 76 69 73 69 62 6c 65 22 3a 22 74 72 75 73 74 65 5f 76 69 73 69 62 69 6c 69 74 79 5f 68 69 64 64 65 6e 22 3b 69 66 28 63 3d Data Ascii: entNode&&a.parentNode.removeChild(a);self.onbeforeunload==truste.eu.onBeforeUnload&&(self.onbeforeunload=null)};truste.eu.showCM=function(a){try{var b,c,d="false"==a?"truste_visibility_hidden":a?"truste_visibility_visible":"truste_visibility_hidden";if(c=
2024-05-02 11:33:06 UTC	16384	IN	Data Raw: 73 61 67 65 2c 64 2e 73 74 61 63 6b 29 7d 7d 3b 74 72 75 73 74 65 2e 65 75 2e 63 70 72 61 3d 7b 7d 3b 74 72 75 73 74 65 2e 65 75 2e 43 4f 4f 4b 49 45 5f 43 50 52 41 5f 46 49 4e 50 52 4f 47 3d 22 6e 6f 74 69 63 65 5f 63 70 72 61 5f 66 69 6e 70 72 6f 67 22 3b 74 72 75 73 74 65 2e 65 75 2e 43 4f 4f 4b 49 45 5f 43 50 52 41 5f 47 50 43 49 53 48 4f 4e 4f 52 45 44 3d 22 67 70 63 69 73 68 6f 6e 6f 72 65 64 22 3b 74 72 75 73 74 65 2e 65 75 2e 63 70 72 61 2e 73 68 6f 75 6c 64 53 68 6f 77 46 69 6e 50 72 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 72 75 73 74 65 2e 65 75 2e 62 69 6e 64 4d 61 70 2c 62 3d 74 72 75 73 74 65 2e 75 74 69 6c 2e 72 65 61 64 43 6f 6f 6b 69 65 28 74 72 75 73 74 65 2e 65 75 2e 43 4f 4f 4b 49 45 5f 43 50 52 41 5f 46 49 4e 50 Data Ascii: sage,d.stack)}};truste.eu.cpra={};truste.eu.COOKIE_CPRA_FINPROG="notice_cpra_finprog";truste.eu.COOKIE_CPRA_GPCISHONORED="gpcishonored";truste.eu.cpra.shouldShowFinProg=function(){var a=truste.eu.bindMap,b=truste.util.readCookie(truste.eu.COOKIE_CPRA_FINP
2024-05-02 11:33:06 UTC	13583	IN	Data Raw: 28 68 26 26 21 74 68 69 73 2e 65 6e 64 73 57 69 74 68 28 68 2c 63 29 29 7b 69 66 28 21 65 29 72 65 74 75 72 6e 7b 65 72 72 6f 72 3a 22 43 61 6c 6c 20 27 61 75 74 68 6f 72 69 74 79 27 20 70 61 72 61 6d 65 74 65 72 20 69 73 20 6d 69 73 73 69 6e 67 2e 20 41 6c 6c 20 72 65 71 75 65 73 74 73 20 66 6f 72 20 70 72 65 66 65 72 65 6e 63 65 73 20 6f 66 20 64 6f 6d 61 69 6e 73 20 6e 6f 74 20 79 6f 75 72 20 6f 77 6e 20 72 65 71 75 69 72 65 20 61 6e 20 61 75 74 68 6f 72 69 74 79 20 70 61 72 61 6d 65 74 65 72 2e 20 41 6e 20 27 61 75 74 68 6f 72 69 74 79 27 20 69 73 20 77 68 61 74 65 76 65 72 20 65 6e 74 69 74 79 20 68 61 73 20 61 70 70 72 6f 76 65 64 20 6f 72 20 72 65 71 75 65 73 74 65 64 20 79 6f 75 20 74 6f 20 6d 61 6b 65 20 74 68 69 73 20 63 61 6c 6c 2e 20 45 78 61 Data Ascii: (h&&!this.endsWith(h,c)){if(!e)return{error:"Call 'authority' parameter is missing. All requests for preferences of domains not your own require an authority parameter. An 'authority' is whatever entity has approved or requested you to make this call. Exa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.22	49176	18.238.49.99	443	1272	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:33:06 UTC	741	OUT	GET /get?name=crossdomain.html&domain=netsuite.com HTTP/1.1 Host: consent.trustarc.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://developers.suitecommerce.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:33:06 UTC	477	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 2178 Connection: close Date: Thu, 02 May 2024 11:16:31 GMT Pragma: public Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 79edbcc14c21322a469003752cc30af0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: _inIs-WSmcGIJe557y2LtoukJVVUL0eu4qmFbGuCGDi7JsCljNfT3A== Age: 995 Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: max-age=2592000 Vary: Origin
2024-05-02 11:33:06 UTC	2178	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 2c 74 2c 61 2c 72 2c 6e 2c 6f 3d 22 74 72 75 73 74 65 2e 63 6f 6e 73 65 6e 74 2e 22 2c 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 2c 61 3d 7b 7d 2c 65 3d 61 2e 5f 75 72 6c 3d 65 3b 69 66 28 65 3d 28 61 2e 5f 71 75 65 72 79 3d 65 2e 72 65 70 6c 61 63 65 28 2f 5e 5b 5e 3b 3f 23 5d 2a 5b 3b 3f 23 5d 2f 2c 22 22 29 29 2e 72 65 70 6c 61 63 65 28 2f 5b 23 3b 3f 26 5d 2b 2f 67 2c 22 26 22 29 29 66 6f 72 28 65 3d 65 2e 73 70 6c 69 74 28 22 26 22 29 2c 74 3d 65 2e 6c 65 6e 67 74 68 3b 30 3c 74 2d 2d 3b 29 7b 76 61 72 20 72 3d 65 5b 74 5d 2e 73 70 6c 69 74 28 22 3d 22 29 2c 6e 3d 72 2e 73 68 69 66 74 28 29 3b 61 5b 6e 5d 7c 7c 28 61 5b 6e 5d Data Ascii: <html><head><script>!function(){var e,t,a,r,n,o="truste.consent.",i=function(e){var t,a={},e=a._url=e;if(e=(a._query=e.replace(/^[^;?#]*[;?#]/,"")).replace(/[#;?&]+/g,"&"))for(e=e.split("&"),t=e.length;0<t--;){var r=e[t].split("="),n=r.shift();a[n]\|\|(a[n]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.22	49180	18.238.49.47	443	1272	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:33:06 UTC	512	OUT	GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=0a2b&referer=https://developers.suitecommerce.com HTTP/1.1 Host: consent.trustarc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:33:06 UTC	1474	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 43 Connection: close Date: Thu, 02 May 2024 11:33:06 GMT Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Security-Policy: object-src 'none'; frame-ancestors https://.trustarc.com https://.prod.internal.trustarc.com https://.trustarc.eu https://.prod.internal.trustarc.eu https://.staging.internal.trustarc.com https://.trustarc-svc.net https://.truste-svc.net https://.qa.truste-svc.net https://.dev.truste-svc.net http://localhost: https://.nymity.com https://.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: cross-origin Expect-CT: enforce, max-age=60 Permissions-Policy: geolocation=(), camera=(), speaker=(), microphone=(), vibrate=() Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Cache: Hit from cloudfront Via: 1.1 79edbcc14c21322a469003752cc30af0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: VqPLon5hqYj6vEGAlSlGvlnx8gaUeqgdKsOerGfbVuCDb-f35RDITw== Vary: Origin
2024-05-02 11:33:06 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 db df ef 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.22	49190	18.238.49.126	443	1272	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:33:10 UTC	761	OUT	GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=b4f6&referer=https://developers.suitecommerce.com HTTP/1.1 Host: consent.trustarc.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://developers.suitecommerce.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:33:10 UTC	1475	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 43 Connection: close Date: Thu, 02 May 2024 11:33:10 GMT Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Security-Policy: object-src 'none'; frame-ancestors https://.trustarc.com https://.prod.internal.trustarc.com https://.trustarc.eu https://.prod.internal.trustarc.eu https://.staging.internal.trustarc.com https://.trustarc-svc.net https://.truste-svc.net https://.qa.truste-svc.net https://.dev.truste-svc.net http://localhost: https://.nymity.com https://.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: cross-origin Expect-CT: enforce, max-age=60 Permissions-Policy: geolocation=(), camera=(), speaker=(), microphone=(), vibrate=() Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Cache: Miss from cloudfront Via: 1.1 6ca3dc9afd6f12cee41f6246e0c4aa8e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: lvN_4PqzpJdE54cPlp7jdmM4K0BzxCgp0Gsz6IqC3-fWYAqD3kvCkg== Vary: Origin
2024-05-02 11:33:10 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 db df ef 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.22	49193	18.238.49.47	443	1272	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:33:10 UTC	512	OUT	GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=b4f6&referer=https://developers.suitecommerce.com HTTP/1.1 Host: consent.trustarc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:33:11 UTC	1482	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 43 Connection: close Date: Thu, 02 May 2024 11:33:10 GMT Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Security-Policy: object-src 'none'; frame-ancestors https://.trustarc.com https://.prod.internal.trustarc.com https://.trustarc.eu https://.prod.internal.trustarc.eu https://.staging.internal.trustarc.com https://.trustarc-svc.net https://.truste-svc.net https://.qa.truste-svc.net https://.dev.truste-svc.net http://localhost: https://.nymity.com https://.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: cross-origin Expect-CT: enforce, max-age=60 Permissions-Policy: geolocation=(), camera=(), speaker=(), microphone=(), vibrate=() Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Cache: Hit from cloudfront Via: 1.1 a410463cf33c032bf74ee26bf94b81b2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: LKKVn1r7sXg55pK7cj1emUXsMJ-MNUB6_rHUjLO64VpnDeCECzcsFQ== Age: 1 Vary: Origin
2024-05-02 11:33:11 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 db df ef 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.22	49208	18.238.49.126	443	3024	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:34:40 UTC	761	OUT	GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=04d8&referer=https://developers.suitecommerce.com HTTP/1.1 Host: consent.trustarc.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://developers.suitecommerce.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:34:40 UTC	1475	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 43 Connection: close Date: Thu, 02 May 2024 11:34:40 GMT Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Security-Policy: object-src 'none'; frame-ancestors https://.trustarc.com https://.prod.internal.trustarc.com https://.trustarc.eu https://.prod.internal.trustarc.eu https://.staging.internal.trustarc.com https://.trustarc-svc.net https://.truste-svc.net https://.qa.truste-svc.net https://.dev.truste-svc.net http://localhost: https://.nymity.com https://.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: cross-origin Expect-CT: enforce, max-age=60 Permissions-Policy: geolocation=(), camera=(), speaker=(), microphone=(), vibrate=() Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Cache: Miss from cloudfront Via: 1.1 7cd7ee430e44b1f51cd2016b916ffa92.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: _ceSytkII-i6oLPV7wUi1gShMAd5RwOS0eq9LDFgspm6YCCeTG134w== Vary: Origin
2024-05-02 11:34:40 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 db df ef 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.22	49210	18.238.49.126	443	3024	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:34:40 UTC	761	OUT	GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=8408&referer=https://developers.suitecommerce.com HTTP/1.1 Host: consent.trustarc.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://developers.suitecommerce.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:34:40 UTC	1475	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 43 Connection: close Date: Thu, 02 May 2024 11:34:40 GMT Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Security-Policy: object-src 'none'; frame-ancestors https://.trustarc.com https://.prod.internal.trustarc.com https://.trustarc.eu https://.prod.internal.trustarc.eu https://.staging.internal.trustarc.com https://.trustarc-svc.net https://.truste-svc.net https://.qa.truste-svc.net https://.dev.truste-svc.net http://localhost: https://.nymity.com https://.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: cross-origin Expect-CT: enforce, max-age=60 Permissions-Policy: geolocation=(), camera=(), speaker=(), microphone=(), vibrate=() Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Cache: Miss from cloudfront Via: 1.1 7737ef6f12229d4564d45a2b0c059e2e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: O4wVhFoymuZ79P0iHAfqbjUISzg4jDstkHp-K3fe5xEhievuY4sDrQ== Vary: Origin
2024-05-02 11:34:40 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 db df ef 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.22	49215	18.238.49.99	443	3024	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:34:41 UTC	512	OUT	GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=04d8&referer=https://developers.suitecommerce.com HTTP/1.1 Host: consent.trustarc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:34:41 UTC	1482	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 43 Connection: close Date: Thu, 02 May 2024 11:34:40 GMT Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Security-Policy: object-src 'none'; frame-ancestors https://.trustarc.com https://.prod.internal.trustarc.com https://.trustarc.eu https://.prod.internal.trustarc.eu https://.staging.internal.trustarc.com https://.trustarc-svc.net https://.truste-svc.net https://.qa.truste-svc.net https://.dev.truste-svc.net http://localhost: https://.nymity.com https://.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: cross-origin Expect-CT: enforce, max-age=60 Permissions-Policy: geolocation=(), camera=(), speaker=(), microphone=(), vibrate=() Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Cache: Hit from cloudfront Via: 1.1 8ca7450d970f904109dac7e068234b78.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: VUnFwgPMWrlDnk-Tj20BjkST7AP1pAuzR9uMVJDZ3SBEFYR-mnpouQ== Age: 1 Vary: Origin
2024-05-02 11:34:41 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 db df ef 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.22	49216	18.238.49.99	443	3024	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:34:41 UTC	512	OUT	GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=8408&referer=https://developers.suitecommerce.com HTTP/1.1 Host: consent.trustarc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:34:41 UTC	1482	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 43 Connection: close Date: Thu, 02 May 2024 11:34:40 GMT Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Security-Policy: object-src 'none'; frame-ancestors https://.trustarc.com https://.prod.internal.trustarc.com https://.trustarc.eu https://.prod.internal.trustarc.eu https://.staging.internal.trustarc.com https://.trustarc-svc.net https://.truste-svc.net https://.qa.truste-svc.net https://.dev.truste-svc.net http://localhost: https://.nymity.com https://.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: cross-origin Expect-CT: enforce, max-age=60 Permissions-Policy: geolocation=(), camera=(), speaker=(), microphone=(), vibrate=() Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Cache: Hit from cloudfront Via: 1.1 ae51343dd6ef5c549d5af91c7efd8f00.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: -PKyth1BA2N837S-X7c_egXyfePv9_3PHt2mJtkyaSsNnDNyGaoV3Q== Age: 1 Vary: Origin
2024-05-02 11:34:41 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 db df ef 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.22	49228	18.238.49.126	443	3024	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:34:51 UTC	761	OUT	GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=954e&referer=https://developers.suitecommerce.com HTTP/1.1 Host: consent.trustarc.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://developers.suitecommerce.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:34:52 UTC	1475	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 43 Connection: close Date: Thu, 02 May 2024 11:34:51 GMT Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Security-Policy: object-src 'none'; frame-ancestors https://.trustarc.com https://.prod.internal.trustarc.com https://.trustarc.eu https://.prod.internal.trustarc.eu https://.staging.internal.trustarc.com https://.trustarc-svc.net https://.truste-svc.net https://.qa.truste-svc.net https://.dev.truste-svc.net http://localhost: https://.nymity.com https://.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: cross-origin Expect-CT: enforce, max-age=60 Permissions-Policy: geolocation=(), camera=(), speaker=(), microphone=(), vibrate=() Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Cache: Miss from cloudfront Via: 1.1 a363b826ba48f4e79f7e95839a3bcf3a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: AQURhHymO6DF7UrzC0qOmXAsV-pjwOdsV9wNbOOD5kCKOh2n2p-NKg== Vary: Origin
2024-05-02 11:34:52 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 db df ef 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.22	49231	18.238.49.99	443	3024	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-02 11:34:52 UTC	512	OUT	GET /log?domain=netsuite.com&country=us&state=&behavior=implied&session=fe66ed85-051c-47ef-adb5-9fec036d1646&userType=NEW&c=954e&referer=https://developers.suitecommerce.com HTTP/1.1 Host: consent.trustarc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-02 11:34:52 UTC	1474	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 43 Connection: close Date: Thu, 02 May 2024 11:34:51 GMT Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Security-Policy: object-src 'none'; frame-ancestors https://.trustarc.com https://.prod.internal.trustarc.com https://.trustarc.eu https://.prod.internal.trustarc.eu https://.staging.internal.trustarc.com https://.trustarc-svc.net https://.truste-svc.net https://.qa.truste-svc.net https://.dev.truste-svc.net http://localhost: https://.nymity.com https://.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: cross-origin Expect-CT: enforce, max-age=60 Permissions-Policy: geolocation=(), camera=(), speaker=(), microphone=(), vibrate=() Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none X-Cache: Hit from cloudfront Via: 1.1 8ca7450d970f904109dac7e068234b78.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: Kdk8EjpNa5iXDtTK7goAcfdD7cCugShV7oRfcRY2XcEfjvHfuo5Ovw== Vary: Origin
2024-05-02 11:34:52 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 db df ef 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXEPID: 1884, Parent PID: 564

General

Target ID:	0
Start time:	13:32:24
Start date:	02/05/2024
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Imagebase:	0x13f5b0000
File size:	28'253'536 bytes
MD5 hash:	D53B85E21886D2AF9815C377537BCAC3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 200, Parent PID: 1700

General

Target ID:	2
Start time:	13:32:51
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x13f9d0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1272, Parent PID: 200

General

Target ID:	3
Start time:	13:32:53
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1240,i,11634466219794985678,4912698025010066161,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x13f9d0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3744, Parent PID: 1700

General

Target ID:	6
Start time:	13:32:55
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html"
Imagebase:	0x13f9d0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3940, Parent PID: 1700

General

Target ID:	7
Start time:	13:33:15
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x13f9d0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3480, Parent PID: 3940

General

Target ID:	8
Start time:	13:33:15
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1260,i,1358086589368310172,12834293717432727040,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x13f9d0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3488, Parent PID: 1700

General

Target ID:	11
Start time:	13:33:47
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html"
Imagebase:	0x13f9d0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3424, Parent PID: 3488

General

Target ID:	12
Start time:	13:33:48
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1272,i,4941910042198906798,14307021731387216113,131072 /prefetch:8
Imagebase:	0x13f9d0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2060, Parent PID: 1700

General

Target ID:	14
Start time:	13:34:35
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x13fcb0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3024, Parent PID: 2060

General

Target ID:	15
Start time:	13:34:35
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1348,i,5730947123427631772,2944053335706487817,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x13fcb0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3104, Parent PID: 1700

General

Target ID:	18
Start time:	13:34:38
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://developers.suitecommerce.com/suitecommerce-theme-and-extension-reference-sites.html"
Imagebase:	0x13fcb0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3304, Parent PID: 1700

General

Target ID:	19
Start time:	13:34:57
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x13fcb0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2404, Parent PID: 3304

General

Target ID:	20
Start time:	13:34:57
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1108,i,12411054581442439668,13136626987919913711,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x13fcb0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3492, Parent PID: 1700

General

Target ID:	21
Start time:	13:35:29
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "https://netsuite.custhelp.com/app/answers/detail/a_id/73898"
Imagebase:	0x13fcb0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2652, Parent PID: 3492

General

Target ID:	22
Start time:	13:35:29
Start date:	02/05/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=892,i,14382479072840613400,10629495472375794697,131072 /prefetch:8
Imagebase:	0x13fcb0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\FE2D.tmp

C:\Users\user\AppData\Local\Temp\~DF436E4BF708717BC0.TMP

C:\Users\user\Desktop\~$Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Chrome Cache Entry: 171

Chrome Cache Entry: 172

Chrome Cache Entry: 173

Chrome Cache Entry: 174

Chrome Cache Entry: 175

Chrome Cache Entry: 176

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Chrome Cache Entry: 183

Chrome Cache Entry: 184

Chrome Cache Entry: 185

Chrome Cache Entry: 186

Chrome Cache Entry: 187

Chrome Cache Entry: 188

Chrome Cache Entry: 189

Chrome Cache Entry: 190

Chrome Cache Entry: 191

Chrome Cache Entry: 192

Chrome Cache Entry: 193

Chrome Cache Entry: 194

Windows Analysis Report
Zehnder_SuiteCommerce_Zehnder Rittling (4 29 2024).xlsx