Edit tour

Windows Analysis Report
https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10

Overview

General Information

Sample URL:	https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10
Analysis ID:	1500395
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Drops files with a non-matching file extension (content does not match file extension)

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2528,i,7590472072302088992,16121679000214963585,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

Acrobat.exe (PID: 5752 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 5664 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 3688 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2160 --field-trial-handle=1596,i,15970232470759308740,10123792887249288780,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49725 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86

Source: global traffic	HTTP traffic detected: GET /doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10 HTTP/1.1Host: api.elementarypos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: api.elementarypos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10 HTTP/1.1Host: api.elementarypos.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=spSRR6Mwb1TMFpX&MD=8UH7bNmV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=spSRR6Mwb1TMFpX&MD=8UH7bNmV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: api.elementarypos.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2528,i,7590472072302088992,16121679000214963585,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10"
Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2160 --field-trial-handle=1596,i,15970232470759308740,10123792887249288780,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2528,i,7590472072302088992,16121679000214963585,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2160 --field-trial-handle=1596,i,15970232470759308740,10123792887249288780,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 226
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 226			Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label	Link
https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10	0%	Avira URL Cloud	safe
https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10	0%	Virustotal		Browse

Source	Detection	Scanner	Label
https://chrome.cloudflare-dns.com/dns-query	0%	URL Reputation	safe
https://api.elementarypos.com/favicon.ico	0%	Avira URL Cloud	safe
file:///C:/Users/user/Downloads/downloaded.pdf	0%	Avira URL Cloud	safe

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	162.159.61.3	true	false	unknown
www.google.com	142.250.185.68	true	false	unknown
api.elementarypos.com	3.75.191.100	true	false	unknown

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
3.75.191.100	api.elementarypos.com	United States	16509	AMAZON-02US	false

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1500395
Start date and time:	2024-08-28 12:04:51 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@38/55@5/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found PDF document Close Viewer

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.171348171822452
Encrypted:	false
SSDEEP:	6:N8q5pM+q2P92nKuAl9OmbnIFUt888qJEXZmw+88qmjMVkwO92nKuAl9OmbjLJ:NBPM+v4HAahFUt88BJEX/+8BMMV5LHAR
MD5:	B5B5FEA05DEFE61F719518F5DC5940FA
SHA1:	78D67139E9CE97E2F1B969EE6251C68EA2F06CBC
SHA-256:	2ADA4A38B1500792A4A0B498A20415FFF54196F50C6D0032A702F5235C20573B
SHA-512:	8308E29DC13B2611C5AA1150DD87C0148197DC573FC0923BEB607480FCDA5D6E8D6A7C93B144EF118991F4F11AB2652A8BA2C249DF40AB9BAA3C19C8A1BADDDB
Malicious:	false
Reputation:	low
Preview:	2024/08/28-06:07:01.741 e8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/28-06:07:01.743 e8c Recovering log #3.2024/08/28-06:07:01.744 e8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 09:05:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.977557224567105
Encrypted:	false
SSDEEP:	48:8oJdVT9ZNcHxZidAKZdA19ehwiZUklqehTy+3:8CPNIIy
MD5:	CA05852D5D14416CD8EB869472B648B5
SHA1:	DFE431B858CEC16609224705318141D429C2ADAD
SHA-256:	24B6A6A6563FC53D9140454143C7572E49EDC7CD1FEA25C7D3A3E25B3FFCDA3F
SHA-512:	5A219184549E926B8F6D30AC70AC94D7937ED0F19BE0717A45BE544EDD742BBF48A031D46D027128AE33E3555E8E077BF44CBB3AF85E0A22C2D91DCF34B19A12
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......u.1...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.P....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 12:05:37.044229031 CEST	49675	443	192.168.2.5	23.1.237.91
Aug 28, 2024 12:05:37.044230938 CEST	49674	443	192.168.2.5	23.1.237.91
Aug 28, 2024 12:05:37.372317076 CEST	49673	443	192.168.2.5	23.1.237.91
Aug 28, 2024 12:05:43.996931076 CEST	49709	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:43.996979952 CEST	443	49709	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:43.997075081 CEST	49709	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:43.999208927 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:43.999218941 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:43.999283075 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:43.999759912 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:43.999774933 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:44.000086069 CEST	49709	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:44.000097036 CEST	443	49709	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:44.642976999 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:44.643301964 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:44.643326998 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:44.643722057 CEST	443	49709	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:44.643868923 CEST	49709	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:44.643876076 CEST	443	49709	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:44.644273043 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:44.644334078 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:44.644917965 CEST	443	49709	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:44.644974947 CEST	49709	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:44.645478010 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:44.645551920 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:44.645849943 CEST	49709	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:44.645915985 CEST	443	49709	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:44.646195889 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:44.646203995 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:44.686933041 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:44.716555119 CEST	49709	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:44.716573000 CEST	443	49709	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:44.908510923 CEST	49709	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:45.013020992 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:45.013045073 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:45.013056993 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:45.013071060 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:45.013103008 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:45.013273954 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:45.013274908 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:45.013307095 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:45.013354063 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:45.014807940 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:45.014827013 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:45.014863968 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:45.014902115 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:45.014910936 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:45.014931917 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:45.014961958 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:45.014988899 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:45.025535107 CEST	49710	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:45.025557041 CEST	443	49710	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:46.496180058 CEST	49709	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:46.540504932 CEST	443	49709	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:46.646100998 CEST	49675	443	192.168.2.5	23.1.237.91
Aug 28, 2024 12:05:46.646100998 CEST	49674	443	192.168.2.5	23.1.237.91
Aug 28, 2024 12:05:46.756937981 CEST	443	49709	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:46.757030964 CEST	443	49709	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:46.757247925 CEST	49709	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:46.830431938 CEST	49709	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:46.830459118 CEST	443	49709	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:46.986531973 CEST	49673	443	192.168.2.5	23.1.237.91
Aug 28, 2024 12:05:47.214456081 CEST	49713	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:47.214509964 CEST	443	49713	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:47.214610100 CEST	49713	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:47.216440916 CEST	49713	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:47.216454983 CEST	443	49713	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:47.330080032 CEST	49714	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:05:47.330107927 CEST	443	49714	142.250.185.68	192.168.2.5
Aug 28, 2024 12:05:47.330166101 CEST	49714	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:05:47.333601952 CEST	49714	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:05:47.333622932 CEST	443	49714	142.250.185.68	192.168.2.5
Aug 28, 2024 12:05:47.349493027 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:47.349539042 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:47.349775076 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:47.350289106 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:47.350302935 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:47.857619047 CEST	443	49713	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:47.857692957 CEST	49713	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:47.871840000 CEST	49713	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:47.871865034 CEST	443	49713	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:47.872095108 CEST	443	49713	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:47.919195890 CEST	49713	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:47.985234022 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:47.992681026 CEST	443	49714	142.250.185.68	192.168.2.5
Aug 28, 2024 12:05:48.018158913 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:48.018183947 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.018412113 CEST	49714	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:05:48.018434048 CEST	443	49714	142.250.185.68	192.168.2.5
Aug 28, 2024 12:05:48.018620968 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.021256924 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:48.021346092 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.021425962 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:48.022810936 CEST	443	49714	142.250.185.68	192.168.2.5
Aug 28, 2024 12:05:48.022897959 CEST	49714	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:05:48.029057026 CEST	49714	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:05:48.029247046 CEST	443	49714	142.250.185.68	192.168.2.5
Aug 28, 2024 12:05:48.055617094 CEST	49713	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:48.068497896 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.075474977 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:48.075737000 CEST	49714	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:05:48.075751066 CEST	443	49714	142.250.185.68	192.168.2.5
Aug 28, 2024 12:05:48.100500107 CEST	443	49713	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:48.122332096 CEST	49714	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:05:48.244920015 CEST	443	49713	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:48.244993925 CEST	443	49713	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:48.245074034 CEST	49713	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:48.332763910 CEST	49713	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:48.332792044 CEST	443	49713	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:48.369132042 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.369152069 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.369158983 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.369177103 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.369188070 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.369196892 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.369205952 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:48.369216919 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.369236946 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:48.369256020 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:48.370359898 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.370377064 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.370431900 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:48.370438099 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.370487928 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:48.371326923 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.371372938 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:48.371376038 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.371422052 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.371457100 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:48.371462107 CEST	443	49715	3.75.191.100	192.168.2.5
Aug 28, 2024 12:05:48.371481895 CEST	49715	443	192.168.2.5	3.75.191.100
Aug 28, 2024 12:05:48.378171921 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:48.378199100 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:48.378252029 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:48.378526926 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:48.378539085 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:48.651736975 CEST	443	49703	23.1.237.91	192.168.2.5
Aug 28, 2024 12:05:48.651829958 CEST	49703	443	192.168.2.5	23.1.237.91
Aug 28, 2024 12:05:49.015392065 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:49.015460968 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:49.017213106 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:49.017239094 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:49.017473936 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:49.018429995 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:49.060499907 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:49.291388988 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:49.291469097 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:49.291656017 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:49.413314104 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:49.413351059 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:49.413366079 CEST	49716	443	192.168.2.5	184.28.90.27
Aug 28, 2024 12:05:49.413372993 CEST	443	49716	184.28.90.27	192.168.2.5
Aug 28, 2024 12:05:57.255728006 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:57.255775928 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:57.255845070 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:57.257247925 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:57.257258892 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:57.882148027 CEST	443	49714	142.250.185.68	192.168.2.5
Aug 28, 2024 12:05:57.882210970 CEST	443	49714	142.250.185.68	192.168.2.5
Aug 28, 2024 12:05:57.882270098 CEST	49714	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:05:57.932373047 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:57.932449102 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:57.934328079 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:57.934341908 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:57.934554100 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:57.982961893 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:58.542927980 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:58.588500977 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:58.765759945 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:58.765780926 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:58.765788078 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:58.765798092 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:58.765835047 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:58.765872002 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:58.765898943 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:58.765919924 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:58.765947104 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:58.765990019 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:58.766077995 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:58.766086102 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:58.766325951 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:58.766379118 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:58.803910017 CEST	49714	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:05:58.803941011 CEST	443	49714	142.250.185.68	192.168.2.5
Aug 28, 2024 12:05:59.476901054 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:59.476932049 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:05:59.476943970 CEST	49718	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:05:59.476949930 CEST	443	49718	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:35.934278965 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:35.934309006 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:35.935811996 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:35.936537981 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:35.936548948 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.616529942 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.616604090 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:36.620773077 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:36.620780945 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.621006012 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.631469011 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:36.676506042 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.882086992 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.882105112 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.882121086 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.882208109 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:36.882225990 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.882285118 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:36.883269072 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.883302927 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.883339882 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:36.883346081 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.883382082 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:36.883429050 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.883470058 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.883521080 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:36.886954069 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:36.886967897 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:36.886979103 CEST	49725	443	192.168.2.5	13.85.23.86
Aug 28, 2024 12:06:36.886986017 CEST	443	49725	13.85.23.86	192.168.2.5
Aug 28, 2024 12:06:47.379802942 CEST	49727	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:06:47.379846096 CEST	443	49727	142.250.185.68	192.168.2.5
Aug 28, 2024 12:06:47.379987955 CEST	49727	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:06:47.380419016 CEST	49727	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:06:47.380434036 CEST	443	49727	142.250.185.68	192.168.2.5
Aug 28, 2024 12:06:48.030704975 CEST	443	49727	142.250.185.68	192.168.2.5
Aug 28, 2024 12:06:48.031029940 CEST	49727	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:06:48.031045914 CEST	443	49727	142.250.185.68	192.168.2.5
Aug 28, 2024 12:06:48.032902002 CEST	443	49727	142.250.185.68	192.168.2.5
Aug 28, 2024 12:06:48.033409119 CEST	49727	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:06:48.033476114 CEST	443	49727	142.250.185.68	192.168.2.5
Aug 28, 2024 12:06:48.076457977 CEST	49727	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:06:57.939165115 CEST	443	49727	142.250.185.68	192.168.2.5
Aug 28, 2024 12:06:57.939244986 CEST	443	49727	142.250.185.68	192.168.2.5
Aug 28, 2024 12:06:57.939304113 CEST	49727	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:06:58.800199032 CEST	49727	443	192.168.2.5	142.250.185.68
Aug 28, 2024 12:06:58.800223112 CEST	443	49727	142.250.185.68	192.168.2.5
Aug 28, 2024 12:07:07.831785917 CEST	49731	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:07.831826925 CEST	443	49731	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:07.832004070 CEST	49732	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:07.832050085 CEST	443	49732	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:07.832089901 CEST	49731	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:07.832098961 CEST	49732	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:07.832314014 CEST	49731	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:07.832328081 CEST	443	49731	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:07.832465887 CEST	49732	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:07.832489967 CEST	443	49732	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.308331013 CEST	443	49731	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.308743000 CEST	49731	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.308753967 CEST	443	49731	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.309797049 CEST	443	49731	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.309952974 CEST	49731	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.312176943 CEST	49731	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.312242031 CEST	443	49731	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.312454939 CEST	49731	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.312463045 CEST	443	49731	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.316788912 CEST	443	49732	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.316999912 CEST	49732	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.317012072 CEST	443	49732	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.317996025 CEST	443	49732	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.318075895 CEST	49732	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.319946051 CEST	49732	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.319994926 CEST	443	49732	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.320280075 CEST	49732	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.320286036 CEST	443	49732	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.418390036 CEST	49731	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.418494940 CEST	49732	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.423353910 CEST	443	49731	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.423424959 CEST	443	49731	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.423624992 CEST	49731	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.423899889 CEST	49731	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.423914909 CEST	443	49731	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.460381985 CEST	443	49732	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.460438967 CEST	443	49732	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:08.460506916 CEST	49732	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.460798979 CEST	49732	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:08.460808039 CEST	443	49732	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.256803036 CEST	49733	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.256839991 CEST	443	49733	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.256953001 CEST	49733	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.257167101 CEST	49733	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.257184029 CEST	443	49733	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.735059023 CEST	443	49733	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.735371113 CEST	49733	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.735384941 CEST	443	49733	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.736268044 CEST	443	49733	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.736326933 CEST	49733	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.736743927 CEST	49733	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.736809015 CEST	443	49733	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.736892939 CEST	49733	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.736900091 CEST	443	49733	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.776717901 CEST	49733	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.860266924 CEST	443	49733	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.860346079 CEST	443	49733	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.860399008 CEST	49733	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.860733986 CEST	49733	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.860755920 CEST	443	49733	162.159.61.3	192.168.2.5

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 12:05:42.780553102 CEST	53	53596	1.1.1.1	192.168.2.5
Aug 28, 2024 12:05:42.780574083 CEST	53	56468	1.1.1.1	192.168.2.5
Aug 28, 2024 12:05:43.940774918 CEST	53337	53	192.168.2.5	1.1.1.1
Aug 28, 2024 12:05:43.940924883 CEST	65522	53	192.168.2.5	1.1.1.1
Aug 28, 2024 12:05:43.951467991 CEST	53	53507	1.1.1.1	192.168.2.5
Aug 28, 2024 12:05:43.976541042 CEST	53	53337	1.1.1.1	192.168.2.5
Aug 28, 2024 12:05:44.124886990 CEST	53	65522	1.1.1.1	192.168.2.5
Aug 28, 2024 12:05:47.317997932 CEST	58823	53	192.168.2.5	1.1.1.1
Aug 28, 2024 12:05:47.318341970 CEST	63982	53	192.168.2.5	1.1.1.1
Aug 28, 2024 12:05:47.324903011 CEST	53	58823	1.1.1.1	192.168.2.5
Aug 28, 2024 12:05:47.325263023 CEST	53	63982	1.1.1.1	192.168.2.5
Aug 28, 2024 12:06:01.917702913 CEST	53	55632	1.1.1.1	192.168.2.5
Aug 28, 2024 12:06:20.756095886 CEST	53	62538	1.1.1.1	192.168.2.5
Aug 28, 2024 12:06:42.204334974 CEST	53	60164	1.1.1.1	192.168.2.5
Aug 28, 2024 12:06:43.365408897 CEST	53	55179	1.1.1.1	192.168.2.5
Aug 28, 2024 12:07:07.681168079 CEST	64460	53	192.168.2.5	1.1.1.1
Aug 28, 2024 12:07:07.830111027 CEST	53	64460	1.1.1.1	192.168.2.5
Aug 28, 2024 12:07:13.954778910 CEST	61619	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.256800890 CEST	61619	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.430202007 CEST	443	61619	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.430222988 CEST	443	61619	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.430233002 CEST	443	61619	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.430238962 CEST	443	61619	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.430248976 CEST	443	61619	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:14.431168079 CEST	61619	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.432909966 CEST	61619	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.793360949 CEST	61619	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:14.893070936 CEST	443	61619	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:15.174985886 CEST	61619	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:15.175318956 CEST	61619	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:15.274760008 CEST	443	61619	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:15.274785995 CEST	443	61619	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:15.274800062 CEST	443	61619	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:15.274808884 CEST	443	61619	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:15.275301933 CEST	61619	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:15.275522947 CEST	61619	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:15.375755072 CEST	443	61619	162.159.61.3	192.168.2.5
Aug 28, 2024 12:07:15.401251078 CEST	61619	443	192.168.2.5	162.159.61.3
Aug 28, 2024 12:07:27.069641113 CEST	61619	443	192.168.2.5	162.159.61.3

Timestamp	Bytes transferred	Direction	Data
2024-08-28 10:05:44 UTC	712	OUT	GET /doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10 HTTP/1.1 Host: api.elementarypos.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 10:05:45 UTC	526	IN	HTTP/1.1 200 Server: nginx/1.18.0 (Ubuntu) Date: Wed, 28 Aug 2024 10:05:44 GMT Content-Type: application/pdf Content-Length: 36092 Connection: close content-disposition: filename=UTF-8''5D4A-1.pdf access-control-expose-headers: Content-Disposition Access-Control-Allow-Origin: Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,x-api-key
2024-08-28 10:05:45 UTC	15858	IN	Data Raw: 25 50 44 46 2d 31 2e 34 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 4c 65 6e 67 74 68 20 39 39 36 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 3e 3e 73 74 72 65 61 6d 0a 78 9c 9d 98 cd 4e db 40 10 c7 57 ca a1 92 2f b4 22 21 a5 b4 92 0f 94 82 54 16 ef 87 d7 eb 6b 15 48 c4 87 08 10 0a 95 e8 a5 6a 7b a8 c4 81 5e fa 58 3d f4 da 97 ea 1b 74 66 bd 0e b1 bd b3 01 84 8c 82 c7 bf 99 ff 8e 77 66 36 dc 25 1f 66 89 32 a9 cd 4c 3a fb 9a a8 bc e4 46 a5 bb c2 e2 5f 7b 07 22 15 32 9d 7d 4f b6 99 60 7f d9 94 4d d8 25 3b 67 3d 36 86 4f 3d f8 3c 61 07 ec 98 ed c3 bd 37 f0 f7 4b f6 8e 0d d9 26 7b ce fa 3b b3 1f c9 ae f7 96 a1 2f 9d 49 5e d4 8e b7 d9 cd 8e 63 8f d8 c8 91 03 b6 0e bf 47 ec d0 79 1f b0 55 b8 86 ce 47 c5 39 17 d9 3d de 43 5b 36 bf 5d ea 86 Data Ascii: %PDF-1.4%3 0 obj<</Length 996/Filter/FlateDecode>>streamxN@W/"!TkHj{^X=tfwf6%f2L:F_{"2}O`M%;g=6O=<a7K&{;/I^cGyUG9=C[6]
2024-08-28 10:05:45 UTC	16384	IN	Data Raw: 7a b4 21 e7 1e a4 e3 27 ed c6 eb 68 c8 e3 c7 5f 07 53 af a1 fc d9 29 8d c6 c8 0e 83 ef 95 1e 0c 83 5f bb 1a a1 d5 35 d7 d7 81 b6 57 c8 0a 3f 8b fd 89 30 58 d9 25 de 01 30 45 df 6f 8d 0e c7 49 94 85 66 40 0f 20 59 47 c3 7e e0 3a 72 d0 e6 15 de f3 34 cc 33 bc 77 8a d4 45 e4 28 1c d5 d1 70 dd a8 fd 8f ee 77 bf ce fd 73 e1 e7 ce 5d 1d ef 27 98 da a8 cd b9 46 d7 8d 79 d6 ca ea 5f af 5e ab 5f 34 ec 15 b1 27 12 02 28 ff 83 83 af 25 e6 44 ca e1 7b 0e 6d df a1 ed 51 1a f6 05 7c 2f 95 d3 88 46 fa 88 f0 7c 9d fb d7 ee dd c0 c7 2f ac c9 da 9a ca f3 95 01 34 0a fb ed 34 79 04 8d e2 ef 3d 22 ef 72 1a de d5 84 df 19 f0 6f 10 b5 6f 64 f8 b9 25 ff 1e b1 2f f6 ef 26 32 a9 0f 92 57 fb 0e ea 77 d4 5d fb b6 47 0c 9f 8b 8e a3 a9 fc bb 38 f6 4c e8 7b ed ef 05 f0 6f 96 72 68 86 Data Ascii: z!'h_S)_5W?0X%0EoIf@ YG~:r43wE(pws]'Fy_^_4'(%D{mQ\|/F\|/44y="rood%/&2Ww]G8L{orh
2024-08-28 10:05:45 UTC	3850	IN	Data Raw: 0d ef 58 02 df 32 be e9 ff b6 85 df d5 f1 ef 08 f7 f9 3e 36 56 f8 6a 94 73 be 1a ed fb a5 77 f4 6f 72 f8 f7 79 da fb c8 6f a9 9b f6 3d db 57 be 2b da f7 fc e8 47 ce a0 5c 29 1c 7d cc a2 09 52 4f 5a 2d df 4a 13 94 03 38 27 5a 68 b4 b2 9f 46 8b 97 68 ba d4 9a 46 2a cf d3 ad 92 85 d6 f8 d3 a3 e5 0a ba 43 fe 86 ee 50 ca 69 b4 94 82 b1 53 68 94 f2 0c da ac a7 e5 f2 97 e8 33 19 65 ad b5 f2 91 52 26 cd 97 8a 11 27 dc 4b f7 29 1f d3 36 69 2e 8d 92 a6 d1 c3 f2 5f e8 0e f5 4b ba 53 0a 46 fd 56 74 8f 94 86 ba 5e ba 5d 19 42 8f 6a df d0 f3 ef ef 9b 9c 77 f8 fd 55 e0 dd 8c ff dd 40 7f d3 5e b2 a8 c7 29 c1 34 90 8a d4 f6 34 9a 7f 1f a3 0e a6 19 e6 8d 90 cf 22 ed 2e f1 7a df c2 fd 26 b0 30 9c bd 00 43 07 da 15 80 b6 1e 07 28 47 55 28 4a e9 4d ed a4 0d d4 4f 3c 4b 63 a5 Data Ascii: X2>6Vjsworyo=W+G\)}ROZ-J8'ZhFhF*CPiSh3eR&'K)6i._KSFVt^]BjwU@^)44".z&0C(GU(JMO<Kc

Timestamp	Bytes transferred	Direction	Data
2024-08-28 10:05:46 UTC	646	OUT	GET /favicon.ico HTTP/1.1 Host: api.elementarypos.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 10:05:46 UTC	285	IN	HTTP/1.1 404 Server: nginx/1.18.0 (Ubuntu) Date: Wed, 28 Aug 2024 10:05:46 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close vary: Origin vary: Access-Control-Request-Method vary: Access-Control-Request-Headers Access-Control-Allow-Origin: *
2024-08-28 10:05:46 UTC	111	IN	Data Raw: 36 34 0d 0a 7b 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 34 2d 30 38 2d 32 38 54 31 30 3a 30 35 3a 34 36 2e 36 36 31 2b 30 30 3a 30 30 22 2c 22 73 74 61 74 75 73 22 3a 34 30 34 2c 22 65 72 72 6f 72 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 70 61 74 68 22 3a 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 64{"timestamp":"2024-08-28T10:05:46.661+00:00","status":404,"error":"Not Found","path":"/favicon.ico"}0

Timestamp	Bytes transferred	Direction	Data
2024-08-28 10:05:48 UTC	384	OUT	GET /doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10 HTTP/1.1 Host: api.elementarypos.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 10:05:48 UTC	526	IN	HTTP/1.1 200 Server: nginx/1.18.0 (Ubuntu) Date: Wed, 28 Aug 2024 10:05:48 GMT Content-Type: application/pdf Content-Length: 36092 Connection: close content-disposition: filename=UTF-8''5D4A-1.pdf access-control-expose-headers: Content-Disposition Access-Control-Allow-Origin: Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,x-api-key
2024-08-28 10:05:48 UTC	15858	IN	Data Raw: 25 50 44 46 2d 31 2e 34 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 4c 65 6e 67 74 68 20 39 39 36 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 3e 3e 73 74 72 65 61 6d 0a 78 9c 9d 98 cd 4e db 40 10 c7 57 ca a1 92 2f b4 22 21 a5 b4 92 0f 94 82 54 16 ef 87 d7 eb 6b 15 48 c4 87 08 10 0a 95 e8 a5 6a 7b a8 c4 81 5e fa 58 3d f4 da 97 ea 1b 74 66 bd 0e b1 bd b3 01 84 8c 82 c7 bf 99 ff 8e 77 66 36 dc 25 1f 66 89 32 a9 cd 4c 3a fb 9a a8 bc e4 46 a5 bb c2 e2 5f 7b 07 22 15 32 9d 7d 4f b6 99 60 7f d9 94 4d d8 25 3b 67 3d 36 86 4f 3d f8 3c 61 07 ec 98 ed c3 bd 37 f0 f7 4b f6 8e 0d d9 26 7b ce fa 3b b3 1f c9 ae f7 96 a1 2f 9d 49 5e d4 8e b7 d9 cd 8e 63 8f d8 c8 91 03 b6 0e bf 47 ec d0 79 1f b0 55 b8 86 ce 47 c5 39 17 d9 3d de 43 5b 36 bf 5d ea 86 Data Ascii: %PDF-1.4%3 0 obj<</Length 996/Filter/FlateDecode>>streamxN@W/"!TkHj{^X=tfwf6%f2L:F_{"2}O`M%;g=6O=<a7K&{;/I^cGyUG9=C[6]
2024-08-28 10:05:48 UTC	16384	IN	Data Raw: 7a b4 21 e7 1e a4 e3 27 ed c6 eb 68 c8 e3 c7 5f 07 53 af a1 fc d9 29 8d c6 c8 0e 83 ef 95 1e 0c 83 5f bb 1a a1 d5 35 d7 d7 81 b6 57 c8 0a 3f 8b fd 89 30 58 d9 25 de 01 30 45 df 6f 8d 0e c7 49 94 85 66 40 0f 20 59 47 c3 7e e0 3a 72 d0 e6 15 de f3 34 cc 33 bc 77 8a d4 45 e4 28 1c d5 d1 70 dd a8 fd 8f ee 77 bf ce fd 73 e1 e7 ce 5d 1d ef 27 98 da a8 cd b9 46 d7 8d 79 d6 ca ea 5f af 5e ab 5f 34 ec 15 b1 27 12 02 28 ff 83 83 af 25 e6 44 ca e1 7b 0e 6d df a1 ed 51 1a f6 05 7c 2f 95 d3 88 46 fa 88 f0 7c 9d fb d7 ee dd c0 c7 2f ac c9 da 9a ca f3 95 01 34 0a fb ed 34 79 04 8d e2 ef 3d 22 ef 72 1a de d5 84 df 19 f0 6f 10 b5 6f 64 f8 b9 25 ff 1e b1 2f f6 ef 26 32 a9 0f 92 57 fb 0e ea 77 d4 5d fb b6 47 0c 9f 8b 8e a3 a9 fc bb 38 f6 4c e8 7b ed ef 05 f0 6f 96 72 68 86 Data Ascii: z!'h_S)_5W?0X%0EoIf@ YG~:r43wE(pws]'Fy_^_4'(%D{mQ\|/F\|/44y="rood%/&2Ww]G8L{orh
2024-08-28 10:05:48 UTC	3850	IN	Data Raw: 0d ef 58 02 df 32 be e9 ff b6 85 df d5 f1 ef 08 f7 f9 3e 36 56 f8 6a 94 73 be 1a ed fb a5 77 f4 6f 72 f8 f7 79 da fb c8 6f a9 9b f6 3d db 57 be 2b da f7 fc e8 47 ce a0 5c 29 1c 7d cc a2 09 52 4f 5a 2d df 4a 13 94 03 38 27 5a 68 b4 b2 9f 46 8b 97 68 ba d4 9a 46 2a cf d3 ad 92 85 d6 f8 d3 a3 e5 0a ba 43 fe 86 ee 50 ca 69 b4 94 82 b1 53 68 94 f2 0c da ac a7 e5 f2 97 e8 33 19 65 ad b5 f2 91 52 26 cd 97 8a 11 27 dc 4b f7 29 1f d3 36 69 2e 8d 92 a6 d1 c3 f2 5f e8 0e f5 4b ba 53 0a 46 fd 56 74 8f 94 86 ba 5e ba 5d 19 42 8f 6a df d0 f3 ef ef 9b 9c 77 f8 fd 55 e0 dd 8c ff dd 40 7f d3 5e b2 a8 c7 29 c1 34 90 8a d4 f6 34 9a 7f 1f a3 0e a6 19 e6 8d 90 cf 22 ed 2e f1 7a df c2 fd 26 b0 30 9c bd 00 43 07 da 15 80 b6 1e 07 28 47 55 28 4a e9 4d ed a4 0d d4 4f 3c 4b 63 a5 Data Ascii: X2>6Vjsworyo=W+G\)}ROZ-J8'ZhFhF*CPiSh3eR&'K)6i._KSFVt^]BjwU@^)44".z&0C(GU(JMO<Kc

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0f613add-bcd0-49b4-8a79-834ae490bba0.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240828100705Z-160.bmp

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Windows Analysis Report
https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10

Timestamp	Bytes transferred	Direction	Data
2024-08-28 10:05:48 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-28 10:05:48 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=257465 Date: Wed, 28 Aug 2024 10:05:48 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-08-28 10:05:49 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-28 10:05:49 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=257417 Date: Wed, 28 Aug 2024 10:05:49 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-28 10:05:49 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-08-28 10:05:58 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=spSRR6Mwb1TMFpX&MD=8UH7bNmV HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-28 10:05:58 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: beb8abd7-f79a-4141-9eff-66d335a85d6c MS-RequestId: 10149704-e8b6-4742-b953-d9f71a7c4ec2 MS-CV: f6+Ya7GEJE28O/HH.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 28 Aug 2024 10:05:58 GMT Connection: close Content-Length: 24490
2024-08-28 10:05:58 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-08-28 10:05:58 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-08-28 10:06:36 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=spSRR6Mwb1TMFpX&MD=8UH7bNmV HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-28 10:06:36 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 81cb2ae0-803f-4832-94f0-0e8eed518fbe MS-RequestId: 538220b5-14f8-4e87-94b9-b5c3ccd480da MS-CV: FZBZ3ztKpUK4z8/1.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 28 Aug 2024 10:06:36 GMT Connection: close Content-Length: 30005
2024-08-28 10:06:36 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-08-28 10:06:36 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Timestamp	Bytes transferred	Direction	Data
2024-08-28 10:07:08 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-08-28 10:07:08 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-08-28 10:07:08 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 28 Aug 2024 10:07:08 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8ba37e1d5b007ca8-EWR alt-svc: h3=":443"; ma=86400
2024-08-28 10:07:08 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0b 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomHc)

Timestamp	Bytes transferred	Direction	Data
2024-08-28 10:07:14 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-08-28 10:07:14 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 05 61 72 6d 6d 66 05 61 64 6f 62 65 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: armmfadobecom)TP
2024-08-28 10:07:14 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 28 Aug 2024 10:07:14 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8ba37e458f114396-EWR alt-svc: h3=":443"; ma=86400
2024-08-28 10:07:14 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 03 00 00 00 01 05 61 72 6d 6d 66 05 61 64 6f 62 65 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 01 1b 00 1b 03 73 73 6c 05 61 64 6f 62 65 03 63 6f 6d 07 65 64 67 65 6b 65 79 03 6e 65 74 00 c0 2d 00 05 00 01 00 00 54 4f 00 18 05 65 34 35 37 38 04 64 73 63 62 0a 61 6b 61 6d 61 69 65 64 67 65 c0 43 c0 54 00 01 00 01 00 00 00 03 00 04 68 7e 70 b6 00 00 29 04 d0 00 00 00 00 01 4d 00 0c 01 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: armmfadobecomssladobecomedgekeynet-TOe4578dscbakamaiedgeCTh~p)MI

Target ID:	0
Start time:	06:05:38
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	2
Start time:	06:05:41
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2528,i,7590472072302088992,16121679000214963585,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	3
Start time:	06:05:42
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://api.elementarypos.com/doc/receipt/97ad00f9-6c1f-4536-81e7-8bc31d2f3b10"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	7
Start time:	06:07:00
Start date:	28/08/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true