Windows Analysis Report
Michael.langedijk Vacations and salaries.pdf

Overview

General Information

Sample name:	Michael.langedijk Vacations and salaries.pdf
Analysis ID:	1615151
MD5:	ed0f4d42952e2696cb11beffcfd28178
SHA1:	8e1b6f6d1ae4fe8fe0a964d4af370ba92682ac88
SHA256:	49bb4f56744c70ac85a97a7d119321253acaaf8535b8616069e69ec670e19f4a
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected HtmlPhish54

AI detected landing page (webpage, office document or email)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Classification

Signatures

Phishing

AI detected phishing page

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Mobilexpense' is known and typically associated with the domain 'mobilexpense.com'., The provided URL 'ghvvhjgvjhhvb.santacruzcargosrl.com' does not match the legitimate domain for Mobilexpense., The domain 'santacruzcargosrl.com' does not appear to be related to Mobilexpense, which raises suspicion., The subdomain 'ghvvhjgvjhhvb' is nonsensical and does not provide any clear association with Mobilexpense., The presence of a password input field on a suspicious domain increases the risk of phishing. DOM: 3.4.pages.csv
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Mobilexpense' is known and typically associated with the domain 'mobilexpense.com'., The provided URL 'ghvvhjgvjhhvb.santacruzcargosrl.com' does not match the legitimate domain for Mobilexpense., The domain 'santacruzcargosrl.com' does not appear to be related to Mobilexpense, which raises suspicion., The subdomain 'ghvvhjgvjhhvb' is nonsensical and does not provide any clear association with Mobilexpense., The presence of an input field for 'Enter password' on a suspicious domain increases the likelihood of phishing. DOM: 3.5.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 1.3.id.script.csv, type: HTML
Source: Yara match	File source: 1.10.id.script.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 3.3.pages.csv, type: HTML
Source: Yara match	File source: 3.5.pages.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: PDF document

Joe Sandbox AI: PDF document contains QR code

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true

HTTP Parser: michael.langedijk@mobilexpense.com

HTML body contains low number of good links

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com

HTTP Parser: Base64 decoded: wss://ghvvhjgvjhhvb.santacruzcargosrl.com/04a37a65110740b7827e9d479d7b8726/

HTML title does not match URL

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: Iframe src: https://540c833d-04a37a65.santacruzcargosrl.com/Prefetch/Prefetch.aspx
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: Iframe src: https://540c833d-04a37a65.santacruzcargosrl.com/Prefetch/Prefetch.aspx

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com	HTTP Parser: No favicon
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No favicon
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No favicon
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No favicon
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No favicon

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 64.227.123.94:443 -> 192.168.2.7:49720

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.7:62351 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 191.252.141.106 191.252.141.106
Source: Joe Sandbox View	IP Address: 191.252.141.106 191.252.141.106

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 104.40.149.189
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /yoya/michael.langedijk@mobilexpense.com/bWljaGFlbC5sYW5nZWRpamtAbW9iaWxleHBlbnNlLmNvbQ== HTTP/1.1Host: aral-latam.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aral-latam.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://aral-latam.com/yoya/michael.langedijk@mobilexpense.com/bWljaGFlbC5sYW5nZWRpamtAbW9iaWxleHBlbnNlLmNvbQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?vv=michael.langedijk@mobilexpense.com HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://aral-latam.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?vv=michael.langedijk@mobilexpense.com HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_eaF-Fe71oZcWvr096r6xEw2.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ghvvhjgvjhhvb.santacruzcargosrl.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /04a37a65110740b7827e9d479d7b8726/ HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ghvvhjgvjhhvb.santacruzcargosrl.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="Sec-WebSocket-Key: 8h4MFtqfkyO3lZ+WOsfUPQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?vv=michael.langedijk@mobilexpense.com&sso_reload=true HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_eaF-Fe71oZcWvr096r6xEw2.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ghvvhjgvjhhvb.santacruzcargosrl.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_-8cgqRzfEOPEpYl9MSuPRw2.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ghvvhjgvjhhvb.santacruzcargosrl.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_b6qmkv34zrtzwovprnovhw2.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ghvvhjgvjhhvb.santacruzcargosrl.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_b6qmkv34zrtzwovprnovhw2.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /04a37a65110740b7827e9d479d7b8726/ HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ghvvhjgvjhhvb.santacruzcargosrl.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: me9Bqknsbv9Zp1EwTqqPFA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_-8cgqRzfEOPEpYl9MSuPRw2.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 540c833d-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /04a37a65110740b7827e9d479d7b8726/ HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ghvvhjgvjhhvb.santacruzcargosrl.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=ca15c061-6be7-47f5-a0b5-18436f5ac03e; brcap=0Sec-WebSocket-Key: UdcJPAi8oTRuct0HqixIug==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /dec6ba50-04a37a65.santacruzcargosrl.com/winauth/ssoprobe?client-request-id=c79cf263-a1cf-4f67-926b-e1bdd74e525c&_=1739547429588 HTTP/1.1Host: 874a96e7-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_9508950c2b89b79b3f88.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /04a37a65110740b7827e9d479d7b8726/ HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ghvvhjgvjhhvb.santacruzcargosrl.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=ca15c061-6be7-47f5-a0b5-18436f5ac03e; brcap=0; ai_session=8gtqzOZ22AmkPRah8aLzpp\|1739547432261\|1739547432261Sec-WebSocket-Key: ChKiVmZ5NYFhnJNo9By3CQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-1hydalwskawlxnkxmkobien0ynyazcmqepcjeqdvih0/logintenantbranding/0/bannerlogo?ts=638011567569319580 HTTP/1.1Host: e69c9dd4-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-1hydalwskawlxnkxmkobien0ynyazcmqepcjeqdvih0/logintenantbranding/0/favicon?ts=638169015598283767 HTTP/1.1Host: e69c9dd4-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_9508950c2b89b79b3f88.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=ca15c061-6be7-47f5-a0b5-18436f5ac03e; brcap=0; ai_session=8gtqzOZ22AmkPRah8aLzpp\|1739547432261\|1739547432261
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; MC1="GUID=276d715bae6d44a5a0fc47caca47f537&HASH=276d&LV=202502&V=4&LU=1739542883222"; MS0=3ea8041ca8714170aa4b85792a3caf6d
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-1hydalwskawlxnkxmkobien0ynyazcmqepcjeqdvih0/logintenantbranding/0/bannerlogo?ts=638011567569319580 HTTP/1.1Host: e69c9dd4-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; MC1="GUID=276d715bae6d44a5a0fc47caca47f537&HASH=276d&LV=202502&V=4&LU=1739542883222"; MS0=3ea8041ca8714170aa4b85792a3caf6d
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-1hydalwskawlxnkxmkobien0ynyazcmqepcjeqdvih0/logintenantbranding/0/favicon?ts=638169015598283767 HTTP/1.1Host: e69c9dd4-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; MC1="GUID=276d715bae6d44a5a0fc47caca47f537&HASH=276d&LV=202502&V=4&LU=1739542883222"; MS0=3ea8041ca8714170aa4b85792a3caf6d
Source: global traffic	HTTP traffic detected: GET /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1Host: 02a33b31-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; MC1="GUID=276d715bae6d44a5a0fc47caca47f537&HASH=276d&LV=202502&V=4&LU=1739542883222"; MS0=3ea8041ca8714170aa4b85792a3caf6d
Source: global traffic	HTTP traffic detected: GET /04a37a65110740b7827e9d479d7b8726/ HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ghvvhjgvjhhvb.santacruzcargosrl.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=ca15c061-6be7-47f5-a0b5-18436f5ac03e; brcap=0; ai_session=8gtqzOZ22AmkPRah8aLzpp\|1739547432261\|1739547432261; MC1="GUID=276d715bae6d44a5a0fc47caca47f537&HASH=276d&LV=202502&V=4&LU=1739542883222"; MS0=3ea8041ca8714170aa4b85792a3caf6d; MSFPC=GUID=276d715bae6d44a5a0fc47caca47f537&HASH=276d&LV=202502&V=4&LU=1739542883222Sec-WebSocket-Key: 5AXroKtCKOoR0MewkwvJSg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org

Source: global traffic	DNS traffic detected: DNS query: aral-latam.com
Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ghvvhjgvjhhvb.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: 418eb79b-04a37a65.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: 647d8da9-04a37a65.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: 3b072b6e-04a37a65.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: l1ve.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: 540c833d-04a37a65.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: 874a96e7-04a37a65.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: e69c9dd4-04a37a65.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: 02a33b31-04a37a65.santacruzcargosrl.com

Source: unknown

HTTP traffic detected: POST /?vv=michael.langedijk@mobilexpense.com HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: keep-aliveContent-Length: 4703Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://ghvvhjgvjhhvb.santacruzcargosrl.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Feb 2025 14:18:40 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 00f22ae7-c4c6-4a48-bcec-1b5335261700x-ms-ests-server: 2.1.20051.5 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: a3e2304b-2e36-441f-8995-5056f8516f00x-ms-ests-server: 2.1.20003.9 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 4fc81baf-4348-4569-b93b-b355dda23000x-ms-ests-server: 2.1.20003.9 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: 97aa64cb-6486-4d05-b683-942ad2d38bc8x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 1627FE87FB884A268BAA66884447EF2C Ref B: AMS231032604045 Ref C: 2025-02-14T14:21:14Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 15dfdbb1-365f-49fe-a592-b1df82630b00x-ms-ests-server: 2.1.20003.9 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 2eca3e3f-b69d-46ef-b5f3-833b47ae3300x-ms-ests-server: 2.1.20003.9 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 3e9571b2-e8c4-4358-8ad7-3556b1d25500x-ms-ests-server: 2.1.20003.9 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.0.dr	String found in binary or memory: https://www.adobe.co

Source: unknown	Network traffic detected: HTTP traffic on port 62601 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62609 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62618 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62599 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62610 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 62593 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62585 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62609
Source: unknown	Network traffic detected: HTTP traffic on port 62629 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62604 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62621 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62601
Source: unknown	Network traffic detected: HTTP traffic on port 62579 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62602
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62603
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62604
Source: unknown	Network traffic detected: HTTP traffic on port 62582 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62605
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62606
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62607
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62608
Source: unknown	Network traffic detected: HTTP traffic on port 62596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62615 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62600
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62626 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62580
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62581
Source: unknown	Network traffic detected: HTTP traffic on port 62603 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62579
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62612
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62613
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62614
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62615
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62616
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62618
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62619
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 62597 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 62631 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62577
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62610
Source: unknown	Network traffic detected: HTTP traffic on port 62612 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62611
Source: unknown	Network traffic detected: HTTP traffic on port 62591 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62590
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62591
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62592
Source: unknown	Network traffic detected: HTTP traffic on port 62606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62583 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62623
Source: unknown	Network traffic detected: HTTP traffic on port 62580 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62624
Source: unknown	Network traffic detected: HTTP traffic on port 62577 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62625
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62626
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62627
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62628
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62629
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62582
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62583
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62584
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62585
Source: unknown	Network traffic detected: HTTP traffic on port 62634 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62586
Source: unknown	Network traffic detected: HTTP traffic on port 62594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62587
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62620
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62621
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62589
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62622
Source: unknown	Network traffic detected: HTTP traffic on port 62592 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62628 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62586 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62605 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62634
Source: unknown	Network traffic detected: HTTP traffic on port 62614 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62593
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62594
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62595
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62597
Source: unknown	Network traffic detected: HTTP traffic on port 62595 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62598
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62631
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62599
Source: unknown	Network traffic detected: HTTP traffic on port 62625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62589 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62611 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62590 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62584 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62581 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62587 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62602 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62613 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62598 -> 443

Source: classification engine

Classification label: mal68.phis.winPDF@29/100@33/9

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-02-14 09-18-32-567.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Michael.langedijk Vacations and salaries.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1716,i,16231115247410210710,14177633878551563429,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aral-latam.com/yoya/michael.langedijk@mobilexpense.com/bWljaGFlbC5sYW5nZWRpamtAbW9iaWxleHBlbnNlLmNvbQ==
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2036,i,4628127369903158306,14261556293105471556,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1716,i,16231115247410210710,14177633878551563429,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2036,i,4628127369903158306,14261556293105471556,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Michael.langedijk Vacations and salaries.pdf	Initial sample: PDF keyword /JS count = 0
Source: Michael.langedijk Vacations and salaries.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9p3bpce_qdek9w_420.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9p3bpce_qdek9w_420.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Michael.langedijk Vacations and salaries.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
64.227.123.94	874a96e7-04a37a65.santacruzcargosrl.com	United States	14061	DIGITALOCEAN-ASNUS	true
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.100	unknown	United States	15169	GOOGLEUS	false
72.246.169.163	e8652.dscx.akamaiedge.net	United States	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
191.252.141.106	aral-latam.com	Brazil	27715	LocawebServicosdeInternetSABR	false

Private

IP
192.168.2.7
192.168.2.16
192.168.2.6

Contacted Domains

Name	IP	Active
874a96e7-04a37a65.santacruzcargosrl.com	64.227.123.94	true
e8652.dscx.akamaiedge.net	72.246.169.163	true
02a33b31-04a37a65.santacruzcargosrl.com	64.227.123.94	true
540c833d-04a37a65.santacruzcargosrl.com	64.227.123.94	true
bg.microsoft.map.fastly.net	199.232.214.172	true
3b072b6e-04a37a65.santacruzcargosrl.com	64.227.123.94	true
ghvvhjgvjhhvb.santacruzcargosrl.com	64.227.123.94	true
l1ve.santacruzcargosrl.com	64.227.123.94	true
418eb79b-04a37a65.santacruzcargosrl.com	64.227.123.94	true
647d8da9-04a37a65.santacruzcargosrl.com	64.227.123.94	true
e69c9dd4-04a37a65.santacruzcargosrl.com	64.227.123.94	true
www.google.com	172.217.18.4	true
aral-latam.com	191.252.141.106	true
x1.i.lencr.org	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://540c833d-04a37a65.santacruzcargosrl.com/Prefetch/Prefetch.aspx	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_b6qmkv34zrtzwovprnovhw2.js	true	Avira URL Cloud: safe	unknown
https://aral-latam.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg	true	Avira URL Cloud: safe	unknown
https://e69c9dd4-04a37a65.santacruzcargosrl.com/c1c6b6c8-1hydalwskawlxnkxmkobien0ynyazcmqepcjeqdvih0/logintenantbranding/0/bannerlogo?ts=638011567569319580	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js	true	Avira URL Cloud: safe	unknown
https://ghvvhjgvjhhvb.santacruzcargosrl.com/common/instrumentation/dssostatus	true	Avira URL Cloud: safe	unknown
https://ghvvhjgvjhhvb.santacruzcargosrl.com/04a37a65110740b7827e9d479d7b8726/	true	Avira URL Cloud: safe	unknown
https://874a96e7-04a37a65.santacruzcargosrl.com/dec6ba50-04a37a65.santacruzcargosrl.com/winauth/ssoprobe?client-request-id=c79cf263-a1cf-4f67-926b-e1bdd74e525c&_=1739547429588	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/shared/1.0/content/js/BssoInterrupt_Core_eaF-Fe71oZcWvr096r6xEw2.js	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_9508950c2b89b79b3f88.js	true	Avira URL Cloud: safe	unknown
https://ghvvhjgvjhhvb.santacruzcargosrl.com/favicon.ico	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/shared/1.0/content/js/ConvergedLogin_PCore_-8cgqRzfEOPEpYl9MSuPRw2.js	true	Avira URL Cloud: safe	unknown
https://l1ve.santacruzcargosrl.com/Me.htm?v=3	true	Avira URL Cloud: safe	unknown
https://e69c9dd4-04a37a65.santacruzcargosrl.com/c1c6b6c8-1hydalwskawlxnkxmkobien0ynyazcmqepcjeqdvih0/logintenantbranding/0/favicon?ts=638169015598283767	true	Avira URL Cloud: safe	unknown
https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js	true	Avira URL Cloud: safe	unknown
https://02a33b31-04a37a65.santacruzcargosrl.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif	true	Avira URL Cloud: safe	unknown
https://418eb79b-04a37a65.santacruzcargosrl.com/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js	true	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	9D7742AB72503E02B87AE3FB539C0F5B	E410DB7F1168B8DEA746C7DF77CAFF20D0146C89	D9FC26D825EC6952779B1DA39F3F46DD24588227C9F6D601E51FE01F24DBB73E
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)	ASCII text	9D7742AB72503E02B87AE3FB539C0F5B	E410DB7F1168B8DEA746C7DF77CAFF20D0146C89	D9FC26D825EC6952779B1DA39F3F46DD24588227C9F6D601E51FE01F24DBB73E
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG	ASCII text	8281C2FD9A9AC5AB275A5172D0EF1A53	FDF3CCE1AC127136A944DCB76F28756E6E36BF1B	9CF2E9417BD96863673C7600010F489400686A536ECA9F98EB10AD5C2C181215
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)	ASCII text	8281C2FD9A9AC5AB275A5172D0EF1A53	FDF3CCE1AC127136A944DCB76F28756E6E36BF1B	9CF2E9417BD96863673C7600010F489400686A536ECA9F98EB10AD5C2C181215
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3732c587-d516-4f47-a121-3de6e86a2f87.tmp	JSON data	743CD4FA78A0E2FF127A67E89533B0EC	12BF8D44FE0C6881CAC714A18A274270104C6D21	99F02A24620E64D5D7C5DA4791B23969AC41BEA323DB79EC94082F38B4370469
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)	JSON data	743CD4FA78A0E2FF127A67E89533B0EC	12BF8D44FE0C6881CAC714A18A274270104C6D21	99F02A24620E64D5D7C5DA4791B23969AC41BEA323DB79EC94082F38B4370469
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log	data	3EB7735922CF089085626C522B98B7F1	7CD59CC4034B6047167201927F80D5920DC45E98	48E987327DC98D15388C3BBC2C1926B1B193487586A11B6DFF978D58D9CD4749
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG	ASCII text	C03E59D8C4BB1E9071DB7BA970DB9154	F8155F2777A7878F3A78ABF4C88FD25943EA998C	8DEBE973131D25BCD9867C31C8A55DD2B9CCA8953925E59EB9FE30FD76A48E4E
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)	ASCII text	C03E59D8C4BB1E9071DB7BA970DB9154	F8155F2777A7878F3A78ABF4C88FD25943EA998C	8DEBE973131D25BCD9867C31C8A55DD2B9CCA8953925E59EB9FE30FD76A48E4E
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250214141836Z-204.bmp	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54	FC1EFB7065F809B9F9A78828998E15C5	123239061D55FC435E5178A44763AE1E164C643C	4586F7069E128E26FFA3F48441D9777AE41E2CE7AD1C372860D16D18C55A9DFF
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15	74144ED25BF58A96A317373911FDA4CE	275716C6A47AB0E556D54EBDC3D1D8B0E25E1ED5	92601166C2C39DC1E4FF8C3A1A90060F127F2603E90D66215E73E0CE154B6049
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	404C171E19E814C2CE83D28874A4743B	0CC1E97314B37CE0FB8B86171B2934585CB123F7	51BF8F7602E122E8755A703A5D4A5D32C658B05E2DFC6C6293C6208BEB4086B9
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D	Certificate, Version=3	0CD2F9E0DA1773E9ED864DA5E370E74E	CABD2A79A1076A31F21D253635CB039D4329A5E8	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	49AEBF8CBD62D92AC215B2923FB1B9F5	1723BE06719828DDA65AD804298D0431F6AFF976	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D	data	80B69FCD51E7DEC3A2C0573B002BBF10	8603181607352CC816E208F4E52E4CED43D87F8A	AA813965E5B6EB2A63E9B0B3A04E68AC3C85BDED0CAAAC63A1FB1A9F369CC111
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	A283A88570533B5C88F69C33416F9BC4	F62ECEBAB8A3EF7A26086D2EF0A8AAF13B155AD9	0B70B9B7D48F57C64605999607490C91346EE19D315EB43E9292C9DC15DE5FF8
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID	JSON data	13C4B4EA638F7470D3209D45D388EE1B	884D393D7E69A6AE28E381E871F5AEA857B2B7C0	6C9B2798EA1FE7971A5E8136D72ECD8881A8AC60E364F990570F9837C06ABC6B
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface	JSON data	8CAB5DCA6CE36FB9F5249F1392CE523B	73DAEF40A611E805AE7E2882D144AA839FBE096B	DD7CB9946DC2B1E894221A111A789CD0E97DBEFC22C0ACF062FFFAD66FACDB6E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface	JSON data	25001EA695FC197A27B7BE10674722F4	AF3978492FCC4BA01DFD70B4860DD443D0081213	410A27313AE280A0F462CECA0E61A24E33A2D3472F84A000332E0C3F71C0DAF7
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD	JSON data	B4BA57E19BC5BB6F2FDA9E74BA1FB4AD	9E3D55A1DA70DC68ACCB806F215CF32EDDCA8937	A9E0D18E07132CD6F8A030D954C24EAB516773C49B959AD2FB9F1A57673D2825
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner	JSON data	2455C01938ED9A36780E690E8F0FFBC0	07F2F6D820F2DE62666C8E446920B1F90542D8CC	3505B13E0369E6FAB6A774C2D4999546155D7775155A11D9C6BAF93DD6DD25CB
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner	JSON data	D29F7DAE45A72D4B8464C068CB751068	6A27B833E7264F048DDD1274AEB73AF709E1A294	C36176E00175143ADBFE3DDCB8C0000C4323122B30EE1FE659DEBA3205E347A2
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention	JSON data	FCE5499C2CB98325C2F002FE55790225	2816920B1505BAFFF31E6131087510B81CAE41CF	69F80D9CFA12F429AEA238B0F6ED990D7518ACAE2488D052CB790B0B5D3847B9
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner	JSON data	75669B4E5091222C301A3F5134FAA3FD	EF699B629309622F0D1E9079A576E255918442A8	4748890BD4F80C972F415E5008942A20DBA04C370C6FF970D5B88CA6B7881680
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner	JSON data	ACE30BF14A3CF08CF90AA8BE7DA9B235	B8E2E3E43C8B627F1FF517E5D913DF6081C34632	F3A9EDB94B4892561BD5967A5AFC65E96EB872E8BA733A526F75C2E16A095EDF
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner	JSON data	982D2B8AC5803E1158762603831A8645	0F9CF3EF0792EC8F72BB9599677862C1055C0B4B	37C5402CCE98265433D0A4AB36075FC53B16E59679F50361759E287C05E89492
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner	JSON data	9AE8ADDC6A184FAD517C2FA9DF4C5F6E	0AFF050BEB0008A7B09CF9ECAF4AE92562B175B6	0F5FFB47C63B94E627DDB010CBEB32099FD322D9103BC67664B47CEB33841F76
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner	JSON data	A730C161B5686DFE0C5620662767CEDF	ADDADDBDDD2F1A05B32ACF2F11E40FFE777A7046	90D818A5FC39710DFF4FA2930F6E1FA6A05471F18F256A05840EAA2DCD20C182
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention	JSON data	11F1ED163506899086D7CD333B328F69	4F426F9448685FC7F1B1D843A9BE7C20B332CB7B	CD8F10952759C16C6BEDBE502CDFC57820B3CBC1443C173F719FA2F3DC8B0B17
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner	JSON data	5861C4D7161BC85301555EB3D160CE94	E58F82E226EF3E6D9CFEE397F9F1D013C349AFD0	260984AA323103FE54ACC4AAC5AA34F618BF4DF245B21B6268B84AD0C588BC37
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards	JSON data	489B22F4AE63128266CA0D6DF1C30EC4	C212B2BF344A65E93C19A9A120160F3FABD58615	B1E762227452F5C324C1F8DB01FAD4A3EF0F9CA478F21BEA44B79B0E246E3727
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020	JSON data	B828F3CCF94D8336F49F2CFA0A0E5456	78B6DB436843715777691CA893C5C7AEFC9239B6	C898F31C049F45261B3ACC389917E567253B2B866A32BAC3EA2E1302AEE6DE91
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json	JSON data	B6D418D82E36F310E8E20D736945B16F	11DA40FCF2A19CE8522F97B5FF6C27833B027D4D	6F0032445C8C5FD7E4B70D4EEF1BBEFCD83CEBC05D6FD254316FA020643C1BE6
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25	9E1F6597D91FB52DE4AB2A1222C2D74F	AF7B1E5E6807E2C20197E19C98D8CA17E6AE3230	B8A22FB46D4C11636B0977B9E3C69137BBD1D122B8360EBC060B52C5022A919D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal	SQLite Rollback Journal	6998C8DD92EFC1F3C81FEDB4512B7B82	B904D3ABE53306177B27FF41AB18B8862D7761AB	72F6C40DC23D844515133442D1C593565DA55C2E0B193E12FFC5E1E1422EE12E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin	data	298C57D6312E888E74472F7E9D1535AB	D6BCCD9BA824A28E55788E640F01DCCEAAF1EE4C	EFE195CB135446533F2641185E10DEA7CB0CC4B8B129C59408B2944D20ACE10D
C:\Users\user\AppData\Local\Temp\MSI7840b.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	284359AADC1A59E81C06F19AF1BB266C	5FB71C558B8E6D793A7ED454D3E3C4CBF83D0EAA	52692655731141DF9F580F496825E4A7A10515A9FEFC8C24D2BAD33257FDE562
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9p3bpce_qdek9w_420.tmp	PDF document, version 1.6, 0 pages	A08B27D8D712B967A9C85764D349BE90	06EBDB4FCA0C79B5E92656CB92F175D74E7BF7B2	F7ADD48EC07393569ED4900B8CCFB56203121407F949E04A76619508F98348EA
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-02-14 09-18-32-567.log	ASCII text, with very long lines (393)	F49CA270724D610D1589E217EA78D6D1	22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3	D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log	ASCII text, with very long lines (393), with CRLF line terminators	F25E638431991F73FDB34D94CB583E74	948CED504FF86D097CC6D0D31D47430E9FBD3954	81C97625BE74ED9E616169FB6F0BA8EC9C190545EA506970D5ECBBD7A208D413
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt	ASCII text, with CRLF line terminators	0BC6FBB8E8246CCF4979748B0692FD75	12B947C9C52A898BB7B3ED74A7026862C015F355	ECBFCBF0A08AD3870CF72534A5C5D09976735772017590805B6D89E11A8669C0
C:\Users\user\AppData\Local\Temp\acrocef_low\3fb707b7-b9ae-4a7b-82eb-13ed6f670bae.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022	5C48B0AD2FEF800949466AE872E1F1E2	337D617AE142815EDDACB48484628C1F16692A2F	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
C:\Users\user\AppData\Local\Temp\acrocef_low\b6c856e9-87c0-4db2-b64e-4d06b3634503.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538	3A49135134665364308390AC398006F1	28EF4CE5690BF8A9E048AF7D30688120DAC6F126	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
C:\Users\user\AppData\Local\Temp\acrocef_low\df1f4c88-18c2-4f39-9279-267d40b0ddcd.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360	9431A1C2A3C1BEFE8F3925B1B333DC34	4E77620153F74BE80B9D533FD16826A276113460	9C81A3C6CA676D3D45D2C43A2204E3B78DFB3C0082A1748B67CD9F95AD419ABC
C:\Users\user\AppData\Local\Temp\acrocef_low\e5f5b75c-2b9c-4b8e-b5ab-4483b7417e2d.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142	F43041C007C55C623135DD65EBCBE292	0F5781369DB2C967A1795898030244B2E9D561F6	4F7827EA2E3ACAA6A1B5BC7969516DD8EF08AC789E9C5FBCE61A71D0553C2B8D
Chrome Cache Entry: 176	gzip compressed data, from Unix, original size modulo 2^32 455656	5EFEB9F2D07A46B830018C32E31144F7	713F91F1AE926B57F9E3CDBA9AADFB4000113F27	CAE797D0A0AC1B5E4625FDE68F02BD9BDE644A2F33A9153C550061E024707538
Chrome Cache Entry: 177	ASCII text, with no line terminators	17C4BD96DCB397D1D62D24921BC4FEBA	2C0F2AFF858069D582A97867B183EBD5DC8A9FCB	3549DBC06BDD994A38C9A29AECD7E8F9577E2150D15F8D6B0533B4D250666514
Chrome Cache Entry: 178	gzip compressed data, from Unix, original size modulo 2^32 407134	C716F9032EF2B784C45BB5F32CA3BE1F	C50D8B349894E962393E6C4C7A8FB60C22FA8FBD	696950183D3B7A447CA3F3EEF2C4A2120E5EC3C3EBBABBB49BD677181999847F
Chrome Cache Entry: 179	gzip compressed data, original size modulo 2^32 513	44D8807C223B5C6DEF6E75A602F314EF	E061C196D771661D6C47336C50EAFE2B3BA14130	BA9816D7AF3E3B0EA5B6B34BAA0C99FE5EDCF4CA9BE30307AAA2956F994A8B1E
Chrome Cache Entry: 180	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 181	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 182	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 183	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	49760EA67E5B9A2F401F780EF816A4EF	B9B2F25AE42E6261F03ADF4706AFAA03E8BB29EB	D62F98B760C7E91AE39C22B8140DB334218E904332F0E31A9325D418CB1D1A74
Chrome Cache Entry: 184	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 185	PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced	225495D8A0BED74F8DFF3717E6C1D191	D7A3462B6695C4175366F3E2F90F1934B9A2CD60	38FB3CC7CC67A82DFAAED9D18342093B8F0124B9E73D99D50E9E503EF65F7F04
Chrome Cache Entry: 186	gzip compressed data, from Unix, original size modulo 2^32 15773	56638228CBB567FC9AACF0D26FE670CF	446AA9B868B3EB087847798DDCCE98956B74BABF	2E4F10519A56A3832D07547AC52908E25D52B63FF4190DBC68C076B7F515C88E
Chrome Cache Entry: 187	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 188	gzip compressed data, from Unix, original size modulo 2^32 3619	403D63056B5F3D739A7434BC1A67BFC9	408B976F5B1130C756DD53707A18A8B78D01AC54	301CC1F502AF73F60934B2C42D390D70775EF43AEFE90BD43B8E2A751EAF10C9
Chrome Cache Entry: 189	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 190	gzip compressed data, from Unix, original size modulo 2^32 26686	15F35F19E4BB9A07740AF94A5C3235C9	1F02B4D17E239A5CA024C103CA52553ECBE6BCBC	FD2B01171BD2081BC514C6A48EE268FE7527053D25AA1A836C12A0E72D3925F9
Chrome Cache Entry: 191	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 192	gzip compressed data, original size modulo 2^32 1864	2D2CBA7D7DC75F3BA9DC756738D41A6E	F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC	00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
Chrome Cache Entry: 193	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 194	gzip compressed data, from Unix, original size modulo 2^32 407134	DFAB054F14A9BFB92D466A573574F02D	8C276F1A3379C08F34301F99BD72B929B5BE3CA4	C74934CFBB5416E031398BF9733816AAA1311E64EB7D03D04CD23F320A99BB4A
Chrome Cache Entry: 195	gzip compressed data, from Unix, original size modulo 2^32 142516	4A3A62F3A2A1FF89BC52FCDB8D0033AE	9D2347080A81D14D7C56F381FEBD5FD07CB8B983	8C656F5BCF4EDC92417AF856E735C8D37296A39308CF5485150B9E19005174B1
Chrome Cache Entry: 196	gzip compressed data, from Unix, original size modulo 2^32 113424	69F909D3BA8C6B993DD001B8B9F54F55	F9EAAAA6BC33CE60A2DA8E9FF0F3408CC21CC9EA	5DEB7C0DFBFFCA6439CADD009CD4F57AF7C3E8B6AD9B1467DB95A1B0DC262B0C
Chrome Cache Entry: 197	gzip compressed data, from Unix, original size modulo 2^32 26686	15F35F19E4BB9A07740AF94A5C3235C9	1F02B4D17E239A5CA024C103CA52553ECBE6BCBC	FD2B01171BD2081BC514C6A48EE268FE7527053D25AA1A836C12A0E72D3925F9
Chrome Cache Entry: 198	gzip compressed data, from Unix, original size modulo 2^32 190301	23638CC7923B9B7AF2A3B04AA5C629FB	C8D3A4731BFB36E14D3C7717AA25CB29AED46A49	5CC1DC9DAD5702280C84B91979FEBDC2ADCB09B8B80D76FBFDD4532521323B55
Chrome Cache Entry: 199	gzip compressed data, original size modulo 2^32 513	44D8807C223B5C6DEF6E75A602F314EF	E061C196D771661D6C47336C50EAFE2B3BA14130	BA9816D7AF3E3B0EA5B6B34BAA0C99FE5EDCF4CA9BE30307AAA2956F994A8B1E
Chrome Cache Entry: 200	MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	7E0D59593F3377B72C29435C4B43954A	B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2	62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
Chrome Cache Entry: 201	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	49760EA67E5B9A2F401F780EF816A4EF	B9B2F25AE42E6261F03ADF4706AFAA03E8BB29EB	D62F98B760C7E91AE39C22B8140DB334218E904332F0E31A9325D418CB1D1A74
Chrome Cache Entry: 202	gzip compressed data, from Unix, original size modulo 2^32 455656	5EFEB9F2D07A46B830018C32E31144F7	713F91F1AE926B57F9E3CDBA9AADFB4000113F27	CAE797D0A0AC1B5E4625FDE68F02BD9BDE644A2F33A9153C550061E024707538
Chrome Cache Entry: 203	gzip compressed data, from Unix, original size modulo 2^32 142516	4A3A62F3A2A1FF89BC52FCDB8D0033AE	9D2347080A81D14D7C56F381FEBD5FD07CB8B983	8C656F5BCF4EDC92417AF856E735C8D37296A39308CF5485150B9E19005174B1
Chrome Cache Entry: 204	gzip compressed data, from Unix, original size modulo 2^32 190301	5CA682184794A9D9F726EAEAE4AFE92D	8833A937813DA5CC9E7228DBCEF8907201021FD4	A3E70A69EF29B1716199B1EB12334ECD78C68CF1B06DF87BDC4F7D275C5A4030
Chrome Cache Entry: 205	PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced	225495D8A0BED74F8DFF3717E6C1D191	D7A3462B6695C4175366F3E2F90F1934B9A2CD60	38FB3CC7CC67A82DFAAED9D18342093B8F0124B9E73D99D50E9E503EF65F7F04
Chrome Cache Entry: 206	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 207	gzip compressed data, original size modulo 2^32 3651	DF6A7721C242813411CC6950DF40F9B3	B2068C4A65C183AAD6FC22A44CC1FA449CD355B4	AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
Chrome Cache Entry: 208	gzip compressed data, from Unix, original size modulo 2^32 15773	56638228CBB567FC9AACF0D26FE670CF	446AA9B868B3EB087847798DDCCE98956B74BABF	2E4F10519A56A3832D07547AC52908E25D52B63FF4190DBC68C076B7F515C88E
Chrome Cache Entry: 209	gzip compressed data, from Unix, original size modulo 2^32 58304	F1A4EFAEFA9D5AD194F6CE9D81068789	C66E01D7511BFB1478B9B728F25BA344ECC59CBE	CA7E4DF89D34EF97096940886E35A6406AD130357970094E5D4384F3A4049C9A
Chrome Cache Entry: 210	gzip compressed data, from Unix, original size modulo 2^32 58304	F1A4EFAEFA9D5AD194F6CE9D81068789	C66E01D7511BFB1478B9B728F25BA344ECC59CBE	CA7E4DF89D34EF97096940886E35A6406AD130357970094E5D4384F3A4049C9A

Phishing

AI detected phishing page

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Mobilexpense' is known and typically associated with the domain 'mobilexpense.com'., The provided URL 'ghvvhjgvjhhvb.santacruzcargosrl.com' does not match the legitimate domain for Mobilexpense., The domain 'santacruzcargosrl.com' does not appear to be related to Mobilexpense, which raises suspicion., The subdomain 'ghvvhjgvjhhvb' is nonsensical and does not provide any clear association with Mobilexpense., The presence of a password input field on a suspicious domain increases the risk of phishing. DOM: 3.4.pages.csv
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Mobilexpense' is known and typically associated with the domain 'mobilexpense.com'., The provided URL 'ghvvhjgvjhhvb.santacruzcargosrl.com' does not match the legitimate domain for Mobilexpense., The domain 'santacruzcargosrl.com' does not appear to be related to Mobilexpense, which raises suspicion., The subdomain 'ghvvhjgvjhhvb' is nonsensical and does not provide any clear association with Mobilexpense., The presence of an input field for 'Enter password' on a suspicious domain increases the likelihood of phishing. DOM: 3.5.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 1.3.id.script.csv, type: HTML
Source: Yara match	File source: 1.10.id.script.csv, type: HTML
Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 3.3.pages.csv, type: HTML
Source: Yara match	File source: 3.5.pages.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: PDF document

Joe Sandbox AI: PDF document contains QR code

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true

HTTP Parser: michael.langedijk@mobilexpense.com

HTML body contains low number of good links

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com

HTTP Parser: Base64 decoded: wss://ghvvhjgvjhhvb.santacruzcargosrl.com/04a37a65110740b7827e9d479d7b8726/

HTML title does not match URL

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: Iframe src: https://540c833d-04a37a65.santacruzcargosrl.com/Prefetch/Prefetch.aspx
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: Iframe src: https://540c833d-04a37a65.santacruzcargosrl.com/Prefetch/Prefetch.aspx

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com	HTTP Parser: No favicon
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No favicon
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No favicon
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No favicon
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No favicon

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.com&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2857090 - Severity 1 - ETPRO PHISHING JS/PsyduckPockeball Payload Inbound : 64.227.123.94:443 -> 192.168.2.7:49720

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.7:62351 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 191.252.141.106 191.252.141.106
Source: Joe Sandbox View	IP Address: 191.252.141.106 191.252.141.106

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 104.40.149.189
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /yoya/michael.langedijk@mobilexpense.com/bWljaGFlbC5sYW5nZWRpamtAbW9iaWxleHBlbnNlLmNvbQ== HTTP/1.1Host: aral-latam.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aral-latam.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://aral-latam.com/yoya/michael.langedijk@mobilexpense.com/bWljaGFlbC5sYW5nZWRpamtAbW9iaWxleHBlbnNlLmNvbQ==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?vv=michael.langedijk@mobilexpense.com HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://aral-latam.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?vv=michael.langedijk@mobilexpense.com HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_eaF-Fe71oZcWvr096r6xEw2.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ghvvhjgvjhhvb.santacruzcargosrl.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /04a37a65110740b7827e9d479d7b8726/ HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ghvvhjgvjhhvb.santacruzcargosrl.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="Sec-WebSocket-Key: 8h4MFtqfkyO3lZ+WOsfUPQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?vv=michael.langedijk@mobilexpense.com&sso_reload=true HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/?vv=michael.langedijk@mobilexpense.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_eaF-Fe71oZcWvr096r6xEw2.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ghvvhjgvjhhvb.santacruzcargosrl.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_-8cgqRzfEOPEpYl9MSuPRw2.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ghvvhjgvjhhvb.santacruzcargosrl.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_b6qmkv34zrtzwovprnovhw2.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ghvvhjgvjhhvb.santacruzcargosrl.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_b6qmkv34zrtzwovprnovhw2.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: l1ve.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /04a37a65110740b7827e9d479d7b8726/ HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ghvvhjgvjhhvb.santacruzcargosrl.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1Sec-WebSocket-Key: me9Bqknsbv9Zp1EwTqqPFA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_-8cgqRzfEOPEpYl9MSuPRw2.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: 540c833d-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /04a37a65110740b7827e9d479d7b8726/ HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ghvvhjgvjhhvb.santacruzcargosrl.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=ca15c061-6be7-47f5-a0b5-18436f5ac03e; brcap=0Sec-WebSocket-Key: UdcJPAi8oTRuct0HqixIug==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /dec6ba50-04a37a65.santacruzcargosrl.com/winauth/ssoprobe?client-request-id=c79cf263-a1cf-4f67-926b-e1bdd74e525c&_=1739547429588 HTTP/1.1Host: 874a96e7-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4ba7c391e6f3f547d8ce.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_9508950c2b89b79b3f88.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /04a37a65110740b7827e9d479d7b8726/ HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ghvvhjgvjhhvb.santacruzcargosrl.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=ca15c061-6be7-47f5-a0b5-18436f5ac03e; brcap=0; ai_session=8gtqzOZ22AmkPRah8aLzpp\|1739547432261\|1739547432261Sec-WebSocket-Key: ChKiVmZ5NYFhnJNo9By3CQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-1hydalwskawlxnkxmkobien0ynyazcmqepcjeqdvih0/logintenantbranding/0/bannerlogo?ts=638011567569319580 HTTP/1.1Host: e69c9dd4-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-1hydalwskawlxnkxmkobien0ynyazcmqepcjeqdvih0/logintenantbranding/0/favicon?ts=638169015598283767 HTTP/1.1Host: e69c9dd4-04a37a65.santacruzcargosrl.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ghvvhjgvjhhvb.santacruzcargosrl.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_9508950c2b89b79b3f88.js HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="
Source: global traffic	HTTP traffic detected: GET /common/instrumentation/dssostatus HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=ca15c061-6be7-47f5-a0b5-18436f5ac03e; brcap=0; ai_session=8gtqzOZ22AmkPRah8aLzpp\|1739547432261\|1739547432261
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg HTTP/1.1Host: 418eb79b-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; MC1="GUID=276d715bae6d44a5a0fc47caca47f537&HASH=276d&LV=202502&V=4&LU=1739542883222"; MS0=3ea8041ca8714170aa4b85792a3caf6d
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-1hydalwskawlxnkxmkobien0ynyazcmqepcjeqdvih0/logintenantbranding/0/bannerlogo?ts=638011567569319580 HTTP/1.1Host: e69c9dd4-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; MC1="GUID=276d715bae6d44a5a0fc47caca47f537&HASH=276d&LV=202502&V=4&LU=1739542883222"; MS0=3ea8041ca8714170aa4b85792a3caf6d
Source: global traffic	HTTP traffic detected: GET /c1c6b6c8-1hydalwskawlxnkxmkobien0ynyazcmqepcjeqdvih0/logintenantbranding/0/favicon?ts=638169015598283767 HTTP/1.1Host: e69c9dd4-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; MC1="GUID=276d715bae6d44a5a0fc47caca47f537&HASH=276d&LV=202502&V=4&LU=1739542883222"; MS0=3ea8041ca8714170aa4b85792a3caf6d
Source: global traffic	HTTP traffic detected: GET /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1Host: 02a33b31-04a37a65.santacruzcargosrl.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; MC1="GUID=276d715bae6d44a5a0fc47caca47f537&HASH=276d&LV=202502&V=4&LU=1739542883222"; MS0=3ea8041ca8714170aa4b85792a3caf6d
Source: global traffic	HTTP traffic detected: GET /04a37a65110740b7827e9d479d7b8726/ HTTP/1.1Host: ghvvhjgvjhhvb.santacruzcargosrl.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ghvvhjgvjhhvb.santacruzcargosrl.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: smgsX0="MDRhMzdhNjUtMTEwNy00MGI3LTgyN2UtOWQ0NzlkN2I4NzI2OjZiZWJkNzYyLTMzZTItNGU0NC04MTczLTI4NDMyMGQwODQ5Yw=="; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; MicrosoftApplicationsTelemetryDeviceId=ca15c061-6be7-47f5-a0b5-18436f5ac03e; brcap=0; ai_session=8gtqzOZ22AmkPRah8aLzpp\|1739547432261\|1739547432261; MC1="GUID=276d715bae6d44a5a0fc47caca47f537&HASH=276d&LV=202502&V=4&LU=1739542883222"; MS0=3ea8041ca8714170aa4b85792a3caf6d; MSFPC=GUID=276d715bae6d44a5a0fc47caca47f537&HASH=276d&LV=202502&V=4&LU=1739542883222Sec-WebSocket-Key: 5AXroKtCKOoR0MewkwvJSg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org

Source: global traffic	DNS traffic detected: DNS query: aral-latam.com
Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ghvvhjgvjhhvb.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: 418eb79b-04a37a65.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: 647d8da9-04a37a65.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: 3b072b6e-04a37a65.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: l1ve.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: 540c833d-04a37a65.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: 874a96e7-04a37a65.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: e69c9dd4-04a37a65.santacruzcargosrl.com
Source: global traffic	DNS traffic detected: DNS query: 02a33b31-04a37a65.santacruzcargosrl.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Feb 2025 14:18:40 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 00f22ae7-c4c6-4a48-bcec-1b5335261700x-ms-ests-server: 2.1.20051.5 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: a3e2304b-2e36-441f-8995-5056f8516f00x-ms-ests-server: 2.1.20003.9 - NEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 4fc81baf-4348-4569-b93b-b355dda23000x-ms-ests-server: 2.1.20003.9 - FRC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: no-store, no-cachex-ms-correlation-id: 97aa64cb-6486-4d05-b683-942ad2d38bc8x-ua-compatible: IE=Edgex-cache: CONFIG_NOCACHEx-msedge-ref: Ref A: 1627FE87FB884A268BAA66884447EF2C Ref B: AMS231032604045 Ref C: 2025-02-14T14:21:14Zaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 15dfdbb1-365f-49fe-a592-b1df82630b00x-ms-ests-server: 2.1.20003.9 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 2eca3e3f-b69d-46ef-b5f3-833b47ae3300x-ms-ests-server: 2.1.20003.9 - SEC ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Feb 2025 14:21:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encodingcache-control: privatep3p: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: 3e9571b2-e8c4-4358-8ad7-3556b1d25500x-ms-ests-server: 2.1.20003.9 - WEULR1 ProdSlicesreport-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://647d8da9-04a37a65.santacruzcargosrl.com/api/report?catId=GW+estsfd+ams2"}]}nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.Preferrer-policy: strict-origin-when-cross-originaccess-control-allow-origin: access-control-allow-headers:

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.0.dr	String found in binary or memory: https://www.adobe.co

Source: unknown	Network traffic detected: HTTP traffic on port 62601 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62609 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62618 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62599 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62610 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 62593 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62585 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62609
Source: unknown	Network traffic detected: HTTP traffic on port 62629 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62604 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62621 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62601
Source: unknown	Network traffic detected: HTTP traffic on port 62579 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62602
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62603
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62604
Source: unknown	Network traffic detected: HTTP traffic on port 62582 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62605
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62606
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62607
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62608
Source: unknown	Network traffic detected: HTTP traffic on port 62596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62615 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62600
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62626 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62580
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62581
Source: unknown	Network traffic detected: HTTP traffic on port 62603 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62579
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62612
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62613
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62614
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62615
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62616
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62618
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62619
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 62597 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 62631 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62577
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62610
Source: unknown	Network traffic detected: HTTP traffic on port 62612 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62611
Source: unknown	Network traffic detected: HTTP traffic on port 62591 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62590
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62591
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62592
Source: unknown	Network traffic detected: HTTP traffic on port 62606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62583 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62623
Source: unknown	Network traffic detected: HTTP traffic on port 62580 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62624
Source: unknown	Network traffic detected: HTTP traffic on port 62577 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62625
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62626
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62627
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62628
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62629
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62582
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62583
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62584
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62585
Source: unknown	Network traffic detected: HTTP traffic on port 62634 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62586
Source: unknown	Network traffic detected: HTTP traffic on port 62594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62587
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62620
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62621
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62589
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62622
Source: unknown	Network traffic detected: HTTP traffic on port 62592 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62628 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62586 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62605 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62634
Source: unknown	Network traffic detected: HTTP traffic on port 62614 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62593
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62594
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62595
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62597
Source: unknown	Network traffic detected: HTTP traffic on port 62595 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62598
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62631
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62599
Source: unknown	Network traffic detected: HTTP traffic on port 62625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62589 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62611 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62590 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62584 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62581 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62616 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62587 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62602 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62613 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62598 -> 443

Source: classification engine

Classification label: mal68.phis.winPDF@29/100@33/9

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-02-14 09-18-32-567.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Michael.langedijk Vacations and salaries.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1716,i,16231115247410210710,14177633878551563429,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aral-latam.com/yoya/michael.langedijk@mobilexpense.com/bWljaGFlbC5sYW5nZWRpamtAbW9iaWxleHBlbnNlLmNvbQ==
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2036,i,4628127369903158306,14261556293105471556,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1716,i,16231115247410210710,14177633878551563429,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=2036,i,4628127369903158306,14261556293105471556,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Michael.langedijk Vacations and salaries.pdf	Initial sample: PDF keyword /JS count = 0
Source: Michael.langedijk Vacations and salaries.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9p3bpce_qdek9w_420.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9p3bpce_qdek9w_420.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Michael.langedijk Vacations and salaries.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

ID:	1615151
Product:	CloudBasic
Start time:	15:17:37
Start date:	14.02.2025
Sample:	Michael.langedijk Vacations and salaries.pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	ed0f4d42952e2696cb11beffcfd28178
SHA1:	8e1b6f6d1ae4fe8fe0a964d4af370ba92682ac88
SHA256:	49bb4f56744c70ac85a97a7d119321253acaaf8535b8616069e69ec670e19f4a
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Windows Analysis Report
Michael.langedijk Vacations and salaries.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report Michael.langedijk Vacations and salaries.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
Michael.langedijk Vacations and salaries.pdf