Edit tour

Windows Analysis Report
ID_Badge_Policy.pdf

Overview

General Information

Sample name:	ID_Badge_Policy.pdf
Analysis ID:	1587735
MD5:	8fcf1c1f729a2a79cc52ba3343385999
SHA1:	2dee93d9249a0d6a7175538db8010b4555cf19a3
SHA256:	745863635271fb10ef2197718009ddfb072039a93f08935219c83a70c8b30c46
Infos:

Detection

KnowBe4, PDFPhish

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found potential malicious PDF (bad image similarity)

Yara detected KnowBe4 simulated phishing

Yara detected PDFPhish

AI detected landing page (webpage, office document or email)

Machine Learning detection for sample

Suspicious PDF detected (based on various text indicators)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PDF has an OpenAction (likely to launch a dropper script)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 3048 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ID_Badge_Policy.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7120 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 3660 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1616,i,6025381021103132473,1867919022022297585,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://do.not.click.on.this.link.instantrevert.net/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==?cid=2356055592" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2000,i,7777096465949957049,2783138187838994356,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
ID_Badge_Policy.pdf	JoeSecurity_PDFPhish_1	Yara detected PDFPhish	Joe Security

HTML

Source	Rule	Description	Author	Strings
1.0.pages.csv	JoeSecurity_KnowBe4	Yara detected KnowBe4 simulated phishing	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Machine Learning detection for sample

Source: ID_Badge_Policy.pdf

Joe Sandbox ML: detected

Phishing

Yara detected KnowBe4 simulated phishing

Source: Yara match

File source: 1.0.pages.csv, type: HTML

Yara detected PDFPhish

Source: Yara match

File source: ID_Badge_Policy.pdf, type: SAMPLE

AI detected landing page (webpage, office document or email)

Source: PDF document	Joe Sandbox AI: Page contains button: 'Secure Open' Source: 'PDF document'
Source: PDF document	Joe Sandbox AI: PDF document contains prominent button: 'secure open'

Suspicious PDF detected (based on various text indicators)

Source: Adobe Acrobat PDF

OCR Text: Adob Adobe Document Cloud This document is encrypted using Adobe Secure CloudTM. Click below to securely view contents. Secure Open Please note: Some webmail clients are not compatible with Adobe obat Secure CloudTM. If that happens, download the file and open on Desktop.

Source: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49997 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50031 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253

Source: global traffic	HTTP traffic detected: GET /XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==?cid=2356055592 HTTP/1.1Host: do.not.click.on.this.link.instantrevert.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ== HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://do.not.click.on.this.link.instantrevert.net/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==?cid=2356055592Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /LP_videos/hook.wav HTTP/1.1Host: helpimg.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /LP_videos/You've_Been_Phished.mp4 HTTP/1.1Host: helpimg.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /pages/f2e6f2a95eaf/phished.mp3 HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /LP_videos/You've_Been_Phished.mp4 HTTP/1.1Host: helpimg.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==Accept-Language: en-US,en;q=0.9Range: bytes=315135-330770If-Range: "117b3edc22858d8b022e75c64001cead"
Source: global traffic	HTTP traffic detected: GET /pages/f2e6f2a95eaf/phished.mp3 HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"74133370e122c9bb68f488aaad71134d"
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secured-login.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: secured-login.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: do.not.click.on.this.link.instantrevert.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: secured-login.net
Source: global traffic	DNS traffic detected: DNS query: helpimg.s3.amazonaws.com

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_209.12.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: ID_Badge_Policy.pdf	String found in binary or memory: https://do.not.click.on.this.link.instantrevert.net/XNjdZbUJJWjh2c0ZXY2FwMldtZTd6Mnc5cWlpbHJrNlhlUSs
Source: ID_Badge_Policy.pdf	String found in binary or memory: https://do.not.click.on.this.link.instantrevert.net/XTWRoL3dFT05wRDVNM2crMkhHbDkvVld6dml3U1BUWVNjdUN
Source: ID_Badge_Policy.pdf	String found in binary or memory: https://do.not.click.on.this.link.instantrevert.net/XWVJDV3pFYzVOZHk4QUZmQWs5OVJsMEZkVWl5Z3NPNndIbEx
Source: ID_Badge_Policy.pdf	String found in binary or memory: https://do.not.click.on.this.link.instantrevert.net/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblF
Source: chromecache_206.12.dr, chromecache_210.12.dr	String found in binary or memory: https://helpimg.s3.amazonaws.com/LP_videos/You
Source: chromecache_206.12.dr, chromecache_210.12.dr	String found in binary or memory: https://helpimg.s3.amazonaws.com/LP_videos/hook.wav
Source: chromecache_211.12.dr	String found in binary or memory: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldU

Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49997 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50031 version: TLS 1.2

System Summary

Found potential malicious PDF (bad image similarity)

Source: ID_Badge_Policy.pdf

Static PDF information: Image stream: 21

Source: classification engine

Classification label: mal76.phis.winPDF@45/60@11/10

Source: ID_Badge_Policy.pdf	Initial sample: https://do.not.click.on.this.link.instantrevert.net/XTWRoL3dFT05wRDVNM2crMkhHbDkvVld6dml3U1BUWVNjdUNuM1ZjbmhoeHpOb2d5MUxWYm5uOHRZdlRtUFpnV1ovWHNJdkFrRjM3eks2UUZUVEl1ZzZnQ3JsbVJsK1AyaVhlNENLdTMxd2lwWGNQNHdCOGg0UW9BU1RaTU5haVhETWRNWHVyZXY2bkZxTi9XQXZ5NUdEbVRVeFg3YUJhVmN1VFFzbG9lRmJKM1ZmOTlFeHRiVlA0UjRBPT0tLWlVM3lWN2tLVFVBYnN2K1EtLU5ncGE5ejdLcmlZaTVEU2J5anlFakE9PQ==?cid=2356055592
Source: ID_Badge_Policy.pdf	Initial sample: https://do.not.click.on.this.link.instantrevert.net/xtwrol3dft05wrdvnm2crmkhhbdkvvld6dml3u1buwvnjdunum1zjbmhoehpob2d5muxwym5uohrzdlrtufpnv1ovwhnjdkfrrjm3eks2uuzuvel1zzznq3jsbvjsk1ayavhlnenldtmxd2lwwgnqnhdcogg0uw9bu1ratu5havhetwrnwhvyzxy2bkzxti9xqxz5nudebvrvefg3yujhvmn1vffzbg9lrmjkm1zmotlfehrivla0ujrbpt0tlwlvm3lwn2tlvfvbynn2k1etlu5ncge5ejdlcmlzatveu2j5anlfake9pq==?cid=2356055592
Source: ID_Badge_Policy.pdf	Initial sample: https://do.not.click.on.this.link.instantrevert.net/XNjdZbUJJWjh2c0ZXY2FwMldtZTd6Mnc5cWlpbHJrNlhlUSsxSFZHenRXZFlScXJ2enlBMFAyeVFVZ3BGeDh0VmlSMWw0N3NsZVEwNXpkZHdqelZBd1VDU0N1QURScDYvL0Ryd0ViaVl0S0FpYzFrSS8zbEVyL1E0dmY4ejRNSHVtSWdCaVBOZjFUMC9WOG1rSnAyaHBKRDIzdUpvc1B4eEF1K05aYzhmbHJrM3hUbTFJT3Q4cTBtdHZRPT0tLU5kSklPUzVCZkFQL2VjRVQtLU9XZTZlS3JGMnBWY2xBcXl2TWpVT2c9PQ==?cid=2356055592
Source: ID_Badge_Policy.pdf	Initial sample: https://do.not.click.on.this.link.instantrevert.net/xcwn1k0jnuufyquxmmwfvr3bma0zfcuuzdctawk4wvkltblflz2plduj3dfr4ano4thfycxfkzwfmeenvbgh1z2rxuhzmbk5unuvgtxnfl29oqulozxrebgrumu4vs3evtmhjsky1uvvpd2o1uednrjk5s2kzre1gsfe0mgv1zkvxnm1mq2jkcmurt2zeaev2b2wxowc1sja4elkzaun5vnj1cddwnfdrrxnnzfpkdehjseg1n0traljnpt0tlxzybuznq1f1v3liohe3cvqtlwprv25hohz1d2szas9zyjvuagkzk0e9pq==?cid=2356055592
Source: ID_Badge_Policy.pdf	Initial sample: https://do.not.click.on.this.link.instantrevert.net/xnjdzbujjwjh2c0zxy2fwmldtztd6mnc5cwlpbhjrnlhlussxsfzhenrxzflscxj2enlbmfayevfvz3bgedh0vmlsmww0n3nszvewnxpkzhdqelzbd1vdu0n1qurscdyvl0ryd0viavl0s0fpyzfrss8zbevyl1e0dmy4ejrnshvtswdcavbozjfumc9wog1rsnayahbkrdizdupvc1b4eef1k05ayzhmbhjrm3hubtfjt3q4ctbtdhzrpt0tlu5ksklpuzvczkfql2vjrvqtlu9xztzls3jgmnbwy2xbcxl2twpvt2c9pq==?cid=2356055592
Source: ID_Badge_Policy.pdf	Initial sample: https://do.not.click.on.this.link.instantrevert.net/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==?cid=2356055592

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-10 10-31-34-339.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ID_Badge_Policy.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1616,i,6025381021103132473,1867919022022297585,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://do.not.click.on.this.link.instantrevert.net/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==?cid=2356055592"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2000,i,7777096465949957049,2783138187838994356,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1616,i,6025381021103132473,1867919022022297585,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2000,i,7777096465949957049,2783138187838994356,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: ID_Badge_Policy.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: ID_Badge_Policy.pdf

Initial sample: PDF keyword obj count = 54

Source: ID_Badge_Policy.pdf

Initial sample: PDF keyword /OpenAction

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
ID_Badge_Policy.pdf	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
s3-w.us-east-1.amazonaws.com	3.5.12.180	true	false	high
www.google.com	216.58.206.68	true	false	high
secured-login.net	54.87.176.87	true	false	high
landing.training.knowbe4.com	3.231.74.234	true	false	high
helpimg.s3.amazonaws.com	unknown	unknown	false	high
x1.i.lencr.org	unknown	unknown	false	high
do.not.click.on.this.link.instantrevert.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://helpimg.s3.amazonaws.com/LP_videos/You've_Been_Phished.mp4	false	high
https://secured-login.net/pages/f2e6f2a95eaf/phished.mp3	false	high
https://secured-login.net/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css	false	high
https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==	false	high
https://secured-login.net/favicon.ico	false	high
https://secured-login.net/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js	false	high
https://do.not.click.on.this.link.instantrevert.net/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==?cid=2356055592	false	high
https://helpimg.s3.amazonaws.com/LP_videos/hook.wav	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false	high
https://do.not.click.on.this.link.instantrevert.net/XNjdZbUJJWjh2c0ZXY2FwMldtZTd6Mnc5cWlpbHJrNlhlUSs	ID_Badge_Policy.pdf	false	high
http://www.videolan.org/x264.html	chromecache_209.12.dr	false	high
https://helpimg.s3.amazonaws.com/LP_videos/You	chromecache_206.12.dr, chromecache_210.12.dr	false	high
https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldU	chromecache_211.12.dr	false	high
https://do.not.click.on.this.link.instantrevert.net/XTWRoL3dFT05wRDVNM2crMkhHbDkvVld6dml3U1BUWVNjdUN	ID_Badge_Policy.pdf	false	high
https://do.not.click.on.this.link.instantrevert.net/XWVJDV3pFYzVOZHk4QUZmQWs5OVJsMEZkVWl5Z3NPNndIbEx	ID_Badge_Policy.pdf	false	high
https://do.not.click.on.this.link.instantrevert.net/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblF	ID_Badge_Policy.pdf	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.231.74.234	landing.training.knowbe4.com	United States	14618	AMAZON-AESUS	false
3.5.12.180	s3-w.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
54.87.176.87	secured-login.net	United States	14618	AMAZON-AESUS	false

Private

IP
192.168.2.17
192.168.2.16
192.168.2.9
192.168.2.6
192.168.2.24

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1587735
Start date and time:	2025-01-10 16:30:32 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	ID_Badge_Policy.pdf
Detection:	MAL
Classification:	mal76.phis.winPDF@45/60@11/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.23.240.205, 52.6.155.20, 52.22.41.97, 3.233.129.217, 3.219.243.226, 162.159.61.3, 172.64.41.3, 2.16.168.107, 2.16.168.105, 23.209.209.135, 2.22.50.144, 2.22.50.131, 192.229.221.95, 142.250.185.99, 142.250.184.206, 64.233.184.84, 142.250.186.46, 142.250.186.174, 142.250.185.174, 216.58.206.74, 142.250.186.42, 142.250.186.138, 142.250.185.138, 216.58.212.138, 142.250.186.74, 142.250.74.202, 142.250.181.234, 142.250.186.170, 142.250.185.74, 142.250.185.202, 142.250.185.234, 142.250.184.234, 142.250.186.106, 216.58.212.170, 172.217.18.106, 142.250.186.142, 172.217.16.206, 142.250.185.142, 142.250.185.110, 216.58.212.142, 216.58.206.35, 172.217.18.14, 142.250.181.238, 104.102.63.47, 142.250.186.78, 216.58.206.46, 216.58.212.174, 142.250.74.206, 13.107.246.45, 184.28.90.27, 104.78.188.188, 4.175.87.197
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, optimizationguide-pa.googleapis.com, clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
10:31:44	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Input	Output
URL: PDF document Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This document is encrypted using Adobe Secure Cloud. Click below to securely view contents.", "prominent_button_name": "Secure Open", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: PDF document Model: Joe Sandbox AI	{ "brands": [ "Adobe" ] }

URL: https://secured-login.net Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://secured-login.net

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
3.231.74.234	https://Covid19.protected-forms.com/XbzFOWGtmMFBFWHdHRklWcjBnd3prY2tUQ3NVdmpyVjExSzNkakhIQ0ExYnJrOEkyWXB1SDVlRURTTEVkV2hReGhCbXIvQVkvSzZVT3VkcnF3eWN2RDdsSVNERC9FdkdSYVBQdDBGM0kwbmFZM3hmYjlGNURDY2JnQTdIZGgyai9vTkg5THFhVFRrT3BQZ1IxM1d0NXFxR01MUlZkNWZXYzRLQjhPSFBEMTB4UXpsUlc5SSt0SVA1VHJTcSt0OVh4LS1PS2hTVDJHTlVlUGZRZmdTLS1JV2t4SnVyT2hYL1I2bWZ6bmQ5RFNRPT0=?cid=2331529927	Get hash	malicious	KnowBe4	Browse
	https://temp.farenheit.net/XZ1ZEKzFsR0pndUdHTEgydlg4dElJdnYwT0hjRkpzdVVSUm1ub0VGNFQ3Y0ZmKzFxM3I2dUJxaTkwbXEvV1dSWUM0MG5LUitrcGV2THJ0Q2o4cWUvRGxkd1l4MmcySE41YUtFUHo4RzZXM014SWRPampra2ZwMVVWNGhFTGh4WW9NU3BQaCtFRUFTMXdkc2ZiNUdhS284ek8xMTVuaS9UdExEa3lOT2hoa3R4SGg1bFIra241ZE02M1pDRVdDWVN2U3QraDRvZEVVOUMyM1J1Y1pHbGJiZ2Y1b1c4TGIxakFzVWhuc0E9PS0td2twbkU5Q0xKY3VWbzc3Ny0tQW5QTkZPazI2ajU5aTJUSjlRQkZtZz09?cid=2308276481	Get hash	malicious	KnowBe4	Browse
	https://report-scam.malwarebouncer.com/XcUR2TnV2VTlXT0s0Z0NYa01KSGt3dUtWMWNiblBrc29mMlpZUU1WdThBSjdDdTlRQTVDV1ZZd0pDeWRmUU5rQ1QvVDNiSlBNYWd2bTd0eTRkZW5jT0hrYTBKWHFiVUc4TVZBOGpiNkh4VG9OTm9zNTVUWHNmNWVydHpqbzhIc1llSzdzTHZ0dENVNWRLZy9BbCsyVDRMSGRHOThUWnV5QUxPU0RZL1dPalNYTmUzMTVoRzl5bmk1ZVZRPT0tLUdVYnJkMC9GazI3MWlxYmotLUpFOURyOWkzK1l6Vy9BYTVOVDBVNkE9PQ==?cid=2346401253	Get hash	malicious	KnowBe4	Browse
239.255.255.250	https://theleadking2435063.emlnk.com/lt.php?x=3DZy~GDHJaLL5a37-gxLhhGf13JRv_MkkPo2jHPMKXOh5XR.-Uy.xuO-2I2imNf	Get hash	malicious	Unknown	Browse
	https://na4.docusign.net/Signing/EmailStart.aspx?a=ffa78034-d960-4bb3-b2a2-bb62a1fc4a65&etti=24&acct=86dab687-685e-40aa-af52-e5c3fc07b508&er=04714c6d-cc25-4a21-be91-01e1c43a5f3f	Get hash	malicious	HTMLPhisher	Browse
	https://booking.extrantelabelason.com/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse
	Setup.exe	Get hash	malicious	Unknown	Browse
	https://eu.boxif.xyz	Get hash	malicious	Unknown	Browse
	http://www.lpb.gov.lr	Get hash	malicious	CAPTCHA Scam ClickFix	Browse
	https://samantacatering.com/	Get hash	malicious	Unknown	Browse
	https://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956237c699124bb06f6840075804affff79070f72fbd27ec4885c3a2ba06657b8a52338eb80052baee9f74c4e2e0e7f85c073df939f1ac4dff75f76c95d46ac2361c7b14335e4f12c5c5d49c49b1d2f4c838a&action_type=SIGN	Get hash	malicious	Unknown	Browse
	https://www.filemail.com/d/rxythqchkhluipl?skipreg=true	Get hash	malicious	Unknown	Browse
	http://arpaeq.ca	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
landing.training.knowbe4.com	https://Covid19.protected-forms.com/XbzFOWGtmMFBFWHdHRklWcjBnd3prY2tUQ3NVdmpyVjExSzNkakhIQ0ExYnJrOEkyWXB1SDVlRURTTEVkV2hReGhCbXIvQVkvSzZVT3VkcnF3eWN2RDdsSVNERC9FdkdSYVBQdDBGM0kwbmFZM3hmYjlGNURDY2JnQTdIZGgyai9vTkg5THFhVFRrT3BQZ1IxM1d0NXFxR01MUlZkNWZXYzRLQjhPSFBEMTB4UXpsUlc5SSt0SVA1VHJTcSt0OVh4LS1PS2hTVDJHTlVlUGZRZmdTLS1JV2t4SnVyT2hYL1I2bWZ6bmQ5RFNRPT0=?cid=2331529927	Get hash	malicious	KnowBe4	Browse	3.231.74.234
	PaymentAdvice.html	Get hash	malicious	KnowBe4	Browse	3.213.222.32
	https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt	Get hash	malicious	Unknown	Browse	3.220.156.219
	https://temp.farenheit.net/XZ1ZEKzFsR0pndUdHTEgydlg4dElJdnYwT0hjRkpzdVVSUm1ub0VGNFQ3Y0ZmKzFxM3I2dUJxaTkwbXEvV1dSWUM0MG5LUitrcGV2THJ0Q2o4cWUvRGxkd1l4MmcySE41YUtFUHo4RzZXM014SWRPampra2ZwMVVWNGhFTGh4WW9NU3BQaCtFRUFTMXdkc2ZiNUdhS284ek8xMTVuaS9UdExEa3lOT2hoa3R4SGg1bFIra241ZE02M1pDRVdDWVN2U3QraDRvZEVVOUMyM1J1Y1pHbGJiZ2Y1b1c4TGIxakFzVWhuc0E9PS0td2twbkU5Q0xKY3VWbzc3Ny0tQW5QTkZPazI2ajU5aTJUSjlRQkZtZz09?cid=2308276481	Get hash	malicious	KnowBe4	Browse	3.231.74.234
	https://report-scam.malwarebouncer.com/XcUR2TnV2VTlXT0s0Z0NYa01KSGt3dUtWMWNiblBrc29mMlpZUU1WdThBSjdDdTlRQTVDV1ZZd0pDeWRmUU5rQ1QvVDNiSlBNYWd2bTd0eTRkZW5jT0hrYTBKWHFiVUc4TVZBOGpiNkh4VG9OTm9zNTVUWHNmNWVydHpqbzhIc1llSzdzTHZ0dENVNWRLZy9BbCsyVDRMSGRHOThUWnV5QUxPU0RZL1dPalNYTmUzMTVoRzl5bmk1ZVZRPT0tLUdVYnJkMC9GazI3MWlxYmotLUpFOURyOWkzK1l6Vy9BYTVOVDBVNkE9PQ==?cid=2346401253	Get hash	malicious	KnowBe4	Browse	3.231.74.234
	https://covid19.protected-forms.com/XQTNkY0hwMkttOEdiZmZ0V2RRTHpDdDNqUTROanhES0NBYmdFOG1KTGRSTUtrK3VMMzlEN1JKVVFXNUxaNGJOQmd1YzQ3ajJMeVdZUDU3TytRbGtIaFhWRkxnT0lkeTZhdy9xWEhjeFBoRXRTb2hxdjlVbi9iSk1qZytLQ0JxRjd4UmpOS3VUQ2lpOEZneTRoVmpzY2dyekR1WlhYOWVteVcrUXg0a2Y2aEU2ZEZwMVNId3R0U01RK3N3PT0tLVR0bDl1WEFUelg3K2VzTystLUxaMkFrZnU0UmJXRkR3aE5NRE9BOEE9PQ==?cid=2351432832	Get hash	malicious	KnowBe4	Browse	3.82.68.124
	https://password-changes.phishwall.net/XMzUzaXgwTnBGZU9XbU9kQnFIZk0vQ3hhQlNtUXJwaExCOTNDYnhpMG92ZHRNQjI5SHhmNUlLTC9JcmVVS2sraDgvUVZtd2YwVFROeGxlbDR0UXBkeGJOUkN3UGliUUNGVHZXWVJ2ek5hZ0FNV290djROWFRxN3JNazM1WlhNOUVLdnlqOEVlbXFaaFROMlltRDFFKzhmU3A0eEl4cE1tMFJmazVYOE5hc25oTjNIR0Q1UzJyNW5wTkNBPT0tLUdCVnp5RnltanNuQnVQWkgtLVA0Uy9TcENHeDltOGdwd282cnZiaEE9PQ==?cid=2317630324	Get hash	malicious	HTMLPhisher, KnowBe4	Browse	3.88.121.169
	https://employeeportal.net-login.com/XL0pFWEloTnBYUmM5TnBUSmVpbWxiSUpWb3BBL1lPY1hwYU5uYktNWkd5ME82bWJMcUhoRklFUWJiVmFOUi9uUS81dGZ4dnJZYkltK2NMZG5BV1pmbFhqMXNZcm1QeXBXTXI4R090NHo5NWhuL2l4TXdxNlY4VlZxWHVPNTdnc1M3aU4xWjhFTmJiTEJWVUYydWVqZjNPbnFkM3M5T0FNQ2lRL3EySjhvdVVDNzZ2UHJQb0xQdlhZbTZRPT0tLTJaT0Z2TlJ3S0NMTTZjc2ktLTZGNUIwRnVkbFRTTHR2dUFITkcxVFE9PQ==?cid=2341891188	Get hash	malicious	KnowBe4	Browse	3.88.121.169
	https://chase.com-onlinebanking.com/XWmJkMGsxak5lZzdVZUczR3RxTGFWN1g0Q2NKLy96RURPVEpZbEdkOC9nQzY1TStZSjU0T0x4Q05qOXZBRHZnZTZpMmh2eGFmSm9rcVRmV2xBeENiMEF1V3VTOVAvL2dKemVQZkZGNHAxQ1hqTU9WY0R5SGpYeDQ3UVNtNGZpWDJYdWxBUFY5OUFVc3VFU041aHl6aUxrMlBZaGs1Y25BV0xHL1Vhc1BYNVQ5d3laZ2piV3gvTjlUMmc3QWV4QUs2Q0h6Yi0tZ1lEV1pac1JHRzl5ZFpFaC0tcVVpc09xQzZsUzY0bzY0YWpuS1N2Zz09?cid=2342337857	Get hash	malicious	KnowBe4	Browse	3.88.121.169
	https://kn0wbe4.compromisedblog.com/XZHJISTcycW1tZkROWG92Y2ZEc21laS80dzNTR2N0eEsvTDFRWGFNODdGaGtjNGo5VzRyMFRUQmFLM0grcGxUbnBSTVFhMEg2Smd3UkovaXVjaUpIcG1hZG5CQnh5aFlZTXNqNldTdm84cE5CMUtld0dCZzN4ZUFRK2lvL1FWTG92NUJsMnJ3OHFGckdTNFhnMkFUTFZFZTdKRnVJaTRuRGFKdXVyeUdCVytuQzdnMEV1ZExSMnlwWi9RPT0tLTdnZjhxQVZPbUdTdFZXVUEtLXA0bHNCNGxmeTdrdmlkWWRVcmRXRWc9PQ==?cid=2310423310	Get hash	malicious	KnowBe4	Browse	3.212.32.86
s3-w.us-east-1.amazonaws.com	https://Covid19.protected-forms.com/XbzFOWGtmMFBFWHdHRklWcjBnd3prY2tUQ3NVdmpyVjExSzNkakhIQ0ExYnJrOEkyWXB1SDVlRURTTEVkV2hReGhCbXIvQVkvSzZVT3VkcnF3eWN2RDdsSVNERC9FdkdSYVBQdDBGM0kwbmFZM3hmYjlGNURDY2JnQTdIZGgyai9vTkg5THFhVFRrT3BQZ1IxM1d0NXFxR01MUlZkNWZXYzRLQjhPSFBEMTB4UXpsUlc5SSt0SVA1VHJTcSt0OVh4LS1PS2hTVDJHTlVlUGZRZmdTLS1JV2t4SnVyT2hYL1I2bWZ6bmQ5RFNRPT0=?cid=2331529927	Get hash	malicious	KnowBe4	Browse	3.5.11.17
	https://app.planable.io/review/0OPaw36t6M_k	Get hash	malicious	HTMLPhisher	Browse	52.217.197.209
	PaymentAdvice.html	Get hash	malicious	KnowBe4	Browse	54.231.227.161
	https://combatironapparel.com/collections/ranger-panty-shorts	Get hash	malicious	Unknown	Browse	52.216.200.219
	https://mail.voipmessage.uk/XZmNVMGRWSjAyR3hxcDF0LzhSdGt1ZFZjdG0vUU9uWWRDQXI2eXJwbnNYd0FnNE9TWjhBNncyakhQSlRKa0poSEVkY09KRzlaVG9SSGM4NSt2bHh3M0h4eHpwKzZNZlpMUU9rWklrRlg2R0R3ak9qbVA4T21TZXpzYUxJazlsaVo0ODNubmNtS1ZuQTdWL1dLa3kvZVpKeU5WOUJWUVRFMHcxRWhsODJKQTdVV2NSUmloaFBtRWdiL1lGQ0VCOTNUUjVmSE1nPT0tLVpvYUVQQVVmdkNSZmR3ZUItLWhoMjNyU1ZFSWhzclZVc0cwdTEwS0E9PQ==?cid=305193241	Get hash	malicious	KnowBe4	Browse	52.217.129.57
	http://plnbl.io/review/VdCYQSoKp54z	Get hash	malicious	HTMLPhisher	Browse	52.217.170.145
	https://hallmark.greetingsweb.com/2865d1125997389a?l=22	Get hash	malicious	Unknown	Browse	3.5.25.233
	https://temp.farenheit.net/XZ1ZEKzFsR0pndUdHTEgydlg4dElJdnYwT0hjRkpzdVVSUm1ub0VGNFQ3Y0ZmKzFxM3I2dUJxaTkwbXEvV1dSWUM0MG5LUitrcGV2THJ0Q2o4cWUvRGxkd1l4MmcySE41YUtFUHo4RzZXM014SWRPampra2ZwMVVWNGhFTGh4WW9NU3BQaCtFRUFTMXdkc2ZiNUdhS284ek8xMTVuaS9UdExEa3lOT2hoa3R4SGg1bFIra241ZE02M1pDRVdDWVN2U3QraDRvZEVVOUMyM1J1Y1pHbGJiZ2Y1b1c4TGIxakFzVWhuc0E9PS0td2twbkU5Q0xKY3VWbzc3Ny0tQW5QTkZPazI2ajU5aTJUSjlRQkZtZz09?cid=2308276481	Get hash	malicious	KnowBe4	Browse	3.5.27.246
	https://gmail.net-login.com/XcXRYNDdyQ3ZtSld4UE4wVUJrekFCdThLQ2ZDbXJubWlkcy85YXZZRFpSOGRHZ0lqc1lEVlJhUFJ4T1JpVkZYRHlPM2luOWZsUlg0akRFL0JzN3BQNEMzS2I3QUtSaG9zWXhKL1R0cG5TcEV6YUpSMkZRT1BkNGd1eVg1eHFjTW5CbVFQV0l5RXdmVG9qV2tod3dRS0ZpbkcvY3EwZk91cnM4R003RE1ESDZkNUoxOTZyTTZQcEExKy0tVmRVQklXeHltU1Jqc0VOaS0tMDhlR1IwQTdzanVybEhTdHNlbmhsZz09?cid=2354608568	Get hash	malicious	KnowBe4	Browse	3.5.25.32
	https://d3sdeiz39xdvhy.cloudfront.net	Get hash	malicious	Unknown	Browse	52.217.121.121
secured-login.net	https://Covid19.protected-forms.com/XbzFOWGtmMFBFWHdHRklWcjBnd3prY2tUQ3NVdmpyVjExSzNkakhIQ0ExYnJrOEkyWXB1SDVlRURTTEVkV2hReGhCbXIvQVkvSzZVT3VkcnF3eWN2RDdsSVNERC9FdkdSYVBQdDBGM0kwbmFZM3hmYjlGNURDY2JnQTdIZGgyai9vTkg5THFhVFRrT3BQZ1IxM1d0NXFxR01MUlZkNWZXYzRLQjhPSFBEMTB4UXpsUlc5SSt0SVA1VHJTcSt0OVh4LS1PS2hTVDJHTlVlUGZRZmdTLS1JV2t4SnVyT2hYL1I2bWZ6bmQ5RFNRPT0=?cid=2331529927	Get hash	malicious	KnowBe4	Browse	3.231.74.234
	PaymentAdvice.html	Get hash	malicious	KnowBe4	Browse	34.195.197.181
	https://gmail.net-login.com/XcXRYNDdyQ3ZtSld4UE4wVUJrekFCdThLQ2ZDbXJubWlkcy85YXZZRFpSOGRHZ0lqc1lEVlJhUFJ4T1JpVkZYRHlPM2luOWZsUlg0akRFL0JzN3BQNEMzS2I3QUtSaG9zWXhKL1R0cG5TcEV6YUpSMkZRT1BkNGd1eVg1eHFjTW5CbVFQV0l5RXdmVG9qV2tod3dRS0ZpbkcvY3EwZk91cnM4R003RE1ESDZkNUoxOTZyTTZQcEExKy0tVmRVQklXeHltU1Jqc0VOaS0tMDhlR1IwQTdzanVybEhTdHNlbmhsZz09?cid=2354608568	Get hash	malicious	KnowBe4	Browse	34.193.120.146
	https://report-scam.malwarebouncer.com/XcUR2TnV2VTlXT0s0Z0NYa01KSGt3dUtWMWNiblBrc29mMlpZUU1WdThBSjdDdTlRQTVDV1ZZd0pDeWRmUU5rQ1QvVDNiSlBNYWd2bTd0eTRkZW5jT0hrYTBKWHFiVUc4TVZBOGpiNkh4VG9OTm9zNTVUWHNmNWVydHpqbzhIc1llSzdzTHZ0dENVNWRLZy9BbCsyVDRMSGRHOThUWnV5QUxPU0RZL1dPalNYTmUzMTVoRzl5bmk1ZVZRPT0tLUdVYnJkMC9GazI3MWlxYmotLUpFOURyOWkzK1l6Vy9BYTVOVDBVNkE9PQ==?cid=2346401253	Get hash	malicious	KnowBe4	Browse	34.193.6.123
	https://covid19.protected-forms.com/XQTNkY0hwMkttOEdiZmZ0V2RRTHpDdDNqUTROanhES0NBYmdFOG1KTGRSTUtrK3VMMzlEN1JKVVFXNUxaNGJOQmd1YzQ3ajJMeVdZUDU3TytRbGtIaFhWRkxnT0lkeTZhdy9xWEhjeFBoRXRTb2hxdjlVbi9iSk1qZytLQ0JxRjd4UmpOS3VUQ2lpOEZneTRoVmpzY2dyekR1WlhYOWVteVcrUXg0a2Y2aEU2ZEZwMVNId3R0U01RK3N3PT0tLVR0bDl1WEFUelg3K2VzTystLUxaMkFrZnU0UmJXRkR3aE5NRE9BOEE9PQ==?cid=2351432832	Get hash	malicious	KnowBe4	Browse	3.82.68.124
	https://password-changes.phishwall.net/XMzUzaXgwTnBGZU9XbU9kQnFIZk0vQ3hhQlNtUXJwaExCOTNDYnhpMG92ZHRNQjI5SHhmNUlLTC9JcmVVS2sraDgvUVZtd2YwVFROeGxlbDR0UXBkeGJOUkN3UGliUUNGVHZXWVJ2ek5hZ0FNV290djROWFRxN3JNazM1WlhNOUVLdnlqOEVlbXFaaFROMlltRDFFKzhmU3A0eEl4cE1tMFJmazVYOE5hc25oTjNIR0Q1UzJyNW5wTkNBPT0tLUdCVnp5RnltanNuQnVQWkgtLVA0Uy9TcENHeDltOGdwd282cnZiaEE9PQ==?cid=2317630324	Get hash	malicious	HTMLPhisher, KnowBe4	Browse	52.203.6.0
	https://employeeportal.net-login.com/XL0pFWEloTnBYUmM5TnBUSmVpbWxiSUpWb3BBL1lPY1hwYU5uYktNWkd5ME82bWJMcUhoRklFUWJiVmFOUi9uUS81dGZ4dnJZYkltK2NMZG5BV1pmbFhqMXNZcm1QeXBXTXI4R090NHo5NWhuL2l4TXdxNlY4VlZxWHVPNTdnc1M3aU4xWjhFTmJiTEJWVUYydWVqZjNPbnFkM3M5T0FNQ2lRL3EySjhvdVVDNzZ2UHJQb0xQdlhZbTZRPT0tLTJaT0Z2TlJ3S0NMTTZjc2ktLTZGNUIwRnVkbFRTTHR2dUFITkcxVFE9PQ==?cid=2341891188	Get hash	malicious	KnowBe4	Browse	3.88.121.169
	https://kn0wbe4.compromisedblog.com/XZHJISTcycW1tZkROWG92Y2ZEc21laS80dzNTR2N0eEsvTDFRWGFNODdGaGtjNGo5VzRyMFRUQmFLM0grcGxUbnBSTVFhMEg2Smd3UkovaXVjaUpIcG1hZG5CQnh5aFlZTXNqNldTdm84cE5CMUtld0dCZzN4ZUFRK2lvL1FWTG92NUJsMnJ3OHFGckdTNFhnMkFUTFZFZTdKRnVJaTRuRGFKdXVyeUdCVytuQzdnMEV1ZExSMnlwWi9RPT0tLTdnZjhxQVZPbUdTdFZXVUEtLXA0bHNCNGxmeTdrdmlkWWRVcmRXRWc9PQ==?cid=2310423310	Get hash	malicious	KnowBe4	Browse	54.209.230.227
	https://gmail.net-login.com/Xb1Rnb3pKRC9CUEdpbldIVTREbHhIK1Vza1NvaWlrblBIbkN4aUdCZUt0Y2NlSGJiWmZ2d0M1dTB5dEpRbnRoVDdBVkFTcEJqWGowNVZycWJNWHlIUHlLOG1qS0FvemVPSXpFRFhGcUhmaVU1ekQwMklrVmM0QjVpNmhLaDdoY1I4UlhMcFo1TTJaSFhtaWpiWWFqWGZ5WEg4TnBiOUl4MDI1RFMyWStQRFoyNFo5UFZNUUpmWXBtaUg0Y0FjUG1jejdSVnFVOXJQL2VzdmNLM1lEaWtmRkZnZEk2Vi0tVHFIeU0vOWxTN01YVEtXbS0tTTh5Skh1eEtsc0xTT0J5Rzg2Q2ZJQT09?cid=2330416057%3EOpen	Get hash	malicious	KnowBe4	Browse	52.5.153.217

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-AESUS	https://theleadking2435063.emlnk.com/lt.php?x=3DZy~GDHJaLL5a37-gxLhhGf13JRv_MkkPo2jHPMKXOh5XR.-Uy.xuO-2I2imNf	Get hash	malicious	Unknown	Browse	54.82.80.250
	RJKUWSGxej.exe	Get hash	malicious	AgentTesla, RedLine	Browse	44.221.84.105
	https://samantacatering.com/	Get hash	malicious	Unknown	Browse	54.196.108.80
	https://www.filemail.com/d/rxythqchkhluipl?skipreg=true	Get hash	malicious	Unknown	Browse	18.208.66.204
	sora.arm.elf	Get hash	malicious	Mirai	Browse	100.25.242.38
	http://arpaeq.ca	Get hash	malicious	Unknown	Browse	23.23.49.179
	5b118cb6-e85d-926b-b917-b9317aeed46c.eml	Get hash	malicious	Unknown	Browse	54.235.205.181
	https://Covid19.protected-forms.com/XbzFOWGtmMFBFWHdHRklWcjBnd3prY2tUQ3NVdmpyVjExSzNkakhIQ0ExYnJrOEkyWXB1SDVlRURTTEVkV2hReGhCbXIvQVkvSzZVT3VkcnF3eWN2RDdsSVNERC9FdkdSYVBQdDBGM0kwbmFZM3hmYjlGNURDY2JnQTdIZGgyai9vTkg5THFhVFRrT3BQZ1IxM1d0NXFxR01MUlZkNWZXYzRLQjhPSFBEMTB4UXpsUlc5SSt0SVA1VHJTcSt0OVh4LS1PS2hTVDJHTlVlUGZRZmdTLS1JV2t4SnVyT2hYL1I2bWZ6bmQ5RFNRPT0=?cid=2331529927	Get hash	malicious	KnowBe4	Browse	34.193.6.123
	https://app.planable.io/review/0OPaw36t6M_k	Get hash	malicious	HTMLPhisher	Browse	35.170.228.5
	https://we.tl/t-fnebgmrnYQ	Get hash	malicious	Unknown	Browse	34.192.41.140
AMAZON-AESUS	https://theleadking2435063.emlnk.com/lt.php?x=3DZy~GDHJaLL5a37-gxLhhGf13JRv_MkkPo2jHPMKXOh5XR.-Uy.xuO-2I2imNf	Get hash	malicious	Unknown	Browse	54.82.80.250
	RJKUWSGxej.exe	Get hash	malicious	AgentTesla, RedLine	Browse	44.221.84.105
	https://samantacatering.com/	Get hash	malicious	Unknown	Browse	54.196.108.80
	https://www.filemail.com/d/rxythqchkhluipl?skipreg=true	Get hash	malicious	Unknown	Browse	18.208.66.204
	sora.arm.elf	Get hash	malicious	Mirai	Browse	100.25.242.38
	http://arpaeq.ca	Get hash	malicious	Unknown	Browse	23.23.49.179
	5b118cb6-e85d-926b-b917-b9317aeed46c.eml	Get hash	malicious	Unknown	Browse	54.235.205.181
	https://Covid19.protected-forms.com/XbzFOWGtmMFBFWHdHRklWcjBnd3prY2tUQ3NVdmpyVjExSzNkakhIQ0ExYnJrOEkyWXB1SDVlRURTTEVkV2hReGhCbXIvQVkvSzZVT3VkcnF3eWN2RDdsSVNERC9FdkdSYVBQdDBGM0kwbmFZM3hmYjlGNURDY2JnQTdIZGgyai9vTkg5THFhVFRrT3BQZ1IxM1d0NXFxR01MUlZkNWZXYzRLQjhPSFBEMTB4UXpsUlc5SSt0SVA1VHJTcSt0OVh4LS1PS2hTVDJHTlVlUGZRZmdTLS1JV2t4SnVyT2hYL1I2bWZ6bmQ5RFNRPT0=?cid=2331529927	Get hash	malicious	KnowBe4	Browse	34.193.6.123
	https://app.planable.io/review/0OPaw36t6M_k	Get hash	malicious	HTMLPhisher	Browse	35.170.228.5
	https://we.tl/t-fnebgmrnYQ	Get hash	malicious	Unknown	Browse	34.192.41.140
AMAZON-AESUS	https://theleadking2435063.emlnk.com/lt.php?x=3DZy~GDHJaLL5a37-gxLhhGf13JRv_MkkPo2jHPMKXOh5XR.-Uy.xuO-2I2imNf	Get hash	malicious	Unknown	Browse	54.82.80.250
	RJKUWSGxej.exe	Get hash	malicious	AgentTesla, RedLine	Browse	44.221.84.105
	https://samantacatering.com/	Get hash	malicious	Unknown	Browse	54.196.108.80
	https://www.filemail.com/d/rxythqchkhluipl?skipreg=true	Get hash	malicious	Unknown	Browse	18.208.66.204
	sora.arm.elf	Get hash	malicious	Mirai	Browse	100.25.242.38
	http://arpaeq.ca	Get hash	malicious	Unknown	Browse	23.23.49.179
	5b118cb6-e85d-926b-b917-b9317aeed46c.eml	Get hash	malicious	Unknown	Browse	54.235.205.181
	https://Covid19.protected-forms.com/XbzFOWGtmMFBFWHdHRklWcjBnd3prY2tUQ3NVdmpyVjExSzNkakhIQ0ExYnJrOEkyWXB1SDVlRURTTEVkV2hReGhCbXIvQVkvSzZVT3VkcnF3eWN2RDdsSVNERC9FdkdSYVBQdDBGM0kwbmFZM3hmYjlGNURDY2JnQTdIZGgyai9vTkg5THFhVFRrT3BQZ1IxM1d0NXFxR01MUlZkNWZXYzRLQjhPSFBEMTB4UXpsUlc5SSt0SVA1VHJTcSt0OVh4LS1PS2hTVDJHTlVlUGZRZmdTLS1JV2t4SnVyT2hYL1I2bWZ6bmQ5RFNRPT0=?cid=2331529927	Get hash	malicious	KnowBe4	Browse	34.193.6.123
	https://app.planable.io/review/0OPaw36t6M_k	Get hash	malicious	HTMLPhisher	Browse	35.170.228.5
	https://we.tl/t-fnebgmrnYQ	Get hash	malicious	Unknown	Browse	34.192.41.140

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	DpTbBYeE7J.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	40.115.3.253
	RJKUWSGxej.exe	Get hash	malicious	AgentTesla, RedLine	Browse	40.115.3.253
	7DpzcPcsTS.exe	Get hash	malicious	AgentTesla	Browse	40.115.3.253
	B8FnDUj8hy.exe	Get hash	malicious	AgentTesla	Browse	40.115.3.253
	FSRHC6mB16.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	40.115.3.253
	9pIm5d0rsW.exe	Get hash	malicious	AgentTesla, PureLog Stealer, zgRAT	Browse	40.115.3.253
	B7N48hmO78.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	40.115.3.253
	VIAmJUhQ54.exe	Get hash	malicious	MassLogger RAT	Browse	40.115.3.253
	VYLigyTDuW.exe	Get hash	malicious	AgentTesla	Browse	40.115.3.253
	QUOTATION-9044456778.pdf (83kb).com.exe	Get hash	malicious	PureLog Stealer, Quasar	Browse	40.115.3.253

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	298
Entropy (8bit):	5.152134562290872
Encrypted:	false
SSDEEP:	6:iO4HEzVq2PN72nKuAl9OmbnIFUtSHEmVSgZmwsHEmVSIkwON72nKuAl9OmbjLJ:7DzVvVaHAahFUtBmYg/fmYI5OaHAaSJ
MD5:	5E9E74ECFBEAAB04C9170F1E508A7006
SHA1:	B2C916E9956846AAF9A5ABF8C0E93ADFB9FAB28E
SHA-256:	60B1D402F2C2173F8FCCCE9E12DB3AA464C673145482843C454E76D1E3BC0283
SHA-512:	FD7630275F39B8F005931BCB0233F2C9B09BD2F4C45DF900AF6E0D206CF0ECE7337BE8E02978B4884D12348C0FF131A576B56A7A7D0F01D5B3720F2CA440615D
Malicious:	false
Reputation:	low
Preview:	2025/01/10-10:31:34.556 1620 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/10-10:31:34.558 1620 Recovering log #3.2025/01/10-10:31:34.558 1620 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	1873
Entropy (8bit):	5.373025747899122
Encrypted:	false
SSDEEP:	24:hMK6mVWGWKHKFFiZdWbVpd58kETAh2grGnf8+3gpN6aga0aSBanOE3O6IhXxSwE9:Amw5K/OnsAcgHBnLSoOkfCXQB9
MD5:	13C9494962C16BB09F2921E60CDC11A3
SHA1:	8E66D9D1B4B04B5FC8A7B8D72FBBEFB12BA2150B
SHA-256:	74133370E122C9BB68F488AAAD71134DBFB2456BD9B462C244E562E44CB57B83
SHA-512:	FC6DA99ACF5E397DE125E7D9FA3B804AF46BB534DD6706ED6748746EEF4CA1998B83007BA65EED5E915601666D451EBD463EA68F0653518C08BE520E5DBA7122
Malicious:	false
URL:	https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">. <meta name="IMPORTANT" content="This page is part of a simulated phishing attack initiated by KnowBe4 on behalf of its customers." />. <meta name="IMPORTANT" content="If you have any questions please contact support@knowbe4.com." />. <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"/>. <meta name="robots" content="noindex, nofollow" />.. <head>. <script src="/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js"></script>.. <link rel="stylesheet" href="/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css" media="all" />.. </head>. .<style type="text/css">body {..background-color: #306075;.}.audio { . display:none;.}..audio::-internal-media-controls-download-button {. display:none;.}.audio::-webkit-media-controls

File type:	PDF document, version 1.6, 0 pages
Entropy (8bit):	7.173494748584945
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	ID_Badge_Policy.pdf
File size:	109'651 bytes
MD5:	8fcf1c1f729a2a79cc52ba3343385999
SHA1:	2dee93d9249a0d6a7175538db8010b4555cf19a3
SHA256:	745863635271fb10ef2197718009ddfb072039a93f08935219c83a70c8b30c46
SHA512:	28b41452422a73c5e624e3d58cfc052573b9e14da0efc59f6888db86b74bc7aa596f6801735166d875be83a095a6bd78c6dba58307ab68109d8d453fc08c6370
SSDEEP:	1536:9yZed6SH7RbBcq/hBOitOOdG538OZU+KaSxtLRU+9S/BqK365UBmJ4t:4Ze3bBd/zLdy38AU+1SBU+wT3KUBms
TLSH:	ABB35915EC06FCC4B045CBA172B9795D421D3103649B1DABF59C8FCADFC3588AE8A26B
File Content Preview:	%PDF-1.6.%.....%QDF-1.0..%% Original object ID: 14 0.1 0 obj.<<. /AcroForm 3 0 R. /Metadata 4 0 R. /OpenAction 6 0 R. /Outlines 7 0 R. /Pages 8 0 R. /Type /Catalog.>>.endobj..%% Original object ID: 12 0.2 0 obj.<<. /CreationDate (D:20180612094110-0

General
Header:	%PDF-1.6
Total Entropy:	7.173495
Total Bytes:	109651
Stream Entropy:	7.767301
Stream Bytes:	82448
Entropy outside Streams:	3.782254
Bytes outside Streams:	27203
Number of EOF found:	1
Bytes after EOF:

Name	Count
obj	54
endobj	54
stream	14
endstream	14
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	6
/JS	1
/JavaScript	1
/AA	0
/OpenAction	1
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

ID	DHASH	MD5
21	c6c6874b6b62f0e2	7d0ee0aed29d30b2155af6893379f1f7
23	4a4d08a957113862	127ed9be986e6e9bf0e5a75b9ea98c45
25	494519d4cc49554d	90f15dad1a7916b8c4ddf3784dc5ba38

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 10, 2025 16:31:45.149178028 CET	51566	53	192.168.2.6	1.1.1.1
Jan 10, 2025 16:32:57.046818018 CET	53	63887	1.1.1.1	192.168.2.6
Jan 10, 2025 16:32:57.098217964 CET	51903	53	192.168.2.6	1.1.1.1
Jan 10, 2025 16:32:57.098402977 CET	55141	53	192.168.2.6	1.1.1.1
Jan 10, 2025 16:32:57.120945930 CET	53	55653	1.1.1.1	192.168.2.6
Jan 10, 2025 16:32:57.138606071 CET	53	55141	1.1.1.1	192.168.2.6
Jan 10, 2025 16:32:57.139134884 CET	53	51903	1.1.1.1	192.168.2.6
Jan 10, 2025 16:32:58.261670113 CET	53	63140	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:01.388153076 CET	53	51618	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:01.426100969 CET	60579	53	192.168.2.6	1.1.1.1
Jan 10, 2025 16:33:01.426302910 CET	53335	53	192.168.2.6	1.1.1.1
Jan 10, 2025 16:33:01.432868004 CET	53	60579	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:01.433089018 CET	53	53335	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:01.696130037 CET	49901	53	192.168.2.6	1.1.1.1
Jan 10, 2025 16:33:01.696417093 CET	59278	53	192.168.2.6	1.1.1.1
Jan 10, 2025 16:33:01.708604097 CET	53	59278	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:01.733669043 CET	53	49901	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:06.885848045 CET	53801	53	192.168.2.6	1.1.1.1
Jan 10, 2025 16:33:06.886001110 CET	53095	53	192.168.2.6	1.1.1.1
Jan 10, 2025 16:33:06.899101973 CET	53	53801	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:06.899444103 CET	53	53095	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:06.942291021 CET	64968	53	192.168.2.6	1.1.1.1
Jan 10, 2025 16:33:06.942608118 CET	62761	53	192.168.2.6	1.1.1.1
Jan 10, 2025 16:33:06.975795031 CET	53	62761	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:06.982063055 CET	53	64968	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:15.230535984 CET	53	50341	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:34.368534088 CET	53	50820	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:56.640521049 CET	53	58700	1.1.1.1	192.168.2.6
Jan 10, 2025 16:33:57.155035973 CET	53	54101	1.1.1.1	192.168.2.6
Jan 10, 2025 16:34:27.858966112 CET	53	58044	1.1.1.1	192.168.2.6
Jan 10, 2025 16:35:04.151623011 CET	138	138	192.168.2.6	192.168.2.255
Jan 10, 2025 16:35:14.917901993 CET	53	56622	1.1.1.1	192.168.2.6

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 10, 2025 16:31:45.159564018 CET	1.1.1.1	192.168.2.6	0xfdbe	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 10, 2025 16:32:57.138606071 CET	1.1.1.1	192.168.2.6	0x828f	No error (0)	do.not.click.on.this.link.instantrevert.net	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 10, 2025 16:32:57.139134884 CET	1.1.1.1	192.168.2.6	0x9b34	No error (0)	do.not.click.on.this.link.instantrevert.net	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 10, 2025 16:32:57.139134884 CET	1.1.1.1	192.168.2.6	0x9b34	No error (0)	landing.training.knowbe4.com		3.231.74.234	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:32:57.139134884 CET	1.1.1.1	192.168.2.6	0x9b34	No error (0)	landing.training.knowbe4.com		34.193.6.123	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:32:57.139134884 CET	1.1.1.1	192.168.2.6	0x9b34	No error (0)	landing.training.knowbe4.com		34.195.197.181	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:32:57.139134884 CET	1.1.1.1	192.168.2.6	0x9b34	No error (0)	landing.training.knowbe4.com		35.169.9.104	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:32:57.139134884 CET	1.1.1.1	192.168.2.6	0x9b34	No error (0)	landing.training.knowbe4.com		54.87.176.87	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:32:57.139134884 CET	1.1.1.1	192.168.2.6	0x9b34	No error (0)	landing.training.knowbe4.com		54.161.180.244	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:01.432868004 CET	1.1.1.1	192.168.2.6	0x801	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:01.433089018 CET	1.1.1.1	192.168.2.6	0x9041	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 10, 2025 16:33:01.733669043 CET	1.1.1.1	192.168.2.6	0x59a8	No error (0)	secured-login.net		54.87.176.87	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:01.733669043 CET	1.1.1.1	192.168.2.6	0x59a8	No error (0)	secured-login.net		34.193.6.123	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:01.733669043 CET	1.1.1.1	192.168.2.6	0x59a8	No error (0)	secured-login.net		3.231.74.234	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:01.733669043 CET	1.1.1.1	192.168.2.6	0x59a8	No error (0)	secured-login.net		54.161.180.244	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:01.733669043 CET	1.1.1.1	192.168.2.6	0x59a8	No error (0)	secured-login.net		35.169.9.104	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:01.733669043 CET	1.1.1.1	192.168.2.6	0x59a8	No error (0)	secured-login.net		34.195.197.181	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.899101973 CET	1.1.1.1	192.168.2.6	0x6af3	No error (0)	secured-login.net		3.231.74.234	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.899101973 CET	1.1.1.1	192.168.2.6	0x6af3	No error (0)	secured-login.net		54.161.180.244	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.899101973 CET	1.1.1.1	192.168.2.6	0x6af3	No error (0)	secured-login.net		54.87.176.87	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.899101973 CET	1.1.1.1	192.168.2.6	0x6af3	No error (0)	secured-login.net		34.195.197.181	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.899101973 CET	1.1.1.1	192.168.2.6	0x6af3	No error (0)	secured-login.net		35.169.9.104	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.899101973 CET	1.1.1.1	192.168.2.6	0x6af3	No error (0)	secured-login.net		34.193.6.123	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.975795031 CET	1.1.1.1	192.168.2.6	0xb285	No error (0)	helpimg.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 10, 2025 16:33:06.975795031 CET	1.1.1.1	192.168.2.6	0xb285	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 10, 2025 16:33:06.982063055 CET	1.1.1.1	192.168.2.6	0xd286	No error (0)	helpimg.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 10, 2025 16:33:06.982063055 CET	1.1.1.1	192.168.2.6	0xd286	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 10, 2025 16:33:06.982063055 CET	1.1.1.1	192.168.2.6	0xd286	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.12.180	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.982063055 CET	1.1.1.1	192.168.2.6	0xd286	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.115.97	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.982063055 CET	1.1.1.1	192.168.2.6	0xd286	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.235.209	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.982063055 CET	1.1.1.1	192.168.2.6	0xd286	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.173.65	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.982063055 CET	1.1.1.1	192.168.2.6	0xd286	No error (0)	s3-w.us-east-1.amazonaws.com		16.15.177.59	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.982063055 CET	1.1.1.1	192.168.2.6	0xd286	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.137.41	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.982063055 CET	1.1.1.1	192.168.2.6	0xd286	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.16.216	A (IP address)	IN (0x0001)	false
Jan 10, 2025 16:33:06.982063055 CET	1.1.1.1	192.168.2.6	0xd286	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.25.157	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:31:30 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 57 4f 75 6e 75 67 41 65 6b 4b 56 67 4e 34 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 61 34 65 39 34 66 34 39 32 33 30 37 30 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: WWOunugAekKVgN4x.1Context: b2a4e94f49230704
2025-01-10 15:31:30 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-10 15:31:30 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 57 57 4f 75 6e 75 67 41 65 6b 4b 56 67 4e 34 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 61 34 65 39 34 66 34 39 32 33 30 37 30 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 32 38 61 71 61 2b 59 31 32 54 4a 69 33 32 7a 50 47 62 55 56 32 2b 6a 58 44 2f 74 51 66 77 53 70 6e 56 63 69 70 77 74 49 49 79 37 46 58 4f 4f 5a 35 78 4a 51 4c 42 57 62 41 75 45 67 79 2b 68 57 68 68 6a 62 76 77 66 54 30 75 2f 79 54 51 78 54 49 38 6d 58 50 70 7a 43 49 6d 70 67 4a 35 47 53 59 47 6b 59 77 6a 63 4b 33 68 48 30 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: WWOunugAekKVgN4x.2Context: b2a4e94f49230704<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV28aqa+Y12TJi32zPGbUV2+jXD/tQfwSpnVcipwtIIy7FXOOZ5xJQLBWbAuEgy+hWhhjbvwfT0u/yTQxTI8mXPpzCImpgJ5GSYGkYwjcK3hH0
2025-01-10 15:31:30 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 57 4f 75 6e 75 67 41 65 6b 4b 56 67 4e 34 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 61 34 65 39 34 66 34 39 32 33 30 37 30 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: WWOunugAekKVgN4x.3Context: b2a4e94f49230704<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-10 15:31:30 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-10 15:31:30 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 51 37 46 73 48 4f 47 66 6d 45 47 73 6d 49 54 48 6d 52 2b 67 31 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Q7FsHOGfmEGsmITHmR+g1w.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:31:39 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 33 37 72 37 30 41 4f 68 66 45 71 4e 6f 32 30 66 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 34 31 30 31 38 33 63 33 39 33 37 63 37 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 37r70AOhfEqNo20f.1Context: 1f410183c3937c7e
2025-01-10 15:31:39 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-10 15:31:39 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 33 37 72 37 30 41 4f 68 66 45 71 4e 6f 32 30 66 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 34 31 30 31 38 33 63 33 39 33 37 63 37 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 32 38 61 71 61 2b 59 31 32 54 4a 69 33 32 7a 50 47 62 55 56 32 2b 6a 58 44 2f 74 51 66 77 53 70 6e 56 63 69 70 77 74 49 49 79 37 46 58 4f 4f 5a 35 78 4a 51 4c 42 57 62 41 75 45 67 79 2b 68 57 68 68 6a 62 76 77 66 54 30 75 2f 79 54 51 78 54 49 38 6d 58 50 70 7a 43 49 6d 70 67 4a 35 47 53 59 47 6b 59 77 6a 63 4b 33 68 48 30 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 37r70AOhfEqNo20f.2Context: 1f410183c3937c7e<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV28aqa+Y12TJi32zPGbUV2+jXD/tQfwSpnVcipwtIIy7FXOOZ5xJQLBWbAuEgy+hWhhjbvwfT0u/yTQxTI8mXPpzCImpgJ5GSYGkYwjcK3hH0
2025-01-10 15:31:39 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 33 37 72 37 30 41 4f 68 66 45 71 4e 6f 32 30 66 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 34 31 30 31 38 33 63 33 39 33 37 63 37 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 37r70AOhfEqNo20f.3Context: 1f410183c3937c7e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-10 15:31:39 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-10 15:31:39 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 44 41 67 4d 35 50 7a 48 77 45 71 47 53 7a 63 75 62 34 64 78 57 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: DAgM5PzHwEqGSzcub4dxWA.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:31:52 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 66 54 69 6a 54 69 78 67 74 6b 36 69 34 52 71 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 30 66 64 32 39 37 35 37 31 30 33 39 35 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: fTijTixgtk6i4RqN.1Context: 700fd2975710395b
2025-01-10 15:31:52 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-10 15:31:52 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 66 54 69 6a 54 69 78 67 74 6b 36 69 34 52 71 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 30 66 64 32 39 37 35 37 31 30 33 39 35 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 32 38 61 71 61 2b 59 31 32 54 4a 69 33 32 7a 50 47 62 55 56 32 2b 6a 58 44 2f 74 51 66 77 53 70 6e 56 63 69 70 77 74 49 49 79 37 46 58 4f 4f 5a 35 78 4a 51 4c 42 57 62 41 75 45 67 79 2b 68 57 68 68 6a 62 76 77 66 54 30 75 2f 79 54 51 78 54 49 38 6d 58 50 70 7a 43 49 6d 70 67 4a 35 47 53 59 47 6b 59 77 6a 63 4b 33 68 48 30 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: fTijTixgtk6i4RqN.2Context: 700fd2975710395b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV28aqa+Y12TJi32zPGbUV2+jXD/tQfwSpnVcipwtIIy7FXOOZ5xJQLBWbAuEgy+hWhhjbvwfT0u/yTQxTI8mXPpzCImpgJ5GSYGkYwjcK3hH0
2025-01-10 15:31:52 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 66 54 69 6a 54 69 78 67 74 6b 36 69 34 52 71 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 30 66 64 32 39 37 35 37 31 30 33 39 35 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: fTijTixgtk6i4RqN.3Context: 700fd2975710395b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-10 15:31:52 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-10 15:31:52 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 52 2f 32 46 6e 6e 51 34 73 45 32 36 34 64 61 71 75 38 43 7a 30 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: R/2FnnQ4sE264daqu8Cz0g.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:32:14 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 36 49 69 44 67 6a 55 34 43 30 36 32 57 33 71 64 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 63 33 37 61 31 61 38 38 65 32 39 65 32 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 6IiDgjU4C062W3qd.1Context: 55c37a1a88e29e27
2025-01-10 15:32:14 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-10 15:32:14 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 36 49 69 44 67 6a 55 34 43 30 36 32 57 33 71 64 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 63 33 37 61 31 61 38 38 65 32 39 65 32 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 32 38 61 71 61 2b 59 31 32 54 4a 69 33 32 7a 50 47 62 55 56 32 2b 6a 58 44 2f 74 51 66 77 53 70 6e 56 63 69 70 77 74 49 49 79 37 46 58 4f 4f 5a 35 78 4a 51 4c 42 57 62 41 75 45 67 79 2b 68 57 68 68 6a 62 76 77 66 54 30 75 2f 79 54 51 78 54 49 38 6d 58 50 70 7a 43 49 6d 70 67 4a 35 47 53 59 47 6b 59 77 6a 63 4b 33 68 48 30 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 6IiDgjU4C062W3qd.2Context: 55c37a1a88e29e27<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV28aqa+Y12TJi32zPGbUV2+jXD/tQfwSpnVcipwtIIy7FXOOZ5xJQLBWbAuEgy+hWhhjbvwfT0u/yTQxTI8mXPpzCImpgJ5GSYGkYwjcK3hH0
2025-01-10 15:32:14 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 36 49 69 44 67 6a 55 34 43 30 36 32 57 33 71 64 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 63 33 37 61 31 61 38 38 65 32 39 65 32 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 6IiDgjU4C062W3qd.3Context: 55c37a1a88e29e27<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-10 15:32:14 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-10 15:32:14 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 32 61 69 33 6c 71 4c 42 73 55 61 62 4d 72 55 54 30 42 6e 4c 6d 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 2ai3lqLBsUabMrUT0BnLmA.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:32:45 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 43 63 38 76 43 4a 35 31 55 55 6d 56 44 38 59 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 30 36 63 32 30 64 39 31 31 64 63 39 65 31 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Cc8vCJ51UUmVD8YL.1Context: d06c20d911dc9e1c
2025-01-10 15:32:45 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-10 15:32:45 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 43 63 38 76 43 4a 35 31 55 55 6d 56 44 38 59 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 30 36 63 32 30 64 39 31 31 64 63 39 65 31 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 32 38 61 71 61 2b 59 31 32 54 4a 69 33 32 7a 50 47 62 55 56 32 2b 6a 58 44 2f 74 51 66 77 53 70 6e 56 63 69 70 77 74 49 49 79 37 46 58 4f 4f 5a 35 78 4a 51 4c 42 57 62 41 75 45 67 79 2b 68 57 68 68 6a 62 76 77 66 54 30 75 2f 79 54 51 78 54 49 38 6d 58 50 70 7a 43 49 6d 70 67 4a 35 47 53 59 47 6b 59 77 6a 63 4b 33 68 48 30 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Cc8vCJ51UUmVD8YL.2Context: d06c20d911dc9e1c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV28aqa+Y12TJi32zPGbUV2+jXD/tQfwSpnVcipwtIIy7FXOOZ5xJQLBWbAuEgy+hWhhjbvwfT0u/yTQxTI8mXPpzCImpgJ5GSYGkYwjcK3hH0
2025-01-10 15:32:45 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 43 63 38 76 43 4a 35 31 55 55 6d 56 44 38 59 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 30 36 63 32 30 64 39 31 31 64 63 39 65 31 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Cc8vCJ51UUmVD8YL.3Context: d06c20d911dc9e1c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-10 15:32:45 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-10 15:32:45 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 41 66 4e 47 35 6d 49 6c 2b 55 69 66 48 52 66 54 6c 55 70 39 38 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: AfNG5mIl+UifHRfTlUp98g.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:32:58 UTC	1014	OUT	GET /XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==?cid=2356055592 HTTP/1.1 Host: do.not.click.on.this.link.instantrevert.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-10 15:33:01 UTC	574	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 15:33:01 GMT Content-Type: text/html; charset=utf-8 Content-Length: 461 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade ETag: W/"cb96ccc09e891dda387e7f19809fbef0" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: d75127b1-398b-4591-a139-d23f2ab1de18 X-Runtime: 2.907516 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-10 15:33:01 UTC	461	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 73 65 63 75 72 65 64 2d 6c 6f 67 69 6e 2e 6e 65 74 2f 70 61 67 65 73 2f 66 32 65 36 66 32 61 39 35 65 61 66 2f 58 63 57 4e 31 4b 30 4a 6e 55 55 46 59 51 55 78 6d 4d 57 46 56 52 33 42 4d 61 30 5a 46 63 55 55 7a 64 43 74 61 57 6b 34 77 56 6b 6c 74 62 6c 46 6c 5a 32 70 6c 64 55 4a 33 64 46 52 34 61 6e 6f 34 54 48 46 79 63 58 46 6b 5a 57 46 6d 65 45 4e 56 62 47 68 31 5a 32 52 78 55 48 5a 6d 62 6b 35 75 4e 55 56 47 54 58 4e 46 4c 32 39 4f 51 55 6c 6f 5a 58 52 45 62 47 52 75 4d 55 34 76 53 33 45 76 54 6d 68 4a 53 6b 59 31 55 56 56 70 64 32 6f 31 55 45 64 4e 52 6a 6b 35 53 32 6b Data Ascii: <html> <head> <script>window.location.href = 'https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2k

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:33:02 UTC	1369	OUT	GET /pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ== HTTP/1.1 Host: secured-login.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://do.not.click.on.this.link.instantrevert.net/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==?cid=2356055592 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-10 15:33:05 UTC	832	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 15:33:05 GMT Content-Type: text/html; charset=utf-8 Content-Length: 1873 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade Link: </assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css>; rel=preload; as=style; nopush,</assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js>; rel=preload; as=script; nopush ETag: W/"74133370e122c9bb68f488aaad71134d" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: 430fcdee-59c1-42f6-808f-bbc21b1bb65e X-Runtime: 2.621871 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-10 15:33:05 UTC	1873	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 49 4d 50 4f 52 54 41 4e 54 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 70 61 67 65 20 69 73 20 70 61 72 74 20 6f 66 20 61 20 73 69 6d 75 6c 61 74 65 64 20 70 68 69 73 68 69 6e 67 20 61 74 74 61 63 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <meta name="IMPORTANT" content="This page is part of a simulated phishing attac

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:33:05 UTC	958	OUT	GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1 Host: secured-login.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-10 15:33:05 UTC	263	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 15:33:05 GMT Content-Type: text/css Content-Length: 1471 Connection: close Last-Modified: Fri, 10 Jan 2025 14:08:30 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-10 15:33:05 UTC	1471	IN	Data Raw: 2f 2a 20 6c 69 6e 65 20 31 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6c 61 6e 64 69 6e 67 2d 77 61 74 65 72 6d 61 72 6b 2e 73 63 73 73 20 2a 2f 0a 2e 77 61 74 65 72 6d 61 72 6b 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 76 65 72 74 69 63 61 6c 2d 72 6c 3b 0a 20 20 20 20 20 20 2d 6d 73 2d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 74 62 2d 72 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 76 65 72 74 69 63 61 6c 2d 72 6c 3b 0a 20 20 74 65 78 74 2d 6f 72 69 65 6e 74 61 74 69 6f 6e 3a 20 73 69 64 65 77 61 79 73 3b 0a 7d 0a 0a 2f 2a 20 6c 69 6e 65 20 34 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6c 61 6e 64 69 6e 67 2d 77 61 Data Ascii: /* line 1, app/assets/stylesheets/landing-watermark.scss /.watermark { -webkit-writing-mode: vertical-rl; -ms-writing-mode: tb-rl; writing-mode: vertical-rl; text-orientation: sideways;}/ line 4, app/assets/stylesheets/landing-wa

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:33:06 UTC	937	OUT	GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1 Host: secured-login.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-10 15:33:06 UTC	279	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 15:33:06 GMT Content-Type: application/javascript Content-Length: 380848 Connection: close Last-Modified: Fri, 10 Jan 2025 14:08:30 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-10 15:33:06 UTC	16105	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-01-10 15:33:06 UTC	16384	IN	Data Raw: 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72 Data Ascii: Name)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe(e,"input")&&"button"===e.type\|\|fe(e,"button")},text:function(e){var t;return fe(e,"input")&&"text"===e.type&&(null==(t=e.getAttribute("type"))\|\|"text"===t.toLowerCase())},fir
2025-01-10 15:33:06 UTC	56	IN	Data Raw: 28 65 2c 6e 29 7c 7c 5f 2e 61 63 63 65 73 73 28 65 2c 6e 2c 7b 65 6d 70 74 79 3a 63 65 2e 43 61 6c 6c 62 61 63 6b 73 28 22 6f 6e 63 65 20 6d 65 6d 6f 72 79 22 29 2e 61 Data Ascii: (e,n)\|\|_.access(e,n,{empty:ce.Callbacks("once memory").a
2025-01-10 15:33:06 UTC	3028	IN	Data Raw: 64 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 72 65 6d 6f 76 65 28 65 2c 5b 74 2b 22 71 75 65 75 65 22 2c 6e 5d 29 7d 29 7d 29 7d 7d 29 2c 63 65 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 32 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 74 2c 74 3d 22 66 78 22 2c 65 2d 2d 29 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 65 3f 63 65 2e 71 75 65 75 65 28 74 68 69 73 5b 30 5d 2c 74 29 3a 76 6f 69 64 20 30 3d 3d 3d 6e 3f 74 68 69 73 3a 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 63 65 2e 71 75 65 75 65 28 74 68 69 73 2c 74 2c 6e 29 3b 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 74 68 69 73 2c 74 29 Data Ascii: dd(function(){_.remove(e,[t+"queue",n])})})}}),ce.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?ce.queue(this[0],t):void 0===n?this:this.each(function(){var e=ce.queue(this,t,n);ce._queueHooks(this,t)
2025-01-10 15:33:06 UTC	16384	IN	Data Raw: 6c 65 3e 22 5d 2c 5f 64 65 66 61 75 6c 74 3a 5b 30 2c 22 22 2c 22 22 5d 7d 3b 66 75 6e 63 74 69 6f 6e 20 53 65 28 65 2c 74 29 7b 76 61 72 20 6e 3b 72 65 74 75 72 6e 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 3f 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 74 7c 7c 22 2a 22 29 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 3f 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 74 7c 7c 22 2a 22 29 3a 5b 5d 2c 76 6f 69 64 20 30 3d 3d 3d 74 7c 7c 74 26 26 66 65 28 65 2c 74 29 3f 63 65 2e 6d 65 72 67 65 28 5b 65 5d 2c 6e 29 3a 6e 7d 66 75 6e 63 74 69 6f 6e 20 45 65 28 65 Data Ascii: le>"],_default:[0,"",""]};function Se(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t\|\|""):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t\|\|""):[],void 0===t\|\|t&&fe(e,t)?ce.merge([e],n):n}function Ee(e
2025-01-10 15:33:06 UTC	16384	IN	Data Raw: 6e 67 3a 22 30 22 2c 66 6f 6e 74 57 65 69 67 68 74 3a 22 34 30 30 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 74 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3d 59 2e 65 78 65 63 28 74 29 3b 72 65 74 75 72 6e 20 72 3f 4d 61 74 68 2e 6d 61 78 28 30 2c 72 5b 32 5d 2d 28 6e 7c 7c 30 29 29 2b 28 72 5b 33 5d 7c 7c 22 70 78 22 29 3a 74 7d 66 75 6e 63 74 69 6f 6e 20 69 74 28 65 2c 74 2c 6e 2c 72 2c 69 2c 6f 29 7b 76 61 72 20 61 3d 22 77 69 64 74 68 22 3d 3d 3d 74 3f 31 3a 30 2c 73 3d 30 2c 75 3d 30 2c 6c 3d 30 3b 69 66 28 6e 3d 3d 3d 28 72 3f 22 62 6f 72 64 65 72 22 3a 22 63 6f 6e 74 65 6e 74 22 29 29 72 65 74 75 72 6e 20 30 3b 66 6f 72 28 3b 61 3c 34 3b 61 2b 3d 32 29 22 6d 61 72 67 69 6e 22 3d 3d 3d 6e 26 26 28 6c 2b 3d 63 65 2e 63 73 73 28 65 2c 6e 2b 51 5b 61 5d 2c 21 Data Ascii: ng:"0",fontWeight:"400"};function rt(e,t,n){var r=Y.exec(t);return r?Math.max(0,r[2]-(n\|\|0))+(r[3]\|\|"px"):t}function it(e,t,n,r,i,o){var a="width"===t?1:0,s=0,u=0,l=0;if(n===(r?"border":"content"))return 0;for(;a<4;a+=2)"margin"===n&&(l+=ce.css(e,n+Q[a],!
2025-01-10 15:33:06 UTC	16384	IN	Data Raw: 61 6c 28 29 2c 61 29 72 65 74 75 72 6e 20 74 3b 73 2e 70 75 73 68 28 74 29 7d 72 65 74 75 72 6e 20 73 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 3d 65 2e 6f 70 74 69 6f 6e 73 2c 6f 3d 63 65 2e 6d 61 6b 65 41 72 72 61 79 28 74 29 2c 61 3d 69 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 61 2d 2d 29 28 28 72 3d 69 5b 61 5d 29 2e 73 65 6c 65 63 74 65 64 3d 2d 31 3c 63 65 2e 69 6e 41 72 72 61 79 28 63 65 2e 76 61 6c 48 6f 6f 6b 73 2e 6f 70 74 69 6f 6e 2e 67 65 74 28 72 29 2c 6f 29 29 26 26 28 6e 3d 21 30 29 3b 72 65 74 75 72 6e 20 6e 7c 7c 28 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 3d 2d 31 29 2c 6f 7d 7d 7d 7d 29 2c 63 65 2e 65 61 63 68 28 5b 22 72 61 64 69 6f 22 2c 22 63 68 65 63 6b 62 6f 78 22 5d 2c 66 75 6e 63 Data Ascii: al(),a)return t;s.push(t)}return s},set:function(e,t){var n,r,i=e.options,o=ce.makeArray(t),a=i.length;while(a--)((r=i[a]).selected=-1<ce.inArray(ce.valHooks.option.get(r),o))&&(n=!0);return n\|\|(e.selectedIndex=-1),o}}}}),ce.each(["radio","checkbox"],func
2025-01-10 15:33:06 UTC	16384	IN	Data Raw: 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 3b 77 68 69 6c 65 28 65 26 26 22 73 74 61 74 69 63 22 3d 3d 3d 63 65 2e 63 73 73 28 65 2c 22 70 6f 73 69 74 69 6f 6e 22 29 29 65 3d 65 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 3b 72 65 74 75 72 6e 20 65 7c 7c 4a 7d 29 7d 7d 29 2c 63 65 2e 65 61 63 68 28 7b 73 63 72 6f 6c 6c 4c 65 66 74 3a 22 70 61 67 65 58 4f 66 66 73 65 74 22 2c 73 63 72 6f 6c 6c 54 6f 70 3a 22 70 61 67 65 59 4f 66 66 73 65 74 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 69 29 7b 76 61 72 20 6f 3d 22 70 61 67 65 59 4f 66 66 73 65 74 22 3d 3d 3d 69 3b 63 65 2e 66 6e 5b 74 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 Data Ascii: nction(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===ce.css(e,"position"))e=e.offsetParent;return e\|\|J})}}),ce.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;ce.fn[t]=function(e){re
2025-01-10 15:33:06 UTC	16384	IN	Data Raw: 68 2b 69 2b 61 2b 65 2e 63 6f 6c 6c 69 73 69 6f 6e 48 65 69 67 68 74 2d 6e 2d 73 29 3c 30 7c 7c 73 3c 6b 28 72 29 29 26 26 28 74 2e 74 6f 70 2b 3d 68 2b 69 2b 61 29 3a 30 3c 6c 26 26 28 30 3c 28 6f 3d 74 2e 74 6f 70 2d 65 2e 63 6f 6c 6c 69 73 69 6f 6e 50 6f 73 69 74 69 6f 6e 2e 6d 61 72 67 69 6e 54 6f 70 2b 68 2b 69 2b 61 2d 6f 29 7c 7c 6b 28 6f 29 3c 6c 29 26 26 28 74 2e 74 6f 70 2b 3d 68 2b 69 2b 61 29 7d 7d 2c 66 6c 69 70 66 69 74 3a 7b 6c 65 66 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 56 2e 75 69 2e 70 6f 73 69 74 69 6f 6e 2e 66 6c 69 70 2e 6c 65 66 74 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 2c 56 2e 75 69 2e 70 6f 73 69 74 69 6f 6e 2e 66 69 74 2e 6c 65 66 74 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d Data Ascii: h+i+a+e.collisionHeight-n-s)<0\|\|s<k(r))&&(t.top+=h+i+a):0<l&&(0<(o=t.top-e.collisionPosition.marginTop+h+i+a-o)\|\|k(o)<l)&&(t.top+=h+i+a)}},flipfit:{left:function(){V.ui.position.flip.left.apply(this,arguments),V.ui.position.fit.left.apply(this,arguments)}
2025-01-10 15:33:06 UTC	16384	IN	Data Raw: 66 74 3a 65 2e 6c 65 66 74 2b 74 68 69 73 2e 6f 66 66 73 65 74 2e 72 65 6c 61 74 69 76 65 2e 6c 65 66 74 2a 69 2b 74 68 69 73 2e 6f 66 66 73 65 74 2e 70 61 72 65 6e 74 2e 6c 65 66 74 2a 69 2d 28 22 66 69 78 65 64 22 3d 3d 3d 74 68 69 73 2e 63 73 73 50 6f 73 69 74 69 6f 6e 3f 2d 74 68 69 73 2e 6f 66 66 73 65 74 2e 73 63 72 6f 6c 6c 2e 6c 65 66 74 3a 74 3f 30 3a 74 68 69 73 2e 6f 66 66 73 65 74 2e 73 63 72 6f 6c 6c 2e 6c 65 66 74 29 2a 69 7d 7d 2c 5f 67 65 6e 65 72 61 74 65 50 6f 73 69 74 69 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 69 2c 73 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2c 6e 3d 74 68 69 73 2e 5f 69 73 52 6f 6f 74 4e 6f 64 65 28 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 29 2c 6f 3d 74 2e 70 61 67 65 58 2c 61 Data Ascii: ft:e.left+this.offset.relative.lefti+this.offset.parent.lefti-("fixed"===this.cssPosition?-this.offset.scroll.left:t?0:this.offset.scroll.left)*i}},_generatePosition:function(t,e){var i,s=this.options,n=this._isRootNode(this.scrollParent[0]),o=t.pageX,a

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:33:07 UTC	427	OUT	GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1 Host: secured-login.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-10 15:33:08 UTC	279	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 15:33:08 GMT Content-Type: application/javascript Content-Length: 380848 Connection: close Last-Modified: Fri, 10 Jan 2025 14:08:30 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-10 15:33:08 UTC	16105	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-01-10 15:33:08 UTC	16384	IN	Data Raw: 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72 Data Ascii: Name)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe(e,"input")&&"button"===e.type\|\|fe(e,"button")},text:function(e){var t;return fe(e,"input")&&"text"===e.type&&(null==(t=e.getAttribute("type"))\|\|"text"===t.toLowerCase())},fir
2025-01-10 15:33:08 UTC	56	IN	Data Raw: 28 65 2c 6e 29 7c 7c 5f 2e 61 63 63 65 73 73 28 65 2c 6e 2c 7b 65 6d 70 74 79 3a 63 65 2e 43 61 6c 6c 62 61 63 6b 73 28 22 6f 6e 63 65 20 6d 65 6d 6f 72 79 22 29 2e 61 Data Ascii: (e,n)\|\|_.access(e,n,{empty:ce.Callbacks("once memory").a
2025-01-10 15:33:08 UTC	16384	IN	Data Raw: 64 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 72 65 6d 6f 76 65 28 65 2c 5b 74 2b 22 71 75 65 75 65 22 2c 6e 5d 29 7d 29 7d 29 7d 7d 29 2c 63 65 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 32 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 74 2c 74 3d 22 66 78 22 2c 65 2d 2d 29 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 65 3f 63 65 2e 71 75 65 75 65 28 74 68 69 73 5b 30 5d 2c 74 29 3a 76 6f 69 64 20 30 3d 3d 3d 6e 3f 74 68 69 73 3a 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 63 65 2e 71 75 65 75 65 28 74 68 69 73 2c 74 2c 6e 29 3b 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 74 68 69 73 2c 74 29 Data Ascii: dd(function(){_.remove(e,[t+"queue",n])})})}}),ce.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?ce.queue(this[0],t):void 0===n?this:this.each(function(){var e=ce.queue(this,t,n);ce._queueHooks(this,t)
2025-01-10 15:33:08 UTC	16384	IN	Data Raw: 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 63 65 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 6e 29 3c 30 26 26 28 63 65 2e 63 6c 65 61 6e 44 61 74 61 28 53 65 28 74 68 69 73 29 29 2c 74 26 26 74 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 65 2c 74 68 69 73 29 29 7d 2c 6e 29 7d 7d 29 2c 63 65 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 74 42 65 66 6f 72 65 3a 22 62 65 66 6f 72 65 22 2c 69 6e 73 65 72 74 41 66 74 65 72 3a 22 61 66 74 65 72 22 2c 72 65 70 6c 61 63 65 41 6c 6c 3a 22 72 65 70 6c 61 63 65 57 69 74 68 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 63 65 2e 66 6e 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 Data Ascii: this.parentNode;ce.inArray(this,n)<0&&(ce.cleanData(Se(this)),t&&t.replaceChild(e,this))},n)}}),ce.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){ce.fn[e]=function(e){for(var t
2025-01-10 15:33:08 UTC	16384	IN	Data Raw: 28 72 3d 69 2e 73 65 74 28 65 2c 6e 2c 74 29 29 3f 72 3a 65 5b 74 5d 3d 6e 3a 69 26 26 22 67 65 74 22 69 6e 20 69 26 26 6e 75 6c 6c 21 3d 3d 28 72 3d 69 2e 67 65 74 28 65 2c 74 29 29 3f 72 3a 65 5b 74 5d 7d 2c 70 72 6f 70 48 6f 6f 6b 73 3a 7b 74 61 62 49 6e 64 65 78 3a 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 63 65 2e 66 69 6e 64 2e 61 74 74 72 28 65 2c 22 74 61 62 69 6e 64 65 78 22 29 3b 72 65 74 75 72 6e 20 74 3f 70 61 72 73 65 49 6e 74 28 74 2c 31 30 29 3a 62 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7c 7c 77 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 26 26 65 2e 68 72 65 66 3f 30 3a 2d 31 7d 7d 7d 2c 70 72 6f 70 46 69 78 3a 7b 22 66 6f 72 22 3a 22 68 74 6d 6c 46 6f 72 22 2c 22 63 6c 61 73 73 22 3a 22 Data Ascii: (r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=ce.find.attr(e,"tabindex");return t?parseInt(t,10):bt.test(e.nodeName)\|\|wt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"
2025-01-10 15:33:08 UTC	16384	IN	Data Raw: 65 66 69 6c 74 65 72 28 22 6a 73 6f 6e 20 6a 73 6f 6e 70 22 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 3d 21 31 21 3d 3d 65 2e 6a 73 6f 6e 70 26 26 28 5a 74 2e 74 65 73 74 28 65 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 64 61 74 61 26 26 30 3d 3d 3d 28 65 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 5a 74 2e 74 65 73 74 28 65 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 61 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 65 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 72 3d 65 2e 6a 73 6f 6e 70 43 61 6c Data Ascii: efilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Zt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Zt.test(e.data)&&"data");if(a\|\|"jsonp"===e.dataTypes[0])return r=e.jsonpCal
2025-01-10 15:33:08 UTC	16384	IN	Data Raw: 74 65 72 22 2c 69 5b 31 5d 3d 6c 2e 74 65 73 74 28 69 5b 31 5d 29 3f 69 5b 31 5d 3a 22 63 65 6e 74 65 72 22 2c 74 3d 68 2e 65 78 65 63 28 69 5b 30 5d 29 2c 65 3d 68 2e 65 78 65 63 28 69 5b 31 5d 29 2c 77 5b 74 68 69 73 5d 3d 5b 74 3f 74 5b 30 5d 3a 30 2c 65 3f 65 5b 30 5d 3a 30 5d 2c 75 5b 74 68 69 73 5d 3d 5b 63 2e 65 78 65 63 28 69 5b 30 5d 29 5b 30 5d 2c 63 2e 65 78 65 63 28 69 5b 31 5d 29 5b 30 5d 5d 7d 29 2c 31 3d 3d 3d 79 2e 6c 65 6e 67 74 68 26 26 28 79 5b 31 5d 3d 79 5b 30 5d 29 2c 22 72 69 67 68 74 22 3d 3d 3d 75 2e 61 74 5b 30 5d 3f 6d 2e 6c 65 66 74 2b 3d 70 3a 22 63 65 6e 74 65 72 22 3d 3d 3d 75 2e 61 74 5b 30 5d 26 26 28 6d 2e 6c 65 66 74 2b 3d 70 2f 32 29 2c 22 62 6f 74 74 6f 6d 22 3d 3d 3d 75 2e 61 74 5b 31 5d 3f 6d 2e 74 6f 70 2b 3d 66 3a Data Ascii: ter",i[1]=l.test(i[1])?i[1]:"center",t=h.exec(i[0]),e=h.exec(i[1]),w[this]=[t?t[0]:0,e?e[0]:0],u[this]=[c.exec(i[0])[0],c.exec(i[1])[0]]}),1===y.length&&(y[1]=y[0]),"right"===u.at[0]?m.left+=p:"center"===u.at[0]&&(m.left+=p/2),"bottom"===u.at[1]?m.top+=f:
2025-01-10 15:33:08 UTC	16384	IN	Data Raw: 66 66 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 2e 6f 66 66 73 65 74 28 29 2c 65 3d 74 68 69 73 2e 64 6f 63 75 6d 65 6e 74 5b 30 5d 3b 72 65 74 75 72 6e 22 61 62 73 6f 6c 75 74 65 22 3d 3d 3d 74 68 69 73 2e 63 73 73 50 6f 73 69 74 69 6f 6e 26 26 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 21 3d 3d 65 26 26 56 2e 63 6f 6e 74 61 69 6e 73 28 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 2c 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 5b 30 5d 29 26 26 28 74 2e 6c 65 66 74 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 6f 6c 6c 4c 65 66 74 28 29 2c 74 2e 74 6f 70 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 Data Ascii: ffset:function(){var t=this.offsetParent.offset(),e=this.document[0];return"absolute"===this.cssPosition&&this.scrollParent[0]!==e&&V.contains(this.scrollParent[0],this.offsetParent[0])&&(t.left+=this.scrollParent.scrollLeft(),t.top+=this.scrollParent.scr
2025-01-10 15:33:08 UTC	16384	IN	Data Raw: 74 2e 6f 66 66 73 65 74 28 29 2c 6e 5b 69 5d 2e 70 72 6f 70 6f 72 74 69 6f 6e 73 28 7b 77 69 64 74 68 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 57 69 64 74 68 2c 68 65 69 67 68 74 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 29 29 7d 7d 2c 64 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 69 3d 21 31 3b 72 65 74 75 72 6e 20 56 2e 65 61 63 68 28 28 56 2e 75 69 2e 64 64 6d 61 6e 61 67 65 72 2e 64 72 6f 70 70 61 62 6c 65 73 5b 74 2e 6f 70 74 69 6f 6e 73 2e 73 63 6f 70 65 5d 7c 7c 5b 5d 29 2e 73 6c 69 63 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 26 26 28 21 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 64 69 73 61 62 6c 65 64 26 26 74 68 Data Ascii: t.offset(),n[i].proportions({width:n[i].element[0].offsetWidth,height:n[i].element[0].offsetHeight}))}},drop:function(t,e){var i=!1;return V.each((V.ui.ddmanager.droppables[t.options.scope]\|\|[]).slice(),function(){this.options&&(!this.options.disabled&&th

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:33:07 UTC	893	OUT	GET /LP_videos/hook.wav HTTP/1.1 Host: helpimg.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Encoding: identity;q=1, ;q=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: /* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: audio Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ== Accept-Language: en-US,en;q=0.9 Range: bytes=0-
2025-01-10 15:33:07 UTC	555	IN	HTTP/1.1 206 Partial Content x-amz-id-2: +NZ8weLUMR5nmYDDQ0uQFIVnh33U+5Mx01RG6dxmki+3VQ2120aRhEZjooapWhRjsdtnW3iYoendty+bqwA5RgabyTKJdS+LGgeBcLcvn7k= x-amz-request-id: 188582E6N3SJ1Y2F Date: Fri, 10 Jan 2025 15:33:08 GMT x-amz-replication-status: COMPLETED Last-Modified: Thu, 17 Jan 2019 18:33:25 GMT ETag: "6b207845061b2bf9205c8418d478cc0b" x-amz-version-id: ac8b7SSNz3NQx51mdxyde5fDKd2o8w1v Accept-Ranges: bytes Content-Range: bytes 0-214545/214546 Content-Type: audio/vnd.wave Content-Length: 214546 Server: AmazonS3 Connection: close
2025-01-10 15:33:07 UTC	16384	IN	Data Raw: 52 49 46 46 0a 46 03 00 57 41 56 45 66 6d 74 20 12 00 00 00 01 00 02 00 80 3e 00 00 00 fa 00 00 04 00 10 00 00 00 64 61 74 61 00 16 03 00 41 00 41 00 4c 00 4c 00 b5 ff b5 ff 41 00 41 00 c5 ff c5 ff 38 00 38 00 d9 ff d9 ff 25 00 25 00 d8 ff d8 ff 21 00 21 00 e9 ff e9 ff 2a 00 2a 00 fd ff fd ff 20 00 20 00 e8 ff e8 ff 04 00 04 00 e1 ff e1 ff 05 00 05 00 ef ff ef ff 0a 00 0a 00 f5 ff f5 ff 0a 00 0a 00 fd ff fd ff 10 00 10 00 fa ff fa ff 03 00 03 00 fd ff fd ff 04 00 04 00 ff ff ff ff 05 00 05 00 fb ff fb ff fd ff fd ff f6 ff f6 ff fc ff fb ff fe ff fe ff 06 00 06 00 00 00 00 00 fd ff fd ff fc ff fc ff 06 00 06 00 09 00 09 00 09 00 09 00 03 00 03 00 fd ff fd ff fe ff fe ff 00 00 00 00 fd ff fd ff fb ff fb ff fd ff fd ff 00 00 00 00 01 00 01 00 00 00 00 00 02 Data Ascii: RIFFFWAVEfmt >dataAALLAA88%%!!**
2025-01-10 15:33:07 UTC	469	IN	Data Raw: 70 fd eb fd eb fd be fd be fd ea fd ea fd c8 fd c8 fd 61 fe 61 fe 72 fe 72 fe 8c fe 8c fe 5f fe 5f fe c3 fe c3 fe b2 fe b2 fe 0e ff 0e ff 0a ff 0a ff 38 ff 38 ff 5b ff 5b ff a7 ff a7 ff c0 ff c0 ff d3 ff d3 ff 37 00 37 00 51 00 51 00 5a 00 5a 00 99 00 99 00 f7 00 f7 00 24 01 24 01 65 01 65 01 98 01 98 01 f7 01 f7 01 41 02 41 02 72 02 72 02 a9 02 a9 02 af 02 af 02 f2 02 f2 02 03 03 03 03 75 03 75 03 22 03 22 03 90 03 90 03 c8 03 c8 03 76 03 76 03 25 04 25 04 f2 03 f2 03 29 04 29 04 40 04 40 04 13 04 13 04 ed 03 ed 03 ca 04 ca 04 e6 03 e6 03 e2 03 e3 03 7b 04 7b 04 54 04 54 04 b5 03 b5 03 06 04 06 04 c4 03 c4 03 08 04 08 04 55 03 55 03 92 03 92 03 98 03 98 03 81 03 81 03 e6 02 e6 02 ee 03 ee 03 c1 02 c1 02 6d 02 6d 02 97 02 97 02 f0 02 f0 02 75 01 75 01 2a Data Ascii: paarr__88[[77QQZZ$$eeAArruu""vv%%))@@{{TTUUmmuu*
2025-01-10 15:33:07 UTC	16384	IN	Data Raw: ff af fd af fd 1a fe 1a fe 0e ff 0e ff 97 fe 97 fe 64 ff 64 ff 8d fd 8d fd 65 00 65 00 c8 fe c8 fe 6c ff 6c ff eb fe eb fe 1a 00 1a 00 1e ff 1e ff 30 00 30 00 b3 ff b3 ff 1d 00 1d 00 5c ff 5c ff 6d 00 6d 00 e2 ff e2 ff 5e 00 5e 00 6a 00 6a 00 5e 00 5e 00 e8 00 e8 00 87 00 87 00 14 01 14 01 9c 00 9c 00 a7 01 a7 01 1b 01 1b 01 be 01 be 01 3c 01 3c 01 0e 02 0e 02 b3 01 b3 01 27 02 27 02 f3 01 f3 01 4e 02 4e 02 0d 02 0d 02 6c 02 6c 02 1f 02 1f 02 96 02 96 02 79 02 79 02 57 02 57 02 b3 02 b3 02 84 02 84 02 ba 02 ba 02 d0 02 d0 02 b3 02 b3 02 c0 02 c0 02 a3 02 a3 02 94 02 94 02 6d 02 6d 02 98 02 98 02 5f 02 5f 02 5d 02 5d 02 8e 02 8e 02 28 02 28 02 99 02 99 02 d1 01 d1 01 7b 02 7b 02 04 02 04 02 0b 02 0b 02 cc 01 cc 01 e3 01 e3 01 bb 01 bb 01 6f 01 6f 01 a8 01 Data Ascii: ddeell00\\mm^^jj^^<<''NNllyyWWmm__]](({{oo
2025-01-10 15:33:07 UTC	1024	IN	Data Raw: 05 4b 00 4b 00 8b 00 8b 00 d2 f9 d2 f9 7c fc 7c fc 46 04 46 04 0f 02 0f 02 a6 ff a6 ff d6 fd d6 fd 8e f9 8e f9 92 01 92 01 81 fe 81 fe 0a 02 0a 02 95 fe 95 fe 12 fd 12 fd 19 fe 19 fe ac 02 ac 02 15 ff 15 ff 6c fe 6c fe 4b fe 4b fe a2 03 a2 03 a7 ff a7 ff 84 06 84 06 e1 fd e1 fd 94 fe 94 fe 25 fd 25 fd 4f 02 4f 02 cb 0b cb 0b 3e 03 3e 03 02 f7 02 f7 b4 f9 b4 f9 fd 02 fd 02 00 05 00 05 8d fe 8d fe ba fe ba fe 22 02 22 02 51 f9 51 f9 e8 07 e8 07 ca fc ca fc 7b 00 7b 00 8d fc 8d fc 5d fd 5d fd 1d 03 1d 03 a0 03 a0 03 76 fc 76 fc 82 ff 82 ff 7a 03 7a 03 22 fa 22 fa 40 02 40 02 39 06 39 06 6f fb 6f fb e4 02 e4 02 a7 fa a7 fa 8f 04 8f 04 f4 03 f4 03 f8 02 f8 02 ed fc ed fc 8c 04 8c 04 04 f8 04 f8 a4 04 a4 04 eb fb eb fb de 00 de 00 65 05 65 05 69 fd 69 fd fa 05 Data Ascii: KK\|\|FFllKK%%OO>>""QQ{{]]vvzz""@@99ooeeii
2025-01-10 15:33:07 UTC	16384	IN	Data Raw: 00 70 ff 70 ff 37 02 36 02 09 00 09 00 1f 01 1f 01 f5 fd f5 fd c3 fe c3 fe fa 02 fa 02 00 04 00 04 60 04 60 04 51 01 51 01 78 ff 78 ff d9 fe d9 fe 8a fd 8a fd 08 04 08 04 ae 03 ae 03 98 01 98 01 79 01 79 01 e7 02 e7 02 49 03 49 03 89 00 89 00 bd 00 bd 00 ad 01 ad 01 71 03 71 03 db fe db fe 77 01 77 01 9f 00 9f 00 c6 02 c6 02 18 03 18 03 fb ff fb ff 2c 00 2c 00 e2 fe e2 fe b9 ff b9 ff 41 01 41 01 f1 01 f1 01 66 ff 66 ff 89 ff 89 ff 91 00 91 00 98 fe 98 fe 7f 00 7f 00 52 ff 52 ff 99 03 99 03 88 fe 88 fe cf fb cf fb 3d fe 3d fe 6d ff 6d ff 3c 02 3c 02 16 ff 16 ff 3f fd 3f fd bb fc bb fc ba fe ba fe f5 ff f5 ff ec ff ec ff 39 00 39 00 33 fe 33 fe f2 fb f2 fb 0a fd 0a fd db fe db fe af ff af ff b7 fc b7 fc 99 fd 9a fd be fc be fc 8e fa 8e fa f5 fd f5 fd 84 fd Data Ascii: pp76``QQxxyyIIqqww,,AAffRR==mm<<??9933
2025-01-10 15:33:07 UTC	1024	IN	Data Raw: fe df 00 df 00 c6 01 c6 01 d3 fe d3 fe 94 ff 94 ff 67 00 67 00 d6 01 d6 01 71 01 71 01 8f fc 8f fc d3 fc d3 fc f2 ff f2 ff c4 04 c4 04 bc 01 bc 01 d1 fd d1 fd 44 fe 44 fe 61 fd 61 fd 7c 02 7c 02 25 01 25 01 9d 00 9d 00 8b 03 8b 03 16 fd 16 fd c6 fa c6 fa 74 fc 74 fc e0 07 e0 07 4e 0b 4e 0b 1b f8 1b f8 bf f4 bf f4 e1 fe e1 fe 0d 09 0d 09 c6 0a c6 0a 65 f6 65 f6 88 fa 88 fa 6a 00 6a 00 c3 03 c3 03 aa 02 aa 02 6e fe 6e fe ea fd ea fd a5 00 a5 00 04 ff 04 ff 6f 01 6f 01 97 fe 97 fe f7 02 f7 02 a8 ff a8 ff 9c ff 9c ff 01 fe 01 fe 52 fd 52 fd 38 02 38 02 b2 02 b2 02 03 00 03 00 19 03 19 03 1a f8 1a f8 1f 00 1f 00 67 03 67 03 93 00 93 00 31 01 31 01 ed fc ed fc 0e ff 0e ff ea 01 ea 01 64 00 64 00 ca 01 ca 01 45 fd 45 fd 42 ff 42 ff a0 02 a0 02 e0 fd e0 fd 1d 01 Data Ascii: ggqqDDaa\|\|%%ttNNeejjnnooRR88gg11ddEEBB
2025-01-10 15:33:07 UTC	16384	IN	Data Raw: ff c1 ff c1 ff 04 00 04 00 f6 ff f6 ff a5 00 a5 00 f3 ff f3 ff 9f ff 9f ff dc ff dc ff 26 00 26 00 2c 00 2c 00 ce ff ce ff ec ff ec ff 28 00 28 00 6a 00 6a 00 a9 ff a9 ff ea ff ea ff e2 ff e2 ff d2 ff d2 ff b0 00 b0 00 ce ff ce ff e5 ff e5 ff f8 ff f8 ff a1 ff a1 ff 7b 00 7b 00 59 00 59 00 a5 ff a5 ff d1 ff d1 ff b6 ff b6 ff 50 00 50 00 86 00 86 00 c6 ff c6 ff ec ff ec ff b8 ff b8 ff c9 ff c9 ff 96 00 96 00 1c 00 1c 00 bd ff bd ff df ff df ff 29 00 29 00 00 00 00 00 b3 ff b3 ff 15 00 15 00 2e 00 2e 00 1e 00 1e 00 f3 ff f3 ff d5 ff d5 ff 00 00 00 00 ea ff ea ff 2d 00 2d 00 2e 00 2e 00 ff ff ff ff e2 ff e2 ff 92 ff 92 ff f7 ff f7 ff 8b 00 8b 00 62 00 62 00 01 00 01 00 30 ff 30 ff a6 ff a6 ff 75 00 75 00 89 00 89 00 7a 00 7a 00 81 ff 81 ff 50 ff 50 ff 06 00 Data Ascii: &&,,((jj{{YYPP))..--..bb00uuzzPP
2025-01-10 15:33:07 UTC	1024	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-10 15:33:07 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-01-10 15:33:07 UTC	1024	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:33:07 UTC	908	OUT	GET /LP_videos/You've_Been_Phished.mp4 HTTP/1.1 Host: helpimg.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Encoding: identity;q=1, ;q=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: /* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: video Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ== Accept-Language: en-US,en;q=0.9 Range: bytes=0-
2025-01-10 15:33:07 UTC	550	IN	HTTP/1.1 206 Partial Content x-amz-id-2: qlpbFV17ZOd5rgF2R/TAMH49VhbULovTuYEwSe3JIujoVCeXwy98jlaRet2rQNn+KC0+i2Lg4qgW7xCQt1P6jSMrmV9Vr3KVBa18xnsJcOU= x-amz-request-id: 188ASYQWYDV3QB56 Date: Fri, 10 Jan 2025 15:33:08 GMT x-amz-replication-status: COMPLETED Last-Modified: Thu, 17 Jan 2019 18:33:25 GMT ETag: "117b3edc22858d8b022e75c64001cead" x-amz-version-id: _rYO9q6z9cr.70TeaubCza8Kt7dWLH.u Accept-Ranges: bytes Content-Range: bytes 0-330770/330771 Content-Type: video/mp4 Content-Length: 330771 Server: AmazonS3 Connection: close
2025-01-10 15:33:07 UTC	16384	IN	Data Raw: 00 00 00 20 66 74 79 70 6d 70 34 32 00 00 02 00 69 73 6f 6d 69 73 6f 32 61 76 63 31 6d 70 34 31 00 00 0b 29 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 d8 62 5d 24 d8 62 5d 24 00 00 03 e8 00 00 14 82 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 18 69 6f 64 73 00 00 00 00 10 80 80 80 07 00 4f ff ff ff fe ff 00 00 0a 2e 74 72 61 6b 00 00 00 5c 74 6b 68 64 00 00 00 03 d8 62 5d 24 d8 62 5d 24 00 00 00 01 00 00 00 00 00 00 14 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 Data Ascii: ftypmp42isomiso2avc1mp41)moovlmvhdb]$b]$@iodsO.trak\tkhdb]$b]$
2025-01-10 15:33:07 UTC	474	IN	Data Raw: d2 06 c2 32 a6 dd 91 62 02 9d 30 eb 8b 80 94 ae 9c 04 1f ac c9 cf 74 40 f1 b4 d5 f9 aa e4 a9 b4 9b fe fa 80 0f 1a d3 55 0c e1 e4 35 94 c4 a7 ee 85 e1 04 81 af 9b 79 e2 b2 10 d0 f6 ba fe 2b dc 8b 07 57 89 35 5d af 8f 7f f5 fd 6a ae 8b f2 f4 90 be b7 15 87 c3 3b 57 d7 e8 0e 64 ee fd 89 d7 d4 38 f6 7f b0 f1 11 75 ff 29 e9 ed fe 6a 56 2a 5b f7 43 57 d3 13 62 ba 82 01 ad c2 05 b5 7c e2 4e 13 d0 c4 a7 77 61 6c c7 e7 b1 73 98 19 e9 40 8c e9 a9 36 e7 fb a0 33 32 90 7f 1c e8 9e 5b e6 c1 bf d0 d5 c7 d3 b8 4c 16 4a aa 52 67 41 03 40 f5 f6 86 b7 35 3c f9 23 2d 14 b4 7e 2f 60 e7 c0 96 47 4e d7 fd 01 3f ea 68 7a be 51 a2 7f 8b e8 e1 93 77 cc 93 7a 94 b7 c8 57 2e 7a 53 94 20 6b c7 c0 81 42 f8 6f 69 b4 f9 db fb 24 b5 80 6b 7e 33 12 50 31 89 7b c5 e2 72 e1 28 5b 5b 7f 5d Data Ascii: 2b0t@U5y+W5]j;Wd8u)jV*[CWb\|Nwals@632[LJRgA@5<#-~/`GN?hzQwzW.zS kBoi$k~3P1{r([[]
2025-01-10 15:33:07 UTC	16384	IN	Data Raw: b2 94 16 a4 6b fa e3 6a b9 0e cb 35 ae f9 78 d9 1f c2 79 cf 64 47 16 ab 2f ad 97 de 0a fb 06 b9 30 fe 41 62 fa fb 9d e1 1d 5b c5 4e 59 ee db 3b 00 9a 20 ab e0 ab e1 f8 40 80 13 86 71 6e f5 0a 23 d3 43 5d 21 92 56 c9 68 16 37 c8 dc 68 8c 13 02 49 dc 07 3c db 0b 46 bc 9e 7f 2e 63 56 8b af 53 34 00 00 03 00 00 03 00 04 9e 10 21 43 d2 e6 f3 24 26 fe 13 9d 9a f4 0d 89 e7 2d 0e cc a0 c2 6a 4a d9 f3 4d df c8 9c 52 12 43 89 5e 6c 80 4f f2 36 28 6b cf 62 4f 4a a1 45 55 7b 5b ce 80 95 7a 41 60 29 69 2b 55 42 09 ae 56 7c be 1c 8b bc 95 29 7a 91 5d 77 07 cd 2e c8 42 72 cd be 3e dc bc 81 8e 3a 46 bd 0e 7d c3 af 7d 0e 12 cb 8b 7c 7c 23 b9 80 42 e8 09 fa 66 dd b6 ce fe 44 ab fc 25 03 72 a4 e7 3e 5f dd e6 c5 8f b5 4a 73 a3 47 54 1c 03 f4 1b 17 fb 22 7a e8 a8 4b 6e 10 09 Data Ascii: kj5xydG/0Ab[NY; @qn#C]!Vh7hI<F.cVS4!C$&-jJMRC^lO6(kbOJEU{[zA`)i+UBV\|)z]w.Br>:F}}\|\|#BfD%r>_JsGT"zKn
2025-01-10 15:33:07 UTC	1024	IN	Data Raw: 34 a1 b0 51 2f 78 44 e9 b8 ee c5 69 6d 53 98 d6 b5 22 71 a8 3e d7 65 38 17 1d 5b bd 28 2e fa 1c ee 8f 3b fd 2a 20 9f b6 da 9e bc c6 32 d0 9f 0d 6b cd d3 35 65 74 11 cf de 45 8d b5 9f e7 18 30 cf 74 59 cc 10 40 ba 23 c4 71 dc d9 4a 77 96 27 0a 03 53 75 07 9f 92 e7 47 3c f0 38 9b d8 14 c3 41 e0 3f a3 ef c1 aa 12 00 9c d2 b6 e6 4c a3 b6 f8 d0 45 90 3f 28 01 79 36 3b 41 3c 5c 0f 55 00 8e 21 fb 2a c2 42 49 d6 39 01 4b 8a 0d 03 a4 77 dc fb 89 67 64 20 15 68 12 7d 18 bd c7 b2 f2 56 5c 12 1b b8 40 a6 10 11 2b 0b aa 91 16 72 15 32 81 aa bc 83 0a 68 6d 15 b9 61 30 48 62 98 05 5f 68 dc b6 de 9f b3 65 aa 2b fd 26 49 9b 48 bc dd 13 cf 52 66 c0 fd 73 8a 4b 09 f0 91 47 e0 68 31 5e 5b ea 5f b0 eb 6c 0d 06 03 06 e2 b5 40 85 58 3e 36 08 b1 8d a1 bf 64 b8 70 ac 94 ff 65 2d Data Ascii: 4Q/xDimS"q>e8[(.;* 2k5etE0tY@#qJw'SuG<8A?LE?(y6;A<\U!*BI9Kwgd h}V\@+r2hma0Hb_he+&IHRfsKGh1^[_l@X>6dpe-
2025-01-10 15:33:07 UTC	16384	IN	Data Raw: 95 2a 21 a7 70 75 c6 15 e6 88 48 a0 80 e7 00 35 d0 ab 4f e0 2f 54 80 f4 aa 72 ce c4 bb d2 c6 c5 c7 33 7f 23 76 02 c8 a2 a3 bf e9 bc 89 56 cc ff 0e b6 54 4f eb 95 f8 7d 06 da 1f cc 81 6c 9a d7 b1 81 64 fc e0 95 0c 6d bd 24 62 02 54 86 10 2c 85 7b 45 f8 81 c8 4f 95 5a 04 43 e5 e3 af 69 06 e8 b3 43 a1 2a 74 d4 20 61 e6 cf 94 76 36 63 85 8f d5 d4 ae 49 84 b1 42 5a 17 73 02 7c 3e 23 f5 26 f0 f6 20 92 e7 71 50 83 b4 f7 dc 31 ce c6 3c bf 66 28 d6 aa 04 f3 df 5b 9f 26 f8 13 11 c3 ea 2f 3a 3b bd d3 94 59 d6 7d 45 47 f5 87 f3 72 06 5c 1f ec a4 40 89 f6 9a d7 7c 86 ec d1 48 fe 14 60 61 84 20 6a b6 31 be ed 19 76 1e 02 0e 45 62 92 68 19 7c e3 26 e9 40 c9 17 ba 56 41 ee 7d ae 2b 27 e2 a8 ee dd 7c fd 9d 88 e1 f9 39 10 12 f0 d6 29 c7 4a 68 62 e8 b8 f6 21 57 ad 29 99 09 Data Ascii: !puH5O/Tr3#vVTO}ldm$bT,{EOZCiCt av6cIBZs\|>#& qP1<f([&/:;Y}EGr\@\|H`a j1vEbh\|&@VA}+'\|9)Jhb!W)
2025-01-10 15:33:07 UTC	1024	IN	Data Raw: 34 22 59 2f 21 3d bf 75 4f 43 a1 bf dd 97 73 c5 54 7d 31 66 29 ba 9c 99 7f 5b be 1f 11 81 ac 65 ae 04 ae b9 3d 82 bc f3 72 46 96 c5 e1 ac e8 67 20 c1 16 9a fb 64 fe f6 a9 ea 5c 64 d7 88 89 37 f5 2a 1d cb e8 37 52 32 84 f6 df e9 1a 36 12 fb 06 b7 7d b2 f3 6f be e8 32 55 e7 1d 4a 90 28 52 fd f9 25 7b d6 dd 98 4d d1 b0 9b 06 8c 31 25 48 2e 0c 71 73 99 4f 18 36 39 c5 c8 f2 48 aa 52 9e e9 db 78 df 79 ff e9 11 68 74 a2 39 e0 c0 d9 72 69 95 3f 12 0c 7d ed 43 b5 13 2c d9 c6 b2 b0 05 9d 1c 9a ca 67 72 1e b4 b8 77 18 20 be de 0a a1 6e 8e e0 f7 33 d5 ab 57 cd 28 80 17 c2 e7 78 dd 6a e0 2a 55 01 f8 c1 97 d5 e2 84 70 6e c1 8b 6a 89 09 7c da d6 24 ff f5 b4 12 58 c4 46 75 d0 7e 47 be d0 54 be fa c1 81 89 b7 96 b3 1d 9c 81 7e 91 f8 d4 b0 e0 a3 08 03 8e 97 20 b5 0e cf 71 Data Ascii: 4"Y/!=uOCsT}1f)[e=rFg d\d77R26}o2UJ(R%{M1%H.qsO69HRxyht9ri?}C,grw n3W(xjUpnj\|$XFu~GT~ q
2025-01-10 15:33:07 UTC	10749	IN	Data Raw: a8 c7 aa 16 ca 84 7a fa 43 4f c4 a3 c9 b6 53 ea b9 2f a8 6d 74 26 54 8d 6c a5 7b b1 85 9c 8a 43 17 62 48 92 ff ca 0e 0b f8 0a 88 34 ce 73 70 32 e9 e2 4d 1f cb 7a 53 65 b1 c2 60 6d 0a c4 e9 ba bd 6d ab 44 0c 64 1f 70 33 5b 6a 12 93 5a 90 e0 40 40 e0 02 43 ab 69 ca 90 99 b6 ec 0a d8 18 9c b4 a9 35 1d 61 49 2d c5 8d ee 02 fe 9d ac 71 85 f3 08 03 cd 68 7e e3 80 87 81 00 00 02 c3 01 9e 40 44 4f 00 00 03 00 00 0a 45 25 e9 e9 d1 70 be 36 00 00 03 00 00 03 00 55 2b af fe dc a7 65 0c 54 02 a0 2c 8f b1 ff f2 74 b1 3c 8b a5 60 ae c6 b7 27 04 f1 10 6f 8b 8a 13 f7 c3 66 23 4c 00 d6 b9 7a db 9e 00 0f 57 31 cf f6 d3 55 47 bf e1 08 67 c2 e9 6d 42 2c 6a fd 20 51 d6 58 d7 66 57 a0 54 1a 53 13 b1 1c c1 c3 70 fe d4 b7 70 b0 25 24 3d 4b a4 05 08 ed 16 ae d2 95 18 47 31 72 43 Data Ascii: zCOS/mt&Tl{CbH4sp2MzSe`mmDdp3[jZ@@Ci5aI-qh~@DOE%p6U+eT,t<`'of#LzW1UGgmB,j QXfWTSpp%$=KG1rC
2025-01-10 15:33:07 UTC	9000	IN	Data Raw: cd e0 d3 d2 7c 14 01 86 3e 9b bf d5 b4 fc 5e d1 4e 75 4d 44 4a 52 ba fe 23 f7 e0 80 0f e3 5c 62 4d b5 de 28 73 e6 22 3a 0d 41 2e 08 f5 50 f8 9e 38 ca b6 b5 8f 5f e1 59 4d 62 10 ad 15 ba fe c9 14 8c 9f 78 5c 87 3f 7e 2c 35 ff 29 10 57 8a 7b 75 f3 41 fc 3d 07 29 e8 a8 54 9f 1a 88 f3 8a a2 03 aa fb 36 23 d6 b2 82 a9 96 3a 45 9d 74 d0 7b 16 0e 69 0a e5 fa f8 8f da 15 c3 71 be 55 b0 a2 95 00 2a 0d ca 51 00 b9 fe 8b 7b 98 16 48 72 9a e2 0f 9e 39 07 d1 6b 23 9a 9c 3d 62 b8 a5 3c a5 9b 86 ff f8 08 a2 f1 3f 15 17 01 3c be 1d 44 82 2f 0f 6b 01 25 3c c9 b3 ee 06 f7 cb 24 49 19 af 58 ea cb 23 61 ec 69 65 15 64 50 10 5a 6c af 66 f0 e9 2b e4 ec d3 80 cf 56 f8 62 87 46 e8 e0 ed 73 3a 80 0d 49 43 65 83 bb ef 79 a9 b9 ad 31 2e 15 66 eb 73 69 68 72 54 fd d1 8f 2e 9f 9c b3 Data Ascii: \|>^NuMDJR#\bM(s":A.P8_YMbx\?~,5)W{uA=)T6#:Et{iqU*Q{Hr9k#=b<?<D/k%<$IX#aiedPZlf+VbFs:ICey1.fsihrT.
2025-01-10 15:33:07 UTC	16384	IN	Data Raw: ce fa 7b c5 83 ca 5a b7 8f 13 a5 a2 b2 0b e9 4b 9e 69 f7 a2 ac fc 9e 35 af b0 69 18 17 10 fc b5 fb 55 d0 b4 fa e6 5f d6 fc bd a9 6a 00 95 ce 5c e7 9d 10 f9 42 9c 4e ca 8d 76 91 84 c2 86 cb 65 d2 35 5c 63 bc 26 65 9e 22 60 66 55 1d ed 0e 03 cf e9 47 d6 32 49 b7 41 86 ef cd cf 12 2f d7 f6 91 dc f6 7a 41 92 13 b8 e1 d5 62 69 43 16 fe 35 eb 6b fd 0c 8e 5a 07 11 fe df e5 81 1e 7d c2 5b 1a d6 27 5e 7e 12 c9 aa 2e 2d e8 60 2c a4 4f ed 56 96 85 e9 f4 44 88 e0 01 bb 13 88 ff ef de 22 14 db 02 28 22 2b 47 7d 79 c0 2c b9 94 59 75 8a 20 96 61 98 b9 9f b3 b2 79 d3 52 0e 24 78 d1 10 4e 13 38 e9 62 34 c6 4c cb 30 00 82 bc 6b 87 81 4d 71 1b 6e e9 e1 42 ef 88 8b b3 19 4c a2 71 39 8f 2f 7d 1a 2e 2d 2b 9f 7d 6f 5f 02 70 c0 9f 23 57 9b d5 50 0c 97 e8 03 90 14 a0 2b 7a 70 49 Data Ascii: {ZKi5iU_j\BNve5\c&e"`fUG2IA/zAbiC5kZ}['^~.-`,OVD"("+G}y,Yu ayR$xN8b4L0kMqnBLq9/}.-+}o_p#WP+zpI
2025-01-10 15:33:07 UTC	1024	IN	Data Raw: e5 3d 41 8d da 38 6f 60 e8 89 0f 0f d3 4e e6 80 3b 7c e6 7b 05 65 ec c1 8f df 0f c9 7c a9 99 34 d7 80 0a 5a 68 30 10 b2 39 10 bb 38 3f b2 78 02 e3 67 f1 a8 b1 b0 89 05 59 33 60 1f db 48 29 ef b3 1c f4 a9 99 44 a4 a6 60 be db e8 c8 b1 b7 a9 54 01 94 ec 82 7f 17 1e f1 9f f1 b3 d9 ac 83 f4 a2 20 13 ae 53 bf 63 5b f1 c1 2c 33 9f 0b c6 18 9a 0c 8c 38 86 1f 58 b4 cd 4d b1 14 27 23 85 57 4a ce 7e 2a 0d 77 76 b5 eb 7f 4b ca 2d 33 fe d3 d8 8c 62 22 33 1f 8c 44 2c fb ad c2 ee 43 97 82 bf 70 34 64 8d a9 5f b6 19 b4 78 81 3c 95 8c 0a 71 9c 00 07 ff 35 7d 40 39 0c 2e a5 c9 c9 9c 42 dc 1f 41 bc 62 46 62 df 56 7d 5a ce 7d 9a 1e 84 4f f5 6d c2 e7 81 39 c2 5f b8 70 ed f7 0a 69 95 39 5d 54 48 08 f9 74 50 17 4f 11 b2 dd b7 48 0b 4e 44 33 49 93 c8 c5 bc 4e 58 8a e8 4d 7b 88 Data Ascii: =A8o`N;\|{e\|4Zh098?xgY3`H)D`T Sc[,38XM'#WJ~*wvK-3b"3D,Cp4d_x<q5}@9.BAbFbV}Z}Om9_pi9]THtPOHND3INXM{

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:33:07 UTC	1044	OUT	GET /pages/f2e6f2a95eaf/phished.mp3 HTTP/1.1 Host: secured-login.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-10 15:33:08 UTC	832	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 15:33:08 GMT Content-Type: text/html; charset=utf-8 Content-Length: 1873 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade Link: </assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css>; rel=preload; as=style; nopush,</assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js>; rel=preload; as=script; nopush ETag: W/"74133370e122c9bb68f488aaad71134d" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: f0ab335f-dd92-462f-8eec-fdfd09ac1fe6 X-Runtime: 1.118764 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-10 15:33:08 UTC	1873	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 49 4d 50 4f 52 54 41 4e 54 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 70 61 67 65 20 69 73 20 70 61 72 74 20 6f 66 20 61 20 73 69 6d 75 6c 61 74 65 64 20 70 68 69 73 68 69 6e 67 20 61 74 74 61 63 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <meta name="IMPORTANT" content="This page is part of a simulated phishing attac

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ID_Badge_Policy.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1e1abf84-40ac-42b8-8ca7-8d12b2c1c9c1.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250110153136Z-189.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Windows Analysis Report
ID_Badge_Policy.pdf

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:33:08 UTC	965	OUT	GET /LP_videos/You've_Been_Phished.mp4 HTTP/1.1 Host: helpimg.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept-Encoding: identity;q=1, ;q=0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: /* Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: video Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ== Accept-Language: en-US,en;q=0.9 Range: bytes=315135-330770 If-Range: "117b3edc22858d8b022e75c64001cead"
2025-01-10 15:33:09 UTC	554	IN	HTTP/1.1 206 Partial Content x-amz-id-2: c//ElndnJn6ymxEtGuhLSsD9O+OCVKS+lZJPZ/AhASFXSADPXHPQJ59vcyBMdfTppEZB9un3QIAfAJZ/CvJN95DxmjUfZ/b1MXWT63Rts2I= x-amz-request-id: BH0MKFKARSE7TX76 Date: Fri, 10 Jan 2025 15:33:09 GMT x-amz-replication-status: COMPLETED Last-Modified: Thu, 17 Jan 2019 18:33:25 GMT ETag: "117b3edc22858d8b022e75c64001cead" x-amz-version-id: _rYO9q6z9cr.70TeaubCza8Kt7dWLH.u Accept-Ranges: bytes Content-Range: bytes 315135-330770/330771 Content-Type: video/mp4 Content-Length: 15636 Server: AmazonS3 Connection: close
2025-01-10 15:33:09 UTC	15636	IN	Data Raw: 1a 9c 64 58 e8 1d c0 85 d6 f1 f0 a1 fb 69 f9 4a 61 6f 04 57 8d 3c 5c 01 30 c7 74 1e ff 5b 18 5a aa 7a c9 e6 1f 3b f3 ce 51 2c 2b 65 21 2b 20 20 0a 22 de c8 9d 7d 3e 32 f8 75 04 55 47 f4 b7 bd bd bd 6d 16 f8 a6 44 b0 34 45 ef 34 85 09 36 cb d8 9a 98 9c b0 c4 39 a6 91 a9 f2 76 b6 ce 9e 02 be 34 9d 12 dc 15 db ff 21 85 db 22 20 db 66 dd 74 ac cd 4c b0 4d 39 43 af ee 4c 02 a4 ef f0 5b 16 51 eb dc e4 38 8e 6d ed 0a 60 1d 21 eb e4 a6 e4 a1 1d 8e c6 f4 d0 32 63 63 9e 42 2a 31 71 1e 81 f9 97 ce 74 f2 35 ca 91 40 45 f3 c0 3d 4b f3 9a 13 cc c6 11 b2 32 4c 69 b6 cd 4e fd 8a 64 85 54 5f 1f b5 29 23 8f 11 55 91 e0 aa b3 a5 7e 4e a1 7a 07 d4 30 cd 53 bf 21 9d 97 00 e4 43 73 87 c1 eb 43 83 27 2c 97 54 16 08 dd 3b 03 cb ab 3e eb 87 1c 7b ff 0a d2 80 5e ed 75 b9 18 43 71 Data Ascii: dXiJaoW<\0t[Zz;Q,+e!+ "}>2uUGmD4E469v4!" ftLM9CL[Q8m`!2ccB*1qt5@E=K2LiNdT_)#U~Nz0S!CsC',T;>{^uCq

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:33:10 UTC	922	OUT	GET /favicon.ico HTTP/1.1 Host: secured-login.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://secured-login.net/pages/f2e6f2a95eaf/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ== Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-10 15:33:11 UTC	253	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 15:33:11 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Fri, 10 Jan 2025 14:09:16 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:33:11 UTC	352	OUT	GET /favicon.ico HTTP/1.1 Host: secured-login.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-10 15:33:12 UTC	253	IN	HTTP/1.1 200 OK Date: Fri, 10 Jan 2025 15:33:12 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Fri, 10 Jan 2025 14:09:16 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:34:08 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 53 69 42 68 52 33 4a 50 33 6b 4f 57 48 32 6c 66 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 61 61 39 36 38 37 38 34 32 65 33 64 30 66 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: SiBhR3JP3kOWH2lf.1Context: 4aa9687842e3d0f6
2025-01-10 15:34:08 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-10 15:34:08 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 53 69 42 68 52 33 4a 50 33 6b 4f 57 48 32 6c 66 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 61 61 39 36 38 37 38 34 32 65 33 64 30 66 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 32 38 61 71 61 2b 59 31 32 54 4a 69 33 32 7a 50 47 62 55 56 32 2b 6a 58 44 2f 74 51 66 77 53 70 6e 56 63 69 70 77 74 49 49 79 37 46 58 4f 4f 5a 35 78 4a 51 4c 42 57 62 41 75 45 67 79 2b 68 57 68 68 6a 62 76 77 66 54 30 75 2f 79 54 51 78 54 49 38 6d 58 50 70 7a 43 49 6d 70 67 4a 35 47 53 59 47 6b 59 77 6a 63 4b 33 68 48 30 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: SiBhR3JP3kOWH2lf.2Context: 4aa9687842e3d0f6<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV28aqa+Y12TJi32zPGbUV2+jXD/tQfwSpnVcipwtIIy7FXOOZ5xJQLBWbAuEgy+hWhhjbvwfT0u/yTQxTI8mXPpzCImpgJ5GSYGkYwjcK3hH0
2025-01-10 15:34:08 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 53 69 42 68 52 33 4a 50 33 6b 4f 57 48 32 6c 66 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 61 61 39 36 38 37 38 34 32 65 33 64 30 66 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: SiBhR3JP3kOWH2lf.3Context: 4aa9687842e3d0f6<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-10 15:34:08 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-10 15:34:08 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 47 52 75 63 41 56 58 71 6d 45 57 4d 6e 35 54 35 38 4b 72 59 75 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: GRucAVXqmEWMn5T58KrYuw.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2025-01-10 15:35:46 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 41 65 47 79 34 4a 45 77 56 6b 71 58 36 62 74 2f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 31 61 63 38 33 35 39 63 61 63 61 38 35 61 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: AeGy4JEwVkqX6bt/.1Context: b1ac8359caca85a1
2025-01-10 15:35:46 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-10 15:35:46 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 41 65 47 79 34 4a 45 77 56 6b 71 58 36 62 74 2f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 31 61 63 38 33 35 39 63 61 63 61 38 35 61 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 32 38 61 71 61 2b 59 31 32 54 4a 69 33 32 7a 50 47 62 55 56 32 2b 6a 58 44 2f 74 51 66 77 53 70 6e 56 63 69 70 77 74 49 49 79 37 46 58 4f 4f 5a 35 78 4a 51 4c 42 57 62 41 75 45 67 79 2b 68 57 68 68 6a 62 76 77 66 54 30 75 2f 79 54 51 78 54 49 38 6d 58 50 70 7a 43 49 6d 70 67 4a 35 47 53 59 47 6b 59 77 6a 63 4b 33 68 48 30 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: AeGy4JEwVkqX6bt/.2Context: b1ac8359caca85a1<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV28aqa+Y12TJi32zPGbUV2+jXD/tQfwSpnVcipwtIIy7FXOOZ5xJQLBWbAuEgy+hWhhjbvwfT0u/yTQxTI8mXPpzCImpgJ5GSYGkYwjcK3hH0
2025-01-10 15:35:46 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 41 65 47 79 34 4a 45 77 56 6b 71 58 36 62 74 2f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 31 61 63 38 33 35 39 63 61 63 61 38 35 61 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: AeGy4JEwVkqX6bt/.3Context: b1ac8359caca85a1<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-10 15:35:46 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-10 15:35:46 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4a 4e 2b 38 4b 44 55 36 41 45 79 6c 59 71 73 5a 50 4b 70 2f 38 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: JN+8KDU6AEylYqsZPKp/8A.0Payload parsing failed.

Target ID:	0
Start time:	10:31:30
Start date:	10/01/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ID_Badge_Policy.pdf"
Imagebase:	0x7ff651090000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	2
Start time:	10:31:34
Start date:	10/01/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff70df30000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	11
Start time:	10:32:55
Start date:	10/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://do.not.click.on.this.link.instantrevert.net/XcWN1K0JnUUFYQUxmMWFVR3BMa0ZFcUUzdCtaWk4wVkltblFlZ2pldUJ3dFR4ano4THFycXFkZWFmeENVbGh1Z2RxUHZmbk5uNUVGTXNFL29OQUloZXREbGRuMU4vS3EvTmhJSkY1UVVpd2o1UEdNRjk5S2kzRE1GSFE0MGV1ZkVxNm1mQ2JkcmUrT2ZEaEV2b2wxOWc1SjA4elkzaUN5VnJ1cDdWNFdrRXNnZFpKdEhJSEg1N0tralJnPT0tLXZYbUZnQ1F1V3lIOHE3cVQtLWprV25HOHZ1d2szaS9zYjVUaGkzK0E9PQ==?cid=2356055592"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre