Edit tour

Windows Analysis Report
COL231200539.pdf

Overview

General Information

Sample name:	COL231200539.pdf
Analysis ID:	1361272
MD5:	2cbdf10d5ea5eb808c27ccffbaefbf8a
SHA1:	7cd523652ba344459f948ed61546b04c93951bd9
SHA256:	ced118b23f63946c83c57b433b930ede0bcb9e2f5678582c3ba9d630aed49f5f
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Creates files inside the system directory

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

No malicious behavior found, analyze the document also on other version of Office / Acrobat

Process Tree

System is w10x64

Acrobat.exe (PID: 6948 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\COL231200539.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2520 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7360 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1596,i,11253565814295402160,13350661113819921050,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 5852 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "http://www.manutan-collectivites.fr MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1992,i,12487864990220863951,12704819009370815086,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/html; charset=windows-1252Content-Length: 6536Connection: keep-aliveDate: Wed, 13 Dec 2023 10:42:24 GMTCache-Control: s-maxage=0, private, no-cache, no-store, must-revalidateExpires: 0X-fstrz: o,clcContent-Encoding: gzipX-gen-id: e019a841796546c0a9125e9c3436c558Server: fasterizex-unique-id: 8f53ecb42744537d2014b6b880d7f668Vary: Accept-EncodingX-Cache: Miss from cloudfrontVia: 1.1 b613a3aa337386f7b6ef8d2aac02e3d6.cloudfront.net (CloudFront)X-Amz-Cf-Pop: MIA3-C4X-Amz-Cf-Id: SZY0fLdpxnZh2Syu-WROBdlaY24ATABRbLFuQ7tAd4ZDFtAFLP-WWw==Data Raw: 1f 8b 08 00 00 00 00 00 02 03 ed 3c 6b 53 db c8 b2 9f 6f aa f2 1f c6 3a 5b 46 0a 63 f9 05 49 90 2c 38 bc 12 9c 85 84 00 09 1b 72 b2 a9 91 34 92 05 b2 e4 95 64 1b 83 fd df 6f f7 8c e4 17 ce 6e ce d9 7b ef 87 5b a6 0a 5b f3 ea e9 d7 74 f7 8c da d3 3a b9 3a 3b dd 25 ad 0e 67 ee 6e 2b cd 46 21 df d5 bd e4 a1 12 74 fd c7 0e 0f fc 4e 66 b0 7e 16 9b 93 56 55 b6 92 96 cd 52 4e 3a 09 f7 2c a5 93 65 3d a3 5a 1d 0e 87 7a 97 45 fd 8c 45 15 27 0e 43 ee 64 c1 20 c8 78 0a a0 aa 0a 0c 91 43 9f 3f fb 2f 3b 76 47 f0 f5 08 ff 5e 1c 65 15 8f 75 83 70 64 10 e5 92 fb 31 27 9f da 0a 25 ca 80 27 2e 8b 98 42 e0 79 3f 09 58 a8 98 38 94 39 77 7e 12 f7 23 b7 92 f0 1e 67 99 41 e4 77 e5 1e 9b bb 2c f1 83 a8 92 c5 3d 83 34 6a bd f9 ba 90 7b d9 ac 72 02 ff 9d 7a 8e 44 81 47 1a 3c 70 e8 a2 37 78 d7 2c ea 86 92 7c 12 c5 49 97 85 58 0d 88 65 81 c3 c2 0a 0b 03 3f 32 ec 38 cb e2 ee f2 e4 af 16 e6 96 7d 0c b2 35 9d fc f9 b3 4e 83 54 5f 90 7e ca 5d e2 c5 09 39 01 de 07 91 4f 82 88 9c 31 f8 38 00 1e 91 17 d5 79 36 49 f4 ea 7f 8a dc 9f 30 a0 40 a2 3e 45 a2 d3 5c 40 21 e3 f7 19 ce df c5 f9 ed ff 6c fe 30 88 78 25 57 19 52 d7 b7 f8 13 ce d4 ff 0a 2b dd 05 b5 71 79 92 4f 6d c7 09 14 a6 fd fe 71 f0 f2 e0 f0 f0 25 f6 27 69 1c 06 6e 3e aa d0 cc 56 ea 24 41 2f db f5 d2 2c 79 b0 4a 35 d3 f4 fa 11 68 62 1c 11 d0 e8 0b de 8d 07 fc 28 e8 f2 28 85 aa f4 8a f9 2a 28 b9 46 1e 9f 91 fc af 5a 25 6e 1c 6d 64 04 e4 1c 78 a3 fd b4 07 8a 7c c1 00 02 09 3c 92 75 38 09 ba cc 87 cf 14 c8 ce 48 18 33 97 bb d3 d1 d0 45 2d 01 44 dd 09 59 9a 9e 06 69 a6 3b c0 29 e0 68 aa 6e 84 ec 61 04 48 6c 68 f3 f3 11 92 25 a3 85 32 21 30 24 cd 40 b1 23 a0 9c bb f3 28 58 04 81 0f 03 37 eb 90 aa 78 96 cc 36 57 8c 0f a2 2c 81 79 b9 f3 14 40 c4 b2 7e c2 c2 eb 39 38 79 d5 c9 0a 70 c0 12 d0 08 24 dd c1 55 3f ec 00 56 a2 c8 5c 37 10 ac 8d 3d 22 71 62 91 4b 24 46 84 65 30 bd dd cf 88 d3 61 91 9f 0f 10 98 90 04 51 59 98 02 f9 b6 50 41 40 51 6a e4 c5 52 1d 81 c5 91 75 74 66 a7 aa ba 8a 3d 95 95 44 6b 40 e2 ea fe 9b 3f ec df 00 21 ed 2e cd be bd 50 d6 96 84 46 04 1b 13 a1 61 fb 39 ed 5c dd 10 7c d9 d0 cc Data Ascii: <kSo:[FcI,8r4don{[[t::;%gn+F!tNf~VURN:,e=ZzEE'Cd xC?/;vG^eupd1'%'.By?X89w~#gAw,=4j{rzDG<p7x,|IXe?28}5NT_~]9O18

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ysTDZMxgS+v43hE&MD=zHv4vut8 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ysTDZMxgS+v43hE&MD=zHv4vut8 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /aperture/aperture.js HTTP/1.1Host: cdn.perfdrive.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://www.manutan-collectivites.fr/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.manutan-collectivites.frConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://www.manutan-collectivites.fr/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=000000000000000000000000000000000000000085E7C23D86 HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.manutan-collectivites.frConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fstrz/defer-183359f612fc89e6ec64e10cba30990d.js HTTP/1.1Host: www.manutan-collectivites.frConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.manutan-collectivites.fr/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fstrz/beacon-1.19.0.min.js HTTP/1.1Host: www.manutan-collectivites.frConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://www.manutan-collectivites.fr/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.manutan-collectivites.frConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.manutan-collectivites.fr/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: fstrz_vary=nonconnecte; __ssds=2
Source: global traffic	HTTP traffic detected: GET /manutan-collectivites.fr/jsdatabotmanager? HTTP/1.1Host: www.manutan-collectivites.frConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: fstrz_vary=nonconnecte; __ssds=2; __ssuzjsr2=a9be0cd8e; __uzmaj2=dee4af17-b0d2-43d4-9dad-126ca246b008; __uzmbj2=1702464146; __uzmcj2=142511070824; __uzmdj2=1702464146
Source: global traffic	HTTP traffic detected: GET /manutan-collectivites.fr/jsdatabotmanager? HTTP/1.1Host: www.manutan-collectivites.frConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: fstrz_vary=nonconnecte; __ssds=2; __ssuzjsr2=a9be0cd8e; __uzmaj2=dee4af17-b0d2-43d4-9dad-126ca246b008; __uzmbj2=1702464146; __uzmcj2=142511070824; __uzmdj2=1702464146

Source: unknown

DNS traffic detected: queries for: www.manutan-collectivites.fr

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 13 Dec 2023 10:42:27 GMTx-unique-id: 33b99ef7069dc0e660614c01e148c95econtent-security-policy: font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com chrome-extension: https://*.hotjar.com https://*.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.yotpo.com https://www.google.com/recaptcha/api2/anchor https://www.google.com/recaptcha/api2/bframe https://*.hotjar.com https://*.hotjar.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71

Source: COL231200539.pdf	String found in binary or memory: http://www.manutan-collectivites.fr)
Source: chromecache_197.10.dr	String found in binary or memory: https://cas.avalon.perfdrive.com/jsdata
Source: COL231200539.pdf	String found in binary or memory: https://www.manutan-collectivites.fr/catalogsearch/result/?q=LE05732A&send=)
Source: COL231200539.pdf	String found in binary or memory: https://www.manutan-collectivites.fr/catalogsearch/result/?q=LE05765N&send=)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 23.202.101.159:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.101.159:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5852_1109576223

Jump to behavior

Source: classification engine

Classification label: clean1.winPDF@40/45@16/10

Source: COL231200539.pdf	Initial sample: https://www.manutan-collectivites.fr/catalogsearch/result/?q=LE05765N&send=
Source: COL231200539.pdf	Initial sample: https://www.manutan-collectivites.fr/catalogsearch/result/?q=le05765n&send=
Source: COL231200539.pdf	Initial sample: http://www.manutan-collectivites.fr
Source: COL231200539.pdf	Initial sample: https://www.manutan-collectivites.fr/catalogsearch/result/?q=le05732a&send=
Source: COL231200539.pdf	Initial sample: https://www.manutan-collectivites.fr/catalogsearch/result/?q=LE05732A&send=

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.5796

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-12-13 11-41-30-908.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\COL231200539.pdf
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1596,i,11253565814295402160,13350661113819921050,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "http://www.manutan-collectivites.fr
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1992,i,12487864990220863951,12704819009370815086,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1596,i,11253565814295402160,13350661113819921050,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1992,i,12487864990220863951,12704819009370815086,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: COL231200539.pdf	Initial sample: PDF keyword /JS count = 0
Source: COL231200539.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: COL231200539.pdf

Initial sample: PDF keyword stream count = 37

Source: COL231200539.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: COL231200539.pdf

Initial sample: PDF keyword obj count = 113

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
1 Spearphishing Link	Windows Management Instrumentation	Path Interception	1 Process Injection	11 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	5 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	6 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	4 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
COL231200539.pdf	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
cdn.perfdrive.com	0%	Virustotal		Browse
www.manutan-collectivites.fr	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://www.manutan-collectivites.fr/catalogsearch/result/?q=LE05732A&send=)	0%	Avira URL Cloud	safe
http://www.manutan-collectivites.fr/manutan-collectivites.fr/jsdatabotmanager?	0%	Avira URL Cloud	safe
http://www.manutan-collectivites.fr/fstrz/beacon-1.19.0.min.js	0%	Avira URL Cloud	safe
http://www.manutan-collectivites.fr/fstrz/r/stats-euwest1.fzcdn.net/cwv	0%	Avira URL Cloud	safe
http://www.manutan-collectivites.fr/favicon.ico	0%	Avira URL Cloud	safe
https://www.manutan-collectivites.fr/catalogsearch/result/?q=LE05765N&send=)	0%	Avira URL Cloud	safe
http://www.manutan-collectivites.fr/fstrz/defer-183359f612fc89e6ec64e10cba30990d.js	0%	Avira URL Cloud	safe
http://www.manutan-collectivites.fr)	0%	Avira URL Cloud	safe
https://www.manutan-collectivites.fr/favicon.ico	0%	Avira URL Cloud	safe
https://cdn.perfdrive.com/aperture/aperture.js	0%	Avira URL Cloud	safe
https://cas.avalon.perfdrive.com/jsdata	0%	Avira URL Cloud	safe
https://cdn.perfdrive.com/aperture/aperture.js	0%	Virustotal		Browse
https://cas.avalon.perfdrive.com/jsdata	0%	Virustotal		Browse

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cdn.perfdrive.com	130.211.29.114	true	false	0%, Virustotal, Browse	unknown
accounts.google.com	142.250.217.205	true	false		high
dm55nfpks3cnx.cloudfront.net	65.8.178.2	true	false		high
www.google.com	192.178.50.68	true	false		high
clients.l.google.com	192.178.50.78	true	false		high
clients1.google.com	unknown	unknown	false		high
clients2.google.com	unknown	unknown	false		high
www.manutan-collectivites.fr	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.manutan-collectivites.fr/favicon.ico	false	Avira URL Cloud: safe	unknown
http://www.manutan-collectivites.fr/manutan-collectivites.fr/jsdatabotmanager?	false	Avira URL Cloud: safe	unknown
http://www.manutan-collectivites.fr/fstrz/r/stats-euwest1.fzcdn.net/cwv	false	Avira URL Cloud: safe	unknown
http://www.manutan-collectivites.fr/fstrz/beacon-1.19.0.min.js	false	Avira URL Cloud: safe	unknown
http://www.manutan-collectivites.fr/fstrz/defer-183359f612fc89e6ec64e10cba30990d.js	false	Avira URL Cloud: safe	unknown
http://www.manutan-collectivites.fr/	false		unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://cdn.perfdrive.com/aperture/aperture.js	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://clients1.google.com/tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=000000000000000000000000000000000000000085E7C23D86	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://www.manutan-collectivites.fr/favicon.ico	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.manutan-collectivites.fr/catalogsearch/result/?q=LE05732A&send=)	COL231200539.pdf	false	Avira URL Cloud: safe	unknown
https://www.manutan-collectivites.fr/catalogsearch/result/?q=LE05765N&send=)	COL231200539.pdf	false	Avira URL Cloud: safe	unknown
https://cas.avalon.perfdrive.com/jsdata	chromecache_197.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.manutan-collectivites.fr)	COL231200539.pdf	false	Avira URL Cloud: safe	low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
130.211.29.114	cdn.perfdrive.com	United States	15169	GOOGLEUS	false
192.178.50.78	clients.l.google.com	United States	15169	GOOGLEUS	false
65.8.178.96	unknown	United States	16509	AMAZON-02US	false
192.178.50.68	www.google.com	United States	15169	GOOGLEUS	false
65.8.178.92	unknown	United States	16509	AMAZON-02US	false
142.250.217.205	accounts.google.com	United States	15169	GOOGLEUS	false
23.44.192.175	unknown	United States	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
65.8.178.2	dm55nfpks3cnx.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1361272
Start date and time:	2023-12-13 11:40:35 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	COL231200539.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@40/45@16/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.43.44.135, 3.233.129.217, 52.6.155.20, 52.22.41.97, 3.219.243.226, 23.219.155.180, 23.219.155.176, 23.219.155.189, 23.219.155.181, 23.219.155.174, 23.219.155.185, 23.219.155.182, 23.219.155.178, 23.219.155.177, 172.64.41.3, 162.159.61.3, 23.219.155.191, 23.219.155.137, 23.219.155.139, 23.219.155.144, 23.219.155.138, 23.219.155.190, 208.111.136.0, 192.229.211.108, 23.219.155.187, 23.219.155.136, 23.223.245.66, 23.223.245.82, 23.219.155.148, 23.219.155.149, 23.219.155.142, 23.219.155.145, 23.219.155.146, 192.178.50.67, 34.104.35.123, 172.217.2.202, 142.250.64.234, 142.250.217.202, 142.250.64.138, 142.250.64.170, 142.250.64.202, 192.178.50.42, 142.250.217.170, 192.178.50.74, 142.250.217.234, 172.217.3.74, 142.250.189.138, 23.219.155.153, 23.219.155.143, 23.219.155.154, 23.219.155.157, 23.219.155.172, 23.219.155.167, 23.219.155.175, 23.219.155.168, 23.219.155.170, 23.219.155.173, 23.219.155.166, 23.219.155.156, 23.219.155.152, 23.219.155.158, 23.219.155.159, 23.219.155
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://poste.192-71-172-76.cprapid.com/it/	Get hash	malicious	Unknown	Browse
	vtayVzet1o.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	http://myowndomain394863467.com	Get hash	malicious	Unknown	Browse
	tTV265f95E.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	http://leftaaa.com	Get hash	malicious	Unknown	Browse
	http://vulnerabilityassessments.life	Get hash	malicious	Unknown	Browse
	OZLJBFShEv.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	http://url4950.cardamomauction.com/ls/click?upn=egCPuzUzE3IgDlrJllQ8yUBDO8VIETbuALPBUwtYINtrfRoh4niogEH8ew5kcjpQHM6X_5oPQIRm8LVmW-2FxweY307RHB6-2FfahtC57rDiHjDqcmR3wVeFHqU860zUYKXVGazyJpxMz-2BcQ5uK-2BNpDHERkaIkSLRnnlu-2Fc6D63JAIl8JEZb1GxYrBpkUR5dGmGiZ7tVIHJtwdg2sVnEwwf6w1QvIy9Zxou6xRVLuTVo-2BvDlX32eGOdm-2FS4cfnyxoMZpQM-2FzWDOoNZbiI7Zh9oLibZCTy9w-3D-3D#offer/001mu/120/frznm/ijv/41/79	Get hash	malicious	Phisher	Browse
	FED-POL652663234.svg	Get hash	malicious	Unknown	Browse
	HfUmZp67by.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	https://brahmacouncil.com/dm/POA35BT56TT.bat	Get hash	malicious	Dynamic Stealer	Browse
	https://www.dropbox.com/scl/fi/04j0yv6ws6x715fqbog99/France-Global-Relocation.docx?rlkey=2t6h0jfscz9hzr4gczaqqfdwg&dl=0	Get hash	malicious	Unknown	Browse
	Mw1Toi3D0h.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	20231211094402003619996_1_0.eml	Get hash	malicious	Unknown	Browse
	4lodHjhKT8.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	l8dXzF9CAA.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	QJzFvfW73y.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse
	https://assets-eur.mkt.dynamics.com/33d12dca-3e82-ee11-8174-0022489d7042/digitalassets/standaloneforms/ee2aa584-2f98-ee11-be37-000d3ab37fd0	Get hash	malicious	Unknown	Browse
	https://zjvslnnrkw.olep0.com/	Get hash	malicious	Unknown	Browse
	http://tracking.autorecycles.com/tracking/click?d=OrpweRVshItmHO3qVpYwgxv2bLW1RvchguKAT0tWwa-YMNBNlOhejdMMRFkcBCtyNQVGgcfjnRT2fomJfKy_oXvuV32lLppBtXr7Il-zakoxwo5oPgoRL3Xf-t2mEetvAO4fjcG5KWJMxSmSgq3RQjQ1	Get hash	malicious	Unknown	Browse
23.44.192.175	https://www.gladandgolden.com/_files/ugd/f08a93_3617dc30f9064df7b5b9e1568b5a3532.pdf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	https://poste.192-71-172-76.cprapid.com/it/	Get hash	malicious	Unknown	Browse	18.239.225.65
	vtayVzet1o.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.100
	qyU5Hw6awV.elf	Get hash	malicious	Gafgyt, Mirai	Browse	34.249.145.219
	TkvaWZrzMF.elf	Get hash	malicious	Gafgyt, Mirai	Browse	54.247.62.1
	Mu6R9Zp5uN.elf	Get hash	malicious	Gafgyt, Mirai	Browse	54.171.230.55
	tTV265f95E.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.100
	http://leftaaa.com	Get hash	malicious	Unknown	Browse	52.46.143.56
	OZLJBFShEv.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.100
	http://url4950.cardamomauction.com/ls/click?upn=egCPuzUzE3IgDlrJllQ8yUBDO8VIETbuALPBUwtYINtrfRoh4niogEH8ew5kcjpQHM6X_5oPQIRm8LVmW-2FxweY307RHB6-2FfahtC57rDiHjDqcmR3wVeFHqU860zUYKXVGazyJpxMz-2BcQ5uK-2BNpDHERkaIkSLRnnlu-2Fc6D63JAIl8JEZb1GxYrBpkUR5dGmGiZ7tVIHJtwdg2sVnEwwf6w1QvIy9Zxou6xRVLuTVo-2BvDlX32eGOdm-2FS4cfnyxoMZpQM-2FzWDOoNZbiI7Zh9oLibZCTy9w-3D-3D#offer/001mu/120/frznm/ijv/41/79	Get hash	malicious	Phisher	Browse	99.84.245.208
	MDf07Zv8gV.exe	Get hash	malicious	Njrat	Browse	54.94.248.37
	HfUmZp67by.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.69
	https://www.dropbox.com/scl/fi/04j0yv6ws6x715fqbog99/France-Global-Relocation.docx?rlkey=2t6h0jfscz9hzr4gczaqqfdwg&dl=0	Get hash	malicious	Unknown	Browse	13.226.52.36
	Mw1Toi3D0h.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.69
	4lodHjhKT8.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.100
	l8dXzF9CAA.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.53
	QJzFvfW73y.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.100
	SecuriteInfo.com.Linux.Mirai.4338.22104.4666.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	https://netfl1x.vercel.app/	Get hash	malicious	Unknown	Browse	108.156.83.58
	https://web.91-92-246-172.cprapid.com/amex/	Get hash	malicious	Unknown	Browse	99.84.252.109
	https://steam.dotaworkshops.com/	Get hash	malicious	Unknown	Browse	52.89.73.205
AKAMAI-ASN1EU	https://poste.192-71-172-76.cprapid.com/it/	Get hash	malicious	Unknown	Browse	23.44.193.58
	FED-POL652663234.svg	Get hash	malicious	Unknown	Browse	23.223.245.40
	Mw1Toi3D0h.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	23.204.156.86
	4lodHjhKT8.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	104.127.87.210
	l8dXzF9CAA.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	104.127.87.210
	QJzFvfW73y.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	23.8.65.235
	https://steamcommunitsy.com/redemwalletcode/59709436	Get hash	malicious	HtmlDropper	Browse	23.44.193.166
	9b7eb368-a906-4e0e-97c2-310fd3b9f90a.eml	Get hash	malicious	HTMLPhisher	Browse	23.222.77.153
	Call-Recording Attached From 737________ On 12_12_23 for 45 sec.eml	Get hash	malicious	Unknown	Browse	23.204.76.112
	phish_alert_GA1.0.72-0 (31).eml	Get hash	malicious	HTMLPhisher	Browse	23.204.76.112
	rp2	Get hash	malicious	Unknown	Browse	23.59.183.23
	https://r20.rs6.net/tn.jsp?f=001MAdyYFwpLpOGT5rzo6GYUec2NMmDDbUBDgHtqpz1evGRiJX5tCB9tVmKxQPXfX9mnsOBqYxIoXwXaOXeaiMFMznnGCTaBxDEqusKhM9axNeWNj7WJk55ygUm2nR1d2X-ygr1qO_fxPZe5tim1-OafBD-VJi79-L8igSWYqEM2cQ=&c=&ch==&__=/roxanne.butler@magairports.com	Get hash	malicious	HTMLPhisher	Browse	23.205.165.211
	https://discvillage.godaddysites.com/	Get hash	malicious	HTMLPhisher	Browse	23.213.205.19
	f_000528	Get hash	malicious	Unknown	Browse	23.204.77.90
	https://p.feedblitz.com/t3.asp?/1081591/102442729/7821567_/~feeds.feedblitz.com/~/t/0/0/sethsblog/posts/~cinebarta.com/YWdhdGEuemlvbGtvd3NrYUBjY2MuZXU=	Get hash	malicious	HTMLPhisher	Browse	23.222.78.17
	https://lucid.app/	Get hash	malicious	Unknown	Browse	23.222.77.225
	ATT00001.htm	Get hash	malicious	Unknown	Browse	172.232.163.220
	https://www.gladandgolden.com/_files/ugd/f08a93_3617dc30f9064df7b5b9e1568b5a3532.pdf	Get hash	malicious	Unknown	Browse	23.44.192.175
	http://httpshelpsteamcnrepair.com/	Get hash	malicious	Unknown	Browse	23.205.130.99
	http://steancomunitty.com/	Get hash	malicious	Unknown	Browse	104.86.191.152
AMAZON-02US	https://poste.192-71-172-76.cprapid.com/it/	Get hash	malicious	Unknown	Browse	18.239.225.65
	vtayVzet1o.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.100
	qyU5Hw6awV.elf	Get hash	malicious	Gafgyt, Mirai	Browse	34.249.145.219
	TkvaWZrzMF.elf	Get hash	malicious	Gafgyt, Mirai	Browse	54.247.62.1
	Mu6R9Zp5uN.elf	Get hash	malicious	Gafgyt, Mirai	Browse	54.171.230.55
	tTV265f95E.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.100
	http://leftaaa.com	Get hash	malicious	Unknown	Browse	52.46.143.56
	OZLJBFShEv.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.100
	http://url4950.cardamomauction.com/ls/click?upn=egCPuzUzE3IgDlrJllQ8yUBDO8VIETbuALPBUwtYINtrfRoh4niogEH8ew5kcjpQHM6X_5oPQIRm8LVmW-2FxweY307RHB6-2FfahtC57rDiHjDqcmR3wVeFHqU860zUYKXVGazyJpxMz-2BcQ5uK-2BNpDHERkaIkSLRnnlu-2Fc6D63JAIl8JEZb1GxYrBpkUR5dGmGiZ7tVIHJtwdg2sVnEwwf6w1QvIy9Zxou6xRVLuTVo-2BvDlX32eGOdm-2FS4cfnyxoMZpQM-2FzWDOoNZbiI7Zh9oLibZCTy9w-3D-3D#offer/001mu/120/frznm/ijv/41/79	Get hash	malicious	Phisher	Browse	99.84.245.208
	MDf07Zv8gV.exe	Get hash	malicious	Njrat	Browse	54.94.248.37
	HfUmZp67by.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.69
	https://www.dropbox.com/scl/fi/04j0yv6ws6x715fqbog99/France-Global-Relocation.docx?rlkey=2t6h0jfscz9hzr4gczaqqfdwg&dl=0	Get hash	malicious	Unknown	Browse	13.226.52.36
	Mw1Toi3D0h.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.69
	4lodHjhKT8.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.100
	l8dXzF9CAA.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.53
	QJzFvfW73y.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	108.157.162.100
	SecuriteInfo.com.Linux.Mirai.4338.22104.4666.elf	Get hash	malicious	Unknown	Browse	34.249.145.219
	https://netfl1x.vercel.app/	Get hash	malicious	Unknown	Browse	108.156.83.58
	https://web.91-92-246-172.cprapid.com/amex/	Get hash	malicious	Unknown	Browse	99.84.252.109
	https://steam.dotaworkshops.com/	Get hash	malicious	Unknown	Browse	52.89.73.205

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://myowndomain394863467.com	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.101.159
	http://vulnerabilityassessments.life	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.101.159
	http://url4950.cardamomauction.com/ls/click?upn=egCPuzUzE3IgDlrJllQ8yUBDO8VIETbuALPBUwtYINtrfRoh4niogEH8ew5kcjpQHM6X_5oPQIRm8LVmW-2FxweY307RHB6-2FfahtC57rDiHjDqcmR3wVeFHqU860zUYKXVGazyJpxMz-2BcQ5uK-2BNpDHERkaIkSLRnnlu-2Fc6D63JAIl8JEZb1GxYrBpkUR5dGmGiZ7tVIHJtwdg2sVnEwwf6w1QvIy9Zxou6xRVLuTVo-2BvDlX32eGOdm-2FS4cfnyxoMZpQM-2FzWDOoNZbiI7Zh9oLibZCTy9w-3D-3D#offer/001mu/120/frznm/ijv/41/79	Get hash	malicious	Phisher	Browse	52.165.165.26 23.202.101.159
	FED-POL652663234.svg	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.101.159
	https://www.dropbox.com/scl/fi/04j0yv6ws6x715fqbog99/France-Global-Relocation.docx?rlkey=2t6h0jfscz9hzr4gczaqqfdwg&dl=0	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.101.159
	20231211094402003619996_1_0.eml	Get hash	malicious	GuLoader	Browse	52.165.165.26 23.202.101.159
	20231211094402003619996_1_0.eml	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.101.159
	https://assets-eur.mkt.dynamics.com/33d12dca-3e82-ee11-8174-0022489d7042/digitalassets/standaloneforms/ee2aa584-2f98-ee11-be37-000d3ab37fd0	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.101.159
	https://zjvslnnrkw.olep0.com/	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.101.159
	https://steamcards.site/	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.101.159
	https://netfl1x.vercel.app/	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.101.159
	https://pub-78e63013c8044b3cb905921041e194a1.r2.dev/heck.html	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 23.202.101.159
	https://pub-7435e01d5a7a4410a0fa050f4949eed0.r2.dev/memee.html	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 23.202.101.159
	https://pub-7c6128fbcd6a4ed3a12554f7446ffe16.r2.dev/inslo.htm	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 23.202.101.159
	https://py.172-86-121-212.cprapid.com/	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 23.202.101.159
	https://steamcommunltty.com/pxofiles/76566220832846793	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.101.159
	https://pub-4381ca0c6d02481bba64bcfc506eaf81.r2.dev/liveon.html	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 23.202.101.159
	https://pub-bc913ad4eea644849b0a3bec6b515044.r2.dev/Authentication010.html	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 23.202.101.159
	https://pub-ac902c48ff244e4fbf44f3e3296d093d.r2.dev/updatemypassword.html	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 23.202.101.159
	https://pub-736f51ece87a453f83a1011952938f36.r2.dev/letsgo.html	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 23.202.101.159

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	10880
Entropy (8bit):	5.214360287289079
Encrypted:	false
SSDEEP:	192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
MD5:	B60EE534029885BD6DECA42D1263BDC0
SHA1:	4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:	B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:	52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.101.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.192.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.192.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.192.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.192.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.192.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.192.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.192.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.192.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.192.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.192.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.192.175
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.6.35
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.6.35
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 18399
Category:	downloaded
Size (bytes):	5182
Entropy (8bit):	7.963415620333829
Encrypted:	false
SSDEEP:	96:HyoeTS1xnTqUW5wVLJjI9LcIKSsOlr6cG98VXHGVbg/4qJsANRgoKdWU+Y:HyoeG1xn+DWVLS7r6Cwbu4qJsmOomWK
MD5:	B33BE70F4D1FD34D8F5A52E666F55B14
SHA1:	316900795AF1587A5FD7A943E37D349DC10F8F72
SHA-256:	517B723E8FC84F71AD50CFEECDBA6089336DA7EDF8147E91506F364C19D1B283
SHA-512:	0465B3FDF6BEC0A4D224C3433349EB1A9BCF0620BD4A75B7994FAB27F1C53ECF708692D32E163C483FC1EFB0EF90319B4769C72511AF3619D1C6ABA0FA146D5D
Malicious:	false
URL:	http://www.manutan-collectivites.fr/fstrz/defer-183359f612fc89e6ec64e10cba30990d.js
Preview:	...........<]w.6...WP<9*..U...f}.;n.&v.;.....-.6l.T.H.b......I.Nw..F....`..."....qR.od.i..>..g.N..#....P.>/2...$y. ..CaIF......^..4K..a..E...a...=;.B...FjMB.H...c:..yTQ.?........cN.Y~.....G......\|........iz.O.\.9..~...../.;y........H...On..e69..t.v~.>.S......j{4.pi..i....xA..&.7._.d...^,O..xJV.....-.F..m.......6..........=...sR,OHJ&</...u.&.....6x.v...-.o...4fw...J2...s%#.5.....I..;.\W.z..%.....x6K.$F...L.1......m....e].u.X..Wnn F.0...p.5..5.S..?........4.I.#...1...<...U..z.2..$..QZ...X.&r.}.tSU..@_:E... g.Z.h..;.X.qPC........i&._......W..$.B.g=.t=..C. ..4.../.....-.G'r..H..gE.s...!..)..r.....P .$K.nh...H.RCB....[..!...+..._z.....8.p..`.X.i..K.....`..\....8.-9.K...w.K...8.....K8.]...k.w]$yF\...E.k.T)1.X...DFJ........j~...A.E.h.G#.#.#..p......(..qy...(..S.'...~w.G.~.#............1.UC...........a..:....-..x..w..$...3..RvZ..k.]..../.....#....3..P..ka.[...G..N.$...M.....Q..g.QpC...2...\|.......^../&t..S.^ ...M.{...:/.._.....I\.d.@...hBL.%

File type:	PDF document, version 1.7, 7 pages
Entropy (8bit):	7.987626855017619
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	COL231200539.pdf
File size:	670'349 bytes
MD5:	2cbdf10d5ea5eb808c27ccffbaefbf8a
SHA1:	7cd523652ba344459f948ed61546b04c93951bd9
SHA256:	ced118b23f63946c83c57b433b930ede0bcb9e2f5678582c3ba9d630aed49f5f
SHA512:	df09bb45897006dca0433882ecf86698faedbab0bb1c77cd877205a8ccadd60651521a6327939ea7bc5a8bb7eaca26c2668da20cd7cf8ffd417badae2b7adb29
SSDEEP:	12288:8HAShQBI+5N+0qAsGi4tSOx8uuKkCdy2ZR+GIJ/K2nqKTbaqI:8HzK95uGiwSOxUKkCdy2/OrLZI
TLSH:	A2E42344C26BEC5CF392E011A170AF66DBEA7D01538548A0A06C5FDFD7E876CB9258D3
File Content Preview:	%PDF-1.7 .%.... .1 0 obj .<< ./Type /Catalog ./Pages 2 0 R ./PageMode /UseNone ./ViewerPreferences << ./FitWindow true ./PageLayout /SinglePage ./NonFullScreenPageMode /UseNone .>> .>> .endobj .5 0 obj .<< ./Length 931 ./Filter [ /FlateDecode ] .>> .strea

General
Header:	%PDF-1.7
Total Entropy:	7.987627
Total Bytes:	670349
Stream Entropy:	7.991032
Stream Bytes:	664027
Entropy outside Streams:	4.913464
Bytes outside Streams:	6322
Number of EOF found:	1
Bytes after EOF:

Name	Count
obj	113
endobj	113
stream	37
endstream	27
xref	1
trailer	1
startxref	1
/Page	7
/Encrypt	0
/ObjStm	0
/URI	6
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

ID	DHASH	MD5	Preview
14	0000000000000000	476d172547e0b8a572ea30dec0c8cc5b
17	0000000000000000	b7e369703e7d1dd66821a296930267cd
25	0000000000000000	3c1c5a9d38690c814af5d81b79bf5569
33	0000000000000000	73e1eef934ee6610b4c05b01aab68539
44	0000000000000000	c01f076da8717a5ef9b89a09738301d1

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 13, 2023 11:41:48.868928909 CET	138	138	192.168.2.4	192.168.2.255
Dec 13, 2023 11:42:24.120738983 CET	63703	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:24.121195078 CET	52994	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:24.124942064 CET	55611	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:24.125418901 CET	52192	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:24.127389908 CET	62014	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:24.127631903 CET	61891	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:24.244533062 CET	53	51808	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:24.250093937 CET	53	52192	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:24.250129938 CET	53	55611	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:24.251924038 CET	53	62014	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:24.252320051 CET	53	61891	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:24.279002905 CET	53	63703	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:24.282579899 CET	53	52994	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:25.060503006 CET	59329	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:25.061129093 CET	53238	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:25.078000069 CET	53	49753	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:25.186429024 CET	53	53238	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:25.186497927 CET	53	59329	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:26.201199055 CET	60045	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:26.201648951 CET	59160	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:26.280647039 CET	61330	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:26.280783892 CET	58105	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:26.387100935 CET	53	60045	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:26.441447973 CET	53	61330	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:26.481532097 CET	53	59160	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:26.481687069 CET	53	58105	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:28.609441996 CET	54906	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:28.609441996 CET	52815	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:42:28.734291077 CET	53	54906	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:28.734806061 CET	53	52815	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:36.889765978 CET	53	51066	1.1.1.1	192.168.2.4
Dec 13, 2023 11:42:42.106772900 CET	53	53765	1.1.1.1	192.168.2.4
Dec 13, 2023 11:43:01.155580044 CET	53	61219	1.1.1.1	192.168.2.4
Dec 13, 2023 11:43:23.985011101 CET	53	52834	1.1.1.1	192.168.2.4
Dec 13, 2023 11:43:24.083636045 CET	53	51399	1.1.1.1	192.168.2.4
Dec 13, 2023 11:43:51.787889957 CET	53	51860	1.1.1.1	192.168.2.4
Dec 13, 2023 11:43:53.660600901 CET	58996	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:43:53.660851955 CET	62696	53	192.168.2.4	1.1.1.1
Dec 13, 2023 11:43:53.785923004 CET	53	58996	1.1.1.1	192.168.2.4
Dec 13, 2023 11:43:53.786362886 CET	53	62696	1.1.1.1	192.168.2.4
Dec 13, 2023 11:44:36.659543037 CET	53	65040	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2023 11:42:24.444063902 CET	443	OUT	GET / HTTP/1.1 Host: www.manutan-collectivites.fr Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 13, 2023 11:42:24.793798923 CET	1286	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=windows-1252 Content-Length: 6536 Connection: keep-alive Date: Wed, 13 Dec 2023 10:42:24 GMT Cache-Control: s-maxage=0, private, no-cache, no-store, must-revalidate Expires: 0 X-fstrz: o,clc Content-Encoding: gzip X-gen-id: e019a841796546c0a9125e9c3436c558 Server: fasterize x-unique-id: 8f53ecb42744537d2014b6b880d7f668 Vary: Accept-Encoding X-Cache: Miss from cloudfront Via: 1.1 b613a3aa337386f7b6ef8d2aac02e3d6.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-C4 X-Amz-Cf-Id: SZY0fLdpxnZh2Syu-WROBdlaY24ATABRbLFuQ7tAd4ZDFtAFLP-WWw== Data Raw: 1f 8b 08 00 00 00 00 00 02 03 ed 3c 6b 53 db c8 b2 9f 6f aa f2 1f c6 3a 5b 46 0a 63 f9 05 49 90 2c 38 bc 12 9c 85 84 00 09 1b 72 b2 a9 91 34 92 05 b2 e4 95 64 1b 83 fd df 6f f7 8c e4 17 ce 6e ce d9 7b ef 87 5b a6 0a 5b f3 ea e9 d7 74 f7 8c da d3 3a b9 3a 3b dd 25 ad 0e 67 ee 6e 2b cd 46 21 df d5 bd e4 a1 12 74 fd c7 0e 0f fc 4e 66 b0 7e 16 9b 93 56 55 b6 92 96 cd 52 4e 3a 09 f7 2c a5 93 65 3d a3 5a 1d 0e 87 7a 97 45 fd 8c 45 15 27 0e 43 ee 64 c1 20 c8 78 0a a0 aa 0a 0c 91 43 9f 3f fb 2f 3b 76 47 f0 f5 08 ff 5e 1c 65 15 8f 75 83 70 64 10 e5 92 fb 31 27 9f da 0a 25 ca 80 27 2e 8b 98 42 e0 79 3f 09 58 a8 98 38 94 39 77 7e 12 f7 23 b7 92 f0 1e 67 99 41 e4 77 e5 1e 9b bb 2c f1 83 a8 92 c5 3d 83 34 6a bd f9 ba 90 7b d9 ac 72 02 ff 9d 7a 8e 44 81 47 1a 3c 70 e8 a2 37 78 d7 2c ea 86 92 7c 12 c5 49 97 85 58 0d 88 65 81 c3 c2 0a 0b 03 3f 32 ec 38 cb e2 ee f2 e4 af 16 e6 96 7d 0c b2 35 9d fc f9 b3 4e 83 54 5f 90 7e ca 5d e2 c5 09 39 01 de 07 91 4f 82 88 9c 31 f8 38 00 1e 91 17 d5 79 36 49 f4 ea 7f 8a dc 9f 30 a0 40 a2 3e 45 a2 d3 5c 40 21 e3 f7 19 ce df c5 f9 ed ff 6c fe 30 88 78 25 57 19 52 d7 b7 f8 13 ce d4 ff 0a 2b dd 05 b5 71 79 92 4f 6d c7 09 14 a6 fd fe 71 f0 f2 e0 f0 f0 25 f6 27 69 1c 06 6e 3e aa d0 cc 56 ea 24 41 2f db f5 d2 2c 79 b0 4a 35 d3 f4 fa 11 68 62 1c 11 d0 e8 0b de 8d 07 fc 28 e8 f2 28 85 aa f4 8a f9 2a 28 b9 46 1e 9f 91 fc af 5a 25 6e 1c 6d 64 04 e4 1c 78 a3 fd b4 07 8a 7c c1 00 02 09 3c 92 75 38 09 ba cc 87 cf 14 c8 ce 48 18 33 97 bb d3 d1 d0 45 2d 01 44 dd 09 59 9a 9e 06 69 a6 3b c0 29 e0 68 aa 6e 84 ec 61 04 48 6c 68 f3 f3 11 92 25 a3 85 32 21 30 24 cd 40 b1 23 a0 9c bb f3 28 58 04 81 0f 03 37 eb 90 aa 78 96 cc 36 57 8c 0f a2 2c 81 79 b9 f3 14 40 c4 b2 7e c2 c2 eb 39 38 79 d5 c9 0a 70 c0 12 d0 08 24 dd c1 55 3f ec 00 56 a2 c8 5c 37 10 ac 8d 3d 22 71 62 91 4b 24 46 84 65 30 bd dd cf 88 d3 61 91 9f 0f 10 98 90 04 51 59 98 02 f9 b6 50 41 40 51 6a e4 c5 52 1d 81 c5 91 75 74 66 a7 aa ba 8a 3d 95 95 44 6b 40 e2 ea fe 9b 3f ec df 00 21 ed 2e cd be bd 50 d6 96 84 46 04 1b 13 a1 61 fb 39 ed 5c dd 10 7c d9 d0 cc Data Ascii: <kSo:[FcI,8r4don{[[t::;%gn+F!tNf~VURN:,e=ZzEE'Cd xC?/;vG^eupd1'%'.By?X89w~#gAw,=4j{rzDG<p7x,\|IXe?28}5NT_~]9O18y6I0@>E\@!l0x%WR+qyOmq%'in>V$A/,yJ5hb((*(FZ%nmdx\|<u8H3E-DYi;)hnaHlh%2!0$@#(X7x6W,y@~98yp$U?V\7="qbK$Fe0aQYPA@QjRutf=Dk@?!.PFa9\\|
Dec 13, 2023 11:42:24.793864012 CET	1286	IN	Data Raw: 9f e9 2b 39 b7 ba f3 4c a1 e4 30 75 23 b7 d0 cb dd 27 73 a5 09 48 2c 73 3a 44 e5 49 02 f8 ce 9a 8a a7 e2 db 8d 9d 3e 2c 8a 4c 07 91 1e 0f e0 01 67 e2 11 4f a4 d6 4a 2d df a0 64 ba 98 54 3e 4f ff 0f 96 16 d7 33 58 e5 3c 9b 62 38 99 3e 15 df 53 80 Data Ascii: +9L0u#'sH,s:DI>,LgOJ-dT>O3X<b8>S5<Y*7{8u9,l>]or]~}/G@#?xz[T/6lNXiC]S_A)h4\|0cr,70,R-m+<[R%=Oqd~
Dec 13, 2023 11:42:24.793904066 CET	1286	IN	Data Raw: 53 03 ea 6a c8 9f c3 55 fc 01 28 3b 3b c0 a2 05 0e e0 ca 90 94 3f d1 3d 66 4d 67 34 59 cb dd bb 53 7d ea 56 18 68 4a 77 3c e6 1a 04 60 93 27 d4 68 8f 33 7e 4a ec c5 28 44 ca 2c 2d 4b 1d 78 ff 38 0d 76 64 40 23 9d 98 f4 53 4b d5 3c 6f 08 22 7f a9 Data Ascii: SjU(;;?=fMg4YS}VhJw<`'h3~J(D,-Kx8vd@#SK<o"jK8>55.q!wHRHjV+L4%t[XEw{*[w{,Nh E7B<{bnrr;e+WjW8rJhY\|.i
Dec 13, 2023 11:42:24.793946981 CET	1286	IN	Data Raw: e2 70 45 a3 bf 00 f9 7b 3f 12 56 47 33 c0 c3 95 00 9c 7a 9a 9f 3c 4c 89 d4 f6 6e 60 42 5f 30 16 f4 cd 97 fc e9 20 55 e5 f2 10 9a 1e a1 1a 83 7b 08 a9 67 76 b4 5c 76 c1 a1 64 b0 36 67 75 b8 c0 90 9a 22 72 d5 e8 c2 66 45 2d f5 70 1b e9 c0 16 14 47 Data Ascii: pE{?VG3z<Ln`B_0 U{gv\vd6gu"rfE-pGj*]f`<rroV_Pq<nm)^YY{NMG]b2>'YKH=S\|`Ucsd]..l3byP\|^kggGAN
Dec 13, 2023 11:42:24.793986082 CET	1286	IN	Data Raw: f8 55 b9 bc 7c 77 09 32 8d 38 1e 0d 7d b0 6f 95 6f 98 1e b0 b2 1e 4f 6d d3 f4 bb 03 01 ad 81 70 dc 18 b3 eb 60 4a 2f 36 88 0c ee 27 26 8c f5 11 c4 74 f2 80 92 5b ed 71 25 44 08 fc a1 e7 2d 0c 62 f0 ed 16 ef 15 a5 4f 00 e3 01 f5 3a 4b 47 91 03 ad Data Ascii: U\|w28}ooOmp`J/6'&t[q%D-bO:KG;R$skTDw 7F^PRZuHs`qKRePD+:}o10hK!8u\|W6g\U.'$?55H.Ze?88,W
Dec 13, 2023 11:42:24.794023991 CET	709	IN	Data Raw: 7c a1 76 17 19 28 fe 57 8c 2a 08 42 ac 9a bb 5f e2 3e 61 09 27 29 e7 78 ff 20 a6 0c 93 1e 5e 70 67 73 87 e1 05 3c 43 4e 3a 6c c0 89 9b 23 4a fa f3 74 b0 9c 0e bd 65 27 bb a4 ed 91 11 c0 b3 79 18 f0 01 5e f9 c6 32 bc f7 2d 41 10 29 54 f3 88 a4 71 Data Ascii: \|v(W*B_>a')x ^pgs<CN:l#Jte'y^2-A)TqnfS"F/<Y!> `)l9d\|.^qWdS[,fq}g!ps.#T!x)~ d5d$s]Pv740(8&s
Dec 13, 2023 11:42:24.821013927 CET	375	OUT	GET /fstrz/defer-183359f612fc89e6ec64e10cba30990d.js HTTP/1.1 Host: www.manutan-collectivites.fr Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.manutan-collectivites.fr/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 13, 2023 11:42:24.989164114 CET	1286	IN	HTTP/1.1 200 OK Content-Type: text/javascript Transfer-Encoding: chunked Connection: keep-alive Date: Wed, 13 Dec 2023 09:10:58 GMT x-unique-id: c6d8071f-2ae6-4f18-bc09-37c6d8a68b23 Cache-Control: max-age=31536000 Server: fasterize X-Fstrz-Cache: HIT Content-Encoding: gzip Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 b613a3aa337386f7b6ef8d2aac02e3d6.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-C4 X-Amz-Cf-Id: KWEgqJFjoncYAIY_Yw8V8eoKKGumf3hQ1SiDpGehIp6qDs_c36aIwQ== Age: 5486 Data Raw: 31 34 33 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 3c 5d 77 db 36 b2 ef f7 57 50 3c 39 2a b9 a2 55 b9 db be 88 66 7d 12 3b 6e 9c 26 76 1a 3b 1f ad af 8f 0f 2d c2 36 6c 8a 54 08 48 8e 62 e9 bf ef 0c 00 92 00 49 c8 4e 77 f7 de 97 46 06 06 83 c1 60 be 07 ec 22 2e 9c ab 98 71 52 d0 6f 64 ce 69 ca a2 07 3e be 9a 67 13 4e f3 cc 23 01 0f 98 ff 50 10 3e 2f 32 87 0c e3 24 79 b9 20 19 7f 43 61 49 46 0a 0f a6 83 de b6 bf 5e 87 f7 34 4b f2 fb 61 85 ec 88 45 ed a1 d5 ea 61 1d 2e f4 3d 3b c1 42 ed f7 90 46 6a 4d 42 ae 48 f1 9a c1 0a 63 3a ac c6 87 79 54 51 ee 3f f0 1b ca 86 8c c7 05 8f f6 63 4e 86 59 7e ef f9 81 18 9d 47 f5 a4 1c b9 89 dc 82 7c 99 13 c6 0f 93 94 ec c5 69 7a 19 4f ee 5c 9a 39 92 ba 7e bf a4 b2 f8 b6 2f f6 3b 79 df 86 97 b8 8e a2 16 ec cb b8 48 97 07 84 4f 6e 9e b3 65 36 39 99 14 74 a6 76 7e dd 86 3e a5 53 92 cf f9 fb c3 bd d5 6a 7b 34 92 70 69 b4 c8 69 e2 8c a2 a8 b9 e0 78 41 8a 82 26 e4 37 c2 5f a6 64 0a d7 c3 5e 2c 4f e3 eb a3 78 4a 56 ab ef 00 96 1b 2d d4 46 bd a7 6d b4 97 c6 8c e1 ea 16 8b 36 83 cb cd a6 df b7 d9 d3 f7 a9 b7 98 3d ba c5 1f 73 52 2c 4f 48 4a 26 3c 2f 9e a7 a9 75 87 26 a0 dc e0 fa fb 36 78 1a 76 89 fa b4 2d 1c 6f f2 ec fa 34 66 77 ab d5 cf 4a 32 2e a2 b3 73 25 23 f9 35 ab fe d8 8f d4 fc 49 f9 e3 b6 9a 3b 8e 5c 57 fe 7a 0e da 25 7f bd 89 ce dc 78 36 4b e9 24 46 0d fa 91 4c a6 31 13 82 ea 06 c6 c4 6d bc e8 9e f8 ba 65 5d f3 75 cb 58 c5 c9 57 6e 6e 20 46 da 30 f5 c8 f6 70 d4 35 b8 dd 35 f8 53 d7 e0 3f bb 06 7f ee 1a fc a5 1a 34 89 49 e9 82 98 23 8d 13 ab 31 e3 18 d3 3c 99 a7 c4 55 8c df 8b 7a ea 32 0e a3 24 9f cc 51 5a 87 d7 95 e0 be 58 1e 26 72 fa 7d d7 74 53 55 bf d4 40 5f 3a 45 f3 ce 02 20 67 df 5a f6 68 e8 e8 3b 0b 58 0d 71 50 43 dc 17 94 ab d1 df 1a a3 69 26 c7 5f d4 e3 f9 8c a8 c1 57 f5 e0 24 cd 99 42 f1 67 3d da 74 3d 12 e0 43 a9 20 dd d3 9f 34 ac 05 01 2f a0 a8 97 b3 9f 2d b3 47 27 72 fe f7 48 0d 0c 67 45 ce 73 be 9c 91 21 cd 18 29 f8 0b 72 95 17 8a c6 8f 1d 50 20 fa 24 4b f6 6e 68 aa ae f3 af 48 f3 52 43 42 86 cf 82 e3 cb 5b b8 8b 21 8c d3 8c bc 2b 80 15 05 5f 7a 08 1d b8 e0 99 38 b9 70 83 07 60 f8 58 f3 69 ca 11 4b 94 eb 80 e9 b3 c4 7f 60 f7 14 5c 0c fe 9a c4 8c 38 8d 2d 39 19 4b 9b 1b 17 77 9e 4b be 92 09 38 fc ec da f5 c3 4b 38 fd 5d d8 b5 86 19 6b d0 77 5d 24 79 46 5c 7f ad 8e 45 d6 6b e5 54 29 31 ce 58 e0 19 c5 44 46 4a 03 94 90 ca 02 e5 f5 Data Ascii: 143e<]w6WP<9*Uf};n&v;-6lTHbINwF`".qRodi>gN#P>/2$y CaIF^4KaEa.=;BFjMBHc:yTQ?cNY~G\|izO\9~/;yHOne69tv~>Sj{4piixA&7_d^,OxJV-Fm6=sR,OHJ&</u&6xv-o4fwJ2.s%#5I;\Wz%x6K$FL1me]uXWnn F0p55S?4I#1<Uz2$QZX&r}tSU@_:E gZh;XqPCi&_W$Bg=t=C 4/-G'rHgEs!)rP $KnhHRCB[!+_z8p`XiK`\8-9KwK8K8]kw]$yF\EkT)1XDFJ
Dec 13, 2023 11:42:24.989211082 CET	1286	IN	Data Raw: cf ab 6a 7e 02 bf d6 41 8d 45 dc 68 a4 47 23 ca ad 23 93 23 c5 7f 70 e2 c0 a5 88 f7 94 28 ec f2 71 79 ad 0a eb bc 28 e0 8f 53 05 27 07 09 a2 7e 77 03 47 8e 7e 92 23 97 f3 cb cb 94 b0 a8 b7 ad 96 c5 d9 84 a4 31 8c 55 43 1c 1c f3 09 8f a7 b3 c8 cb Data Ascii: j~AEhG###p(qy(S'~wG~#1UCa:-xw$3RvZk]/#3Pka[GN$MQgQpC2\|^/&tS^ M{:/_I\d@hBL%@`
Dec 13, 2023 11:42:24.989320993 CET	1286	IN	Data Raw: 96 d0 97 b0 6e 41 0a c7 43 03 87 bb d4 2b 26 37 71 76 4d c0 70 48 d6 96 9b af 83 d1 46 f7 7a 6b 73 af b7 36 f7 fa 7c a3 7b 9d 90 90 ef 88 5f 57 f0 ab d4 7a 15 45 e6 a0 de 9c 4c 31 94 04 b7 09 36 1d ff 0b 06 dd 57 0e 01 4d bc a7 d0 44 00 c4 1e 93 Data Ascii: nAC+&7qvMpHFzks6\|{_WzEL16WMD2\|i~U>(V4q'#6:la$<RD)a$`7&i>EmsV+c/Y2<+4dC^~Ao+)tqoenN
Dec 13, 2023 11:42:24.989365101 CET	1286	IN	Data Raw: 51 bb cf 54 9b 75 2a fa 69 01 5f 5b d0 1d 9d 68 08 d1 df a3 97 f8 dc 44 17 70 0d 21 fe 15 90 b5 2d 9e 7a 66 2b 0f 08 76 88 5e b8 a3 de ee c8 9a a4 40 83 f5 47 19 61 b0 b2 2e 56 e6 2e 8d 98 e9 06 bd 3e a4 49 23 5f 65 4d 19 69 a7 4d 09 29 45 2d 83 Data Ascii: QTui_[hDp!-zf+v^@Ga.V.>I#_eMiM)E-d`-yfK\|H&7De%7b]x;??`cn8?uR(1j{O+E2EP5E.Y7W"2d9d;2LD,;/Y^ AS`M?\|wIu
Dec 13, 2023 11:42:24.992813110 CET	566	IN	Data Raw: d1 ca 4b 69 76 07 09 5a 21 f2 92 50 32 a9 9b 9b 60 c0 01 16 df fa 37 82 4c c0 04 d9 b0 42 28 da e4 e6 fc 4d 41 ae 5c 51 c6 6c 4c c4 cc d5 de d4 37 67 e9 74 96 17 1c bf f7 71 51 6a ee 5d ad a6 7a 03 f6 d8 78 d0 69 4f 28 63 4d 0c 58 6d 7f 85 d8 80 Data Ascii: KivZ!P2`7LB(MA\QlL7gtqQj]zxiO(cMXmm+D @n34PBvy39R)uNw`igN9L1`2~YiS~a8qll'2_x8y*U`}^qIVRV4^4OAoN4HkV
Dec 13, 2023 11:42:25.907933950 CET	529	OUT	POST /manutan-collectivites.fr/jsdatabotmanager? HTTP/1.1 Host: www.manutan-collectivites.fr Connection: keep-alive Content-Length: 2278 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-type: application/x-www-form-urlencoded Accept: / Origin: http://www.manutan-collectivites.fr Referer: http://www.manutan-collectivites.fr/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: fstrz_vary=nonconnecte; __ssds=2
Dec 13, 2023 11:42:25.907969952 CET	2278	OUT	Data Raw: 63 69 64 3d 62 75 37 64 26 65 74 3d 38 32 26 4a 53 69 6e 66 6f 3d 25 37 42 25 32 32 6a 36 36 25 32 32 25 33 41 25 32 32 57 65 62 6b 69 74 25 32 32 25 32 43 25 32 32 6a 36 37 25 32 32 25 33 41 25 32 32 43 68 72 6f 6d 65 25 32 32 25 32 43 25 32 32 Data Ascii: cid=bu7d&et=82&JSinfo=%7B%22j66%22%3A%22Webkit%22%2C%22j67%22%3A%22Chrome%22%2C%22j68%22%3A%22f1%22%2C%22j201%22%3A%224%22%2C%22j202%22%3A%222%22%2C%22j203%22%3A%22t%22%2C%22j204%22%3A%22t%22%2C%22j205%22%3A%22f1%22%2C%22j206%22%3A%22t%22%2C%2
Dec 13, 2023 11:42:26.274369955 CET	715	IN	HTTP/1.1 200 OK Content-Type: text/plain; charset=UTF-8 Content-Length: 151 Connection: keep-alive Date: Wed, 13 Dec 2023 10:42:26 GMT x-unique-id: d8c5b4198bef324cdbc610fe3c59de44 access-control-allow-origin: * x-cache-response: DISABLED cache-control: s-maxage=0, private, no-cache="Set-Cookie" edge-control: no-store x-fstrz: !c,Z,p Server: fasterize X-Cache: Miss from cloudfront Via: 1.1 b613a3aa337386f7b6ef8d2aac02e3d6.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-C4 X-Amz-Cf-Id: wuNdHLSdH5PxyNlM-dL8BPbj6pSA4jdHCGzCXIJyN_o_pkf3Q16cVw== Data Raw: 7b 22 5f 5f 75 7a 6d 61 6a 22 3a 22 66 65 34 62 33 65 38 37 2d 31 31 37 64 2d 34 39 33 33 2d 62 34 66 63 2d 38 38 64 37 32 37 37 35 35 39 31 31 22 2c 22 73 73 72 65 73 70 22 3a 22 30 22 2c 22 5f 5f 75 7a 6d 63 6a 22 3a 22 38 31 39 37 39 31 30 37 38 38 36 33 22 2c 22 6a 73 72 65 63 76 64 22 3a 22 74 72 75 65 22 2c 22 5f 5f 75 7a 6d 64 6a 22 3a 22 31 37 30 32 34 36 34 31 34 36 22 2c 22 5f 5f 75 7a 6d 62 6a 22 3a 22 31 37 30 32 34 36 34 31 34 36 22 7d Data Ascii: {"__uzmaj":"fe4b3e87-117d-4933-b4fc-88d727755911","ssresp":"0","__uzmcj":"819791078863","jsrecvd":"true","__uzmdj":"1702464146","__uzmbj":"1702464146"}

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2023 11:42:24.821439981 CET	354	OUT	GET /fstrz/beacon-1.19.0.min.js HTTP/1.1 Host: www.manutan-collectivites.fr Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://www.manutan-collectivites.fr/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 13, 2023 11:42:25.004342079 CET	514	IN	HTTP/1.1 200 OK Content-Type: text/javascript Transfer-Encoding: chunked Connection: keep-alive Date: Wed, 13 Dec 2023 09:10:58 GMT x-unique-id: 301ca67194328bd4d8b8089eeca3b945 Cache-Control: max-age=31536000, no-cache="Set-Cookie" Server: fasterize Content-Encoding: gzip Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 4e590f65bd47eb25bda48114ef9d9004.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-C4 X-Amz-Cf-Id: 7U1uUgGANVMiwSTZxr-FepH8uXY_IKJGczSLpf4_F5IJwc07x8kRfw== Age: 5486
Dec 13, 2023 11:42:25.005589962 CET	1286	IN	Data Raw: 31 36 35 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 5b f9 73 da c8 b6 fe fd fd 15 b6 6a 8a 2b c5 8d 02 93 99 7a 73 c1 b2 2b 71 ec c4 89 b7 31 ce 24 13 2e e5 92 a5 06 94 08 89 68 c1 21 c0 ff fe be d3 ad a5 05 c2 f6 cc dc aa 97 4a c9 5a 7a 39 eb 77 Data Ascii: 165c[sj+zs+q1$.h!JZz9wNn4;qyNua8owNq'i/I/p'1]>~S%st1wt#s`>~et>XKVGzH]oG#$`\|oXa]+H}P}YgeDX
Dec 13, 2023 11:42:25.005629063 CET	1286	IN	Data Raw: 38 89 18 c9 89 33 db ba d1 b5 93 a3 2b cd 60 a9 f5 92 fc c3 03 88 94 f3 02 e2 9c cd 0c 27 34 16 a1 49 a1 8c 8c 4c c8 a2 89 d0 03 3e 92 61 ea 37 e5 18 10 76 6a ba 88 8e 61 10 50 aa 64 b0 d0 8c 29 78 93 c0 f6 23 73 4d 84 04 8a 12 b1 2c 11 a5 26 f6 Data Ascii: 83+`'4IL>a7vjaPd)x#sM,&w]DfdrfEBCYHE:zmShzGBqEMa~")UX..TevMQ<:iBVB2c;1{4JA)tFcHTQY~<W>
Dec 13, 2023 11:42:25.005666971 CET	1286	IN	Data Raw: f7 d2 d7 01 df a9 ee ac ab d0 a9 ae 59 b3 b6 16 20 3c 0b ff 46 b7 af e4 41 0e c0 e5 6b 5d d2 33 ab 29 a4 cc 58 c8 a4 d2 df d1 ca f5 7b b5 75 29 f7 87 59 7a ea 52 74 a6 24 e0 eb 6c 88 18 4e 36 33 86 cd 50 fd 80 8a 08 03 f6 53 69 2e 3b c9 f6 da 45 Data Ascii: Y <FAk]3)X{u)YzRt$lN63PSi.;Ex'nYrpV{U:,8UaxL9y$=Yk?u7,eS5z19"}K-D`sI!Iz6nXD"@I=5ftBqkMvQ{r+!B
Dec 13, 2023 11:42:25.005702972 CET	1286	IN	Data Raw: e5 72 57 d7 d6 cf 09 11 3c 57 c1 c2 28 2d 63 5a c5 91 9a 43 46 74 82 24 8d 1c ae 19 99 41 4c 55 83 88 fb 53 d8 82 08 b9 03 4b dc e6 39 fe 71 e0 76 f3 59 5c 74 74 f7 f3 dd b1 ae 9b 5b d2 c8 4a fb ee c0 84 f5 75 41 78 32 21 52 e9 0d 2c 63 44 05 05 Data Ascii: rW<W(-cZCFt$ALUSK9qvY\tt[JuAx2!R,cDL`n#%'QB2_+NDVO'BcZiSC #+}dG];CKZ';Un#.lda`yWbuvVS23!(YE~+6VrA(#64Z9%g
Dec 13, 2023 11:42:25.005739927 CET	593	IN	Data Raw: ca 41 0f ee 34 2d 97 e5 26 d2 3d bf 73 23 0f 6c 20 63 de ad dd 78 6a 34 b6 6c 39 d1 ce d2 2b 3f bc d3 fb 6b fb 3e dc 18 e4 e7 b6 e8 17 87 9e 23 ac e7 f9 97 18 26 44 bf be cc 15 59 b3 35 15 d4 6c 4d 05 8f 6f 4d 6d 4c 23 7b 6d 6e 49 71 f1 ab 9d fb Data Ascii: A4-&=s#l cxj4l9+?k>#&DY5lMoMmL#{mnIq"+eHe<yco{=a'FbR[_]^_9\|R-ImY{.56ND$kX-f58O%1Q%QU~\|-/K3;u\
Dec 13, 2023 11:42:25.010449886 CET	462	OUT	POST /fstrz/r/stats-euwest1.fzcdn.net/cwv HTTP/1.1 Host: www.manutan-collectivites.fr Connection: keep-alive Content-Length: 117 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: / Origin: http://www.manutan-collectivites.fr Referer: http://www.manutan-collectivites.fr/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 13, 2023 11:42:25.010549068 CET	117	OUT	Data Raw: 7b 22 63 6f 6e 6e 65 63 74 69 6f 6e 54 79 70 65 22 3a 22 34 67 22 2c 22 63 6f 6e 66 69 67 49 64 22 3a 22 37 32 31 33 22 2c 22 6f 70 74 69 6d 69 7a 65 64 22 3a 74 72 75 65 2c 22 68 6f 73 74 6e 61 6d 65 22 3a 22 77 77 77 2e 6d 61 6e 75 74 61 6e 2d Data Ascii: {"connectionType":"4g","configId":"7213","optimized":true,"hostname":"www.manutan-collectivites.fr","countView":true}
Dec 13, 2023 11:42:25.361026049 CET	367	IN	HTTP/1.1 204 No Content Connection: keep-alive Date: Wed, 13 Dec 2023 10:42:25 GMT X-Powered-By: Express ETag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI" Server: fasterize X-Cache: Miss from cloudfront Via: 1.1 4e590f65bd47eb25bda48114ef9d9004.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-C4 X-Amz-Cf-Id: a4ANwtchhaXcztJYtIXwfsKEK0Ph5zcDHICTWQDNlZm5T_f0W-5IsQ==
Dec 13, 2023 11:42:25.905539989 CET	529	OUT	POST /manutan-collectivites.fr/jsdatabotmanager? HTTP/1.1 Host: www.manutan-collectivites.fr Connection: keep-alive Content-Length: 1438 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-type: application/x-www-form-urlencoded Accept: / Origin: http://www.manutan-collectivites.fr Referer: http://www.manutan-collectivites.fr/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: fstrz_vary=nonconnecte; __ssds=2
Dec 13, 2023 11:42:25.905603886 CET	1438	OUT	Data Raw: 63 69 64 3d 62 75 37 64 26 75 72 6c 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 6d 61 6e 75 74 61 6e 2d 63 6f 6c 6c 65 63 74 69 76 69 74 65 73 2e 66 72 25 32 46 26 4a 53 69 6e 66 6f 3d 25 37 42 25 32 32 6a 30 25 32 32 25 33 41 25 32 32 Data Ascii: cid=bu7d&url=http%3A%2F%2Fwww.manutan-collectivites.fr%2F&JSinfo=%7B%22j0%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36%22%2C%22j1%22
Dec 13, 2023 11:42:26.275612116 CET	715	IN	HTTP/1.1 200 OK Content-Type: text/plain; charset=UTF-8 Content-Length: 151 Connection: keep-alive Date: Wed, 13 Dec 2023 10:42:26 GMT x-unique-id: 4590e5510cedbaf8bf2a16f24ab6edf6 access-control-allow-origin: * x-cache-response: DISABLED cache-control: s-maxage=0, private, no-cache="Set-Cookie" edge-control: no-store x-fstrz: !c,Z,p Server: fasterize X-Cache: Miss from cloudfront Via: 1.1 4e590f65bd47eb25bda48114ef9d9004.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-C4 X-Amz-Cf-Id: PyGtxZ3ygChFARLSNAhyEO-jBXlrioaFkOD8kzlQhHPPFiQO_KZVRw== Data Raw: 7b 22 5f 5f 75 7a 6d 64 6a 22 3a 22 31 37 30 32 34 36 34 31 34 36 22 2c 22 73 73 72 65 73 70 22 3a 22 30 22 2c 22 6a 73 72 65 63 76 64 22 3a 22 74 72 75 65 22 2c 22 5f 5f 75 7a 6d 61 6a 22 3a 22 64 65 65 34 61 66 31 37 2d 62 30 64 32 2d 34 33 64 34 2d 39 64 61 64 2d 31 32 36 63 61 32 34 36 62 30 30 38 22 2c 22 5f 5f 75 7a 6d 62 6a 22 3a 22 31 37 30 32 34 36 34 31 34 36 22 2c 22 5f 5f 75 7a 6d 63 6a 22 3a 22 31 34 32 35 31 31 30 37 30 38 32 34 22 7d Data Ascii: {"__uzmdj":"1702464146","ssresp":"0","jsrecvd":"true","__uzmaj":"dee4af17-b0d2-43d4-9dad-126ca246b008","__uzmbj":"1702464146","__uzmcj":"142511070824"}
Dec 13, 2023 11:43:11.277817011 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2023 11:43:56.407903910 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2023 11:44:41.548408031 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2023 11:42:25.912491083 CET	442	OUT	GET /favicon.ico HTTP/1.1 Host: www.manutan-collectivites.fr Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://www.manutan-collectivites.fr/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: fstrz_vary=nonconnecte; __ssds=2
Dec 13, 2023 11:42:26.198956966 CET	743	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Date: Wed, 13 Dec 2023 10:42:26 GMT x-unique-id: 0ff427ca80f0b13481237e492e994c55 Location: https://www.manutan-collectivites.fr/favicon.ico x-cache-response: ENABLED Cache-Control: no-store, no-cache="Set-Cookie" Expires: 0 x-fstrz: stc,Z,p Server: fasterize X-Cache: Miss from cloudfront Via: 1.1 ea71b96212c28d5f0611046b8d2932f6.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-C4 X-Amz-Cf-Id: qcvO0qW0bzn87eQ6qV21Ev8btOvE3v99uCFYjRS4PPWyU9TvrYC5XA== Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Dec 13, 2023 11:42:26.199012995 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Dec 13, 2023 11:43:11.199628115 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2023 11:43:56.329854012 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2023 11:44:41.470366001 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2023 11:42:26.608707905 CET	499	OUT	GET /manutan-collectivites.fr/jsdatabotmanager? HTTP/1.1 Host: www.manutan-collectivites.fr Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: fstrz_vary=nonconnecte; __ssds=2; __ssuzjsr2=a9be0cd8e; __uzmaj2=dee4af17-b0d2-43d4-9dad-126ca246b008; __uzmbj2=1702464146; __uzmcj2=142511070824; __uzmdj2=1702464146
Dec 13, 2023 11:42:26.871934891 CET	1048	IN	HTTP/1.1 405 Method Not Allowed Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Date: Wed, 13 Dec 2023 10:42:26 GMT x-unique-id: 29a2f1b1327660f5b99060845373227c Cache-Control: no-store, no-cache="Set-Cookie" Expires: 0 x-fstrz: stc,Z,p Server: fasterize X-Cache: Error from cloudfront Via: 1.1 f12b46c1e516430530a5a6338a24f6a2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-C4 X-Amz-Cf-Id: hBgr6hZMWl9bITH9hYBwigy5uxxv4wmO-UAGRGjaWiKvSZR8xbSyVw== Data Raw: 32 32 37 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 72 64 77 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a Data Ascii: 227<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>rdwr</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Dec 13, 2023 11:42:26.872517109 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Dec 13, 2023 11:43:11.887152910 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2023 11:43:57.017487049 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2023 11:44:42.142446995 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2023 11:42:26.874303102 CET	499	OUT	GET /manutan-collectivites.fr/jsdatabotmanager? HTTP/1.1 Host: www.manutan-collectivites.fr Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: fstrz_vary=nonconnecte; __ssds=2; __ssuzjsr2=a9be0cd8e; __uzmaj2=dee4af17-b0d2-43d4-9dad-126ca246b008; __uzmbj2=1702464146; __uzmcj2=142511070824; __uzmdj2=1702464146
Dec 13, 2023 11:42:27.137368917 CET	1048	IN	HTTP/1.1 405 Method Not Allowed Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Date: Wed, 13 Dec 2023 10:42:27 GMT x-unique-id: 3f6c57694a569bd79a4999b9365448d2 Cache-Control: no-store, no-cache="Set-Cookie" Expires: 0 x-fstrz: stc,Z,p Server: fasterize X-Cache: Error from cloudfront Via: 1.1 c8ae841a6c6a2c20018753bb38ee8774.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-C4 X-Amz-Cf-Id: 5v2TCbkiMWPteLJejXVmP022M6RwnllG77pH2UjPx9hN5W40D80iYw== Data Raw: 32 32 37 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 72 64 77 72 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a Data Ascii: 227<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>rdwr</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
Dec 13, 2023 11:42:27.137429953 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Dec 13, 2023 11:43:12.152739048 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2023 11:43:57.282977104 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 13, 2023 11:44:42.407851934 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2023-12-13 10:41:35 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-13 10:41:35 UTC	784	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z Content-Type: application/octet-stream X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=48026 Date: Wed, 13 Dec 2023 10:41:35 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2023-12-13 10:41:36 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-13 10:41:36 UTC	530	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=48010 Date: Wed, 13 Dec 2023 10:41:36 GMT Content-Length: 55 Connection: close X-CID: 2
2023-12-13 10:41:36 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2023-12-13 10:41:42 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2023-12-13 10:41:42 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Wed, 13 Dec 2023 10:41:42 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2023-12-13 10:41:46 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ysTDZMxgS+v43hE&MD=zHv4vut8 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-13 10:41:47 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 0b8923b7-025a-4e1a-9d92-79fbf48b213d MS-RequestId: d2355dd4-f520-42f0-8e66-f74866710184 MS-CV: Px3atRfNfk2k2KQx.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 13 Dec 2023 10:41:46 GMT Connection: close Content-Length: 24490
2023-12-13 10:41:47 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-12-13 10:41:47 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2023-12-13 10:42:24 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.132 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-13 10:42:24 UTC	731	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-WUVSqSbWicL-uBAGN7sLIA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 13 Dec 2023 10:42:24 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6190 X-Daystart: 9744 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-12-13 10:42:24 UTC	521	IN	Data Raw: 32 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 39 30 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 39 37 34 34 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20 Data Ascii: 2c8<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6190" elapsed_seconds="9744"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-12-13 10:42:24 UTC	198	IN	Data Raw: 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 3f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-12-13 10:42:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2023-12-13 10:42:24 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
2023-12-13 10:42:24 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-12-13 10:42:24 UTC	1627	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 13 Dec 2023 10:42:24 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-ryb-WaEz89fCb1tdLx1mUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-12-13 10:42:24 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-12-13 10:42:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2023-12-13 10:42:24 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ysTDZMxgS+v43hE&MD=zHv4vut8 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-13 10:42:25 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 33090f72-cb0b-43f6-a7df-6e2e12d77752 MS-RequestId: b04cc982-cdda-4e10-9cb8-49ff6dbb67af MS-CV: eIetA308Kk6JCUff.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 13 Dec 2023 10:42:24 GMT Connection: close Content-Length: 25457
2023-12-13 10:42:25 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-12-13 10:42:25 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Timestamp	Bytes transferred	Direction	Data
2023-12-13 10:42:25 UTC	548	OUT	GET /aperture/aperture.js HTTP/1.1 Host: cdn.perfdrive.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: http://www.manutan-collectivites.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-13 10:42:25 UTC	422	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Content-Length: 26692 Access-Control-Allow-Origin: * Accept-Ranges: bytes Via: 1.1 google Date: Wed, 13 Dec 2023 10:42:25 GMT Cache-Control: max-age=3600,public Last-Modified: Wed, 25 Oct 2023 04:28:49 GMT ETag: "65389981-6844" Content-Type: application/javascript Vary: Accept-Encoding Age: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-12-13 10:42:25 UTC	830	IN	Data Raw: 74 72 79 7b 28 66 75 6e 63 74 69 6f 6e 28 61 2c 67 29 7b 66 75 6e 63 74 69 6f 6e 20 44 28 62 2c 63 29 7b 76 61 72 20 66 3d 6e 75 6c 6c 3b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 63 7c 7c 21 30 3d 3d 3d 63 7c 7c 22 74 72 75 65 22 3d 3d 3d 63 29 7b 4b 3d 67 2e 63 6f 6f 6b 69 65 2e 73 70 6c 69 74 28 22 3b 22 29 3b 76 61 72 20 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 5c 5c 73 2a 22 2b 62 2b 22 3d 5c 5c 73 2a 28 2e 2a 3f 29 5c 5c 73 2a 24 22 29 7d 65 6c 73 65 20 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 3d 74 79 70 65 6f 66 20 63 7c 7c 30 3d 3d 63 7c 7c 22 66 61 6c 73 65 22 3d 3d 63 7c 7c 30 3d 3d 63 7c 7c 6e 75 6c 6c 3d 3d 63 29 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 5c 5c 73 2a 22 2b 62 2b 68 2b 22 3d 5c 5c 73 Data Ascii: try{(function(a,g){function D(b,c){var f=null;if("undefined"!==typeof c\|\|!0===c\|\|"true"===c){K=g.cookie.split(";");var e=new RegExp("^\\s"+b+"=\\s(.?)\\s$")}else if("undefined"===typeof c\|\|0==c\|\|"false"==c\|\|0==c\|\|null==c)e=new RegExp("^\\s*"+b+h+"=\\s
2023-12-13 10:42:25 UTC	1252	IN	Data Raw: 6e 2d 31 39 37 30 20 30 30 3a 30 30 3a 30 31 20 47 4d 54 3b 20 70 61 74 68 3d 2f 3b 20 64 6f 6d 61 69 6e 3d 22 2b 63 5b 65 5d 2b 22 3b 22 7d 63 61 74 63 68 28 64 29 7b 7d 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 62 26 26 21 31 21 3d 3d 62 26 26 6e 75 6c 6c 21 3d 3d 62 26 26 62 3d 3d 66 29 72 65 74 75 72 6e 20 55 28 22 5f 5f 73 73 64 73 22 2c 65 2b 32 2c 63 5b 65 5d 29 2c 65 2b 32 7d 7d 65 6c 73 65 20 72 65 74 75 72 6e 21 31 3b 65 6c 73 65 20 72 65 74 75 72 6e 21 31 7d 76 61 72 20 42 3d 7b 22 38 34 61 61 22 3a 22 73 65 6e 64 22 2c 74 65 73 74 61 65 66 64 3a 22 73 65 6e 64 22 2c 0a 20 20 20 20 20 20 20 20 22 39 35 35 66 22 3a 22 73 65 6e 64 22 2c 62 66 62 65 3a 22 73 65 6e 64 22 2c 39 39 31 36 3a 22 73 65 6e 64 22 2c 63 38 63 Data Ascii: n-1970 00:00:01 GMT; path=/; domain="+c[e]+";"}catch(d){}if("undefined"!==typeof b&&!1!==b&&null!==b&&b==f)return U("__ssds",e+2,c[e]),e+2}}else return!1;else return!1}var B={"84aa":"send",testaefd:"send", "955f":"send",bfbe:"send",9916:"send",c8c
2023-12-13 10:42:25 UTC	1252	IN	Data Raw: 74 79 70 65 6f 66 20 61 2e 53 53 4a 53 43 6f 6e 6e 65 63 74 6f 72 4f 62 6a 2e 63 31 26 26 0a 20 20 20 20 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 61 2e 53 53 4a 53 43 6f 6e 6e 65 63 74 6f 72 4f 62 6a 2e 63 31 26 26 28 79 3d 61 2e 53 53 4a 53 43 6f 6e 6e 65 63 74 6f 72 4f 62 6a 2e 63 31 2c 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 61 2e 53 53 4a 53 43 6f 6e 6e 65 63 74 6f 72 4f 62 6a 2e 63 33 26 26 22 73 74 72 69 6e 67 22 3d 3d 3d 74 79 70 65 6f 66 20 61 2e 53 53 4a 53 43 6f 6e 6e 65 63 74 6f 72 4f 62 6a 2e 63 33 26 26 28 6e 3d 61 2e 53 53 4a 53 43 6f 6e 6e 65 63 74 6f 72 4f 62 6a 2e 63 33 29 2c 79 3d 79 2b 22 2f 22 2b 6e 29 3b 30 3e 3d 75 26 26 30 3c 75 26 26 28 61 2e 73 73 50 65 72 66 6f 72 6d 61 6e 63 65 4d 65 74 72 69 Data Ascii: typeof a.SSJSConnectorObj.c1&& "string"===typeof a.SSJSConnectorObj.c1&&(y=a.SSJSConnectorObj.c1,"undefined"!==typeof a.SSJSConnectorObj.c3&&"string"===typeof a.SSJSConnectorObj.c3&&(n=a.SSJSConnectorObj.c3),y=y+"/"+n);0>=u&&0<u&&(a.ssPerformanceMetri
2023-12-13 10:42:25 UTC	1252	IN	Data Raw: 69 6d 65 4c 6f 67 73 2e 67 65 6e 65 72 61 74 65 4a 53 49 6e 66 6f 50 61 79 6c 6f 61 64 45 6e 64 54 69 6d 65 3a 22 4e 41 22 2c 72 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 2e 73 73 54 69 6d 65 4c 6f 67 73 2e 70 6f 73 74 44 61 74 61 53 74 61 72 74 54 69 6d 65 3f 77 69 6e 64 6f 77 2e 73 73 54 69 6d 65 4c 6f 67 73 2e 70 6f 73 74 44 61 74 61 53 74 61 72 74 54 69 6d 65 3a 22 4e 41 22 2c 76 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 2e 73 73 54 69 6d 65 4c 6f 67 73 2e 72 65 73 70 6f 6e 73 65 53 74 61 72 74 54 69 6d 65 3f 77 69 6e 64 6f 77 2e 73 73 54 69 6d 65 4c 6f 67 73 2e 72 65 73 70 6f 6e 73 65 53 74 61 72 74 54 69 6d 65 3a 22 4e 41 22 29 3a 76 3d 72 3d 6d 3d 70 3d 71 3d 6b 3d Data Ascii: imeLogs.generateJSInfoPayloadEndTime:"NA",r="undefined"!==typeof window.ssTimeLogs.postDataStartTime?window.ssTimeLogs.postDataStartTime:"NA",v="undefined"!==typeof window.ssTimeLogs.responseStartTime?window.ssTimeLogs.responseStartTime:"NA"):v=r=m=p=q=k=
2023-12-13 10:42:25 UTC	1252	IN	Data Raw: 47 45 54 22 2c 51 2c 21 30 29 3a 4a 3d 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 4a 7d 28 79 2b 61 61 29 3b 52 26 26 28 52 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 52 2e 73 65 6e 64 28 29 29 7d 63 61 74 63 68 28 51 29 7b 7d 7d 7d 29 3b 0a 20 20 20 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 62 3d 7b 74 72 69 64 65 6e 74 3a 5b 22 62 65 68 61 76 69 6f 72 22 2c 22 20 6d 73 53 63 72 6f 6c 6c 4c 69 6d 69 74 22 5d 2c 65 64 67 65 68 74 6d 6c 3a 5b 22 6d 73 54 65 78 74 53 69 7a 65 41 64 6a 75 73 74 22 2c 22 62 65 68 61 76 69 6f 72 22 2c 22 6d 73 53 63 72 6f 6c 6c 4c 69 6d 69 74 22 5d 2c 77 65 62 6b 69 74 3a 5b 22 57 65 62 6b 69 74 41 70 70 65 61 72 61 6e 63 65 22 5d 2c 67 65 63 6b 6f 3a 5b 22 4d 6f 7a Data Ascii: GET",Q,!0):J=null;return J}(y+aa);R&&(R.onreadystatechange=function(){},R.send())}catch(Q){}}}); n=function(){var b={trident:["behavior"," msScrollLimit"],edgehtml:["msTextSizeAdjust","behavior","msScrollLimit"],webkit:["WebkitAppearance"],gecko:["Moz
2023-12-13 10:42:25 UTC	1252	IN	Data Raw: 65 6e 64 6f 72 29 63 2e 6f 70 65 72 61 2b 3d 35 3b 22 6d 73 54 65 78 74 53 69 7a 65 41 64 6a 75 73 74 22 69 6e 20 42 72 6f 77 73 65 72 53 74 79 6c 65 26 26 21 28 22 6d 73 46 6c 65 78 22 69 6e 20 42 72 6f 77 73 65 72 53 74 79 6c 65 29 26 26 28 63 2e 65 64 67 65 68 74 6d 6c 2b 3d 32 29 3b 22 41 63 74 69 76 65 58 4f 62 6a 65 63 74 22 69 6e 20 61 26 26 28 63 2e 74 72 69 64 65 6e 74 2b 3d 35 29 3b 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 43 53 53 26 26 43 53 53 2e 73 75 70 70 6f 72 74 73 28 22 2d 6d 6f 7a 2d 62 61 63 6b 66 61 63 65 2d 76 69 73 69 62 69 6c 69 74 79 22 2c 22 68 69 64 64 65 6e 22 29 26 26 28 63 2e 67 65 63 6b 6f 2b 3d 35 29 3b 66 6f 72 28 69 20 69 6e 20 63 29 69 66 28 30 21 3d 3d 63 5b 69 5d 29 7b 66 3d 69 3b 62 72 65 61 6b Data Ascii: endor)c.opera+=5;"msTextSizeAdjust"in BrowserStyle&&!("msFlex"in BrowserStyle)&&(c.edgehtml+=2);"ActiveXObject"in a&&(c.trident+=5);"undefined"!==typeof CSS&&CSS.supports("-moz-backface-visibility","hidden")&&(c.gecko+=5);for(i in c)if(0!==c[i]){f=i;break
2023-12-13 10:42:25 UTC	1252	IN	Data Raw: 77 65 62 6b 69 74 2c 62 72 6f 77 73 65 72 3a 64 2e 63 68 72 6f 6d 65 7d 3a 28 62 2e 6c 61 79 6f 75 74 65 6e 67 69 6e 65 3d 65 2e 77 65 62 6b 69 74 2c 62 2e 62 72 6f 77 73 65 72 3d 22 77 65 62 6b 69 74 44 61 73 68 62 6f 61 72 64 52 65 67 69 6f 6e 22 69 6e 20 42 72 6f 77 73 65 72 53 74 79 6c 65 3f 64 2e 73 61 66 61 72 69 3a 22 77 65 62 6b 69 74 4f 76 65 72 66 6c 6f 77 53 63 72 6f 6c 6c 69 6e 67 22 69 6e 20 42 72 6f 77 73 65 72 53 74 79 6c 65 3f 64 2e 69 6f 73 53 61 66 61 72 69 3a 22 6e 6f 74 20 6b 6e 6f 77 22 29 29 3a 22 6f 70 65 72 61 22 3d 3d 3d 0a 20 20 20 20 66 3f 62 3d 7b 6c 61 79 6f 75 74 65 6e 67 69 6e 65 3a 65 2e 77 65 62 6b 69 74 2c 62 72 6f 77 73 65 72 3a 64 2e 6f 70 65 72 61 7d 3a 22 67 65 63 6b 6f 22 3d 3d 3d 66 3f 28 62 3d 7b 6c 61 79 6f 75 74 Data Ascii: webkit,browser:d.chrome}:(b.layoutengine=e.webkit,b.browser="webkitDashboardRegion"in BrowserStyle?d.safari:"webkitOverflowScrolling"in BrowserStyle?d.iosSafari:"not know")):"opera"=== f?b={layoutengine:e.webkit,browser:d.opera}:"gecko"===f?(b={layout
2023-12-13 10:42:25 UTC	1252	IN	Data Raw: 26 6e 75 6c 6c 21 3d 3d 68 26 26 21 31 21 3d 3d 68 3f 28 68 3d 70 61 72 73 65 49 6e 74 28 68 5b 31 5d 29 2c 61 2e 53 53 4a 53 43 6f 6e 6e 65 63 74 6f 72 4f 62 6a 2e 64 6f 6d 61 69 6e 5f 69 6e 66 6f 3d 68 2c 45 3d 21 30 29 3a 28 68 3d 4c 28 29 2c 61 2e 53 53 4a 53 43 6f 6e 6e 65 63 74 6f 72 4f 62 6a 2e 64 6f 6d 61 69 6e 5f 69 6e 66 6f 3d 68 29 29 3a 68 3d 61 2e 53 53 4a 53 43 6f 6e 6e 65 63 74 6f 72 4f 62 6a 2e 64 6f 6d 61 69 6e 5f 69 6e 66 6f 3f 70 61 72 73 65 49 6e 74 28 61 2e 53 53 4a 53 43 6f 6e 6e 65 63 74 6f 72 4f 62 6a 2e 64 6f 6d 61 69 6e 5f 69 6e 66 6f 29 3a 32 3a 28 68 3d 4c 28 29 2c 61 2e 53 53 4a 53 43 6f 6e 6e 65 63 74 6f 72 4f 62 6a 2e 64 6f 6d 61 69 6e 5f 69 6e 66 6f 3d 68 29 3a 28 61 2e 53 53 4a 53 43 6f 6e 6e 65 63 74 6f 72 4f 62 6a 3d 7b Data Ascii: &null!==h&&!1!==h?(h=parseInt(h[1]),a.SSJSConnectorObj.domain_info=h,E=!0):(h=L(),a.SSJSConnectorObj.domain_info=h)):h=a.SSJSConnectorObj.domain_info?parseInt(a.SSJSConnectorObj.domain_info):2:(h=L(),a.SSJSConnectorObj.domain_info=h):(a.SSJSConnectorObj={
2023-12-13 10:42:25 UTC	1252	IN	Data Raw: 65 66 69 6e 65 64 22 3d 3d 3d 74 79 70 65 6f 66 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 63 3d 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 3b 22 77 69 74 68 43 72 65 64 65 6e 74 69 61 6c 73 22 69 6e 20 63 3f 28 63 2e 6f 70 65 6e 28 22 50 4f 53 54 22 2c 62 2c 21 30 29 2c 63 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 29 3a 63 3d 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 63 7d 2c 41 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 61 2e 65 6e 63 6f 64 65 55 52 49 43 6f 6d Data Ascii: efined"===typeof XMLHttpRequest)return null;var c=new XMLHttpRequest;"withCredentials"in c?(c.open("POST",b,!0),c.setRequestHeader("Content-type","application/x-www-form-urlencoded")):c=null;return c},A=function(b){return"function"===typeof a.encodeURICom
2023-12-13 10:42:25 UTC	1252	IN	Data Raw: 6d 61 78 54 6f 75 63 68 50 6f 69 6e 74 73 3a 22 22 3a 22 22 29 2b 27 22 2c 22 6a 37 22 3a 22 27 2b 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 0a 20 20 20 20 20 20 20 20 74 79 70 65 6f 66 20 61 2e 73 63 72 65 65 6e 3f 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 61 2e 73 63 72 65 65 6e 2e 63 6f 6c 6f 72 44 65 70 74 68 3f 61 2e 73 63 72 65 65 6e 2e 63 6f 6c 6f 72 44 65 70 74 68 3a 22 22 3a 22 22 29 2b 27 22 2c 22 6a 38 22 3a 22 27 2b 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 61 2e 73 63 72 65 65 6e 3f 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 61 2e 73 63 72 65 65 6e 2e 77 69 64 74 68 3f 61 2e 73 63 72 65 65 6e 2e 77 69 64 74 68 3a 22 22 3a 22 22 29 2b 27 22 2c 22 6a 39 22 3a 22 27 2b 28 22 75 Data Ascii: maxTouchPoints:"":"")+'","j7":"'+("undefined"!== typeof a.screen?"undefined"!==typeof a.screen.colorDepth?a.screen.colorDepth:"":"")+'","j8":"'+("undefined"!==typeof a.screen?"undefined"!==typeof a.screen.width?a.screen.width:"":"")+'","j9":"'+("u

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report COL231200539.pdf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

(copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\2b27b938-a4a8-48ba-befc-f980b4c22a89.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\efcc9da2-5fdc-4ece-bc0f-498dd0cd9dfe.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-231213104132Z-152.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5796

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.5796

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Windows Analysis Report
COL231200539.pdf

Timestamp	Bytes transferred	Direction	Data
2023-12-13 10:42:26 UTC	480	OUT	GET /favicon.ico HTTP/1.1 Host: www.manutan-collectivites.fr Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://www.manutan-collectivites.fr/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-13 10:42:27 UTC	8136	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Date: Wed, 13 Dec 2023 10:42:27 GMT x-unique-id: 33b99ef7069dc0e660614c01e148c95e content-security-policy: font-src .fontawesome.com .gstatic.com 'self' data: .yotpo.com .googleapis.com chrome-extension: https://.hotjar.com https://.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com .amazon.com .amazon.co.uk .amazon.co.jp .amazon.jp .amazon.it .amazon.fr .amazon.es .amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com .ogone.com .ingenico.com .v-psp.com .epdq.co.uk .postfinance.ch .paypage.be .payengine.de .eupayglobe.com .tpvecommerce.es .yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net .adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com .youtube.com https://www.google.com/recaptcha/ .amazon.com .amazon.co.uk .amazon.co.jp .amazon.jp .amazon.it .amazon.fr .amazon.es .amazon.de .payments-amazon.com .payments-amazon.co.uk .payments-amazon.co.jp .payments-amazon.jp .payments-amazon.it .payments-amazon.fr .payments-amazon.es .payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com .dotdigital-pages.com .dotdigital.com cdn.dnky.co webchat.dotdigital.com .ogone.com .ingenico.com .v-psp.com .epdq.co.uk .postfinance.ch .paypage.be .payengine.de .eupayglobe.com .tpvecommerce.es .yotpo.com https://www.google.com/recaptcha/api2/anchor https://www.google.com/recaptcha/api2/bframe https://.hotjar.com https://.hotjar.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net .ssl-images-amazon.com .ssl-images-amazon.co.uk .ssl-images-amazon.co.jp .ssl-images-amazon.jp .ssl-images-amazon.it .ssl-images-amazon.fr .ssl-images-amazon.es .ssl-images-amazon.de .media-amazon.com .media-amazon.co.uk .media-amazon.co.jp .media-amazon.jp .media-amazon.it .media-amazon.fr .media-amazon.es .media-amazon.de display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 'self' data: .yotpo.com https://.facebook.com https://.windows.net https://.quanta.io https://.bing.com https://.linkedin.com https://.twitter.com https://.clarity.ms https://t.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com .adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .payments-amazon.com .payments-amazon.co.uk .payments-amazon.co.jp .payments-amazon.jp .payments-amazon.it .payments-amazon.fr .payments-amazon.es .payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com .trackedlink.net .trackedweb.net .dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com .google.com .gstatic.com .yotpo.com https://www.googleoptimize.com/optimize.js https://.cookielaw.org https://.perfdrive.com https://.go-mpulse.net https://.newrelic.com https://.hotjar.com https://.hotjar.io https://.bing.com https://.licdn.com https://.netdna-ssl.com https://.facebook.net https://.twitter.com https://.ads-twitter.com https://.quanta.io https://.clarity.ms https://.voicepublisher.net https://.nr-data.net https://.demoup.com https://.facebook.com https://.google-analytics.com https://.akamaihd.net https://.youtube.com https://.windows.net https://.dexem.net https://.polyfill.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src .adobe.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com .fontawesome.com .googleapis.com .gstatic.com .yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src .adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com .amazon.com .amazon.co.uk .amazon.co.jp .amazon.jp .amazon.it .amazon.fr .amazon.es .amazon.de .amazonpay.com .amazonpay.co.uk .amazonpay.co.jp .amazonpay.jp .amazonpay.it .amazonpay.fr .amazonpay.es .amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com .trackedlink.net .trackedweb.net .dotdigital-pages.com webchat.dotdigital.com .ogone.com .ingenico.com .v-psp.com .epdq.co.uk .postfinance.ch .paypage.be .payengine.de .eupayglobe.com .tpvecommerce.es t.elasticsuite.io .google-analytics.com .yotpo.com https://.google-analytics.com https://cdn.cookielaw.org/ https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://.perfdrive.com https://.go-mpulse.net https://.doubleclick.net https://.nr-data.net https://.clarity.ms https://.facebook.com https://.hotjar.com https://.akstat.io https://.voicepublisher.net https://.akamaihd.net https://.oribi.io https://.polyfill.io https://.hotjar.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src .googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; x-content-type-options: nosniff, nosniff x-xss-protection: 1; mode=block, 1; mode=block x-frame-options: SAMEORIGIN, SAMEORIGIN Pragma: no-cache Expires: 0 Cache-Control: no-store, no-cache="Set-Cookie" x-front: front4 x-fstrz: stc,Z,p Server: fasterize Vary: Accept-Encoding,Accept-Encoding X-Cache: Error from cloudfront Via: 1.1 e6d9afb708094d99147362cbe3738172.cloudfront.net (CloudFront) X-Amz-Cf-Pop: MIA3-C4 X-Amz-Cf-Id: c-U3BqbOA2ttxFR027fLm346qwiPnnEdJbSNNX53RaQi8Yfik2TOAg==
2023-12-13 10:42:27 UTC	16384	IN	Data Raw: 36 30 64 62 0d 0a 20 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 66 72 22 3e 3c 68 65 61 64 20 3e 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 4c 61 20 70 61 67 65 20 71 75 65 20 76 6f 75 73 20 63 68 65 72 63 68 65 7a 20 6e 26 23 30 33 39 3b 65 78 69 73 74 65 20 70 61 73 2e 20 20 20 7c 20 4d 61 6e 75 74 61 6e 20 43 6f 6c 6c 65 63 74 69 76 69 74 c3 a9 73 22 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4c 61 20 70 61 67 65 20 71 75 65 20 76 6f 75 73 20 63 68 65 72 63 68 65 7a 20 6e 26 23 30 33 39 3b 65 78 69 73 74 65 20 70 61 73 2e 20 22 2f 3e Data Ascii: 60db <!doctype html><html lang="fr"><head > <meta charset="utf-8"/><meta name="title" content="La page que vous cherchez n'existe pas. \| Manutan Collectivits"/><meta name="description" content="La page que vous cherchez n'existe pas. "/>

Timestamp	Bytes transferred	Direction	Data
2023-12-13 10:43:54 UTC	449	OUT	GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=000000000000000000000000000000000000000085E7C23D86 HTTP/1.1 Host: clients1.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br
2023-12-13 10:43:54 UTC	817	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-8yRB9TgcYOHyrV4x8Liiow' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1 Content-Security-Policy: script-src 'report-sample' 'nonce-8RWDvuzpf_3OkIwFEKw1Nw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1 Content-Type: text/plain; charset=utf-8 Content-Length: 220 Date: Wed, 13 Dec 2023 10:43:54 GMT Expires: Wed, 13 Dec 2023 10:43:54 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-12-13 10:43:54 UTC	220	IN	Data Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 38 38 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 38 38 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 38 38 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 38 38 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 38 38 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 38 38 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 66 62 64 37 30 39 64 62 0a Data Ascii: rlzC1: 1C1ONGR_enUS1088rlzC2: 1C2ONGR_enUS1088rlzC7: 1C7ONGR_enUS1088dcc: set_dcc: C1:1C1ONGR_enUS1088,C2:1C2ONGR_enUS1088,C7:1C7ONGR_enUS1088events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: fbd709db

Target ID:	0
Start time:	11:41:27
Start date:	13/12/2023
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\COL231200539.pdf
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	1
Start time:	11:41:28
Start date:	13/12/2023
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	9
Start time:	11:42:21
Start date:	13/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "http://www.manutan-collectivites.fr
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	10
Start time:	11:42:22
Start date:	13/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1992,i,12487864990220863951,12704819009370815086,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre