Edit tour

Windows Analysis Report
https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf

Overview

General Information

Sample URL:	https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf
Analysis ID:	1458696
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Drops files with a non-matching file extension (content does not match file extension)

HTTP GET or POST without a user agent

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2212,i,7945811400495194843,7150962842891366104,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

Acrobat.exe (PID: 2056 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 3472 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 2828 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=1684,i,6915552693595644880,6808186178863427705,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49754 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf HTTP/1.1Host: www.isda.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.isda.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdfAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=008ge1r4sq6gpkg4tp367iuk0u
Source: global traffic	HTTP traffic detected: GET /favicon2.ico HTTP/1.1Host: cdn.aws.isda.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.isda.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf HTTP/1.1Host: www.isda.orgConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=008ge1r4sq6gpkg4tp367iuk0u
Source: global traffic	HTTP traffic detected: GET /favicon2.ico HTTP/1.1Host: cdn.aws.isda.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5PCTUmYM1FDZCo3&MD=Gkwyk+ew HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5PCTUmYM1FDZCo3&MD=Gkwyk+ew HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.isda.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.aws.isda.org
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2212,i,7945811400495194843,7150962842891366104,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf"
Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=1684,i,6915552693595644880,6808186178863427705,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2212,i,7945811400495194843,7150962842891366104,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=1684,i,6915552693595644880,6808186178863427705,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=1684,i,6915552693595644880,6808186178863427705,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 210
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 210			Jump to dropped file

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	11 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label	Link
https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf	0%	Avira URL Cloud	safe
https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf	0%	Virustotal		Browse

Source	Detection	Scanner	Link
www.isda.org	0%	Virustotal	Browse
chrome.cloudflare-dns.com	0%	Virustotal	Browse
cdn.aws.isda.org	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
bg.microsoft.map.fastly.net	0%	Virustotal	Browse

Source	Detection	Scanner	Label	Link
https://ipinfo.io/	0%	URL Reputation	safe
https://cdn.aws.isda.org/favicon2.ico	0%	Avira URL Cloud	safe
https://chrome.cloudflare-dns.com/dns-query	0%	Avira URL Cloud	safe
file:///C:/Users/user/Downloads/downloaded.pdf	0%	Avira URL Cloud	safe
https://www.isda.org/favicon.ico	0%	Avira URL Cloud	safe
https://cdn.aws.isda.org/favicon2.ico	0%	Virustotal		Browse
https://chrome.cloudflare-dns.com/dns-query	0%	Virustotal		Browse
https://www.isda.org/favicon.ico	0%	Virustotal		Browse

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	0%, Virustotal, Browse	unknown
chrome.cloudflare-dns.com	172.64.41.3	true	false	0%, Virustotal, Browse	unknown
cdn.aws.isda.org	18.66.147.7	true	false	0%, Virustotal, Browse	unknown
www.isda.org	52.201.165.217	true	false	0%, Virustotal, Browse	unknown
www.google.com	216.58.206.36	true	false	0%, Virustotal, Browse	unknown

Name	Malicious	Antivirus Detection	Reputation
https://cdn.aws.isda.org/favicon2.ico	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://chrome.cloudflare-dns.com/dns-query	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ipinfo.io/	false	URL Reputation: safe	unknown
file:///C:/Users/user/Downloads/downloaded.pdf	false	Avira URL Cloud: safe	unknown
https://www.isda.org/favicon.ico	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf	false		unknown

IP	Domain	Country	ASN	ASN Name	Malicious
52.201.165.217	www.isda.org	United States	14618	AMAZON-AESUS	false
18.66.147.7	cdn.aws.isda.org	United States	3	MIT-GATEWAYSUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.66.147.121	unknown	United States	3	MIT-GATEWAYSUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1458696
Start date and time:	2024-06-18 08:36:19 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@38/54@9/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found PDF document Close Viewer

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	298
Entropy (8bit):	5.129992419167028
Encrypted:	false
SSDEEP:	6:j+7q2PN72nKuAl9OmbnIFUt8S+UDZmw+S+UZkwON72nKuAl9OmbjLJ:q7vVaHAahFUt830/+305OaHAaSJ
MD5:	03C487A1C8B4D8D34009A63D522B4E4C
SHA1:	30F84D8519CEE387B5F660C06ACDB161B86F0FF5
SHA-256:	9D6EDB10FF16E652F44A2E747C19A51EF6D9CE2C1B01D634674BA4EFD41D20BB
SHA-512:	711AEADFB222C86A2D5012A6016010DC9A7036EC3B198C3051F081831399CD4B6E7B313CB8FD89BDCE6A0FB070D28BD59616BC902D30FEB0D6DA73C27E535D95
Malicious:	false
Reputation:	low
Preview:	2024/06/18-02:38:42.020 18d0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/18-02:38:42.022 18d0 Recovering log #3.2024/06/18-02:38:42.022 18d0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.6 (zip deflate encoded)
Category:	dropped
Size (bytes):	261665
Entropy (8bit):	7.984876155555065
Encrypted:	false
SSDEEP:	6144:22CzEmSQz/XF6tsZFtIRSutvZU1e+mKGggQBR3lbvD:22Tmrj16tsSHvZU3G6Z
MD5:	C26F7D14B08BE5EBC70EFE2B8ADCC87D
SHA1:	5C6F304EC99177D2D90D54A56C81FCD26837E2B7
SHA-256:	FFEC9D0932DA38DCBE71DB0E06EC649CCA8EB300139146F7441DE74E2AE49FD4
SHA-512:	4D4052E6F2E2E5D48DDBEA607D3B3EF488D93328A0E628C2ED5F50CEFCF84DA18B2EE7E4ADD69EB56CE9391250057733010A41EE239C7DD55B3D834A0B3F1D27
Malicious:	false
Reputation:	low
Preview:	%PDF-1.6.%......35 0 obj.<</Linearized 1/L 261665/O 37/E 154155/N 3/T 261298/H [ 508 256]>>.endobj. ..55 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<A9000636F50FB65C65AE1E97F62AAF32><14549AC33F79FF4C9E99764CE1900294>]/Index[35 35]/Info 34 0 R/Length 102/Prev 261299/Root 36 0 R/Size 70/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``z.".......b.f.Hf.0).&]...`v%..."Y-@.....u.....-.$.s..{dA." .....&..@.@.T .30^...`..\.E..endstream.endobj.startxref..0..%%EOF.. ..69 0 obj.<</Filter/FlateDecode/I 182/L 166/Length 169/S 93>>stream..h.b```f``.e`a`.~. ..B@1V .........y. 2..+{..J]r.]..l........... h`H..P.@....16`......#...b.o1.a......1.".J...5....^...w....p..a8.....t...00..............B..z....]4,P..endstream.endobj.36 0 obj.<</Metadata 17 0 R/PageLabels 31 0 R/Pages 33 0 R/Type/Catalog>>.endobj.37 0 obj.<</Contents[40 0 R 41 0 R 42 0 R 43 0 R 44 0 R 45 0 R 46 0 R 48 0 R]/CropBox[0 0 612 792]/MediaBox[0 0 612 792]/Parent 33 0 R/Resources 56 0 R/Rot

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 18, 2024 08:37:22.164285898 CEST	53	63765	1.1.1.1	192.168.2.6
Jun 18, 2024 08:37:22.165307999 CEST	53	63998	1.1.1.1	192.168.2.6
Jun 18, 2024 08:37:23.554342985 CEST	53	64736	1.1.1.1	192.168.2.6
Jun 18, 2024 08:37:23.974090099 CEST	53700	53	192.168.2.6	1.1.1.1
Jun 18, 2024 08:37:23.974488020 CEST	64042	53	192.168.2.6	1.1.1.1
Jun 18, 2024 08:37:23.996126890 CEST	53	64042	1.1.1.1	192.168.2.6
Jun 18, 2024 08:37:24.014826059 CEST	53	53700	1.1.1.1	192.168.2.6
Jun 18, 2024 08:37:26.533845901 CEST	62131	53	192.168.2.6	1.1.1.1
Jun 18, 2024 08:37:26.534686089 CEST	57460	53	192.168.2.6	1.1.1.1
Jun 18, 2024 08:37:26.540777922 CEST	53	62131	1.1.1.1	192.168.2.6
Jun 18, 2024 08:37:26.541627884 CEST	53	57460	1.1.1.1	192.168.2.6
Jun 18, 2024 08:37:27.884346962 CEST	57340	53	192.168.2.6	1.1.1.1
Jun 18, 2024 08:37:27.884756088 CEST	54679	53	192.168.2.6	1.1.1.1
Jun 18, 2024 08:37:28.048213959 CEST	53	54679	1.1.1.1	192.168.2.6
Jun 18, 2024 08:37:28.048302889 CEST	53	57340	1.1.1.1	192.168.2.6
Jun 18, 2024 08:37:29.302901983 CEST	58001	53	192.168.2.6	1.1.1.1
Jun 18, 2024 08:37:29.303633928 CEST	56036	53	192.168.2.6	1.1.1.1
Jun 18, 2024 08:37:29.342432022 CEST	53	56036	1.1.1.1	192.168.2.6
Jun 18, 2024 08:37:29.354439020 CEST	53	58001	1.1.1.1	192.168.2.6
Jun 18, 2024 08:37:40.842355013 CEST	53	53582	1.1.1.1	192.168.2.6
Jun 18, 2024 08:37:59.944591999 CEST	53	52019	1.1.1.1	192.168.2.6
Jun 18, 2024 08:38:21.815973043 CEST	53	57265	1.1.1.1	192.168.2.6
Jun 18, 2024 08:38:22.324947119 CEST	53	64798	1.1.1.1	192.168.2.6
Jun 18, 2024 08:38:47.645592928 CEST	52702	53	192.168.2.6	1.1.1.1
Jun 18, 2024 08:38:47.654561043 CEST	53	52702	1.1.1.1	192.168.2.6
Jun 18, 2024 08:38:54.035972118 CEST	49940	443	192.168.2.6	172.64.41.3
Jun 18, 2024 08:38:54.347479105 CEST	49940	443	192.168.2.6	172.64.41.3
Jun 18, 2024 08:38:54.641580105 CEST	443	49940	172.64.41.3	192.168.2.6
Jun 18, 2024 08:38:54.641623974 CEST	443	49940	172.64.41.3	192.168.2.6
Jun 18, 2024 08:38:54.641643047 CEST	443	49940	172.64.41.3	192.168.2.6
Jun 18, 2024 08:38:54.641839981 CEST	443	49940	172.64.41.3	192.168.2.6
Jun 18, 2024 08:38:54.641951084 CEST	443	49940	172.64.41.3	192.168.2.6
Jun 18, 2024 08:38:54.642282963 CEST	49940	443	192.168.2.6	172.64.41.3
Jun 18, 2024 08:38:54.645334959 CEST	49940	443	192.168.2.6	172.64.41.3
Jun 18, 2024 08:38:54.959100008 CEST	49940	443	192.168.2.6	172.64.41.3
Jun 18, 2024 08:38:55.086867094 CEST	443	49940	172.64.41.3	192.168.2.6
Jun 18, 2024 08:38:55.601006985 CEST	49940	443	192.168.2.6	172.64.41.3
Jun 18, 2024 08:38:55.601336956 CEST	49940	443	192.168.2.6	172.64.41.3
Jun 18, 2024 08:38:55.732567072 CEST	443	49940	172.64.41.3	192.168.2.6
Jun 18, 2024 08:38:55.732610941 CEST	443	49940	172.64.41.3	192.168.2.6
Jun 18, 2024 08:38:55.732640982 CEST	443	49940	172.64.41.3	192.168.2.6
Jun 18, 2024 08:38:55.732671022 CEST	443	49940	172.64.41.3	192.168.2.6
Jun 18, 2024 08:38:55.733619928 CEST	49940	443	192.168.2.6	172.64.41.3
Jun 18, 2024 08:38:55.733813047 CEST	49940	443	192.168.2.6	172.64.41.3
Jun 18, 2024 08:38:55.870518923 CEST	443	49940	172.64.41.3	192.168.2.6
Jun 18, 2024 08:38:55.896164894 CEST	49940	443	192.168.2.6	172.64.41.3
Jun 18, 2024 08:39:07.835800886 CEST	49940	443	192.168.2.6	172.64.41.3

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:12 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 4e 31 44 63 73 74 33 62 6a 30 6d 4a 74 69 6f 45 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 39 36 62 31 61 38 61 38 36 39 32 62 34 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: N1Dcst3bj0mJtioE.1Context: 196b1a8a8692b4b
2024-06-18 06:37:12 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-06-18 06:37:12 UTC	1063	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 30 0d 0a 4d 53 2d 43 56 3a 20 4e 31 44 63 73 74 33 62 6a 30 6d 4a 74 69 6f 45 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 39 36 62 31 61 38 61 38 36 39 32 62 34 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 46 46 37 58 45 53 51 4f 6a 4b 76 78 75 63 7a 43 58 79 52 36 48 37 74 75 57 73 56 73 54 72 50 52 35 36 74 32 36 4e 52 4b 4f 37 34 62 64 34 66 4b 67 37 48 55 32 66 53 5a 38 2f 37 39 5a 65 33 4d 69 47 53 45 77 4d 4c 31 4e 4d 36 38 2b 4f 69 56 2b 6d 70 78 39 34 6d 36 65 77 72 46 46 59 42 59 42 78 4e 4b 50 65 31 46 69 37 67 70 6b Data Ascii: ATH 2 CON\DEVICE 1040MS-CV: N1Dcst3bj0mJtioE.2Context: 196b1a8a8692b4b<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATFF7XESQOjKvxuczCXyR6H7tuWsVsTrPR56t26NRKO74bd4fKg7HU2fSZ8/79Ze3MiGSEwML1NM68+OiV+mpx94m6ewrFFYBYBxNKPe1Fi7gpk
2024-06-18 06:37:12 UTC	73	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 35 0d 0a 4d 53 2d 43 56 3a 20 4e 31 44 63 73 74 33 62 6a 30 6d 4a 74 69 6f 45 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 39 36 62 31 61 38 61 38 36 39 32 62 34 62 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 55MS-CV: N1Dcst3bj0mJtioE.3Context: 196b1a8a8692b4b
2024-06-18 06:37:12 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-06-18 06:37:12 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 63 6b 44 4d 76 41 55 48 79 45 57 66 2f 51 43 79 56 43 6f 70 47 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: ckDMvAUHyEWf/QCyVCopGg.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:12 UTC	59	OUT	GET / HTTP/1.1 Host: ipinfo.io Connection: Keep-Alive
2024-06-18 06:37:12 UTC	513	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Tue, 18 Jun 2024 06:37:12 GMT content-type: application/json; charset=utf-8 Content-Length: 314 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 2 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-06-18 06:37:12 UTC	314	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 30 2e 73 74 61 74 69 63 2e 71 75 61 64 72 61 6e 65 74 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 44 61 6c 6c 61 73 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 54 65 78 61 73 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 33 32 2e 38 31 35 32 2c 2d 39 36 2e 38 37 30 33 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 38 31 30 30 20 51 75 61 64 72 61 4e 65 74 20 45 6e 74 65 72 70 72 69 73 65 73 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 37 35 32 34 37 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 41 6d 65 72 Data Ascii: { "ip": "173.254.250.90", "hostname": "173.254.250.90.static.quadranet.com", "city": "Dallas", "region": "Texas", "country": "US", "loc": "32.8152,-96.8703", "org": "AS8100 QuadraNet Enterprises LLC", "postal": "75247", "timezone": "Amer

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:15 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2f 6f 6b 4c 38 78 6b 68 30 45 4b 64 54 72 53 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 35 35 65 63 63 30 62 33 31 62 31 33 66 36 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: /okL8xkh0EKdTrS4.1Context: 655ecc0b31b13f64
2024-06-18 06:37:15 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-06-18 06:37:15 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 2f 6f 6b 4c 38 78 6b 68 30 45 4b 64 54 72 53 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 35 35 65 63 63 30 62 33 31 62 31 33 66 36 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 46 46 37 58 45 53 51 4f 6a 4b 76 78 75 63 7a 43 58 79 52 36 48 37 74 75 57 73 56 73 54 72 50 52 35 36 74 32 36 4e 52 4b 4f 37 34 62 64 34 66 4b 67 37 48 55 32 66 53 5a 38 2f 37 39 5a 65 33 4d 69 47 53 45 77 4d 4c 31 4e 4d 36 38 2b 4f 69 56 2b 6d 70 78 39 34 6d 36 65 77 72 46 46 59 42 59 42 78 4e 4b 50 65 31 46 69 37 67 70 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: /okL8xkh0EKdTrS4.2Context: 655ecc0b31b13f64<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATFF7XESQOjKvxuczCXyR6H7tuWsVsTrPR56t26NRKO74bd4fKg7HU2fSZ8/79Ze3MiGSEwML1NM68+OiV+mpx94m6ewrFFYBYBxNKPe1Fi7gp
2024-06-18 06:37:15 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2f 6f 6b 4c 38 78 6b 68 30 45 4b 64 54 72 53 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 35 35 65 63 63 30 62 33 31 62 31 33 66 36 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: /okL8xkh0EKdTrS4.3Context: 655ecc0b31b13f64<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-06-18 06:37:15 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-06-18 06:37:15 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 67 41 6b 5a 58 57 53 65 34 6b 4b 38 38 38 47 67 77 63 58 42 43 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: gAkZXWSe4kK888GgwcXBCQ.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:18 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 68 6a 72 44 38 6f 31 5a 44 6b 4f 52 6e 76 51 30 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 32 62 66 30 62 61 39 38 31 62 34 38 35 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: hjrD8o1ZDkORnvQ0.1Context: 562bf0ba981b485d
2024-06-18 06:37:18 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-06-18 06:37:18 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 68 6a 72 44 38 6f 31 5a 44 6b 4f 52 6e 76 51 30 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 32 62 66 30 62 61 39 38 31 62 34 38 35 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 46 46 37 58 45 53 51 4f 6a 4b 76 78 75 63 7a 43 58 79 52 36 48 37 74 75 57 73 56 73 54 72 50 52 35 36 74 32 36 4e 52 4b 4f 37 34 62 64 34 66 4b 67 37 48 55 32 66 53 5a 38 2f 37 39 5a 65 33 4d 69 47 53 45 77 4d 4c 31 4e 4d 36 38 2b 4f 69 56 2b 6d 70 78 39 34 6d 36 65 77 72 46 46 59 42 59 42 78 4e 4b 50 65 31 46 69 37 67 70 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: hjrD8o1ZDkORnvQ0.2Context: 562bf0ba981b485d<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATFF7XESQOjKvxuczCXyR6H7tuWsVsTrPR56t26NRKO74bd4fKg7HU2fSZ8/79Ze3MiGSEwML1NM68+OiV+mpx94m6ewrFFYBYBxNKPe1Fi7gp
2024-06-18 06:37:18 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 68 6a 72 44 38 6f 31 5a 44 6b 4f 52 6e 76 51 30 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 36 32 62 66 30 62 61 39 38 31 62 34 38 35 64 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: hjrD8o1ZDkORnvQ0.3Context: 562bf0ba981b485d
2024-06-18 06:37:18 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-06-18 06:37:18 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 36 72 44 6a 69 4d 58 4a 6e 45 4f 62 4c 30 62 39 4b 79 6c 30 68 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 6rDjiMXJnEObL0b9Kyl0hw.0Payload parsing failed.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b1bac4f3-d163-4063-a214-5945520ec20f.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240618063846Z-166.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2196

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Windows Analysis Report
https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:24 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 68 44 78 4e 79 6c 6c 4d 6b 6d 64 76 76 75 44 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 34 36 63 34 32 32 35 38 65 38 65 66 61 38 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 7hDxNyllMkmdvvuD.1Context: d46c42258e8efa80
2024-06-18 06:37:24 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-06-18 06:37:24 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 37 68 44 78 4e 79 6c 6c 4d 6b 6d 64 76 76 75 44 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 34 36 63 34 32 32 35 38 65 38 65 66 61 38 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 46 46 37 58 45 53 51 4f 6a 4b 76 78 75 63 7a 43 58 79 52 36 48 37 74 75 57 73 56 73 54 72 50 52 35 36 74 32 36 4e 52 4b 4f 37 34 62 64 34 66 4b 67 37 48 55 32 66 53 5a 38 2f 37 39 5a 65 33 4d 69 47 53 45 77 4d 4c 31 4e 4d 36 38 2b 4f 69 56 2b 6d 70 78 39 34 6d 36 65 77 72 46 46 59 42 59 42 78 4e 4b 50 65 31 46 69 37 67 70 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 7hDxNyllMkmdvvuD.2Context: d46c42258e8efa80<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATFF7XESQOjKvxuczCXyR6H7tuWsVsTrPR56t26NRKO74bd4fKg7HU2fSZ8/79Ze3MiGSEwML1NM68+OiV+mpx94m6ewrFFYBYBxNKPe1Fi7gp
2024-06-18 06:37:24 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 37 68 44 78 4e 79 6c 6c 4d 6b 6d 64 76 76 75 44 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 34 36 63 34 32 32 35 38 65 38 65 66 61 38 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 7hDxNyllMkmdvvuD.3Context: d46c42258e8efa80<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-06-18 06:37:24 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-06-18 06:37:24 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6f 4f 73 72 54 6c 6b 39 6b 30 69 34 6c 45 59 4e 46 49 2f 2f 4f 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: oOsrTlk9k0i4lEYNFI//Ow.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:24 UTC	722	OUT	GET /a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf HTTP/1.1 Host: www.isda.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-18 06:37:25 UTC	534	IN	HTTP/1.1 200 OK Date: Tue, 18 Jun 2024 06:37:25 GMT Content-Type: application/pdf Content-Length: 261665 Connection: close Server: nginx/1.22.1 X-Powered-By: PHP/7.3.29 Set-Cookie: PHPSESSID=008ge1r4sq6gpkg4tp367iuk0u; path=/ Pragma: public Expires: 0 Cache-Control: must-revalidate, post-check=0, pre-check=0 Cache-Control: private Content-Description: File Transfer Content-Disposition: inline; filename="ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf" Content-Transfer-Encoding: binary X-Cache: MISS
2024-06-18 06:37:25 UTC	15850	IN	Data Raw: 25 50 44 46 2d 31 2e 36 0d 25 e2 e3 cf d3 0d 0a 33 35 20 30 20 6f 62 6a 0d 3c 3c 2f 4c 69 6e 65 61 72 69 7a 65 64 20 31 2f 4c 20 32 36 31 36 36 35 2f 4f 20 33 37 2f 45 20 31 35 34 31 35 35 2f 4e 20 33 2f 54 20 32 36 31 32 39 38 2f 48 20 5b 20 35 30 38 20 32 35 36 5d 3e 3e 0d 65 6e 64 6f 62 6a 0d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 35 35 20 30 20 6f 62 6a 0d 3c 3c 2f 44 65 63 6f 64 65 50 61 72 6d 73 3c 3c 2f 43 6f 6c 75 6d 6e 73 20 35 2f 50 72 65 64 69 63 74 6f 72 20 31 32 3e 3e 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 49 44 5b 3c 41 39 30 30 30 36 33 36 46 35 30 46 42 36 35 43 36 35 41 45 31 45 39 37 46 36 32 41 41 46 33 32 3e 3c 31 34 35 34 39 41 43 33 33 46 37 39 46 46 34 43 39 45 39 39 37 36 34 43 45 31 39 30 30 32 39 Data Ascii: %PDF-1.6%35 0 obj<</Linearized 1/L 261665/O 37/E 154155/N 3/T 261298/H [ 508 256]>>endobj 55 0 obj<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<A9000636F50FB65C65AE1E97F62AAF32><14549AC33F79FF4C9E99764CE190029
2024-06-18 06:37:25 UTC	10458	IN	Data Raw: 0c 88 4d b0 c3 20 c0 87 a7 a4 5a b2 14 3b 98 91 91 d1 bb ef be 0b d7 1d 6b b8 ab 10 d8 71 b8 a0 53 a6 4c 41 88 cd 79 65 a9 6a ba fe ab d6 d4 4a d7 89 7f ac ae be 46 fd cb 40 40 bd 71 e3 c6 ef bf ff de df df 9f e9 37 88 b8 e1 6f 6f db b6 6d ee dc b9 d8 36 b1 07 0e 1e 3c 18 1b 1d fc a8 99 33 67 ae 5b b7 0e 2e 7a 2b bc 29 43 68 31 f0 f1 0a 0a 0a 10 17 43 c2 70 14 dd dc dc 22 22 22 b0 2d 70 52 df 8e 05 0c fd 7a 78 78 20 3a 43 e3 3c 1e 2f 23 23 43 f1 77 91 5a 47 d7 a2 82 34 13 6b 7d 5b 6f 83 d6 a9 35 95 04 81 33 86 28 31 31 11 4e 3b fc a8 a6 d6 aa 63 27 08 8d 40 1d 5d 0b 1e 6d 5b 4c 31 b5 d1 bb ee b6 a9 ac 32 9f 06 93 20 b4 43 d7 a2 aa 15 d3 1b fa 57 9c d7 15 97 65 d2 78 12 84 76 e8 5a 74 1c b3 d1 3f 6b fb 55 56 7e 2c 0d 29 41 68 8d ae 05 d2 b6 d6 fb ed f6 a2 Data Ascii: M Z;kqSLAyejJF@@q7oom6<3g[.z+)Ch1Cp"""-pRzxx :C</##CwZG4k}[o53(11N;c'@]m[L12 CWexvZt?kUV~,)Ah
2024-06-18 06:37:25 UTC	16384	IN	Data Raw: 2e f7 6a d7 68 db 48 89 dc 9b 15 fb b1 f6 9e 6c 17 3c b3 f6 60 89 e3 22 8d 57 44 1c 7e 86 3a 53 be a5 5c d1 17 4f 52 17 3c 7b 40 2f 42 f9 3e 00 69 78 e7 08 f5 45 3d 0e 50 bf a6 81 5a 1b f4 d3 01 f8 ee 02 8a e1 3d 1a 90 a0 1d a7 11 62 7d c9 67 56 7f 16 f2 5c d8 63 0b f5 5d 54 aa 05 a8 4c cb 82 fd b8 92 66 63 dd d9 42 ed 05 9b e5 b4 19 e2 7d 3c 47 2f ba 4f bf 0f cf 60 97 19 9b 68 2e c6 54 8c 3c eb c9 15 7b 78 ab 10 e6 33 9d 1a cb 3e c3 3a d1 3a 83 b9 17 f6 ed fd 34 4b 7b 88 f2 9c 6f 52 55 4c 1e c6 61 3e 55 61 0d 53 ed 78 8b aa 9c 65 18 8f b0 17 f1 9d e1 c2 e6 db 48 0f 5c 70 f6 13 71 26 67 9f 95 21 4f 39 b6 ed 88 6f 90 9d 36 3f 73 e4 c1 76 2b a4 1d 62 cf f1 1f e6 cb 96 3d 0a 9b bb 82 c6 28 a7 43 27 f0 ad f9 78 ef 1a f1 ee 19 73 17 ca 51 8c ef 90 f8 16 f2 2b Data Ascii: .jhHl<`"WD~:S\OR<{@/B>ixE=PZ=b}gV\c]TLfcB}<G/O`h.T<{x3>::4K{oRULa>UaSxeH\pq&g!O9o6?sv+b=(C'xsQ+
2024-06-18 06:37:26 UTC	10463	IN	Data Raw: 33 48 d3 1f 18 c8 b2 25 e5 ab 82 22 51 3f f7 39 8f 7d 6d 31 d8 0f d9 34 4f 21 ee 56 60 18 da 95 0e dc 84 f8 f1 90 e1 12 99 07 f9 51 6e ba 2d 87 2d ab 28 c0 b2 17 80 16 cc 83 03 1e 27 07 96 8c 50 34 50 d7 46 73 e0 5d 60 0e f0 07 60 02 50 cc 69 50 6e 2b a4 67 39 19 8b 32 73 e0 6f ca f2 c1 b2 81 b2 78 1c f2 6d d9 a9 0d f9 6e 29 65 cc 9a 33 4b d1 8f f9 40 7d 20 c2 c0 dc b2 71 03 d2 46 f3 7c 61 99 95 f3 05 73 81 e5 91 65 8b 65 c6 a1 2c df 52 ee d7 d2 5e 6e 27 8f 79 00 8d d5 0f d2 40 e6 41 b6 1d b2 15 40 13 59 ce 98 aa 3b a8 95 a4 ad e4 9c 8d 63 79 73 a8 9c 93 16 ff 89 3c 27 1c 5a c5 0f e6 27 cf 11 a6 5a 12 25 f0 5c 65 59 ac a2 98 a7 dc 17 55 34 86 5a a2 cc 3e c6 73 e0 fd 2e ba 59 6b 4e f9 ea 58 ea a1 0d a1 5e aa 0f fa c7 cf f5 99 67 b5 7d f4 27 e5 2f 94 e4 da Data Ascii: 3H%"Q?9}m14O!V`Qn--('P4PFs]``PiPn+g92soxmn)e3K@} qF\|asee,R^n'y@A@Y;cys<'Z'Z%\eYU4Z>s.YkNX^g}'/
2024-06-18 06:37:26 UTC	16384	IN	Data Raw: 2a df b0 55 6a a7 ed 40 b0 15 6a 5b e9 0f 28 a1 4e 60 0b bd 5b 68 df 8a b6 7d f1 93 a4 3c 2d da 22 b5 f6 8c 75 76 b6 3b d6 b5 b9 21 90 cf 92 d8 5b ea dd 82 24 29 3f a0 24 21 18 13 56 4d 83 7d 1b 0d f6 75 2a 5b f2 17 9d bf eb fc a4 93 1d a7 51 fe 04 c0 24 8d f2 c7 21 c2 9f 00 98 84 28 df c7 8e 37 4e 34 4e 36 b2 e3 9d 13 9d 93 40 7b 7a e2 f4 e4 69 76 bc 7c a2 7c b2 9c ad 2d cc 80 0c d5 8b 61 86 5f fc db 26 6d d9 46 6e 4b 98 ae 96 ae 9b 4c 04 26 0d 15 b2 ea cf d8 b0 85 36 6c a5 8c 81 5f fe 3e 7d 54 82 8e a4 cf 1f 97 be a8 6c c9 37 6e a3 8f e4 ef 6e f9 42 87 a1 81 74 bf 75 db 97 e8 77 fe 2e 74 0e bc 07 cc 60 0f 42 4a 8f 12 d2 44 48 bd 5a 5e 62 f0 1b 2a 75 8e e5 e4 22 a4 54 bc c1 22 ad 5a f1 06 46 4e 4e a5 7c 83 61 5f c5 cd 48 83 c3 78 25 72 48 fc b9 86 d9 86 Data Ascii: Uj@j[(N`[h}<-"uv;![$)?$!VM}u[Q$!(7N4N6@{ziv\|\|-a_&mFnKL&6l_>}Tl7nnBtuw.t`BJDHZ^b*u"T"ZFNN\|a_Hx%rH
2024-06-18 06:37:26 UTC	16384	IN	Data Raw: e9 98 56 1d d3 c8 ee d6 ea 86 d1 8e 23 aa 41 a8 63 6a 4d 9c 72 a9 e4 ec 2a 1a 55 d3 af 82 39 f2 0d c2 74 08 78 a7 78 c1 49 89 0f 6d ea c5 ff 4d ed 45 fe 29 bd 90 0c 7f a5 02 b9 02 15 18 8f 99 81 7a b9 65 fe 98 de 08 8f e1 fc 01 23 39 c6 e7 f5 7f 4f 18 7f df e7 27 6a 87 94 3b 21 66 72 cc f7 c4 4e 9e 25 35 13 0d f1 ae 3b 90 9a 1a e8 d0 81 27 88 27 17 23 0a 1e b3 95 bf 7b c7 b4 c5 3b 64 c0 57 19 e3 05 41 f7 d1 08 f4 6d 79 69 ef 74 74 7e 52 12 0f ef 8a 1d 39 34 19 9e 40 d5 c8 12 db ef a5 c9 89 5b 29 27 3d b5 34 20 cb 38 66 b7 1b d3 74 0c c7 54 b9 31 35 d9 cb 7c 98 c7 4f 10 1f d0 36 0d 44 a4 d4 fc 8b 8e 89 8b cd 9f d1 3b 20 e2 2e 10 3d d5 8e 2f 1a ed 2b 1a 39 be c4 9b ef 2f 73 fa b6 a8 b8 96 cf 8e ef 55 13 e7 b8 84 1d 81 0e 0f e8 c9 e8 a9 41 3e 4c bd 51 e3 4b Data Ascii: V#AcjMr*U9txxImME)ze#9O'j;!frN%5;''#{;dWAmyitt~R94@[)'=4 8ftT15\|O6D; .=/+9/sUA>LQK
2024-06-18 06:37:26 UTC	16384	IN	Data Raw: 4e 8d 3e 1d d0 a3 58 93 a5 eb c1 57 9e 5e 33 ef fa eb 8f 37 b2 b3 e3 86 8f fd ca cb 21 1a 76 0c e7 89 31 f1 2f d1 8e d2 fa 98 42 15 ed 98 31 33 26 be 25 e9 3a 1c 79 a5 68 c6 0c 54 9a e7 e0 03 69 d6 98 f8 e1 91 8e 34 5d 40 17 13 df 8e 76 04 d0 25 c3 98 cf 7e d0 ae 1c f7 5e 34 7d c6 92 62 92 ee f3 72 c4 9c 6c e4 42 6e 64 0a 11 e4 f1 a6 93 12 bd 11 85 8a 38 a3 59 3e 22 62 4a 27 c4 a9 7c 74 64 b1 96 89 6c e7 4c 34 52 ca 0e bb 03 7c df a6 48 6a d0 5d fb 8b 07 f6 4d fe 7a f4 83 c9 9e 0f 7e 8e 37 fe 06 8b f8 40 cf b4 25 93 81 c9 5f fd 75 72 f5 bb ff c2 a7 be 3a 83 e7 7d ff a9 0b bb ea e7 19 1f 8c 56 cf 5e ff 83 c7 bb af 9b d9 ac f7 bc 54 37 af b3 71 fa ec 9c 69 7d f7 ba cb 6b e9 8b 93 9d 63 b7 a4 bb 73 1e c0 73 a2 07 b1 f7 b1 cf 26 8b ff f5 e7 c9 bb 7e 88 c1 ba Data Ascii: N>XW^37!v1/B13&%:yhTi4]@v%~^4}brlBnd8Y>"bJ'\|tdlL4R\|Hj]Mz~7@%_ur:}V^T7qi}kcss&~
2024-06-18 06:37:26 UTC	16384	IN	Data Raw: a1 88 b2 09 f7 7f fa da 7c 69 f3 52 e8 da 5c 34 1e 77 49 5d db d8 55 86 09 0d f6 72 0f d9 f1 84 bb 2c a8 89 d9 73 99 bf 9e 41 71 a2 9c c2 40 fc 4e 2b 65 0e 6b 8c 7a 7d 62 b4 e4 23 e6 52 59 91 68 35 aa 5f 44 28 97 a4 09 08 60 09 d7 53 12 7e 7c 12 66 8b 56 b5 a1 85 48 e7 d7 b3 75 e6 3c d7 60 ce 97 4e 50 de d4 c0 75 e4 db 1c db 13 db 47 a0 41 d3 1e c2 f5 63 1c e6 28 2a a7 1e 0e b8 01 d7 c4 b9 08 b2 7d 89 28 9a f9 51 e5 ec 68 dd 9b 64 44 d2 e6 09 03 11 39 9e 39 0d 14 d9 e0 1b ab 46 39 26 46 f7 70 9f d9 0d 1b ea 9d de 5e a3 a3 fb 3b 3b b9 61 1d 9c 88 87 39 06 7e 14 21 2d d6 c4 bb 60 79 6f e9 21 b8 52 14 e3 cd 56 ca 3d 56 06 98 c4 4a b9 07 56 66 70 8f 0a 62 82 72 1b 19 39 65 30 5c bc 79 19 c7 18 76 36 79 f6 b3 f3 d5 79 23 d8 54 67 1c ff 4c 1c 8f c5 27 e2 33 f1 Data Ascii: \|iR\4wI]Ur,sAq@N+ekz}b#RYh5_D(`S~\|fVHu<`NPuGAc(*}(QhdD99F9&Fp^;;a9~!-`yo!RV=VJVfpbr9e0\yv6yy#TgL'3
2024-06-18 06:37:26 UTC	16384	IN	Data Raw: a3 de 43 d7 69 5f 53 77 f5 4e e8 b8 d5 74 9d 7a 13 a5 a9 e3 31 9f 2d 02 9b 58 6b d7 c5 10 d5 9e 56 27 5c 2c 43 fe 48 9b 06 84 ac 76 1b 98 11 25 db 0a 66 f2 f9 98 b6 05 ec 04 7b 84 bc 04 f8 b5 4e 48 ef 7b c8 32 c1 0c 21 df 0e ee d4 3a 23 3c 12 cc 0a a7 71 87 16 87 70 33 d0 5c c8 aa c1 af d4 07 f0 fe 23 60 bb 90 7d 01 3e 51 61 63 a8 47 c1 6f 10 f7 65 f0 31 6c 0e 61 7d d4 e6 82 1b 94 b7 60 87 bc 0b de b2 40 59 c6 30 28 db 2a b8 cb d4 bb 84 bb 58 f9 27 ad 52 6f b0 ed 15 73 2d db 20 5a 1e f4 eb 2a 1a 60 d9 10 a1 d7 58 a7 59 f6 42 e8 71 d6 cd 96 bd 10 3a 00 db 20 57 d8 01 9b a9 93 ad ef 51 c7 79 96 0e 37 5b 8b 77 a0 b7 b5 5f c3 36 b1 f4 30 f4 65 68 2e bb 8e 96 f8 26 f4 a9 83 e8 7e 23 9b a6 1a d9 a1 9f 6c 9d c8 ba 50 bd 20 74 8c 27 ac cb 30 b7 4a bd b5 43 7f 86 Data Ascii: Ci_SwNtz1-XkV'\,CHv%f{NH{2!:#<qp3\#`}>QacGoe1la}`@Y0(X'Ros- Z`XYBq: WQy7[w_60eh.&~#lP t'0JC
2024-06-18 06:37:26 UTC	16384	IN	Data Raw: 9e 51 21 4a 62 93 dc 15 ef 24 47 e0 b8 5e f6 76 e7 de 1b 6e ef ed 63 f7 bd 1c 07 16 16 82 9f c5 cf e0 57 b0 b7 b6 8e ad 8d 22 38 3b 97 8b ff 20 85 85 22 d8 bc 61 66 67 f6 f7 9b 99 b7 3b cb b1 41 2c 2d 7b 59 a9 1a b0 bd 14 db 40 f5 99 53 aa 0e 49 5c 25 75 dd 97 78 14 0f 54 33 c6 4c 55 b6 f2 85 33 46 2b 5f 10 7b 94 9e 12 73 59 75 ef 5b 1e 69 bd 61 16 c4 91 91 ab d0 95 6c 48 32 a1 f3 3c b4 b0 4a fd b7 82 99 58 4f 25 bf c9 0f 7c 7f fd 7b 0a d1 5b c6 5e 79 a7 6e cc 58 4f 9d 21 61 97 bd 86 07 3b f7 1f c3 80 4c f0 d1 4f 1a e8 fa 50 fb a0 1b f2 55 06 07 ce c1 90 8a b2 89 30 c4 88 e1 04 6d b6 91 e3 38 e0 1c 8e 6b ac 46 8b 1a e1 48 2f 7c db 80 f3 05 19 30 be 5e 84 14 01 69 e7 9d 87 70 3b 89 47 77 61 a8 5d 5d 42 ae 2b e3 cd 94 ad 4f 7d 59 41 de da 98 70 46 25 45 70 Data Ascii: Q!Jb$G^vncW"8; "afg;A,-{Y@SI\%uxT3LU3F+_{sYu[ialH2<JXO%\|{[^ynXO!a;LOPU0m8kFH/\|0^ip;Gwa]]B+O}YApF%Ep

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:27 UTC	693	OUT	GET /favicon.ico HTTP/1.1 Host: www.isda.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=008ge1r4sq6gpkg4tp367iuk0u
2024-06-18 06:37:27 UTC	204	IN	HTTP/1.1 302 Moved Temporarily Server: awselb/2.0 Date: Tue, 18 Jun 2024 06:37:27 GMT Content-Length: 5 Connection: close Location: https://cdn.aws.isda.org/favicon2.ico Content-Type: text/plain
2024-06-18 06:37:27 UTC	5	IN	Data Raw: 46 6f 75 6e 64 Data Ascii: Found

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:29 UTC	583	OUT	GET /favicon2.ico HTTP/1.1 Host: cdn.aws.isda.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.isda.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-06-18 06:37:29 UTC	468	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Content-Length: 1150 Connection: close Server: nginx/1.22.1 Last-Modified: Fri, 10 Dec 2021 19:48:30 GMT Accept-Ranges: bytes Date: Tue, 18 Jun 2024 01:34:35 GMT ETag: "61b3af0e-47e" Vary: Accept-Encoding X-Cache: Hit from cloudfront Via: 1.1 cfa647edefc0769e715b9781478b0626.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P4 X-Amz-Cf-Id: uO6kXUbvqVC_euSfutdl-dTrNCHga1jTaLL7_ZJnA9_7W6YS-DRVCw== Age: 23645
2024-06-18 06:37:29 UTC	1150	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 21 a0 ed ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 4a 3a 31 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 2a 14 ff 51 Data Ascii: h( @!!!!!!!!!!!!!!!!J:1J:1J:1J:1J:1J:1J:1J:1J:1J:1J:1J:1J:1J:1J:1J:1QQQQQQQQQQQQQQQQQ

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:29 UTC	440	OUT	GET /a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf HTTP/1.1 Host: www.isda.org Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=008ge1r4sq6gpkg4tp367iuk0u
2024-06-18 06:37:30 UTC	478	IN	HTTP/1.1 200 OK Date: Tue, 18 Jun 2024 06:37:30 GMT Content-Type: application/pdf Content-Length: 261665 Connection: close Server: nginx/1.22.1 X-Powered-By: PHP/7.3.29 Pragma: public Expires: 0 Cache-Control: must-revalidate, post-check=0, pre-check=0 Cache-Control: private Content-Description: File Transfer Content-Disposition: inline; filename="ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf" Content-Transfer-Encoding: binary X-Cache: BYPASS
2024-06-18 06:37:30 UTC	15906	IN	Data Raw: 25 50 44 46 2d 31 2e 36 0d 25 e2 e3 cf d3 0d 0a 33 35 20 30 20 6f 62 6a 0d 3c 3c 2f 4c 69 6e 65 61 72 69 7a 65 64 20 31 2f 4c 20 32 36 31 36 36 35 2f 4f 20 33 37 2f 45 20 31 35 34 31 35 35 2f 4e 20 33 2f 54 20 32 36 31 32 39 38 2f 48 20 5b 20 35 30 38 20 32 35 36 5d 3e 3e 0d 65 6e 64 6f 62 6a 0d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 35 35 20 30 20 6f 62 6a 0d 3c 3c 2f 44 65 63 6f 64 65 50 61 72 6d 73 3c 3c 2f 43 6f 6c 75 6d 6e 73 20 35 2f 50 72 65 64 69 63 74 6f 72 20 31 32 3e 3e 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 49 44 5b 3c 41 39 30 30 30 36 33 36 46 35 30 46 42 36 35 43 36 35 41 45 31 45 39 37 46 36 32 41 41 46 33 32 3e 3c 31 34 35 34 39 41 43 33 33 46 37 39 46 46 34 43 39 45 39 39 37 36 34 43 45 31 39 30 30 32 39 Data Ascii: %PDF-1.6%35 0 obj<</Linearized 1/L 261665/O 37/E 154155/N 3/T 261298/H [ 508 256]>>endobj 55 0 obj<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<A9000636F50FB65C65AE1E97F62AAF32><14549AC33F79FF4C9E99764CE190029
2024-06-18 06:37:30 UTC	10458	IN	Data Raw: cb 40 40 bd 71 e3 c6 ef bf ff de df df 9f e9 37 88 b8 e1 6f 6f db b6 6d ee dc b9 d8 36 b1 07 0e 1e 3c 18 1b 1d fc a8 99 33 67 ae 5b b7 0e 2e 7a 2b bc 29 43 68 31 f0 f1 0a 0a 0a 10 17 43 c2 70 14 dd dc dc 22 22 22 b0 2d 70 52 df 8e 05 0c fd 7a 78 78 20 3a 43 e3 3c 1e 2f 23 23 43 f1 77 91 5a 47 d7 a2 82 34 13 6b 7d 5b 6f 83 d6 a9 35 95 04 81 33 86 28 31 31 11 4e 3b fc a8 a6 d6 aa 63 27 08 8d 40 1d 5d 0b 1e 6d 5b 4c 31 b5 d1 bb ee b6 a9 ac 32 9f 06 93 20 b4 43 d7 a2 aa 15 d3 1b fa 57 9c d7 15 97 65 d2 78 12 84 76 e8 5a 74 1c b3 d1 3f 6b fb 55 56 7e 2c 0d 29 41 68 8d ae 05 d2 b6 d6 fb ed f6 a2 b4 9c 30 1a 55 82 d0 1a 5d 8b 0a d2 4c ad e6 c4 a6 79 d1 c0 12 84 d6 e8 5a 50 b5 72 5d f7 b8 f5 ec 88 44 67 1a 5b 82 d0 1a 5d 8b 0a d2 0e 5f d1 f3 8f b2 a1 e1 25 08 ad Data Ascii: @@q7oom6<3g[.z+)Ch1Cp"""-pRzxx :C</##CwZG4k}[o53(11N;c'@]m[L12 CWexvZt?kUV~,)Ah0U]LyZPr]Dg[]_%
2024-06-18 06:37:30 UTC	16384	IN	Data Raw: 50 bf a6 81 5a 1b f4 d3 01 f8 ee 02 8a e1 3d 1a 90 a0 1d a7 11 62 7d c9 67 56 7f 16 f2 5c d8 63 0b f5 5d 54 aa 05 a8 4c cb 82 fd b8 92 66 63 dd d9 42 ed 05 9b e5 b4 19 e2 7d 3c 47 2f ba 4f bf 0f cf 60 97 19 9b 68 2e c6 54 8c 3c eb c9 15 7b 78 ab 10 e6 33 9d 1a cb 3e c3 3a d1 3a 83 b9 17 f6 ed fd 34 4b 7b 88 f2 9c 6f 52 55 4c 1e c6 61 3e 55 61 0d 53 ed 78 8b aa 9c 65 18 8f b0 17 f1 9d e1 c2 e6 db 48 0f 5c 70 f6 13 71 26 67 9f 95 21 4f 39 b6 ed 88 6f 90 9d 36 3f 73 e4 c1 76 2b a4 1d 62 cf f1 1f e6 cb 96 3d 0a 9b bb 82 c6 28 a7 43 27 f0 ad f9 78 ef 1a f1 ee 19 73 17 ca 51 8c ef 90 f8 16 f2 2b ce e0 ee 17 7b 4e 13 b5 0d 28 83 b4 67 a3 cf c3 84 9d c9 cf 8e 53 47 cc 01 9d 34 9f f9 95 76 13 d6 ba 7c 26 bb 11 e1 3a cc 09 15 b0 13 06 21 ed f5 e2 9c ac 13 de 89 c3 Data Ascii: PZ=b}gV\c]TLfcB}<G/O`h.T<{x3>::4K{oRULa>UaSxeH\pq&g!O9o6?sv+b=(C'xsQ+{N(gSG4v\|&:!
2024-06-18 06:37:30 UTC	16384	IN	Data Raw: cc 83 03 1e 27 07 96 8c 50 34 50 d7 46 73 e0 5d 60 0e f0 07 60 02 50 cc 69 50 6e 2b a4 67 39 19 8b 32 73 e0 6f ca f2 c1 b2 81 b2 78 1c f2 6d d9 a9 0d f9 6e 29 65 cc 9a 33 4b d1 8f f9 40 7d 20 c2 c0 dc b2 71 03 d2 46 f3 7c 61 99 95 f3 05 73 81 e5 91 65 8b 65 c6 a1 2c df 52 ee d7 d2 5e 6e 27 8f 79 00 8d d5 0f d2 40 e6 41 b6 1d b2 15 40 13 59 ce 98 aa 3b a8 95 a4 ad e4 9c 8d 63 79 73 a8 9c 93 16 ff 89 3c 27 1c 5a c5 0f e6 27 cf 11 a6 5a 12 25 f0 5c 65 59 ac a2 98 a7 dc 17 55 34 86 5a a2 cc 3e c6 73 e0 fd 2e ba 59 6b 4e f9 ea 58 ea a1 0d a1 5e aa 0f fa c7 cf f5 99 67 b5 7d f4 27 e5 2f 94 e4 da 21 65 06 6d a4 25 41 94 c7 79 b1 6b 9f 18 a3 ef a0 d7 d1 97 09 da 1e 5a 02 ea d5 f6 29 4d b5 7d 42 d7 d7 9a a7 f4 b5 ca 7d 16 1c 77 20 0d 86 d8 61 c5 31 65 04 c6 fd d6 Data Ascii: 'P4PFs]``PiPn+g92soxmn)e3K@} qF\|asee,R^n'y@A@Y;cys<'Z'Z%\eYU4Z>s.YkNX^g}'/!em%AykZ)M}B}w a1e
2024-06-18 06:37:30 UTC	16384	IN	Data Raw: e9 60 0f c0 66 8a a7 40 7a 2f b4 93 55 17 a7 fb 40 96 6b e1 4c df be 3f 02 a7 4c d3 e2 7c de 14 e7 f6 99 3c 31 03 4b d3 04 4a d7 90 b1 6c a8 89 4a 7e db 74 be cf 84 b6 66 f1 a3 68 25 8c 3b 0d f3 47 14 72 5c ad 80 3a 26 d8 ba 66 44 b6 d5 c8 db 46 99 0a 80 70 9e b8 52 02 c1 1a fe c9 26 89 52 5e dc ba 28 68 da f5 c0 5a 44 77 b7 9a 81 e9 33 b4 99 75 16 51 86 63 cd 9d bb 96 cb 30 5f c1 cb 27 9a 7d a1 91 c7 d7 73 63 85 15 ad 2b bf fd fc e6 7d 3b af fc f8 b7 3e 36 75 cd 9a eb 3e 71 d3 f8 a7 6e 39 7f aa 6f fd b2 de cd 4b da 7b 0b da 81 ed 89 b6 9b bf fe d9 af 0a d1 3d ec 7f d9 db dc b0 64 f9 e0 3d 57 58 97 e7 f4 22 53 34 3e 79 e5 67 13 cd cd 57 95 8b eb c2 c6 d8 9a 4f 94 9b 4f ee ba f3 99 95 07 26 bf 38 b2 f7 ab 13 1d e5 77 7e eb 55 5b 16 5f b1 be 33 ec 55 40 1b Data Ascii: `f@z/U@kL?L\|<1KJlJ~tfh%;Gr\:&fDFpR&R^(hZDw3uQc0_'}sc+};>6u>qn9oK{=d=WX"S4>ygWOO&8w~U[_3U@
2024-06-18 06:37:30 UTC	16384	IN	Data Raw: b7 19 0c 3d 13 ab de fa f2 6f 11 f6 53 73 77 cf 55 f3 2e 7a bd 92 35 79 21 67 fe ee d9 7b ae 73 de 9c ab f4 b8 73 af 1f be 27 e0 bb 1c e8 b3 01 ee 7e 1e fd f4 bc 73 ce e3 d2 49 36 d4 99 8f d2 d1 9e 86 30 93 a1 4b d5 b9 ac bd 07 eb 08 1a e9 bc a9 f5 39 fb 86 86 21 fb 3d 77 1f a7 f6 19 da f3 d4 df 28 40 5c 3d e8 cb f5 7c 97 60 65 39 e7 68 11 ce 3e 99 cf ba 1e 52 ef 31 ee a3 14 f5 8e 19 d4 b1 17 4a 41 ff 09 1a ed 9c b3 f1 5e f8 73 e0 7b b8 1b da ee d3 2f 3b 7b b8 bc 9a bd d0 76 82 9d 11 5c 6d bc 88 f0 e7 b1 57 3a 45 89 e6 5d ea 37 35 01 f9 2d a5 f0 ef a1 18 fc 9b 02 06 df 15 85 a0 8f f3 0e 0a 7c 52 17 fb ed 01 e5 39 14 32 57 9d 65 f4 54 bf b9 79 9f 06 c8 b7 69 ae f6 1c 0d d0 6e a4 0c ed 35 6a a3 f9 a9 1b ff 66 4a fb 18 63 72 94 66 f1 6f a6 f4 4c 9a 2e f7 d8 Data Ascii: =oSswU.z5y!g{ss'~sI60K9!=w(@\=\|`e9h>R1JA^s{/;{v\mW:E]75-\|R92WeTyin5jfJcrfoL.
2024-06-18 06:37:30 UTC	16384	IN	Data Raw: 41 01 fc db 07 90 3a 1a e1 0a 5e 8e 36 26 89 4c 07 82 15 c4 cc f1 f2 88 c1 bb 2b 6e bf bb 02 05 1f ba 82 15 14 32 1e 19 b5 55 d0 d7 1c ae 4f 7f 1f f3 56 a0 e1 9a f2 4e a7 0b 2d 58 1f 89 36 7a a0 c4 51 d0 cd a5 ec 1c 4b d8 35 07 45 29 4c f0 4e 3a cd ae 5b 49 4c 84 15 91 46 9a 58 3a 87 5c c7 3f ab 9a 24 29 27 81 7e 7a 26 56 33 70 04 2b 60 e2 d4 57 a5 64 17 d2 46 ac 7d 33 66 ce 88 cc 30 5f 7c 8a a1 9d 53 fa 75 72 8b e9 82 53 3f 39 ad 6d 8f ce c9 79 d0 6f 45 f2 2f 1b cc 6b 28 3b 25 51 bf 26 1a d7 72 b7 7b 0f f3 b0 f5 61 c1 74 03 d8 c8 0c 83 db 18 d3 f9 ac 23 4d d1 be b4 85 13 3b f0 09 59 48 d1 02 8d 8f ec 18 b4 99 9e 1f c1 5a 11 ea 2c 47 23 46 04 46 5c 1d f8 54 2d e4 39 85 83 dc fc 70 a3 80 81 53 de 97 08 03 d9 8f ea b9 ef a9 93 33 ad 40 c2 27 64 42 49 4f d2 Data Ascii: A:^6&L+n2UOVN-X6zQK5E)LN:[ILFX:\?$)'~z&V3p+`WdF}3f0_\|SurS?9myoE/k(;%Q&r{at#M;YHZ,G#FF\T-9pS3@'dBIO
2024-06-18 06:37:30 UTC	16384	IN	Data Raw: d3 24 fc 9b 77 6b 82 80 76 13 aa b4 e8 44 e7 71 e2 03 bc 5b 93 9c e8 3c 4e b4 0f 6a b2 9b b4 ff 58 14 7b ed 07 9a 55 b2 43 c1 9a 93 a2 0a aa ea 2f b4 d9 14 3e 63 99 b0 bd 75 7a 38 63 93 22 68 30 c7 76 f6 b8 af 56 78 b9 e3 0d 13 19 f0 07 02 cd 22 2f a4 d5 e2 ee 72 b3 ec 30 91 6a e6 a4 b1 0b 4e 1d 8d 25 ef bb a9 77 bd 16 dd fc b9 1f be b8 eb 86 e1 98 2f e0 8c c5 42 5f fa d0 d2 0d b7 cc fe 73 3e ff c4 c7 3a 06 ca 6e 51 72 d0 c7 67 5f fd fc 9d 2b f2 5d 69 a3 b0 ec d6 af ec 7b 3c c2 ab 70 d9 c3 7f b3 a6 ba f4 e6 a3 dd d5 0d 3b be 10 10 5c 32 d2 7c de cb ff 46 cd 67 5e 02 41 2a 3d 97 f5 1e ae 49 48 f3 85 09 09 c2 ee 20 c1 28 87 cf 03 2d 1e 32 f4 10 13 e9 69 72 e8 3c 4d 66 84 07 3f 41 12 27 f3 d8 d9 9c e0 f7 32 98 ee 0e a0 15 d9 c8 99 0b e7 8b d3 93 0d eb f8 f3 Data Ascii: $wkvDq[<NjX{UC/>cuz8c"h0vVx"/r0jN%w/B_s>:nQrg_+]i{<p;\2\|Fg^A*=IH (-2ir<Mf?A'2
2024-06-18 06:37:30 UTC	16384	IN	Data Raw: 1e b0 6b 0d e8 30 63 27 4d 51 df a0 be 62 7f ac 92 16 88 df 5d f1 f9 10 df a1 79 89 06 42 2f 2e 55 f8 ee be 74 85 7d 0c 9d 66 ac 83 ed 5d 4e 89 e2 8e ca 2f f0 ee cb d0 5d a5 c8 47 19 75 d4 9b c3 a6 c9 b6 7e bf 19 33 12 f6 73 3c 4d 8e 49 a0 8e 8e f9 34 d9 f9 26 dc 81 34 d9 b1 06 df cf b8 d8 85 de e4 df 46 66 c3 7e 68 a1 3d 61 7e 21 7e 83 fc 04 74 a7 1d 6e 44 d5 ea 72 e8 d0 29 d4 42 79 d7 fc c1 18 6d 7e 82 72 9d 81 4e 2e d6 0f 53 41 23 17 15 c3 8e 2e c0 da a1 85 de c7 fc 12 6b 89 9b 8c 1e e0 4d 4a 70 2c a5 24 f1 1b 63 b4 a7 33 0e fa 7a 97 38 ab 59 aa f5 c5 f7 76 53 9e 56 07 5b 25 60 d9 c9 b0 63 06 8b 33 46 3e 53 dc 0d bb b6 23 6c 44 a4 67 bb c8 53 b5 e6 46 3e 32 69 90 e0 23 94 b9 82 12 60 9f 4e 66 d4 22 1a 64 cc 24 bf e6 a2 2a 27 f2 0f bf 38 f3 34 60 bf 41 Data Ascii: k0c'MQb]yB/.Ut}f]N/]Gu~3s<MI4&4Ff~h=a~!~tnDr)Bym~rN.SA#.kMJp,$c3z8YvSV[%`c3F>S#lDgSF>2i#`Nf"d$*'84`A
2024-06-18 06:37:30 UTC	16384	IN	Data Raw: e4 7b ff 82 bf f6 05 81 fc f6 ff 05 1f 7f 36 cf 95 0b 02 f9 95 ff 82 8f 7f 15 04 f2 ff 55 90 0f d8 ba 85 c0 34 f8 51 57 02 77 71 68 18 e8 01 d0 70 d0 db a0 85 80 59 01 3f 4e f6 77 ee eb 20 dd 09 a8 01 8c 00 90 f6 c3 ff f6 bf 73 07 52 f9 e0 2b f1 7c 31 7f fe 6d b4 e9 87 8f 2e bf 02 8d 06 96 02 e0 c1 3f dd f6 ed 9b a1 cc 4d a4 6b 01 ca 4f 83 2f e8 7f cc ae 57 04 08 c1 33 fc 55 7f 1d c0 0f 9c 05 c2 00 55 67 4e a0 3f 5d 5f f5 5d 0e ed e1 3d f5 b1 c7 77 09 cf 8f 80 2e 08 f0 2e e1 37 fa 6f 80 76 47 9d 32 77 c6 a0 e7 04 73 20 67 20 6d d9 7c 63 fc 94 10 80 84 6f 29 07 00 4f 03 12 78 1c 48 05 46 d8 73 d4 0d 75 3e b7 db 01 2f 52 c5 2a 71 01 bd 20 17 a9 73 40 71 0b fa 10 9c 9a 61 b4 ce ba 8f 7a 2b 6a 54 d6 3a b7 a2 f1 3c 09 db 46 a8 f3 c7 25 62 26 d5 52 71 a9 58 87 Data Ascii: {6U4QWwqhpY?Nw sR+\|1m.?MkO/W3UUgN?]_]=w..7ovG2ws g m\|co)OxHFsu>/R*q s@qaz+jT:<F%b&RqX

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:29 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-06-18 06:37:29 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=120756 Date: Tue, 18 Jun 2024 06:37:29 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:30 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-06-18 06:37:30 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=120744 Date: Tue, 18 Jun 2024 06:37:30 GMT Content-Length: 55 Connection: close X-CID: 2
2024-06-18 06:37:30 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:33 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 79 6f 48 2b 63 49 69 7a 64 45 53 30 48 33 59 6d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 64 31 66 35 65 32 30 65 35 63 61 39 34 33 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: yoH+cIizdES0H3Ym.1Context: 8d1f5e20e5ca943d
2024-06-18 06:37:33 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-06-18 06:37:33 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 79 6f 48 2b 63 49 69 7a 64 45 53 30 48 33 59 6d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 64 31 66 35 65 32 30 65 35 63 61 39 34 33 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 46 46 37 58 45 53 51 4f 6a 4b 76 78 75 63 7a 43 58 79 52 36 48 37 74 75 57 73 56 73 54 72 50 52 35 36 74 32 36 4e 52 4b 4f 37 34 62 64 34 66 4b 67 37 48 55 32 66 53 5a 38 2f 37 39 5a 65 33 4d 69 47 53 45 77 4d 4c 31 4e 4d 36 38 2b 4f 69 56 2b 6d 70 78 39 34 6d 36 65 77 72 46 46 59 42 59 42 78 4e 4b 50 65 31 46 69 37 67 70 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: yoH+cIizdES0H3Ym.2Context: 8d1f5e20e5ca943d<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATFF7XESQOjKvxuczCXyR6H7tuWsVsTrPR56t26NRKO74bd4fKg7HU2fSZ8/79Ze3MiGSEwML1NM68+OiV+mpx94m6ewrFFYBYBxNKPe1Fi7gp
2024-06-18 06:37:33 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 79 6f 48 2b 63 49 69 7a 64 45 53 30 48 33 59 6d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 64 31 66 35 65 32 30 65 35 63 61 39 34 33 64 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: yoH+cIizdES0H3Ym.3Context: 8d1f5e20e5ca943d
2024-06-18 06:37:33 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-06-18 06:37:33 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6d 59 68 64 71 76 46 79 50 45 79 46 31 33 47 2f 49 58 55 41 78 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: mYhdqvFyPEyF13G/IXUAxQ.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:37 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5PCTUmYM1FDZCo3&MD=Gkwyk+ew HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-06-18 06:37:37 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: e31ffd52-b9c8-4123-a3d8-594de117cde2 MS-RequestId: ced6ab19-7b26-4c6d-9e57-0c94e89618d4 MS-CV: aY65rBZkTU6adD+5.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 18 Jun 2024 06:37:37 GMT Connection: close Content-Length: 24490
2024-06-18 06:37:37 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-06-18 06:37:37 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-06-18 06:37:38 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 7a 48 6c 76 7a 7a 5a 72 58 55 2b 34 30 6a 32 55 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 65 64 35 63 32 64 37 61 65 35 38 64 35 61 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: zHlvzzZrXU+40j2U.1Context: aed5c2d7ae58d5a9
2024-06-18 06:37:38 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-06-18 06:37:38 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 7a 48 6c 76 7a 7a 5a 72 58 55 2b 34 30 6a 32 55 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 65 64 35 63 32 64 37 61 65 35 38 64 35 61 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 46 46 37 58 45 53 51 4f 6a 4b 76 78 75 63 7a 43 58 79 52 36 48 37 74 75 57 73 56 73 54 72 50 52 35 36 74 32 36 4e 52 4b 4f 37 34 62 64 34 66 4b 67 37 48 55 32 66 53 5a 38 2f 37 39 5a 65 33 4d 69 47 53 45 77 4d 4c 31 4e 4d 36 38 2b 4f 69 56 2b 6d 70 78 39 34 6d 36 65 77 72 46 46 59 42 59 42 78 4e 4b 50 65 31 46 69 37 67 70 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: zHlvzzZrXU+40j2U.2Context: aed5c2d7ae58d5a9<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATFF7XESQOjKvxuczCXyR6H7tuWsVsTrPR56t26NRKO74bd4fKg7HU2fSZ8/79Ze3MiGSEwML1NM68+OiV+mpx94m6ewrFFYBYBxNKPe1Fi7gp
2024-06-18 06:37:38 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 7a 48 6c 76 7a 7a 5a 72 58 55 2b 34 30 6a 32 55 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 65 64 35 63 32 64 37 61 65 35 38 64 35 61 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: zHlvzzZrXU+40j2U.3Context: aed5c2d7ae58d5a9<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-06-18 06:37:38 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-06-18 06:37:38 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 55 47 6e 48 65 7a 30 52 38 6b 32 64 35 30 4a 30 63 54 53 53 52 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: UGnHez0R8k2d50J0cTSSRg.0Payload parsing failed.