Edit tour

Windows Analysis Report
https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf

Overview

General Information

Sample URL:	https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf
Analysis ID:	1522593
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected landing page (webpage, office document or email)

Detected non-DNS traffic on DNS port

Drops files with a non-matching file extension (content does not match file extension)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2228,i,319041663171776435,16184202748421723685,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

Acrobat.exe (PID: 1512 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6244 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 3264 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1572,i,15161498098078104214,11881614933159754623,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 4196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://ebvq.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2280,i,2513450487053188419,1616630016891420058,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf	HTTP Parser: No favicon
Source: https://ebvq.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50244 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.6:50238 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: global traffic	HTTP traffic detected: GET /5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf HTTP/1.1Host: content.app-us1.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: content.app-us1.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdfAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf HTTP/1.1Host: content.app-us1.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4OOa8Fl3AUK+sGY&MD=NWsH1MXA HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4OOa8Fl3AUK+sGY&MD=NWsH1MXA HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/ HTTP/1.1Host: ebvq.prenticeu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ebvq.prenticeu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ebvq.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: content.app-us1.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: ebvq.prenticeu.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 30 Sep 2024 10:20:57 GMTContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closex-envoy-upstream-service-time: 9CF-Cache-Status: MISSStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadServer: cloudflareCF-RAY: 8cb37bbe2e5b4245-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 30 Sep 2024 10:22:42 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 8cb37e4dcbd38c0b-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 30 Sep 2024 10:22:45 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 8cb37e5d1de14345-EWR

Source: 2D85F72862B55C4EADD9E66E06947F3D0.9.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: downloaded.pdf.crdownload.0.dr, bf179198-5b8e-4e08-88b0-4ebfc0e42070.tmp.0.dr, chromecache_320.2.dr	String found in binary or memory: https://ebvq.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/)

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 50244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50244
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50244 version: TLS 1.2

Source: classification engine

Classification label: sus21.win@69/56@13/8

Source: chromecache_320.2.dr	Initial sample: https://ebvq.prenticeu.com/saflsieecgrzt_tukxhaoqhyyqb5e4/
Source: chromecache_320.2.dr	Initial sample: https://ebvq.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\9e4e928f-7e7b-48f1-9fec-29dfbc815596.tmp

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-30 06-22-17-402.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2228,i,319041663171776435,16184202748421723685,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf"
Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1572,i,15161498098078104214,11881614933159754623,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://ebvq.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2280,i,2513450487053188419,1616630016891420058,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2228,i,319041663171776435,16184202748421723685,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1572,i,15161498098078104214,11881614933159754623,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2280,i,2513450487053188419,1616630016891420058,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: file:///C:/Users/user/Downloads/downloaded.pdf

LLM: Page contains button: 'Find your downloads here' Source: '1.1.pages.csv'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 320
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 320			Jump to dropped file

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	11 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf	1%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
x1.i.lencr.org	0%	Virustotal	Browse
content.app-us1.com	1%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ebvq.prenticeu.com	188.114.96.3	true	false		unknown
content.app-us1.com	104.17.31.174	true	false	1%, Virustotal, Browse	unknown
www.google.com	142.250.185.100	true	false	0%, Virustotal, Browse	unknown
x1.i.lencr.org	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Reputation
https://ebvq.prenticeu.com/favicon.ico	false	unknown
https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf	false	unknown
file:///C:/Users/user/Downloads/downloaded.pdf	true	unknown
https://ebvq.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/	false	unknown
https://content.app-us1.com/favicon.ico	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.9.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://ebvq.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/)	downloaded.pdf.crdownload.0.dr, bf179198-5b8e-4e08-88b0-4ebfc0e42070.tmp.0.dr, chromecache_320.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
23.41.168.139	unknown	United States	6461	ZAYO-6461US	false
142.250.184.228	unknown	United States	15169	GOOGLEUS	false
142.250.184.196	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	ebvq.prenticeu.com	European Union	13335	CLOUDFLARENETUS	false
104.17.31.174	content.app-us1.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522593
Start date and time:	2024-09-30 12:20:02 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus21.win@69/56@13/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.185.174, 64.233.167.84, 34.104.35.123, 192.229.221.95, 199.232.210.172, 172.217.18.99, 2.19.244.159, 23.22.254.206, 52.202.204.11, 54.227.187.23, 52.5.13.197, 162.159.61.3, 172.64.41.3, 2.19.126.149, 2.19.126.143, 2.23.197.184, 172.217.18.3, 142.251.168.84, 142.250.185.78, 142.250.185.234, 172.217.18.10, 142.250.186.74, 142.250.186.42, 142.250.185.138, 142.250.184.234, 216.58.206.74, 142.250.185.170, 142.250.185.106, 172.217.16.202, 142.250.184.202, 216.58.212.170, 216.58.206.42, 142.250.185.202, 142.250.186.170, 142.250.181.234, 142.250.186.106, 216.58.212.138, 142.250.185.74, 142.250.186.138, 172.217.18.106, 216.58.212.131, 142.250.186.174
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, chromewebstore.googleapis.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, crl.root-x1.letsencrypt.org.edgekey.net, optimizationguide-pa.googleapis.com, clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
06:22:27	API Interceptor	1x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Input	Output
URL: https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf Model: jbxai	{ "brand":["Arendal Boligbyggelag", "Adobe"], "contains_trigger_text":true, "trigger_text":"Se vedlaqte faktura # 4484747.", "prominent_button_name":"PDF", "text_input_field_labels":["Se vedlaqte faktura # 4484747."], "pdf_icon_visible":true, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: file:///C:/Users/user/Downloads/downloaded.pdf Model: jbxai	{ "brand":["Arendal Boligbyggelag", "Adobe"], "contains_trigger_text":true, "trigger_text":"Se vedlaqte faktura # 4484747.", "prominent_button_name":"Find your downloads here", "text_input_field_labels":["Hilsen.", "Per Erik Hansen"], "pdf_icon_visible":true, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://ebvq.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/ Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: file:///C:/Users/user/Downloads/downloaded.pdf Model: jbxai	{ "brand":["Arendal Boligbyggelag", "Adobe"], "contains_trigger_text":true, "trigger_text":"Vennligst finn vedlagte faktura fra Arendal Boligbyggelag. Last ned fakturaen din s. snart som mulig.", "prominent_button_name":"PDF", "text_input_field_labels":"unknown", "pdf_icon_visible":true, "has_visible_captcha":false, "has_urgent_text":true, "has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.227446151343486
Encrypted:	false
SSDEEP:	6:PI1nq2PN72nKuAl9OmbnIFUt82Iz69Zmw+2I1FkwON72nKuAl9OmbjLJ:PQnvVaHAahFUt82N9/+2s5OaHAaSJ
MD5:	34489C458E27DE8E36DAAF8192107FCA
SHA1:	83AE21347486CC24A6761ECF058424A7DEB14699
SHA-256:	BDC7119BB75F9C0B366E97A17DDC95A65D2C5DBC6C81C706BBB1C0ECB17DB5E2
SHA-512:	01191DD47315F7998BF849A3D89B13CA450EBF558B01C693E477D79539C5B221FEBF46CE1F93BCCFC787F51C54665DC9B3287AE332039F9EE4CB7DB78BB1BFD7
Malicious:	false
Reputation:	low
Preview:	2024/09/30-06:22:14.973 5d4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/30-06:22:14.975 5d4 Recovering log #3.2024/09/30-06:22:14.976 5d4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.227446151343486
Encrypted:	false
SSDEEP:	6:PI1nq2PN72nKuAl9OmbnIFUt82Iz69Zmw+2I1FkwON72nKuAl9OmbjLJ:PQnvVaHAahFUt82N9/+2s5OaHAaSJ
MD5:	34489C458E27DE8E36DAAF8192107FCA
SHA1:	83AE21347486CC24A6761ECF058424A7DEB14699
SHA-256:	BDC7119BB75F9C0B366E97A17DDC95A65D2C5DBC6C81C706BBB1C0ECB17DB5E2
SHA-512:	01191DD47315F7998BF849A3D89B13CA450EBF558B01C693E477D79539C5B221FEBF46CE1F93BCCFC787F51C54665DC9B3287AE332039F9EE4CB7DB78BB1BFD7
Malicious:	false
Reputation:	low
Preview:	2024/09/30-06:22:14.973 5d4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/30-06:22:14.975 5d4 Recovering log #3.2024/09/30-06:22:14.976 5d4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.175261113415888
Encrypted:	false
SSDEEP:	6:PIJbmsN9+q2PN72nKuAl9Ombzo2jMGIFUt82IJwdXZmw+2IJwd3VkwON72nKuAlx:PKbD4vVaHAa8uFUt82Kw5/+2KwT5OaHA
MD5:	904A19F330E51979045E8DA0E33CD93A
SHA1:	C1101D9D0C8B5FFECE4E1EA113A3945EB67767D8
SHA-256:	EEB53FB1795F0FCDCA78D378FF58C726E8C23C77EFDB0F8F5422EDBF1F8038A1
SHA-512:	8CDCD5B7F574D70862242E5069B216C82B4DF5634D190DB1F6F109C9024502F9A37EDE10A57B8F052A0BEA057C5D42BA888A05F962B15DB87CF57CF108CB866B
Malicious:	false
Reputation:	low
Preview:	2024/09/30-06:22:15.006 998 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/30-06:22:15.007 998 Recovering log #3.2024/09/30-06:22:15.007 998 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.175261113415888
Encrypted:	false
SSDEEP:	6:PIJbmsN9+q2PN72nKuAl9Ombzo2jMGIFUt82IJwdXZmw+2IJwd3VkwON72nKuAlx:PKbD4vVaHAa8uFUt82Kw5/+2KwT5OaHA
MD5:	904A19F330E51979045E8DA0E33CD93A
SHA1:	C1101D9D0C8B5FFECE4E1EA113A3945EB67767D8
SHA-256:	EEB53FB1795F0FCDCA78D378FF58C726E8C23C77EFDB0F8F5422EDBF1F8038A1
SHA-512:	8CDCD5B7F574D70862242E5069B216C82B4DF5634D190DB1F6F109C9024502F9A37EDE10A57B8F052A0BEA057C5D42BA888A05F962B15DB87CF57CF108CB866B
Malicious:	false
Reputation:	low
Preview:	2024/09/30-06:22:15.006 998 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/30-06:22:15.007 998 Recovering log #3.2024/09/30-06:22:15.007 998 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8da833f9-4854-47fa-91a1-b1da3c809b39.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.965604377944479
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq2BsBdOg2HVOgcaq3QYiubcP7E4T3y:Y2sRdsydMHVOL3QYhbA7nby
MD5:	37C5772ACA15E083BAE27E3553C7297A
SHA1:	30048BEB0CB86347CE47602DAE9D222F64D3F0B3
SHA-256:	56A72F834139DB730D5A82B591FC279816789B117DF6F79AA66CAC0D7A8E4C0C
SHA-512:	D4F0F5D42F5B6EC4E56170C107B238803832B06CE687ED54F6AE3FE5B14FFE8B379E3F0651AC7E05BFC9A584194846472F2A42C9634BD75B456E36787C2E3FEF
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372251747514389","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":127849},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.965604377944479
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq2BsBdOg2HVOgcaq3QYiubcP7E4T3y:Y2sRdsydMHVOL3QYhbA7nby
MD5:	37C5772ACA15E083BAE27E3553C7297A
SHA1:	30048BEB0CB86347CE47602DAE9D222F64D3F0B3
SHA-256:	56A72F834139DB730D5A82B591FC279816789B117DF6F79AA66CAC0D7A8E4C0C
SHA-512:	D4F0F5D42F5B6EC4E56170C107B238803832B06CE687ED54F6AE3FE5B14FFE8B379E3F0651AC7E05BFC9A584194846472F2A42C9634BD75B456E36787C2E3FEF
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372251747514389","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":127849},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	5859
Entropy (8bit):	5.248888182315563
Encrypted:	false
SSDEEP:	96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7svte8:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzh2
MD5:	D1E9CE2CAE12CE529A5810908080B438
SHA1:	B88558DEB64D3BAC1BE649225C2BE6B24D473E59
SHA-256:	D6F8B2133858EEE137E385834D0E8A195A638D5DD804EFC6077D0393375981C2
SHA-512:	E0915153F1110C15DDC3A25616D52091EEFFA8763B6C4F5B7E34C503A211121A8BADDF6515092EECD1AC27A7D950DDF8C4067AD6EC7DECDDCF292954695C4CB0
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.202831109052336
Encrypted:	false
SSDEEP:	6:PIJEt+q2PN72nKuAl9OmbzNMxIFUt82IJl1JZmw+2IJDVkwON72nKuAl9OmbzNMT:PKEovVaHAa8jFUt82Kl/+2KJ5OaHAa8E
MD5:	99D2BCE2BB1D11C3D6DE4359AC096BE2
SHA1:	53AFD52957974F1D4899ECEEA5A5705CD2CC7BA4
SHA-256:	EE958EC55EE2B787A91D56489735760F970F1A1F11FB72C334E074F2F4779D4A
SHA-512:	ECC16FE98A152AE9F6DC58100EA4DD2C16C903A39F4C0F7EA9177D0135EE793333A7BFF23E44D0C919CEB4AACBF6BE4158311DE4E3FC11574D41C58B01341DB4
Malicious:	false
Reputation:	low
Preview:	2024/09/30-06:22:15.168 998 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/30-06:22:15.169 998 Recovering log #3.2024/09/30-06:22:15.170 998 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.202831109052336
Encrypted:	false
SSDEEP:	6:PIJEt+q2PN72nKuAl9OmbzNMxIFUt82IJl1JZmw+2IJDVkwON72nKuAl9OmbzNMT:PKEovVaHAa8jFUt82Kl/+2KJ5OaHAa8E
MD5:	99D2BCE2BB1D11C3D6DE4359AC096BE2
SHA1:	53AFD52957974F1D4899ECEEA5A5705CD2CC7BA4
SHA-256:	EE958EC55EE2B787A91D56489735760F970F1A1F11FB72C334E074F2F4779D4A
SHA-512:	ECC16FE98A152AE9F6DC58100EA4DD2C16C903A39F4C0F7EA9177D0135EE793333A7BFF23E44D0C919CEB4AACBF6BE4158311DE4E3FC11574D41C58B01341DB4
Malicious:	false
Reputation:	low
Preview:	2024/09/30-06:22:15.168 998 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/30-06:22:15.169 998 Recovering log #3.2024/09/30-06:22:15.170 998 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240930102219Z-181.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.1372992755163
Encrypted:	false
SSDEEP:	192:8IDykGVQtC3Y50DXuy0S8pTHe2de5LOw3b8x6zi2:8IDykxtCJ8pTHeie573bZv
MD5:	BCB2C22444DFCBE334321287EC4B2A51
SHA1:	FD6E55355FC7E8960E9CC2C6959CD8DCD01C5342
SHA-256:	0CDE474E7D9D478FC07309029453821E1086B85F94A7D62B6EE30EB7C3664B72
SHA-512:	21DAA8723BF8FD0FDB269484BBCAD867694BDB84445E36F43BC8748A58774339CEAA42D51C2F7B39BFB44EE08CBA7C99B3E6021AEDDC947F6055BBE2852149A9
Malicious:	false
Reputation:	low
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.444819831331888
Encrypted:	false
SSDEEP:	384:ye6ci5txiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mCs3OazzU89UTTgUL
MD5:	A1A4458BF22074CEB97A4CB438FF8753
SHA1:	943467F91819671A9316BD5FAE13D6E0EDE5F067
SHA-256:	5F27197702988C338F3008EBE0B423038FCD5648A6678743DBF9C59FE7697C02
SHA-512:	9A94BD8174EA16DC667AFB3F4B54BB31F65E5FDD04995334E2DD7352779FDFC5330E5DB71D4B111688ACFC9DF374F87144FA1887272C46533124F6C073F08C3A
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	modified
Size (bytes):	8720
Entropy (8bit):	3.766549860355196
Encrypted:	false
SSDEEP:	48:7MrJioyV+ioyQoy1C7oy16oy18KOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Om:70Ju+M3XjBi8b9IVXEBodRBkY
MD5:	AB9DE273B5D9A61789B9C03903569FCB
SHA1:	C1A1F3484E4DB6A550261AAB1EEF03A2DEDFFF74
SHA-256:	98EE5916EC33CF98CFE8C4423C003B7CA926B56B9D7163153D6C9178511B9961
SHA-512:	9EE622E662E35F44A7058DC9475F344C669CDCCA4D084530CAE1DB55394451F4AC82ABEFA30C1C7F7768A90C4853E902B1F6D20C72F476BEA700ED3206C076A9
Malicious:	false
Reputation:	low
Preview:	.... .c.....J.sz...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	low
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7529698674325394
Encrypted:	false
SSDEEP:	3:kkFklZ4XaVXfllXlE/HT8k66zvNNX8RolJuRdxLlGB9lQRYwpDdt:kKdXnT8WpNMa8RdWBwRd
MD5:	04DCF6EEEEB449F3BB344C2F91425D90
SHA1:	D2B8E25A1B5C0EE1AEA18E18845C88B1ECAAA568
SHA-256:	5BA14054EA08AF4F68C58F9FBA737357DBF81D1E0C035F63A72F42C2F78145A8
SHA-512:	450BFDA41B37F37A10405FFA1D558D3A856A0A27070BF6568E91F01EF5B33144A42E64891022D423742F033ADA6FDD9E280969259F235EC0A28D0CD5F6626B7D
Malicious:	false
Reputation:	low
Preview:	p...... .........N."...(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5784

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	low
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
MD5:	265E3E1166312A864FB63291EA661C6A
SHA1:	80DFF3187FF929596EB22E1DB9021BAD6F97178C
SHA-256:	C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
SHA-512:	48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
Malicious:	false
Reputation:	low
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.330761914069514
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpFHnvnZiQ0Y0FFYoAvJM3g98kUwPeUkwRe9:YvXKXpFHvcTGMbLUkee9
MD5:	68D1BE55617393195854B36C7156F8FB
SHA1:	89517C7EFA0E5AC042C83F8313E3D23AB2DA8F71
SHA-256:	B764A748A7EB089803C84CBD136CAEB4E5F4E161DC182DF764F1908ED99605CC
SHA-512:	C0A5D51CD2657A0A7BEA77A1627EC21B1D309CE60622027B001A06293137E88287FCFDA9FC5E46715453DDBA287DC3F106F5E920227711F908815F511524F075
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2827334769482155
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpFHnvnZiQ0Y0FFYoAvJfBoTfXpnrPeUkwRe9:YvXKXpFHvcTGWTfXcUkee9
MD5:	5C79DF8E4CFB1669A30D7F3BAB8CFF10
SHA1:	818986F8DEB58127CA9264F25527A16C23598231
SHA-256:	1DE75C1A1D45EEEE5EF2072740B07B6BE7419DF1393D7BC3BAF02FE42D8B1014
SHA-512:	4FC2C11BC964C754739E75B42EA18D66D63AFC1F700ED07A1B07C4123A2603A5920CCD4823DA8635586C456F27EDA4AEDAF750855A51C53AC7E9FBEFBA761BE6
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.261728512343291
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpFHnvnZiQ0Y0FFYoAvJfBD2G6UpnrPeUkwRe9:YvXKXpFHvcTGR22cUkee9
MD5:	877E357080C3A690A7000C69F2A4C99A
SHA1:	0EFB40785B80803332D697ACB0BDE159DB157147
SHA-256:	205FB7B88A81814E7F7FD06EEF746D6DCA0B523B03FC6DBFB5FAD92CCFC4759F
SHA-512:	1605904FEB841C7F7152AF6FAB3BF7E22D6B2156D7CDC465EB1C85EADD385E70E8CE627D3B72B76AC61D5EBCA1E16D7F49C9FA17F03C2C9606B451E482FAB17F
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.309640578426515
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpFHnvnZiQ0Y0FFYoAvJfPmwrPeUkwRe9:YvXKXpFHvcTGH56Ukee9
MD5:	CC11907A2DB7957D0CBBCF1F4D2C3AB8
SHA1:	58FEE97385A36BDAD201624FFADEFEF883798060
SHA-256:	31748F3F24B00DCC6A96C0592EA35D6909EC44240368806ED602F3C49B95457A
SHA-512:	B91E9873884503194E636B7C1F2F7725C971C6E96EE75D047684C01DD857223CFE01F40C0BFBE525BC031455BEE1D201352F90D4152FD1C73591E981DCB8C1FD
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	5.6618250630895925
Encrypted:	false
SSDEEP:	24:Yv6XpF0IpLgEFqciGennl0RCmK8czOCY4w2Z:YvWzhgLtaAh8cvYv2
MD5:	EE6DEB455473DD8B8F84FBB0D9467E3C
SHA1:	80CC51ED27E7864AAA570716BD28A6DA5E2EFB43
SHA-256:	4383DE9D986677B9BCD9A5A6D02720982D9F256865D7026082A5B0E02F2AF648
SHA-512:	7C215AC86EC4C9D87427CCE8B7013066386F5232EE67FEA0164D72C505D829A9587F55046F3CAD344249E9E67C2F8E9860873D577D3D47AE9A91CED64488B9C0
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.6481574376163195
Encrypted:	false
SSDEEP:	24:Yv6XpF0aVLgEF0c7sbnl0RCmK8czOCYHflEpwiVZ:YvWvFg6sGAh8cvYHWpwk
MD5:	CA4843734269EBD615EA5C22B903B4AB
SHA1:	F20857390011794A13DBD6A4C2D07466CE2E11A8
SHA-256:	46A36D4A3A46E9644493FF92EAC388899CFD803888CFB56BB5C3D05C466721E6
SHA-512:	F69A4D24E12FD2E70EF2FDE422C081C63ECF38AC91AF7F01E11D569E1251241F92C565F1FB8888A4DBE72DDBB1380D3418899C40AF10C0911FD0B593EECD47AB
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.261537557164223
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpFHnvnZiQ0Y0FFYoAvJfQ1rPeUkwRe9:YvXKXpFHvcTGY16Ukee9
MD5:	ED6324E53D26062A0C1B84B184C5A619
SHA1:	A7FB3E2CC4F55F2353C66FD1B4B9C88131ED7BC4
SHA-256:	3189E5F7D7D7E550CDEB7D74427163D891580EB8E00428344E0BA2DA91892B3C
SHA-512:	6EF3C56FF165230AABACCA3229647EA876299349AC2F384E92D89C3BA328F3F9A6220A6A2C53E713D36AAFC609E5DA6181CBD0A8807AD0CA3840E1DFDDC00881
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.641056195989887
Encrypted:	false
SSDEEP:	24:Yv6XpF0H2LgEF7cciAXs0nl0RCmK8czOCAPtciBZ:YvW+ogc8hAh8cvAX
MD5:	A09C4401BC3B0AF7D0A55F36BDCABD5C
SHA1:	6D4B50A432DC902B1C6FD2A8B79E9FED388ECBED
SHA-256:	2BDD68BA4AC6A7591103DA547D5C4C542E5086702A46BA78790CFF8105BCC6FA
SHA-512:	9FF42F07ACC4040BFCB8727EF64B11505471053D92AF9229B0878D5D559CA63D13728EF2ECC57586C7772EDACF233C74B2A226503ACD56098DE2E56CB8D6DE36
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.694060561251338
Encrypted:	false
SSDEEP:	24:Yv6XpF0rKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5Z:YvWyEgqprtrS5OZjSlwTmAfSKr
MD5:	3AEE0075093576A7F76FDAE749F948A8
SHA1:	F6B7148E9C6700B5489F490A4A4742D8DE54A0FE
SHA-256:	5928AB83BE93A12BB9393AA4F7DD09955665B936742EF4383FB63439BFCADB90
SHA-512:	E76209849DD275079135F22BB1F916C1EB45F01ED20ACB3A76BE3A5802FBB21B1BA840011A0368059BBD3C195E491B929A5F6E874DF3F3FBAB9665E3BA9E4132
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.264346746122827
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpFHnvnZiQ0Y0FFYoAvJfYdPeUkwRe9:YvXKXpFHvcTGg8Ukee9
MD5:	AE23CA359FBAE7854D8AD8EAC20798AE
SHA1:	78150092ED2413670B0081CA50F9AAEC1F8F4E35
SHA-256:	DC90F074564C38696285E737E773EE9CA0AE020EDFC0572F171E437DFE1F45E1
SHA-512:	2C87340D58C80F6B5CB5E25F0B265378DF66CC45EABA8FF2C0E07587DDF4F120A6634BDBD621AC01E567A325EF51F6DB3897D481A6856CD4A423FED0472B2753
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.768634445145762
Encrypted:	false
SSDEEP:	24:Yv6XpF0WrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNR:YvWxHgDv3W2aYQfgB5OUupHrQ9FJr
MD5:	F462A9A9A69520493E31E2C1DE8E08E4
SHA1:	416391360FEC275E17CA2C887D7BF13AB1F8AAD6
SHA-256:	F8152034269098BACBC538ACECDA7D674DADE996BED01B165DC02902A5FC321F
SHA-512:	A18F291A4662C37441D753F1FE7B17B3EF7ACC04523B20941E6DF5DCDBFC0482EC9146C492EF1122AE3AE669EFBDCF5ED00DCBC0E6D70C8679D0908FDDD4F2FA
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.248138883342238
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpFHnvnZiQ0Y0FFYoAvJfbPtdPeUkwRe9:YvXKXpFHvcTGDV8Ukee9
MD5:	9CC976A0783B80773C5BB5ADF9CC69BA
SHA1:	B2DACBD2C642462AEE6094B215E52F6E3AD14A40
SHA-256:	6059F8E344DB7289E80DAE60E47E189F0561E2853AA6E141D88D6E7514DAD593
SHA-512:	A5E969C167C6F6A65256EAA0FF632D83C8797176095628B2F1D209287EB3798C9D50C35A471009EE6C53B42FC946E525CFDB4E2E36519F1B04E40A15B9098FC4
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.252118122896318
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpFHnvnZiQ0Y0FFYoAvJf21rPeUkwRe9:YvXKXpFHvcTG+16Ukee9
MD5:	C10854879A98386044A5431D2FC25B70
SHA1:	BFDE7ED577B628EB845BA7C01CE9CF6D9C7401E4
SHA-256:	DABB8AFAA0AD2AB498B94E132B7E76DCFD6BFA6B20AD6CAFD215ED2362150AB9
SHA-512:	3712ADD408086DBBEA2F30D509EA85CC3562398C77E18B29DA2B0FACF2943B0014926A3D9593E606D96B2975ECAC4946EDF5FB728498E01B86AA16856A14F082
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1058
Entropy (8bit):	5.650342298473888
Encrypted:	false
SSDEEP:	24:Yv6XpF08amXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BZ:YvWzBguOAh8cv+NKe
MD5:	E00C22D1A399191E9FFD619231184162
SHA1:	4240559D307276A2B0F341464BDFE18ED3D4C3AF
SHA-256:	CB89186FA19C89027E578273FD156024C64B034FCFC12F7E6CCDD57D4B4BED3B
SHA-512:	D38F1F3CB5195458A15E66033AEAEE69C890316E96D6B9641A1628222A26E0093C0B241A65F4E0F564FD2DFE89F9FF6D953FA2690D15AE4A15053D9C89699728
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.227812657232912
Encrypted:	false
SSDEEP:	6:YEQXJ2HXpFHnvnZiQ0Y0FFYoAvJfshHHrPeUkwRe9:YvXKXpFHvcTGUUUkee9
MD5:	F3540CBCCC5646D3D4E045FE2CB9974E
SHA1:	3A8703AFBA7CF47A5BE0200CF0CE495B11E2F3E7
SHA-256:	105B77025A66A17F9417B770DBE634CEA95B08EA4815E3EF69DF8F13D2427C06
SHA-512:	31094CC8EACF549B3D701DA43BA08556A4CFF929CBEBB3BDDD60FA7DC8ACEB4D0769B9D8AFA73F89CA037142690B52DEA37F9E07FC79D579C539EFD9F66073E0
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.345620044979313
Encrypted:	false
SSDEEP:	12:YvXKXpFHvcTGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWN:Yv6XpF0j168CgEXX5kcIfANhk
MD5:	B3235350BA14107DBBD6A76F5FB3A7D6
SHA1:	55ABC02791B3FAB4A182E3EB244FCD7315DC3AA7
SHA-256:	9295B3BBD271B5441CC1A22695E76BD3B7224D76FF3708136E02B235B0E08E8C
SHA-512:	6170464AB36BC287E3C05EAB526C9B0C81EA5AA2E1F893497C7B37BC2DE89E13B101348AC5F09F7C9751615631F29582E6C206C44D7EF89AC92E88BC0A2F9EE8
Malicious:	false
Reputation:	low
Preview:	{"analyticsData":{"responseGUID":"12dec199-a802-4fa6-9005-7a0a2ae96d2a","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727869191953,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727691741984}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	low
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.121743041754868
Encrypted:	false
SSDEEP:	24:YDcuq1a1sJayDA+sBgCpmo+0kc+2H4ejboj0SeyCC2l2LSIO5DGN51J9HVzuFOG:YDJXgQuyml0kGHfWvVkaOVGNp91m
MD5:	E9306D2DBFE2266C75983D177E56AB39
SHA1:	8DFABAA0D614907E4946860AE7908CB371649737
SHA-256:	4BD0511C01BDFFB53E20A0F7B88C3B0D515A722BE86ED213CC3B96FD546C12EC
SHA-512:	14FA2F3CA2AA2C811FB5CFA088F0083D9C8E267969826583D45CC2705DA742E64F921ED4B679F866A632E6261DBC596AD65768E840330CE43F821C773CF9E42B
Malicious:	false
Reputation:	low
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"9bb7e75aed6df98b1dbe59e4de4b6b91","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727691741000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"2d05d9b11cd476d74ddacd0de49e3e6e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727691741000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"0f8ba1f27f816c91b06bef2baa36b954","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1727691741000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"7b40c5dd832b1d94ce7819fe08a1070c","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1727691741000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"bac19281f1bb3b60cafb100ef971331b","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1727691741000},{"id":"Edit_InApp_Aug2020","info":{"dg":"0fed8757069925b34bf4c6fb62d2d1e7","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1462596129453053
Encrypted:	false
SSDEEP:	24:TLhx/XYKQvGJF7urs8RZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHX:TFl2GL7msOXc+XcGNFlRYIX2v3kX
MD5:	9050E0B1EA193202CE67BD7905E809A9
SHA1:	532F89F2730BEE974C8CD87B94A1B6867A35E32E
SHA-256:	DB5AD3EBB167B0245BF721BE69F5BF5200DD50409ED3D940DCE24BA995BCF2F5
SHA-512:	427CD32DC6EC834DCBB53299A3099218D3F12234467B30E1322D0649F92FD43BA90475216E07E0C22018912F0E1E1BB0B64D9CEE0E734FF651549D999556636C
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.5527266027175226
Encrypted:	false
SSDEEP:	24:7+tJJUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxDnqLxx/XYg:7MMXc+XcGNFlRYIX2vGqVl2GL7msl
MD5:	56DA3FFB02237A897A302F2FE2AC279A
SHA1:	1DC3128D0C4FE25CAEB14017F13B20DD9FE34CFE
SHA-256:	7FDA99EBF853C81C573D429D8FD9CA951A733DE6BC11875C6E1E800CB4D7FE03
SHA-512:	6C4337A6158BD8AFF7B9846367A23F7FA0A072FEEA0D15F049A3A1088EEBAB3808512D7F3F28E9FB3D378DBA1D4E7C6B5FB3C816A5FD9DBBDBE62F3F8AF572B4
Malicious:	false
Reputation:	low
Preview:	.... .c........]..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIcfd9a.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5197430193686525
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K879CH:Qw946cPbiOxDlbYnuRKI+
MD5:	9D376B8D874B0576DA89E5FB059731FC
SHA1:	5D687B27E144D24221D078042403262B4FC2B2CA
SHA-256:	D39DE47DDB5DA247353762AE8B3999C6F601BD7CBBDF1263A72F0858A09E7FA9
SHA-512:	B20BAC8ED442AA171D1B8C7521A6803BA089955D8A7EA117313D93E0C0B6B361F5898CEB4613FEE899ED8C47847F1EC6A336435DDAD117087A9B52DB5F0E5009
Malicious:	false
Reputation:	low
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.0./.0.9./.2.0.2.4. . .0.6.:.2.2.:.2.3. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-30 06-22-17-402.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.338264912747007
Encrypted:	false
SSDEEP:	384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
MD5:	128A51060103D95314048C2F32A15C66
SHA1:	EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
SHA-256:	601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
SHA-512:	55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
Malicious:	false
Reputation:	low
Preview:	SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.360251357389485
Encrypted:	false
SSDEEP:	384:W0om7LSIEeurcFNg+Mh+1DK7r4zgIgUHORHVzX1+ofBnjRs53SwB3e3SbQybsTD8:/8X2
MD5:	D437AEBE2186B7FC1DF2AC626A76C6E2
SHA1:	8DE46AC7AF92098E7F24AB528274A4EC969D8D00
SHA-256:	F310E7F6E51D91443B7F4D679A9ADC0E8809DCBB63726D54CF2ACB2F3BD90377
SHA-512:	C84DEE10B9A025B1154BFE14A633C414B43F0FD2345341504E50CCFF70DA120BDF999351F8C8830DE4C2C5B9F7A98B5EF596B1710C73C117F1E352EDA80FB49A
Malicious:	false
Reputation:	low
Preview:	SessionID=dc7ee819-fe2b-47f0-a958-8f65868284b5.1727691737470 Timestamp=2024-09-30T06:22:17:470-0400 ThreadID=1776 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=dc7ee819-fe2b-47f0-a958-8f65868284b5.1727691737470 Timestamp=2024-09-30T06:22:17:513-0400 ThreadID=1776 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=dc7ee819-fe2b-47f0-a958-8f65868284b5.1727691737470 Timestamp=2024-09-30T06:22:17:513-0400 ThreadID=1776 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=dc7ee819-fe2b-47f0-a958-8f65868284b5.1727691737470 Timestamp=2024-09-30T06:22:17:514-0400 ThreadID=1776 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=dc7ee819-fe2b-47f0-a958-8f65868284b5.1727691737470 Timestamp=2024-09-30T06:22:17:514-0400 ThreadID=1776 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.404381702940814
Encrypted:	false
SSDEEP:	192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbjcbj2IzgecQQAtBcb2u3:V3fOCIdJDeSfzgecQQAtbu3
MD5:	F9DBCEA26EAEB3853D7F1DB73C0F5CDC
SHA1:	9EF9502FEA03D0077D60A65A677D74C94A3C8F6B
SHA-256:	EC183CD1543166BBF70000D1A412A908E88746244043CDB5807A132B01D6948D
SHA-512:	A8583B57F43D8A21D2CEE33EE2C588D4E4409FD4634159568E1B5739C06B4A25376F46831CDF8D8490F79BDA40F9F054B591B80BF69D8B65BD175FB5727F5D85
Malicious:	false
Reputation:	low
Preview:	05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\1016386a-f537-4110-ac3e-a59b20c8e28b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	low
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\523609cf-db59-43b6-be83-092243cfeab0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	low
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\773f74ad-1fd7-43ab-b677-ee37368a9b79.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Reputation:	low
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\7e8fe4d0-29da-4aa4-ab09-9e79b164ec65.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/VSOWL07oXGZIeYIGNP5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:tPWLxXGZIeZGT3mlind9i4ufFXpAXkru
MD5:	D3B63DF0CA325EC5A0D82AD75691E700
SHA1:	0F9282C8B97AD6DE395F8BFB4E2021EFE835667B
SHA-256:	77764E073F3330DBF86C7DF9482B6B4679CB5880A39267ECB49BC61A8186C1BC
SHA-512:	29942C112280254B1B75FDFB6F7D6582EBA9782509E202E5C4D8DB2A23276CE9BFD5410085BE3DCF53B27D55B07EAEF01F400E5E71113FF57644F7120E93284E
Malicious:	false
Reputation:	low
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\Downloads\9e4e928f-7e7b-48f1-9fec-29dfbc815596.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7
Category:	dropped
Size (bytes):	13179
Entropy (8bit):	7.864600293038402
Encrypted:	false
SSDEEP:	384:8UpAB1Vg7unfdN1CK4rKPZozL9b1L6D7d2AGLFY1d:8ew1VnnfdNXu9VCx2AGOd
MD5:	2D42D881D8957F6992217CCCE0CFBF6F
SHA1:	BCAE6D63B9B6C404B01B54C08CE66EFA7599DF7E
SHA-256:	5BF7CB195B86F758D24CFF9FD9110D360C5825759EC436367A2B11D9D17DB722
SHA-512:	9F8FED552708E370B237343E35E26E248B7AC40EADEC5E7FCE27687B561F8F99E1000D2B86C14965A2D263A89C525E20BC3925425066CFA95F9AE82C8E7A0072
Malicious:	false
Reputation:	low
Preview:	%PDF-1.7.%.....3 0 obj.<</Author () /Comments () /Company () /CreationDate (D:20240930085752+02'00') /Creator (WPS Writer) /Keywords () /ModDate (D:20240930085752+02'00') /Producer () /SourceModified (D:20240930085752+02'00') /Subject () /Title () /Trapped /False>>.endobj.8 0 obj.<</BitsPerComponent 8 /ColorSpace /DeviceRGB /Filter /DCTDecode /Height 115 /Length 6573 /Subtype /Image /Type /XObject /Width 388>>..stream........JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......s...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................

C:\Users\user\Downloads\bf179198-5b8e-4e08-88b0-4ebfc0e42070.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	dropped
Size (bytes):	41410
Entropy (8bit):	7.9503127859429945
Encrypted:	false
SSDEEP:	768:8ew1VnnfdNXu9VCx2AGOETk5dgNSoimDFjAlr1MMY2iIaO8:vw1Vnnu98faqojDFjAlzwI18
MD5:	8929D24BCD3FA597E0C8E24FDB811177
SHA1:	934FE41AED2E90807C5388425C1A2F861E4F891B
SHA-256:	401DAA90B11E702E86C3E7B6D4ED6F1C7D468A3BA3D2658E12011BE06ACE7C39
SHA-512:	83015E04757C31A692520E54B794845D9BAB465FF3CC6F875A382FD14B15F06A90ADF0E9FACFEA0E423C86E5487E6AD68B82CEF136F91D30ECD8F7D026C8A335
Malicious:	false
Reputation:	low
Preview:	%PDF-1.7.%.....3 0 obj.<</Author () /Comments () /Company () /CreationDate (D:20240930085752+02'00') /Creator (WPS Writer) /Keywords () /ModDate (D:20240930085752+02'00') /Producer () /SourceModified (D:20240930085752+02'00') /Subject () /Title () /Trapped /False>>.endobj.8 0 obj.<</BitsPerComponent 8 /ColorSpace /DeviceRGB /Filter /DCTDecode /Height 115 /Length 6573 /Subtype /Image /Type /XObject /Width 388>>..stream........JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......s...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................

C:\Users\user\Downloads\downloaded.pdf (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	dropped
Size (bytes):	41410
Entropy (8bit):	7.9503127859429945
Encrypted:	false
SSDEEP:	768:8ew1VnnfdNXu9VCx2AGOETk5dgNSoimDFjAlr1MMY2iIaO8:vw1Vnnu98faqojDFjAlzwI18
MD5:	8929D24BCD3FA597E0C8E24FDB811177
SHA1:	934FE41AED2E90807C5388425C1A2F861E4F891B
SHA-256:	401DAA90B11E702E86C3E7B6D4ED6F1C7D468A3BA3D2658E12011BE06ACE7C39
SHA-512:	83015E04757C31A692520E54B794845D9BAB465FF3CC6F875A382FD14B15F06A90ADF0E9FACFEA0E423C86E5487E6AD68B82CEF136F91D30ECD8F7D026C8A335
Malicious:	false
Reputation:	low
Preview:	%PDF-1.7.%.....3 0 obj.<</Author () /Comments () /Company () /CreationDate (D:20240930085752+02'00') /Creator (WPS Writer) /Keywords () /ModDate (D:20240930085752+02'00') /Producer () /SourceModified (D:20240930085752+02'00') /Subject () /Title () /Trapped /False>>.endobj.8 0 obj.<</BitsPerComponent 8 /ColorSpace /DeviceRGB /Filter /DCTDecode /Height 115 /Length 6573 /Subtype /Image /Type /XObject /Width 388>>..stream........JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......s...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................

C:\Users\user\Downloads\downloaded.pdf.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	dropped
Size (bytes):	41410
Entropy (8bit):	7.9503127859429945
Encrypted:	false
SSDEEP:	768:8ew1VnnfdNXu9VCx2AGOETk5dgNSoimDFjAlr1MMY2iIaO8:vw1Vnnu98faqojDFjAlzwI18
MD5:	8929D24BCD3FA597E0C8E24FDB811177
SHA1:	934FE41AED2E90807C5388425C1A2F861E4F891B
SHA-256:	401DAA90B11E702E86C3E7B6D4ED6F1C7D468A3BA3D2658E12011BE06ACE7C39
SHA-512:	83015E04757C31A692520E54B794845D9BAB465FF3CC6F875A382FD14B15F06A90ADF0E9FACFEA0E423C86E5487E6AD68B82CEF136F91D30ECD8F7D026C8A335
Malicious:	false
Reputation:	low
Preview:	%PDF-1.7.%.....3 0 obj.<</Author () /Comments () /Company () /CreationDate (D:20240930085752+02'00') /Creator (WPS Writer) /Keywords () /ModDate (D:20240930085752+02'00') /Producer () /SourceModified (D:20240930085752+02'00') /Subject () /Title () /Trapped /False>>.endobj.8 0 obj.<</BitsPerComponent 8 /ColorSpace /DeviceRGB /Filter /DCTDecode /Height 115 /Length 6573 /Subtype /Image /Type /XObject /Width 388>>..stream........JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......s...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................

Chrome Cache Entry: 319

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text
Category:	downloaded
Size (bytes):	243
Entropy (8bit):	5.465674771226253
Encrypted:	false
SSDEEP:	6:TMVBd/ZbZjZvKtWRVzj8pjloxK1Y79fa/an:TMHd9BZKtWRiBD1Ua/a
MD5:	7F5D921F8B5D600106E389DE9BF443A6
SHA1:	DD95A87435C8D350AAFF5F14EAC6D420DF77FADC
SHA-256:	E597453E07C41D49D21A0ACF86D94EA57E1BCFCF4304E9CEC01D1ECAE8EBF194
SHA-512:	9C4D72BBE963F94AEFC6EC5E501B62157A8FEEB26B0B88FE5B49132DCE40DDD1ECEBFE513E596E28C097BC08267D49A67C6E0C900461548EF37F35D1B6BFE2A2
Malicious:	false
Reputation:	low
URL:	https://content.app-us1.com/favicon.ico
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>Y0563YY3FKYWAFQM</RequestId><HostId>3+deH9mcpzogreCuRqTF/oKGdYPj7egljDsl/VHmxDafEdjoXO/GxMgI3xLiNWRNI5dmBNLuta8=</HostId></Error>

Chrome Cache Entry: 320

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	downloaded
Size (bytes):	41410
Entropy (8bit):	7.9503127859429945
Encrypted:	false
SSDEEP:	768:8ew1VnnfdNXu9VCx2AGOETk5dgNSoimDFjAlr1MMY2iIaO8:vw1Vnnu98faqojDFjAlzwI18
MD5:	8929D24BCD3FA597E0C8E24FDB811177
SHA1:	934FE41AED2E90807C5388425C1A2F861E4F891B
SHA-256:	401DAA90B11E702E86C3E7B6D4ED6F1C7D468A3BA3D2658E12011BE06ACE7C39
SHA-512:	83015E04757C31A692520E54B794845D9BAB465FF3CC6F875A382FD14B15F06A90ADF0E9FACFEA0E423C86E5487E6AD68B82CEF136F91D30ECD8F7D026C8A335
Malicious:	false
Reputation:	low
URL:	https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf
Preview:	%PDF-1.7.%.....3 0 obj.<</Author () /Comments () /Company () /CreationDate (D:20240930085752+02'00') /Creator (WPS Writer) /Keywords () /ModDate (D:20240930085752+02'00') /Producer () /SourceModified (D:20240930085752+02'00') /Subject () /Title () /Trapped /False>>.endobj.8 0 obj.<</BitsPerComponent 8 /ColorSpace /DeviceRGB /Filter /DCTDecode /Height 115 /Length 6573 /Subtype /Image /Type /XObject /Width 388>>..stream........JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......s...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................

Chrome Cache Entry: 321

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	553
Entropy (8bit):	4.662821081936326
Encrypted:	false
SSDEEP:	12:TvgsoCVIogs01lI55aNGlTF5TF5TF5TF5TF5TFK:cEQtnstTPTPTPTPTPTc
MD5:	0127426BF3BA07FF7211399DDF5186C4
SHA1:	221D89F3261F545AC58848EBA300E0134C76FF9A
SHA-256:	982B986BB578E137F062099427A8CAEC3C501C84A9E4B22369EBD2BADEC42FE7
SHA-512:	6CEA4AB7D43A518A316120BF7AE340583E989A21FC3E142DDD71742D53A7AE6CFA276F232ACD6B6794444B28AA9A666C40171EE44341A7B9A3CA8453B61A371A
Malicious:	false
Reputation:	low
URL:	https://ebvq.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/
Preview:	<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..<hr><center>cloudflare</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 322

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	553
Entropy (8bit):	4.662821081936326
Encrypted:	false
SSDEEP:	12:TvgsoCVIogs01lI55aNGlTF5TF5TF5TF5TF5TFK:cEQtnstTPTPTPTPTPTc
MD5:	0127426BF3BA07FF7211399DDF5186C4
SHA1:	221D89F3261F545AC58848EBA300E0134C76FF9A
SHA-256:	982B986BB578E137F062099427A8CAEC3C501C84A9E4B22369EBD2BADEC42FE7
SHA-512:	6CEA4AB7D43A518A316120BF7AE340583E989A21FC3E142DDD71742D53A7AE6CFA276F232ACD6B6794444B28AA9A666C40171EE44341A7B9A3CA8453B61A371A
Malicious:	false
Reputation:	low
URL:	https://ebvq.prenticeu.com/favicon.ico
Preview:	<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..<hr><center>cloudflare</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Static File Info

⊘No static file info

File Icon


Icon Hash:	00b29a8e86828200

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 30, 2024 12:20:45.700437069 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 30, 2024 12:20:50.262768984 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 30, 2024 12:20:50.262768984 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 30, 2024 12:20:50.512772083 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 30, 2024 12:20:54.743246078 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:54.743285894 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:54.743366957 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:54.744512081 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:54.744529963 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:55.553752899 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:55.553828001 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:55.559017897 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:55.559027910 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:55.559257984 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:55.561419010 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:55.561522961 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:55.561528921 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:55.561703920 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:55.607407093 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:55.742821932 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:55.743007898 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:55.743174076 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:55.743323088 CEST	49709	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:55.743344069 CEST	443	49709	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:56.911160946 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:56.911185980 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:56.911251068 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:56.911839008 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:56.911849976 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:57.001672983 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.001705885 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.001794100 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.002033949 CEST	49717	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.002059937 CEST	443	49717	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.002237082 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.002255917 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.002269030 CEST	49717	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.002480030 CEST	49717	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.002490044 CEST	443	49717	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.461303949 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.465382099 CEST	443	49717	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.472588062 CEST	49717	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.472636938 CEST	443	49717	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.472686052 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.472713947 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.473710060 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.473779917 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.474301100 CEST	443	49717	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.474363089 CEST	49717	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.475472927 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.475541115 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.478581905 CEST	49717	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.478683949 CEST	443	49717	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.478955030 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.478966951 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.526536942 CEST	49717	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.526583910 CEST	443	49717	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.575766087 CEST	49717	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.607203007 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.607271910 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.607300997 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.607340097 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.607345104 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.607358932 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.607409954 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.607435942 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.607467890 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.607505083 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.607505083 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.607505083 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.607520103 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.607635975 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.608119011 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.693738937 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.693774939 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.693891048 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.693985939 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.694009066 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.694009066 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.694017887 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.694029093 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.694071054 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.694080114 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.694128036 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.694133997 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.694946051 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.694981098 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.694998980 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.695004940 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.695050001 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.695053101 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.695061922 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.695101976 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.695709944 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.695832968 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.695867062 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.695878029 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.695883989 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.695925951 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.695931911 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.696743965 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.696777105 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.696787119 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.696793079 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.696830034 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.696842909 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.696855068 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.696888924 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.698947906 CEST	49716	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.698962927 CEST	443	49716	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:57.787653923 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:57.787919998 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:57.811652899 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:57.811669111 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:57.811901093 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:57.829760075 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:57.829760075 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:57.829778910 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:57.829854965 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:57.871407032 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:57.890520096 CEST	49717	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:57.935400009 CEST	443	49717	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:58.004933119 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:58.005045891 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:58.005155087 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:58.022048950 CEST	49715	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:20:58.022063017 CEST	443	49715	40.113.110.67	192.168.2.6
Sep 30, 2024 12:20:58.028312922 CEST	443	49717	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:58.028403044 CEST	443	49717	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:58.028474092 CEST	49717	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:58.412014961 CEST	49717	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:58.412054062 CEST	443	49717	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:58.567455053 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:58.567554951 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:58.567637920 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:58.568557978 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:58.568595886 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.021769047 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.073261976 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.371061087 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.371079922 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.371573925 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.418262005 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.523538113 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.523674965 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.526747942 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.571394920 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.584105968 CEST	49721	443	192.168.2.6	142.250.185.100
Sep 30, 2024 12:20:59.584134102 CEST	443	49721	142.250.185.100	192.168.2.6
Sep 30, 2024 12:20:59.584275961 CEST	49721	443	192.168.2.6	142.250.185.100
Sep 30, 2024 12:20:59.601926088 CEST	49721	443	192.168.2.6	142.250.185.100
Sep 30, 2024 12:20:59.601941109 CEST	443	49721	142.250.185.100	192.168.2.6
Sep 30, 2024 12:20:59.631793022 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.631840944 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.631875992 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.631882906 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.631901979 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.631947994 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.631987095 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.631993055 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.632004976 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.632035971 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.632467031 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.632503986 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.632528067 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.632536888 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.632590055 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.632596970 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.683888912 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.683908939 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.718461990 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.718497038 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.718523026 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.718540907 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.718761921 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.718774080 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.719120026 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.719156981 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.719171047 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.719187021 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.719285965 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.719294071 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.719690084 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.719733000 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.719769955 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.719777107 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.719785929 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.719827890 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.719835997 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.719875097 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.719877005 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.719887972 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.719929934 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.720606089 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.720726013 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.720758915 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.720767021 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.720774889 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.720845938 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.720848083 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.720916986 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.755534887 CEST	49720	443	192.168.2.6	104.17.31.174
Sep 30, 2024 12:20:59.755553961 CEST	443	49720	104.17.31.174	192.168.2.6
Sep 30, 2024 12:20:59.871454000 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 30, 2024 12:20:59.934000969 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 30, 2024 12:21:00.121393919 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 30, 2024 12:21:00.233268976 CEST	443	49721	142.250.185.100	192.168.2.6
Sep 30, 2024 12:21:00.285986900 CEST	49721	443	192.168.2.6	142.250.185.100
Sep 30, 2024 12:21:00.285995960 CEST	443	49721	142.250.185.100	192.168.2.6
Sep 30, 2024 12:21:00.286981106 CEST	443	49721	142.250.185.100	192.168.2.6
Sep 30, 2024 12:21:00.286993980 CEST	443	49721	142.250.185.100	192.168.2.6
Sep 30, 2024 12:21:00.287086964 CEST	49721	443	192.168.2.6	142.250.185.100
Sep 30, 2024 12:21:00.300885916 CEST	49721	443	192.168.2.6	142.250.185.100
Sep 30, 2024 12:21:00.300967932 CEST	443	49721	142.250.185.100	192.168.2.6
Sep 30, 2024 12:21:00.346981049 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:00.347028971 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:00.347103119 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:00.350675106 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:00.350691080 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:00.432601929 CEST	49721	443	192.168.2.6	142.250.185.100
Sep 30, 2024 12:21:00.432610989 CEST	443	49721	142.250.185.100	192.168.2.6
Sep 30, 2024 12:21:00.620246887 CEST	49721	443	192.168.2.6	142.250.185.100
Sep 30, 2024 12:21:00.985841990 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:00.985944033 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:00.994199038 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:00.994223118 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:00.994528055 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:01.203397989 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:01.205044031 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:01.254642010 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:01.299428940 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:01.440422058 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:01.440514088 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:01.440651894 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:01.441273928 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:01.441274881 CEST	49723	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:01.441310883 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:01.441328049 CEST	443	49723	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:01.785772085 CEST	443	49707	173.222.162.64	192.168.2.6
Sep 30, 2024 12:21:01.789186001 CEST	49707	443	192.168.2.6	173.222.162.64
Sep 30, 2024 12:21:02.110435009 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:02.110470057 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:02.110913038 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:02.111196041 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:02.111207962 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:02.746944904 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:02.747016907 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:02.879031897 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:02.879045963 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:02.879376888 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:02.882975101 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:02.923408985 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:03.067718983 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:03.067790985 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:03.067843914 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:03.125020981 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:03.125027895 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:03.125046015 CEST	49724	443	192.168.2.6	184.28.90.27
Sep 30, 2024 12:21:03.125051022 CEST	443	49724	184.28.90.27	192.168.2.6
Sep 30, 2024 12:21:08.344089031 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:08.344121933 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:08.344204903 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:08.355334997 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:08.355344057 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.121493101 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.121588945 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:09.124406099 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:09.124442101 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.124783039 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.169945002 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:09.231549025 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:09.279401064 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.483122110 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.483149052 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.483156919 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.483165979 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.483195066 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.483247042 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:09.483258963 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.483294964 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:09.483314991 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:09.483675957 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.483732939 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:09.483737946 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.483750105 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:09.483800888 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:09.509092093 CEST	49728	443	192.168.2.6	4.245.163.56
Sep 30, 2024 12:21:09.509115934 CEST	443	49728	4.245.163.56	192.168.2.6
Sep 30, 2024 12:21:10.161761045 CEST	443	49721	142.250.185.100	192.168.2.6
Sep 30, 2024 12:21:10.161839962 CEST	443	49721	142.250.185.100	192.168.2.6
Sep 30, 2024 12:21:10.161993980 CEST	49721	443	192.168.2.6	142.250.185.100
Sep 30, 2024 12:21:11.672194958 CEST	49721	443	192.168.2.6	142.250.185.100
Sep 30, 2024 12:21:11.672221899 CEST	443	49721	142.250.185.100	192.168.2.6
Sep 30, 2024 12:21:23.487835884 CEST	49731	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:23.487873077 CEST	443	49731	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:23.487938881 CEST	49731	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:23.488564968 CEST	49731	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:23.488579035 CEST	443	49731	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:24.264381886 CEST	443	49731	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:24.264463902 CEST	49731	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:24.270317078 CEST	49731	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:24.270323038 CEST	443	49731	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:24.270545959 CEST	443	49731	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:24.272579908 CEST	49731	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:24.272687912 CEST	49731	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:24.272692919 CEST	443	49731	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:24.272953987 CEST	49731	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:24.319402933 CEST	443	49731	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:24.446875095 CEST	443	49731	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:24.447124004 CEST	443	49731	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:24.447321892 CEST	49731	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:24.447503090 CEST	49731	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:24.447518110 CEST	443	49731	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:46.476219893 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:46.476259947 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:46.476603985 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:46.476918936 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:46.476933956 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.098869085 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.098941088 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:47.100709915 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:47.100719929 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.101089001 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.113500118 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:47.159413099 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.313142061 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.313169956 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.313193083 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.313235998 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:47.313250065 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.313273907 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:47.313297033 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:47.314358950 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.314393044 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.314424992 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:47.314433098 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.314460039 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.314460993 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:47.314507008 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:47.318306923 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:47.318317890 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:47.318361998 CEST	49732	443	192.168.2.6	20.12.23.50
Sep 30, 2024 12:21:47.318368912 CEST	443	49732	20.12.23.50	192.168.2.6
Sep 30, 2024 12:21:52.937213898 CEST	49733	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:52.937230110 CEST	443	49733	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:52.937309027 CEST	49733	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:52.937988043 CEST	49733	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:52.937999010 CEST	443	49733	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:53.724958897 CEST	443	49733	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:53.725039959 CEST	49733	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:53.727072954 CEST	49733	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:53.727085114 CEST	443	49733	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:53.727423906 CEST	443	49733	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:53.729366064 CEST	49733	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:53.729434013 CEST	49733	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:53.729440928 CEST	443	49733	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:53.729568958 CEST	49733	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:53.775393963 CEST	443	49733	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:53.904169083 CEST	443	49733	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:53.904360056 CEST	443	49733	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:53.904476881 CEST	49733	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:53.905742884 CEST	49733	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:21:53.905766010 CEST	443	49733	40.113.110.67	192.168.2.6
Sep 30, 2024 12:21:59.634918928 CEST	49735	443	192.168.2.6	142.250.184.228
Sep 30, 2024 12:21:59.634948015 CEST	443	49735	142.250.184.228	192.168.2.6
Sep 30, 2024 12:21:59.635023117 CEST	49735	443	192.168.2.6	142.250.184.228
Sep 30, 2024 12:21:59.635294914 CEST	49735	443	192.168.2.6	142.250.184.228
Sep 30, 2024 12:21:59.635308981 CEST	443	49735	142.250.184.228	192.168.2.6
Sep 30, 2024 12:22:00.292489052 CEST	443	49735	142.250.184.228	192.168.2.6
Sep 30, 2024 12:22:00.292809010 CEST	49735	443	192.168.2.6	142.250.184.228
Sep 30, 2024 12:22:00.292826891 CEST	443	49735	142.250.184.228	192.168.2.6
Sep 30, 2024 12:22:00.293112993 CEST	443	49735	142.250.184.228	192.168.2.6
Sep 30, 2024 12:22:00.293879032 CEST	49735	443	192.168.2.6	142.250.184.228
Sep 30, 2024 12:22:00.293936968 CEST	443	49735	142.250.184.228	192.168.2.6
Sep 30, 2024 12:22:00.341219902 CEST	49735	443	192.168.2.6	142.250.184.228
Sep 30, 2024 12:22:10.199688911 CEST	443	49735	142.250.184.228	192.168.2.6
Sep 30, 2024 12:22:10.199744940 CEST	443	49735	142.250.184.228	192.168.2.6
Sep 30, 2024 12:22:10.200004101 CEST	49735	443	192.168.2.6	142.250.184.228
Sep 30, 2024 12:22:11.675817966 CEST	49735	443	192.168.2.6	142.250.184.228
Sep 30, 2024 12:22:11.675856113 CEST	443	49735	142.250.184.228	192.168.2.6
Sep 30, 2024 12:22:24.903285980 CEST	49741	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:22:24.903340101 CEST	443	49741	40.113.110.67	192.168.2.6
Sep 30, 2024 12:22:24.903425932 CEST	49741	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:22:24.904014111 CEST	49741	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:22:24.904027939 CEST	443	49741	40.113.110.67	192.168.2.6
Sep 30, 2024 12:22:25.844974041 CEST	443	49741	40.113.110.67	192.168.2.6
Sep 30, 2024 12:22:25.845061064 CEST	49741	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:22:25.847625971 CEST	49741	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:22:25.847632885 CEST	443	49741	40.113.110.67	192.168.2.6
Sep 30, 2024 12:22:25.847855091 CEST	443	49741	40.113.110.67	192.168.2.6
Sep 30, 2024 12:22:25.853266001 CEST	49741	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:22:25.853466988 CEST	49741	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:22:25.853472948 CEST	443	49741	40.113.110.67	192.168.2.6
Sep 30, 2024 12:22:25.853655100 CEST	49741	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:22:25.895410061 CEST	443	49741	40.113.110.67	192.168.2.6
Sep 30, 2024 12:22:26.027997971 CEST	443	49741	40.113.110.67	192.168.2.6
Sep 30, 2024 12:22:26.028110981 CEST	443	49741	40.113.110.67	192.168.2.6
Sep 30, 2024 12:22:26.028181076 CEST	49741	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:22:26.028350115 CEST	49741	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:22:26.028362036 CEST	443	49741	40.113.110.67	192.168.2.6
Sep 30, 2024 12:22:28.121624947 CEST	49703	80	192.168.2.6	93.184.221.240
Sep 30, 2024 12:22:28.127063036 CEST	80	49703	93.184.221.240	192.168.2.6
Sep 30, 2024 12:22:28.127115965 CEST	49703	80	192.168.2.6	93.184.221.240
Sep 30, 2024 12:22:28.494191885 CEST	49744	443	192.168.2.6	23.41.168.139
Sep 30, 2024 12:22:28.494223118 CEST	443	49744	23.41.168.139	192.168.2.6
Sep 30, 2024 12:22:28.494288921 CEST	49744	443	192.168.2.6	23.41.168.139
Sep 30, 2024 12:22:28.494483948 CEST	49744	443	192.168.2.6	23.41.168.139
Sep 30, 2024 12:22:28.494493961 CEST	443	49744	23.41.168.139	192.168.2.6
Sep 30, 2024 12:22:29.049130917 CEST	443	49744	23.41.168.139	192.168.2.6
Sep 30, 2024 12:22:29.049464941 CEST	49744	443	192.168.2.6	23.41.168.139
Sep 30, 2024 12:22:29.049487114 CEST	443	49744	23.41.168.139	192.168.2.6
Sep 30, 2024 12:22:29.050510883 CEST	443	49744	23.41.168.139	192.168.2.6
Sep 30, 2024 12:22:29.050874949 CEST	49744	443	192.168.2.6	23.41.168.139
Sep 30, 2024 12:22:29.056632996 CEST	49744	443	192.168.2.6	23.41.168.139
Sep 30, 2024 12:22:29.056632996 CEST	49744	443	192.168.2.6	23.41.168.139
Sep 30, 2024 12:22:29.056663036 CEST	443	49744	23.41.168.139	192.168.2.6
Sep 30, 2024 12:22:29.056763887 CEST	443	49744	23.41.168.139	192.168.2.6
Sep 30, 2024 12:22:29.111136913 CEST	49744	443	192.168.2.6	23.41.168.139
Sep 30, 2024 12:22:29.111152887 CEST	443	49744	23.41.168.139	192.168.2.6
Sep 30, 2024 12:22:29.153855085 CEST	443	49744	23.41.168.139	192.168.2.6
Sep 30, 2024 12:22:29.153928995 CEST	49744	443	192.168.2.6	23.41.168.139
Sep 30, 2024 12:22:29.155406952 CEST	49744	443	192.168.2.6	23.41.168.139
Sep 30, 2024 12:22:29.155421972 CEST	443	49744	23.41.168.139	192.168.2.6
Sep 30, 2024 12:22:41.295840979 CEST	49748	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:41.295888901 CEST	443	49748	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:41.296118021 CEST	49748	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:41.300406933 CEST	49748	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:41.300431013 CEST	443	49748	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:41.970967054 CEST	443	49748	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:41.981888056 CEST	49748	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:41.981899977 CEST	443	49748	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:41.983112097 CEST	443	49748	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:41.983174086 CEST	49748	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:41.991358995 CEST	49748	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:41.991435051 CEST	443	49748	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:41.991445065 CEST	49748	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:41.991588116 CEST	49748	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:41.991599083 CEST	443	49748	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:41.991650105 CEST	443	49748	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:41.991719007 CEST	49748	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:42.015070915 CEST	49749	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:42.015120983 CEST	443	49749	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:42.015237093 CEST	49749	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:42.020638943 CEST	49749	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:42.020657063 CEST	443	49749	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:42.686878920 CEST	443	49749	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:42.687140942 CEST	49749	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:42.687161922 CEST	443	49749	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:42.688030005 CEST	443	49749	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:42.688086033 CEST	49749	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:42.793957949 CEST	49749	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:42.794147968 CEST	443	49749	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:42.794188023 CEST	49749	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:42.839396954 CEST	443	49749	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:42.841902971 CEST	49749	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:42.841908932 CEST	443	49749	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:42.890985966 CEST	443	49749	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:42.891037941 CEST	49749	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:43.317013025 CEST	49749	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:43.317034960 CEST	443	49749	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:43.512789011 CEST	49750	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:43.512831926 CEST	443	49750	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:43.512897015 CEST	49750	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:43.515667915 CEST	49750	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:43.515682936 CEST	443	49750	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:44.189851999 CEST	443	49750	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:44.190181017 CEST	49750	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:44.190202951 CEST	443	49750	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:44.191072941 CEST	443	49750	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:44.191142082 CEST	49750	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:44.565711975 CEST	49750	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:44.565758944 CEST	49750	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:44.565836906 CEST	49750	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:44.565956116 CEST	443	49750	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:44.566030025 CEST	49750	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:44.566243887 CEST	49752	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:44.566291094 CEST	443	49752	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:44.566555977 CEST	49752	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:44.566943884 CEST	49752	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:44.566961050 CEST	443	49752	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:45.205108881 CEST	49753	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:22:45.205146074 CEST	443	49753	142.250.184.196	192.168.2.6
Sep 30, 2024 12:22:45.205292940 CEST	49753	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:22:45.205945015 CEST	49753	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:22:45.205960035 CEST	443	49753	142.250.184.196	192.168.2.6
Sep 30, 2024 12:22:45.226238966 CEST	443	49752	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:45.226778030 CEST	49752	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:45.226792097 CEST	443	49752	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:45.227246046 CEST	443	49752	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:45.227754116 CEST	49752	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:45.227830887 CEST	443	49752	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:45.228125095 CEST	49752	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:45.275403976 CEST	443	49752	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:45.338215113 CEST	443	49752	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:45.338289022 CEST	443	49752	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:45.338520050 CEST	49752	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:45.758181095 CEST	49752	443	192.168.2.6	188.114.96.3
Sep 30, 2024 12:22:45.758229971 CEST	443	49752	188.114.96.3	192.168.2.6
Sep 30, 2024 12:22:46.057889938 CEST	443	49753	142.250.184.196	192.168.2.6
Sep 30, 2024 12:22:46.058146000 CEST	49753	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:22:46.058166981 CEST	443	49753	142.250.184.196	192.168.2.6
Sep 30, 2024 12:22:46.059828043 CEST	443	49753	142.250.184.196	192.168.2.6
Sep 30, 2024 12:22:46.059890985 CEST	49753	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:22:46.225392103 CEST	49753	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:22:46.225749016 CEST	443	49753	142.250.184.196	192.168.2.6
Sep 30, 2024 12:22:46.355772018 CEST	49753	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:22:46.355798960 CEST	443	49753	142.250.184.196	192.168.2.6
Sep 30, 2024 12:22:46.465142965 CEST	49753	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:22:55.955805063 CEST	443	49753	142.250.184.196	192.168.2.6
Sep 30, 2024 12:22:55.956020117 CEST	443	49753	142.250.184.196	192.168.2.6
Sep 30, 2024 12:22:55.956078053 CEST	49753	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:22:57.842921972 CEST	49753	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:22:57.842950106 CEST	443	49753	142.250.184.196	192.168.2.6
Sep 30, 2024 12:23:01.645025969 CEST	49764	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:23:01.645071983 CEST	443	49764	40.113.110.67	192.168.2.6
Sep 30, 2024 12:23:01.645296097 CEST	49764	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:23:01.646454096 CEST	49764	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:23:01.646470070 CEST	443	49764	40.113.110.67	192.168.2.6
Sep 30, 2024 12:23:02.469465017 CEST	443	49764	40.113.110.67	192.168.2.6
Sep 30, 2024 12:23:02.469577074 CEST	49764	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:23:02.479263067 CEST	49764	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:23:02.479301929 CEST	443	49764	40.113.110.67	192.168.2.6
Sep 30, 2024 12:23:02.479631901 CEST	443	49764	40.113.110.67	192.168.2.6
Sep 30, 2024 12:23:02.504270077 CEST	49764	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:23:02.504398108 CEST	49764	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:23:02.504412889 CEST	443	49764	40.113.110.67	192.168.2.6
Sep 30, 2024 12:23:02.504801035 CEST	49764	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:23:02.547410011 CEST	443	49764	40.113.110.67	192.168.2.6
Sep 30, 2024 12:23:02.681767941 CEST	443	49764	40.113.110.67	192.168.2.6
Sep 30, 2024 12:23:02.681989908 CEST	443	49764	40.113.110.67	192.168.2.6
Sep 30, 2024 12:23:02.682065964 CEST	49764	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:23:02.683397055 CEST	49764	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:23:02.683414936 CEST	443	49764	40.113.110.67	192.168.2.6
Sep 30, 2024 12:23:04.691462040 CEST	50238	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:23:04.696331978 CEST	53	50238	1.1.1.1	192.168.2.6
Sep 30, 2024 12:23:04.696496964 CEST	50238	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:23:04.696538925 CEST	50238	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:23:04.701623917 CEST	53	50238	1.1.1.1	192.168.2.6
Sep 30, 2024 12:23:05.158979893 CEST	53	50238	1.1.1.1	192.168.2.6
Sep 30, 2024 12:23:05.159786940 CEST	50238	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:23:05.164923906 CEST	53	50238	1.1.1.1	192.168.2.6
Sep 30, 2024 12:23:05.165028095 CEST	50238	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:23:45.257337093 CEST	50242	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:23:45.257447958 CEST	443	50242	142.250.184.196	192.168.2.6
Sep 30, 2024 12:23:45.257616997 CEST	50242	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:23:45.258285046 CEST	50242	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:23:45.258325100 CEST	443	50242	142.250.184.196	192.168.2.6
Sep 30, 2024 12:23:46.105638027 CEST	443	50242	142.250.184.196	192.168.2.6
Sep 30, 2024 12:23:46.106138945 CEST	50242	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:23:46.106177092 CEST	443	50242	142.250.184.196	192.168.2.6
Sep 30, 2024 12:23:46.106544018 CEST	443	50242	142.250.184.196	192.168.2.6
Sep 30, 2024 12:23:46.106928110 CEST	50242	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:23:46.107017040 CEST	443	50242	142.250.184.196	192.168.2.6
Sep 30, 2024 12:23:46.152920008 CEST	50242	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:23:56.009233952 CEST	443	50242	142.250.184.196	192.168.2.6
Sep 30, 2024 12:23:56.009347916 CEST	443	50242	142.250.184.196	192.168.2.6
Sep 30, 2024 12:23:56.009474039 CEST	50242	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:23:57.845118999 CEST	50242	443	192.168.2.6	142.250.184.196
Sep 30, 2024 12:23:57.845161915 CEST	443	50242	142.250.184.196	192.168.2.6
Sep 30, 2024 12:24:19.640194893 CEST	50244	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:24:19.640249968 CEST	443	50244	40.113.110.67	192.168.2.6
Sep 30, 2024 12:24:19.640315056 CEST	50244	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:24:19.641268015 CEST	50244	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:24:19.641283035 CEST	443	50244	40.113.110.67	192.168.2.6
Sep 30, 2024 12:24:20.420613050 CEST	443	50244	40.113.110.67	192.168.2.6
Sep 30, 2024 12:24:20.420757055 CEST	50244	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:24:20.427297115 CEST	50244	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:24:20.427305937 CEST	443	50244	40.113.110.67	192.168.2.6
Sep 30, 2024 12:24:20.427629948 CEST	443	50244	40.113.110.67	192.168.2.6
Sep 30, 2024 12:24:20.431067944 CEST	50244	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:24:20.431627989 CEST	50244	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:24:20.431627989 CEST	50244	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:24:20.431633949 CEST	443	50244	40.113.110.67	192.168.2.6
Sep 30, 2024 12:24:20.475394011 CEST	443	50244	40.113.110.67	192.168.2.6
Sep 30, 2024 12:24:20.605879068 CEST	443	50244	40.113.110.67	192.168.2.6
Sep 30, 2024 12:24:20.606023073 CEST	443	50244	40.113.110.67	192.168.2.6
Sep 30, 2024 12:24:20.606153011 CEST	50244	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:24:20.607984066 CEST	50244	443	192.168.2.6	40.113.110.67
Sep 30, 2024 12:24:20.608011961 CEST	443	50244	40.113.110.67	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 30, 2024 12:20:55.418095112 CEST	53	60794	1.1.1.1	192.168.2.6
Sep 30, 2024 12:20:55.420134068 CEST	53	62860	1.1.1.1	192.168.2.6
Sep 30, 2024 12:20:56.453896999 CEST	53	55426	1.1.1.1	192.168.2.6
Sep 30, 2024 12:20:56.988497019 CEST	50948	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:20:56.988636971 CEST	50180	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:20:56.997014046 CEST	53	50180	1.1.1.1	192.168.2.6
Sep 30, 2024 12:20:57.000144958 CEST	53	50948	1.1.1.1	192.168.2.6
Sep 30, 2024 12:20:59.566039085 CEST	54022	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:20:59.566418886 CEST	56036	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:20:59.572526932 CEST	53	54022	1.1.1.1	192.168.2.6
Sep 30, 2024 12:20:59.573018074 CEST	53	56036	1.1.1.1	192.168.2.6
Sep 30, 2024 12:21:13.782927036 CEST	53	54051	1.1.1.1	192.168.2.6
Sep 30, 2024 12:21:32.676369905 CEST	53	59448	1.1.1.1	192.168.2.6
Sep 30, 2024 12:21:54.915822029 CEST	53	49668	1.1.1.1	192.168.2.6
Sep 30, 2024 12:21:55.004705906 CEST	53	54638	1.1.1.1	192.168.2.6
Sep 30, 2024 12:21:59.621963024 CEST	50480	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:21:59.622102976 CEST	49430	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:21:59.628781080 CEST	53	50480	1.1.1.1	192.168.2.6
Sep 30, 2024 12:21:59.634047985 CEST	53	49430	1.1.1.1	192.168.2.6
Sep 30, 2024 12:22:28.083308935 CEST	56908	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:22:41.229899883 CEST	55941	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:22:41.230036974 CEST	55884	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:22:41.237099886 CEST	53	51682	1.1.1.1	192.168.2.6
Sep 30, 2024 12:22:41.241586924 CEST	53	57846	1.1.1.1	192.168.2.6
Sep 30, 2024 12:22:41.247061968 CEST	53	55941	1.1.1.1	192.168.2.6
Sep 30, 2024 12:22:41.292917013 CEST	53	55884	1.1.1.1	192.168.2.6
Sep 30, 2024 12:22:43.319740057 CEST	53	59460	1.1.1.1	192.168.2.6
Sep 30, 2024 12:22:45.189841032 CEST	58483	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:22:45.190437078 CEST	63445	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:22:45.197393894 CEST	53	58483	1.1.1.1	192.168.2.6
Sep 30, 2024 12:22:45.197760105 CEST	53	63445	1.1.1.1	192.168.2.6
Sep 30, 2024 12:22:48.254553080 CEST	53	54290	1.1.1.1	192.168.2.6
Sep 30, 2024 12:22:58.395508051 CEST	55461	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:23:00.654207945 CEST	53	61929	1.1.1.1	192.168.2.6
Sep 30, 2024 12:23:04.691030025 CEST	53	50102	1.1.1.1	192.168.2.6
Sep 30, 2024 12:23:10.200223923 CEST	53	60723	1.1.1.1	192.168.2.6
Sep 30, 2024 12:23:41.047288895 CEST	53	50237	1.1.1.1	192.168.2.6
Sep 30, 2024 12:24:02.028537989 CEST	58484	53	192.168.2.6	1.1.1.1
Sep 30, 2024 12:24:31.091474056 CEST	138	138	192.168.2.6	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 30, 2024 12:20:56.988497019 CEST	192.168.2.6	1.1.1.1	0x6a98	Standard query (0)	content.app-us1.com	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:20:56.988636971 CEST	192.168.2.6	1.1.1.1	0x5136	Standard query (0)	content.app-us1.com	65	IN (0x0001)	false
Sep 30, 2024 12:20:59.566039085 CEST	192.168.2.6	1.1.1.1	0x855	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:20:59.566418886 CEST	192.168.2.6	1.1.1.1	0x4c18	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 30, 2024 12:21:59.621963024 CEST	192.168.2.6	1.1.1.1	0xcb85	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:21:59.622102976 CEST	192.168.2.6	1.1.1.1	0xab7	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 30, 2024 12:22:28.083308935 CEST	192.168.2.6	1.1.1.1	0x9fe4	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:22:41.229899883 CEST	192.168.2.6	1.1.1.1	0xabde	Standard query (0)	ebvq.prenticeu.com	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:22:41.230036974 CEST	192.168.2.6	1.1.1.1	0x59e6	Standard query (0)	ebvq.prenticeu.com	65	IN (0x0001)	false
Sep 30, 2024 12:22:45.189841032 CEST	192.168.2.6	1.1.1.1	0x2b83	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:22:45.190437078 CEST	192.168.2.6	1.1.1.1	0xd653	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 30, 2024 12:22:58.395508051 CEST	192.168.2.6	1.1.1.1	0x3912	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:24:02.028537989 CEST	192.168.2.6	1.1.1.1	0x3811	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 30, 2024 12:20:56.997014046 CEST	1.1.1.1	192.168.2.6	0x5136	No error (0)	content.app-us1.com			65	IN (0x0001)	false
Sep 30, 2024 12:20:57.000144958 CEST	1.1.1.1	192.168.2.6	0x6a98	No error (0)	content.app-us1.com		104.17.31.174	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:20:57.000144958 CEST	1.1.1.1	192.168.2.6	0x6a98	No error (0)	content.app-us1.com		104.18.128.216	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:20:59.572526932 CEST	1.1.1.1	192.168.2.6	0x855	No error (0)	www.google.com		142.250.185.100	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:20:59.573018074 CEST	1.1.1.1	192.168.2.6	0x4c18	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 30, 2024 12:21:59.628781080 CEST	1.1.1.1	192.168.2.6	0xcb85	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:21:59.634047985 CEST	1.1.1.1	192.168.2.6	0xab7	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 30, 2024 12:22:28.092407942 CEST	1.1.1.1	192.168.2.6	0x9fe4	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 30, 2024 12:22:41.247061968 CEST	1.1.1.1	192.168.2.6	0xabde	No error (0)	ebvq.prenticeu.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:22:41.247061968 CEST	1.1.1.1	192.168.2.6	0xabde	No error (0)	ebvq.prenticeu.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:22:41.292917013 CEST	1.1.1.1	192.168.2.6	0x59e6	No error (0)	ebvq.prenticeu.com			65	IN (0x0001)	false
Sep 30, 2024 12:22:45.197393894 CEST	1.1.1.1	192.168.2.6	0x2b83	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Sep 30, 2024 12:22:45.197760105 CEST	1.1.1.1	192.168.2.6	0xd653	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 30, 2024 12:22:58.403105021 CEST	1.1.1.1	192.168.2.6	0x3912	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 30, 2024 12:24:02.037533045 CEST	1.1.1.1	192.168.2.6	0x3811	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

content.app-us1.com

https:

ebvq.prenticeu.com

fs.microsoft.com

slscr.update.microsoft.com

armmf.adobe.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49709	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:20:55 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 55 4e 64 6f 53 49 30 53 73 55 53 7a 72 41 77 41 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 30 33 66 32 37 38 61 38 30 36 39 64 31 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: UNdoSI0SsUSzrAwA.1Context: 1a03f278a8069d1e
2024-09-30 10:20:55 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-30 10:20:55 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 55 4e 64 6f 53 49 30 53 73 55 53 7a 72 41 77 41 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 30 33 66 32 37 38 61 38 30 36 39 64 31 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 7a 55 45 6b 33 4e 66 59 68 39 44 37 4a 45 5a 56 62 6c 51 70 7a 62 55 68 49 35 31 6e 4c 71 31 6c 79 78 73 49 65 70 6c 50 58 6f 72 4f 79 52 49 56 48 6e 75 53 2b 51 69 6e 32 63 6a 51 38 47 78 6c 52 66 65 2f 66 72 53 38 6e 4e 35 33 45 6b 50 56 49 67 5a 54 76 4c 63 7a 43 74 4b 2f 74 4b 78 6b 4e 6c 45 66 39 33 48 61 4b 43 39 4b Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: UNdoSI0SsUSzrAwA.2Context: 1a03f278a8069d1e<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXzUEk3NfYh9D7JEZVblQpzbUhI51nLq1lyxsIeplPXorOyRIVHnuS+Qin2cjQ8GxlRfe/frS8nN53EkPVIgZTvLczCtK/tKxkNlEf93HaKC9K
2024-09-30 10:20:55 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 55 4e 64 6f 53 49 30 53 73 55 53 7a 72 41 77 41 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 30 33 66 32 37 38 61 38 30 36 39 64 31 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: UNdoSI0SsUSzrAwA.3Context: 1a03f278a8069d1e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-30 10:20:55 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-30 10:20:55 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 4d 49 4e 77 37 57 61 77 45 4f 55 47 64 78 53 42 70 42 6a 31 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: XMINw7WawEOUGdxSBpBj1w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49716	104.17.31.174	443	416	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:20:57 UTC	720	OUT	GET /5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf HTTP/1.1 Host: content.app-us1.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 10:20:57 UTC	511	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 10:20:57 GMT Content-Type: application/pdf Content-Length: 41410 Connection: close last-modified: Mon, 30 Sep 2024 07:18:06 GMT etag: "8929d24bcd3fa597e0c8e24fdb811177" x-envoy-upstream-service-time: 17 Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 5350 Expires: Tue, 30 Sep 2025 10:20:57 GMT Accept-Ranges: bytes Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Server: cloudflare CF-RAY: 8cb37bbbb86a72bc-EWR
2024-09-30 10:20:57 UTC	858	IN	Data Raw: 25 50 44 46 2d 31 2e 37 0a 25 c2 b3 c7 d8 0d 0a 33 20 30 20 6f 62 6a 0d 3c 3c 2f 41 75 74 68 6f 72 20 28 29 20 2f 43 6f 6d 6d 65 6e 74 73 20 28 29 20 2f 43 6f 6d 70 61 6e 79 20 28 29 20 2f 43 72 65 61 74 69 6f 6e 44 61 74 65 20 28 44 3a 32 30 32 34 30 39 33 30 30 38 35 37 35 32 2b 30 32 27 30 30 27 29 20 2f 43 72 65 61 74 6f 72 20 28 57 50 53 20 57 72 69 74 65 72 29 20 2f 4b 65 79 77 6f 72 64 73 20 28 29 20 2f 4d 6f 64 44 61 74 65 20 28 44 3a 32 30 32 34 30 39 33 30 30 38 35 37 35 32 2b 30 32 27 30 30 27 29 20 2f 50 72 6f 64 75 63 65 72 20 28 29 20 2f 53 6f 75 72 63 65 4d 6f 64 69 66 69 65 64 20 28 44 3a 32 30 32 34 30 39 33 30 30 38 35 37 35 32 2b 30 32 27 30 30 27 29 20 2f 53 75 62 6a 65 63 74 20 28 29 20 2f 54 69 74 6c 65 20 28 29 20 2f 54 72 61 70 70 Data Ascii: %PDF-1.7%3 0 obj<</Author () /Comments () /Company () /CreationDate (D:20240930085752+02'00') /Creator (WPS Writer) /Keywords () /ModDate (D:20240930085752+02'00') /Producer () /SourceModified (D:20240930085752+02'00') /Subject () /Title () /Trapp
2024-09-30 10:20:57 UTC	1369	IN	Data Raw: 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 f7 fa 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 2b 8f d5 be 24 68 da 3e a3 25 8d cc 17 ad 2c 7d 4c 68 84 7e ac 2a 97 fc 2d bf 0f ff 00 cf b6 a1 ff 00 7e d3 ff 00 8b ab f6 72 7d 0e d8 e5 d8 a9 Data Ascii: w!1AQaq"2B#3Rbr$4%&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?((((+$h>%,}Lh~-~r}
2024-09-30 10:20:57 UTC	1369	IN	Data Raw: 78 47 4d ff 00 ae 2b fc ab e4 4d 74 ea 43 53 92 0d 5c b1 bd b7 22 27 df d7 8e 2b ea 18 f5 4b 8d 1f e1 64 57 96 b1 34 b7 09 6a 3c b5 51 92 4e 28 03 a2 d4 bc 49 a3 e9 07 17 da 84 10 b7 f7 4b 8c fe 55 52 cf c6 fe 1c be 90 47 6f ab 5b b3 1e c5 f1 fc eb e6 cd 0b c1 7e 25 f1 ef 88 65 fb 70 b9 8b 77 cf 24 d3 83 81 ec 33 57 3c 73 f0 aa 7f 04 69 89 a8 ae a1 e6 a1 70 a4 0f 95 81 f6 a0 0f a9 51 d6 45 0c 8c 19 4f 42 0e 41 af 94 be 2e 00 7e 25 5e 7d 47 f3 af 4c f8 0f e2 3b ed 4b 4b bc d3 af 26 79 85 bb 0f 2d 9c e4 81 e9 fa d7 9a 7c 5b ff 00 92 95 7b f5 1f ce 80 3e 97 f0 97 fc 89 9a 17 fd 83 ed ff 00 f4 5a d6 c5 63 f8 4b fe 44 cd 0b fe c1 f6 ff 00 fa 2d 6b 62 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 0d 14 50 07 9f 6b 9f Data Ascii: xGM+MtCS\"'+KdW4j<QN(IKURGo[~%epw$3W<sipQEOBA.~%^}GL;KK&y-\|[{>ZcKD-kb(((((((Pk
2024-09-30 10:20:57 UTC	1369	IN	Data Raw: 27 03 24 f0 2a 1b 9b db 6b 53 fb f9 e3 8c e3 38 66 00 e2 bc ff 00 c6 7f 10 ed 6d ed 64 b1 d2 e4 f3 67 70 55 a4 1d 14 55 46 2e 4f 43 a7 0d 84 ab 88 9a 85 34 70 de 22 98 6a be 3e 7f 20 ee cc a1 46 3d 85 76 ff 00 14 a4 10 f8 5e ce 02 7e 72 dd 3f 01 5c ff 00 c3 5f 0e 4d a8 6a df da f7 2a 44 31 12 54 b7 f1 37 f9 cd 45 f1 37 59 5d 53 5c 8e c2 dc ee 4b 7f 94 e3 bb 1e 2b a5 eb 35 15 d0 fa 87 15 3c 75 2a 30 d5 53 5a b3 ac f8 4d 19 5f 0f 4a e7 a3 48 71 f9 d7 5d e2 09 6e 2d f4 2b b9 ad 5b 6c c9 1e 54 fb d6 7f 82 74 c3 a5 f8 5e d2 16 5c 3b 2e f6 fc 6b 7a e6 15 b8 b7 92 17 19 0e b8 35 cf 27 ef dc f9 cc 65 68 cf 19 2a 9d 2e 79 8f c3 ef 16 6a 7a ae bb 25 a6 a1 70 24 52 bf 28 c0 1c f3 50 78 db c5 3a e6 89 e2 76 82 1b 8d 96 d8 0c 06 07 4e f5 ca c3 24 be 13 f1 b1 2e 0a 88 Data Ascii: '$kS8fmdgpUUF.OC4p"j> F=v^~r?\_MjD1T7E7Y]S\K+5<u0SZM_JHq]n-+[lTt^\;.kz5'eh.yjz%p$R(Px:vN$.
2024-09-30 10:20:57 UTC	1369	IN	Data Raw: af f8 d7 5b e0 4f 18 de 78 9e e6 e6 3b 98 52 31 18 c8 db 9f 6a 9a 9c fc ba 9c f9 84 b3 07 86 97 b6 8c 54 7a d8 e4 35 bd 7a 3f 0f 7c 65 96 ee 4b 79 a7 06 dc 0d b0 a6 e3 d5 a9 be 3a f8 8b 0e b7 e1 d9 34 c4 d2 6e a1 5b 92 11 a7 b8 8b 6a c6 0f 19 cf e3 56 35 1d 5b 4f d1 be 35 cb 71 a9 ca b1 40 6d 80 dc c8 48 ce 5b da b6 bc 57 e3 df 08 dc 78 72 f2 da 06 8e f2 69 a3 64 8e 28 e2 39 2c 46 07 6a e6 3e 54 66 a1 af b7 83 3c 01 a4 d9 69 12 a5 e5 f5 c8 58 ad d8 9c 82 48 27 3d fd 2a b6 a3 a6 f8 df c3 fa 49 d7 46 b5 f6 a9 62 02 49 ad 59 06 dd bd c0 fc 3d ab 96 9f 46 d4 f4 4f 05 78 6f 56 bc 8a 47 5b 3b a3 2c 91 f5 28 84 b1 1f cc 57 7f e2 af 1d e8 92 78 36 e3 ec 77 69 3d c5 cc 5e 5c 50 a0 25 89 3c 74 fc 68 03 9d f1 be ba 9e 24 f0 57 87 75 48 d7 6f 9d 77 11 65 f4 6c 8c 8a Data Ascii: [Ox;R1jTz5z?\|eKy:4n[jV5[O5q@mH[Wxrid(9,Fj>Tf<iXH'=*IFbIY=FOxoVG[;,(Wx6wi=^\P%<th$WuHowel
2024-09-30 10:20:57 UTC	1369	IN	Data Raw: ca 1d 73 82 3b d3 5f 4b b2 7b c8 ee da da 33 71 12 ed 49 0a f2 a3 d8 d5 ca 28 03 cb 75 bb 9d 4e 2f 10 5c c3 af f8 52 6d 67 4f ce 6d 26 b5 b4 69 8a 8f 43 b4 1a 5f 09 e8 97 ba 9f 8d 0e bd 36 8f 26 93 a7 db 43 e5 5b 5b cb 11 8d 8f 6c 95 20 7a 0a f5 1a 28 03 1a f3 c2 9a 1d f4 52 c7 73 a6 5b c8 b2 36 e7 ca 0e 4f ad 4f a5 e8 9a 6e 87 6c d0 e9 b6 51 5b a7 52 23 5c 66 b4 a8 a0 0f 2a f1 25 be ad e3 9f 12 d9 69 52 68 97 76 ba 6d 95 c7 9b 2d cc f1 32 a4 9b 48 c6 d2 46 0f 43 5e 8f 7b 0d c4 7a 4c 91 69 fb 56 74 8f 6c 59 1c 64 74 ab d4 50 07 8e c7 7f 70 04 8f ab 78 02 f2 e3 5a 4c 81 71 0e 9e ed 1b b7 66 dc 17 15 bf e0 df 0f 6b 7a 47 86 b5 3b b6 45 87 56 be 67 99 62 61 c2 13 92 01 1f 8d 7a 1d 14 01 e3 b1 6a 33 aa 34 9a 9f c3 eb d9 b5 b4 24 79 f0 e9 ee 63 73 d8 ee 0b 8a Data Ascii: s;_K{3qI(uN/\RmgOm&iC_6&C[[l z(Rs[6OOnlQ[R#\f*%iRhvm-2HFC^{zLiVtlYdtPpxZLqfkzG;EVgbazj34$ycs
2024-09-30 10:20:57 UTC	1369	IN	Data Raw: 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 f7 da 31 55 ae 6e 60 b4 b6 79 ae 64 48 a2 51 96 77 6c 05 f7 3e 95 9e 7c 57 a0 7f d0 66 c3 ff 00 02 13 fc 69 39 25 b9 51 a7 29 ab c5 5c d9 cd 2e 6b 17 fe 12 bd 03 fe 83 36 1f f8 10 bf e3 49 ff 00 09 5e 81 ff 00 41 9b 0f fb fe bf e3 4b 9e 3d ca f6 15 7f 95 fd cc db a2 b1 3f e1 2b f0 f7 fd 06 Data Ascii: 2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?1Un`ydHQwl>\|Wfi9%Q)\.k6I^AK=?+
2024-09-30 10:20:57 UTC	1369	IN	Data Raw: 07 37 e3 9f f9 12 b5 6f fa f7 6a f9 a1 0f ce f5 f4 b7 8e bf e4 49 d5 ff 00 eb dd ab e6 55 6f bf f5 af 37 1a bd e4 7d af 0b 4a d4 a7 ea 48 5e 82 f5 19 6a 69 6a e1 48 fa b7 50 93 75 6a f8 68 e7 c4 fa 6f fd 7c c3 ff 00 a1 ad 62 96 ad 6f 0d 1c f8 a3 4b ff 00 af a8 7f f4 25 ad 20 bd e4 71 e2 ea 5e 8c 97 93 3d c7 e2 97 fc 88 57 5b 7a ef 4f fd 0a b8 bf 83 62 f3 fb 6a f9 88 73 6b e4 05 24 fd dd f9 18 af 5b d4 af 2c 6c 6c 4c ba 94 b0 c7 6c b8 0c d3 63 6e 4f 03 af bd 73 f7 5e 3e f0 a6 97 6a cd 1e a1 6a f8 e4 45 6c 03 31 fc 05 7a 92 84 79 d4 db d8 f8 2c 3e 2a a3 c1 cb 0d 0a 77 e6 7b 9c 5f c6 b6 41 a8 69 3f df d8 d9 fa 64 57 a0 78 9b fe 49 f6 a3 ff 00 5e 07 ff 00 40 af 02 f1 6f 89 66 f1 46 ba da 83 26 c8 97 09 0a 77 45 c9 c6 7d cf 53 5e fb e2 5f f9 27 9a 8f fd 83 db Data Ascii: 7ojIUo7}JH^jijHPujho\|boK% q^=W[zObjsk$[,llLlcnOs^>jjEl1zy,>*w{_Ai?dWxI^@ofF&wE}S^_'
2024-09-30 10:20:57 UTC	1369	IN	Data Raw: fb ed 7f c6 8f f8 56 fe 34 ff 00 a0 2c ff 00 f7 da ff 00 8d 7d 53 c5 04 56 7f 57 89 d0 f3 8a e7 ca 7f f0 ad bc 67 ff 00 40 2b 8f fb ed 3f f8 aa 69 f8 69 e3 5f fa 01 5c 7f df 49 ff 00 c5 57 d5 dc 51 8a af 61 11 3c da bb e8 7c 97 37 c3 ff 00 17 c1 22 c7 26 8d 3a 97 fb aa 5d 7f c6 9b ff 00 0a fb c6 1f f4 09 9b fe fe 27 ff 00 15 5f 52 ea 7f f1 f3 63 ff 00 5d 8f fe 80 d4 fc 53 f6 11 27 fb 4e b1 f2 bf fc 2b df 18 7f d0 26 7f fb f8 9f fc 55 27 fc 2b df 17 7f d0 22 6f fb fa 9f fc 55 7d 4f 49 8a 3d 8c 45 fd a7 57 b1 f2 cf fc 2b df 17 7f d0 26 6f fb f8 9f fc 55 27 fc 2b ef 17 7f d0 22 6f fb f8 9f fc 55 7d 4d 8a 4c 51 ec 62 2f ed 2a bd 8f 96 ff 00 e1 5f 78 bb fe 81 33 7f df c4 ff 00 e2 a9 3f e1 5f 78 bb fe 81 33 7f df c4 ff 00 e2 ab ea 5c 52 51 ec 62 1f da 35 7b 1f Data Ascii: V4,}SVWg@+?ii_\IWQa<\|7"&:]'_Rc]S'N+&U'+"oU}OI=EW+&oU'+"oU}MLQb/*_x3?_x3\RQb5{
2024-09-30 10:20:57 UTC	1369	IN	Data Raw: 15 ce 78 9f 51 97 c5 7e 2e 16 f6 df 34 61 c4 10 8e dd 79 6f c6 bd 8b 4a d3 e1 d2 b4 db 7b 18 be e4 31 85 ff 00 78 fb fb 9a e0 a7 fb ea ee 7d 22 7d 1e 25 7d 43 2e 8d 0f b7 53 57 e8 73 fe 38 f0 da eb da 53 3c 0b fe 9b 00 2d 1f fb 43 fb 9f 8f 6a e0 7c 0f e2 5f ec 0d 40 d8 de b3 0b 29 9f 6b ee ff 00 96 2c 38 dd fe 35 ed 55 e7 3e 3c f0 57 da 37 ea fa 6c 7f be 1c cf 12 af df ff 00 69 7f a8 a7 88 a3 28 c9 55 a7 ba 23 2a c6 d2 9d 27 82 c4 fc 32 d9 f6 67 a0 8f 9f e6 5e 41 f9 83 2d 2e 2b ca fc 13 e3 73 60 53 4c d5 1b f7 03 88 e6 3f f2 cf d9 bd ab d4 d1 d2 48 95 d1 94 86 1b 83 2f 35 d3 46 b4 6a c6 f1 3c cc 7e 02 ae 0e a7 2c f6 e8 fb 86 29 b8 a7 e2 96 b5 38 88 a9 31 52 62 9b 8a 04 37 14 94 ea 4c 50 31 b8 a7 e8 9f f2 0c 1f f5 d2 4f fd 08 d2 62 97 44 ff 00 90 60 ff 00 Data Ascii: xQ~.4ayoJ{1x}"}%}C.SWs8S<-Cj\|_@)k,85U><W7li(U#*'2g^A-.+s`SL?H/5Fj<~,)81Rb7LP1ObD`

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49715	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:20:57 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6c 6c 35 53 65 4c 2b 32 7a 30 61 55 61 4c 4b 5a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 65 35 62 65 32 37 31 32 31 66 33 38 39 35 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ll5SeL+2z0aUaLKZ.1Context: 9e5be27121f38958
2024-09-30 10:20:57 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-30 10:20:57 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6c 6c 35 53 65 4c 2b 32 7a 30 61 55 61 4c 4b 5a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 65 35 62 65 32 37 31 32 31 66 33 38 39 35 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 4e 4b 38 62 75 69 73 34 46 69 56 42 76 50 64 4e 59 78 6f 49 58 2b 2f 42 57 6e 67 39 7a 78 38 52 51 33 56 74 37 75 54 62 52 2b 36 31 4a 38 34 54 72 6d 55 57 49 79 59 53 6d 42 37 4b 52 62 45 75 6e 59 77 45 61 6e 55 37 6c 42 67 42 32 75 58 41 32 38 43 78 61 6b 2f 68 46 68 37 68 4e 33 50 32 52 39 36 43 75 6c 52 70 36 4c 32 77 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ll5SeL+2z0aUaLKZ.2Context: 9e5be27121f38958<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASNK8buis4FiVBvPdNYxoIX+/BWng9zx8RQ3Vt7uTbR+61J84TrmUWIyYSmB7KRbEunYwEanU7lBgB2uXA28Cxak/hFh7hN3P2R96CulRp6L2w
2024-09-30 10:20:57 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6c 6c 35 53 65 4c 2b 32 7a 30 61 55 61 4c 4b 5a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 65 35 62 65 32 37 31 32 31 66 33 38 39 35 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ll5SeL+2z0aUaLKZ.3Context: 9e5be27121f38958<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-30 10:20:58 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-30 10:20:58 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 45 6a 62 65 6f 70 6c 6e 61 45 32 45 30 72 6a 49 6b 73 4d 54 53 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: EjbeoplnaE2E0rjIksMTSg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49717	104.17.31.174	443	416	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:20:57 UTC	652	OUT	GET /favicon.ico HTTP/1.1 Host: content.app-us1.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 10:20:58 UTC	321	IN	HTTP/1.1 403 Forbidden Date: Mon, 30 Sep 2024 10:20:57 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close x-envoy-upstream-service-time: 9 CF-Cache-Status: MISS Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Server: cloudflare CF-RAY: 8cb37bbe2e5b4245-EWR
2024-09-30 10:20:58 UTC	249	IN	Data Raw: 66 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 59 30 35 36 33 59 59 33 46 4b 59 57 41 46 51 4d 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 33 2b 64 65 48 39 6d 63 70 7a 6f 67 72 65 43 75 52 71 54 46 2f 6f 4b 47 64 59 50 6a 37 65 67 6c 6a 44 73 6c 2f 56 48 6d 78 44 61 66 45 64 6a 6f 58 4f 2f 47 78 4d 67 49 33 78 4c 69 4e 57 52 4e 49 35 64 6d 42 4e 4c 75 74 61 38 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a Data Ascii: f3<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>Y0563YY3FKYWAFQM</RequestId><HostId>3+deH9mcpzogreCuRqTF/oKGdYPj7egljDsl/VHmxDafEdjoXO/GxMgI3xLiNWRNI5dmBNLuta8=</HostId></Error>
2024-09-30 10:20:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49720	104.17.31.174	443	416	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:20:59 UTC	392	OUT	GET /5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf HTTP/1.1 Host: content.app-us1.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 10:20:59 UTC	511	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 10:20:59 GMT Content-Type: application/pdf Content-Length: 41410 Connection: close last-modified: Mon, 30 Sep 2024 07:18:06 GMT etag: "8929d24bcd3fa597e0c8e24fdb811177" x-envoy-upstream-service-time: 17 Cache-Control: public, max-age=31536000 CF-Cache-Status: HIT Age: 5352 Expires: Tue, 30 Sep 2025 10:20:59 GMT Accept-Ranges: bytes Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Server: cloudflare CF-RAY: 8cb37bc85a60c33a-EWR
2024-09-30 10:20:59 UTC	858	IN	Data Raw: 25 50 44 46 2d 31 2e 37 0a 25 c2 b3 c7 d8 0d 0a 33 20 30 20 6f 62 6a 0d 3c 3c 2f 41 75 74 68 6f 72 20 28 29 20 2f 43 6f 6d 6d 65 6e 74 73 20 28 29 20 2f 43 6f 6d 70 61 6e 79 20 28 29 20 2f 43 72 65 61 74 69 6f 6e 44 61 74 65 20 28 44 3a 32 30 32 34 30 39 33 30 30 38 35 37 35 32 2b 30 32 27 30 30 27 29 20 2f 43 72 65 61 74 6f 72 20 28 57 50 53 20 57 72 69 74 65 72 29 20 2f 4b 65 79 77 6f 72 64 73 20 28 29 20 2f 4d 6f 64 44 61 74 65 20 28 44 3a 32 30 32 34 30 39 33 30 30 38 35 37 35 32 2b 30 32 27 30 30 27 29 20 2f 50 72 6f 64 75 63 65 72 20 28 29 20 2f 53 6f 75 72 63 65 4d 6f 64 69 66 69 65 64 20 28 44 3a 32 30 32 34 30 39 33 30 30 38 35 37 35 32 2b 30 32 27 30 30 27 29 20 2f 53 75 62 6a 65 63 74 20 28 29 20 2f 54 69 74 6c 65 20 28 29 20 2f 54 72 61 70 70 Data Ascii: %PDF-1.7%3 0 obj<</Author () /Comments () /Company () /CreationDate (D:20240930085752+02'00') /Creator (WPS Writer) /Keywords () /ModDate (D:20240930085752+02'00') /Producer () /SourceModified (D:20240930085752+02'00') /Subject () /Title () /Trapp
2024-09-30 10:20:59 UTC	1369	IN	Data Raw: 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 f7 fa 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 2b 8f d5 be 24 68 da 3e a3 25 8d cc 17 ad 2c 7d 4c 68 84 7e ac 2a 97 fc 2d bf 0f ff 00 cf b6 a1 ff 00 7e d3 ff 00 8b ab f6 72 7d 0e d8 e5 d8 a9 Data Ascii: w!1AQaq"2B#3Rbr$4%&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?((((+$h>%,}Lh~-~r}
2024-09-30 10:20:59 UTC	1369	IN	Data Raw: 78 47 4d ff 00 ae 2b fc ab e4 4d 74 ea 43 53 92 0d 5c b1 bd b7 22 27 df d7 8e 2b ea 18 f5 4b 8d 1f e1 64 57 96 b1 34 b7 09 6a 3c b5 51 92 4e 28 03 a2 d4 bc 49 a3 e9 07 17 da 84 10 b7 f7 4b 8c fe 55 52 cf c6 fe 1c be 90 47 6f ab 5b b3 1e c5 f1 fc eb e6 cd 0b c1 7e 25 f1 ef 88 65 fb 70 b9 8b 77 cf 24 d3 83 81 ec 33 57 3c 73 f0 aa 7f 04 69 89 a8 ae a1 e6 a1 70 a4 0f 95 81 f6 a0 0f a9 51 d6 45 0c 8c 19 4f 42 0e 41 af 94 be 2e 00 7e 25 5e 7d 47 f3 af 4c f8 0f e2 3b ed 4b 4b bc d3 af 26 79 85 bb 0f 2d 9c e4 81 e9 fa d7 9a 7c 5b ff 00 92 95 7b f5 1f ce 80 3e 97 f0 97 fc 89 9a 17 fd 83 ed ff 00 f4 5a d6 c5 63 f8 4b fe 44 cd 0b fe c1 f6 ff 00 fa 2d 6b 62 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 0d 14 50 07 9f 6b 9f Data Ascii: xGM+MtCS\"'+KdW4j<QN(IKURGo[~%epw$3W<sipQEOBA.~%^}GL;KK&y-\|[{>ZcKD-kb(((((((Pk
2024-09-30 10:20:59 UTC	1369	IN	Data Raw: 27 03 24 f0 2a 1b 9b db 6b 53 fb f9 e3 8c e3 38 66 00 e2 bc ff 00 c6 7f 10 ed 6d ed 64 b1 d2 e4 f3 67 70 55 a4 1d 14 55 46 2e 4f 43 a7 0d 84 ab 88 9a 85 34 70 de 22 98 6a be 3e 7f 20 ee cc a1 46 3d 85 76 ff 00 14 a4 10 f8 5e ce 02 7e 72 dd 3f 01 5c ff 00 c3 5f 0e 4d a8 6a df da f7 2a 44 31 12 54 b7 f1 37 f9 cd 45 f1 37 59 5d 53 5c 8e c2 dc ee 4b 7f 94 e3 bb 1e 2b a5 eb 35 15 d0 fa 87 15 3c 75 2a 30 d5 53 5a b3 ac f8 4d 19 5f 0f 4a e7 a3 48 71 f9 d7 5d e2 09 6e 2d f4 2b b9 ad 5b 6c c9 1e 54 fb d6 7f 82 74 c3 a5 f8 5e d2 16 5c 3b 2e f6 fc 6b 7a e6 15 b8 b7 92 17 19 0e b8 35 cf 27 ef dc f9 cc 65 68 cf 19 2a 9d 2e 79 8f c3 ef 16 6a 7a ae bb 25 a6 a1 70 24 52 bf 28 c0 1c f3 50 78 db c5 3a e6 89 e2 76 82 1b 8d 96 d8 0c 06 07 4e f5 ca c3 24 be 13 f1 b1 2e 0a 88 Data Ascii: '$kS8fmdgpUUF.OC4p"j> F=v^~r?\_MjD1T7E7Y]S\K+5<u0SZM_JHq]n-+[lTt^\;.kz5'eh.yjz%p$R(Px:vN$.
2024-09-30 10:20:59 UTC	1369	IN	Data Raw: af f8 d7 5b e0 4f 18 de 78 9e e6 e6 3b 98 52 31 18 c8 db 9f 6a 9a 9c fc ba 9c f9 84 b3 07 86 97 b6 8c 54 7a d8 e4 35 bd 7a 3f 0f 7c 65 96 ee 4b 79 a7 06 dc 0d b0 a6 e3 d5 a9 be 3a f8 8b 0e b7 e1 d9 34 c4 d2 6e a1 5b 92 11 a7 b8 8b 6a c6 0f 19 cf e3 56 35 1d 5b 4f d1 be 35 cb 71 a9 ca b1 40 6d 80 dc c8 48 ce 5b da b6 bc 57 e3 df 08 dc 78 72 f2 da 06 8e f2 69 a3 64 8e 28 e2 39 2c 46 07 6a e6 3e 54 66 a1 af b7 83 3c 01 a4 d9 69 12 a5 e5 f5 c8 58 ad d8 9c 82 48 27 3d fd 2a b6 a3 a6 f8 df c3 fa 49 d7 46 b5 f6 a9 62 02 49 ad 59 06 dd bd c0 fc 3d ab 96 9f 46 d4 f4 4f 05 78 6f 56 bc 8a 47 5b 3b a3 2c 91 f5 28 84 b1 1f cc 57 7f e2 af 1d e8 92 78 36 e3 ec 77 69 3d c5 cc 5e 5c 50 a0 25 89 3c 74 fc 68 03 9d f1 be ba 9e 24 f0 57 87 75 48 d7 6f 9d 77 11 65 f4 6c 8c 8a Data Ascii: [Ox;R1jTz5z?\|eKy:4n[jV5[O5q@mH[Wxrid(9,Fj>Tf<iXH'=*IFbIY=FOxoVG[;,(Wx6wi=^\P%<th$WuHowel
2024-09-30 10:20:59 UTC	1369	IN	Data Raw: ca 1d 73 82 3b d3 5f 4b b2 7b c8 ee da da 33 71 12 ed 49 0a f2 a3 d8 d5 ca 28 03 cb 75 bb 9d 4e 2f 10 5c c3 af f8 52 6d 67 4f ce 6d 26 b5 b4 69 8a 8f 43 b4 1a 5f 09 e8 97 ba 9f 8d 0e bd 36 8f 26 93 a7 db 43 e5 5b 5b cb 11 8d 8f 6c 95 20 7a 0a f5 1a 28 03 1a f3 c2 9a 1d f4 52 c7 73 a6 5b c8 b2 36 e7 ca 0e 4f ad 4f a5 e8 9a 6e 87 6c d0 e9 b6 51 5b a7 52 23 5c 66 b4 a8 a0 0f 2a f1 25 be ad e3 9f 12 d9 69 52 68 97 76 ba 6d 95 c7 9b 2d cc f1 32 a4 9b 48 c6 d2 46 0f 43 5e 8f 7b 0d c4 7a 4c 91 69 fb 56 74 8f 6c 59 1c 64 74 ab d4 50 07 8e c7 7f 70 04 8f ab 78 02 f2 e3 5a 4c 81 71 0e 9e ed 1b b7 66 dc 17 15 bf e0 df 0f 6b 7a 47 86 b5 3b b6 45 87 56 be 67 99 62 61 c2 13 92 01 1f 8d 7a 1d 14 01 e3 b1 6a 33 aa 34 9a 9f c3 eb d9 b5 b4 24 79 f0 e9 ee 63 73 d8 ee 0b 8a Data Ascii: s;_K{3qI(uN/\RmgOm&iC_6&C[[l z(Rs[6OOnlQ[R#\f*%iRhvm-2HFC^{zLiVtlYdtPpxZLqfkzG;EVgbazj34$ycs
2024-09-30 10:20:59 UTC	1369	IN	Data Raw: 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 f7 da 31 55 ae 6e 60 b4 b6 79 ae 64 48 a2 51 96 77 6c 05 f7 3e 95 9e 7c 57 a0 7f d0 66 c3 ff 00 02 13 fc 69 39 25 b9 51 a7 29 ab c5 5c d9 cd 2e 6b 17 fe 12 bd 03 fe 83 36 1f f8 10 bf e3 49 ff 00 09 5e 81 ff 00 41 9b 0f fb fe bf e3 4b 9e 3d ca f6 15 7f 95 fd cc db a2 b1 3f e1 2b f0 f7 fd 06 Data Ascii: 2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?1Un`ydHQwl>\|Wfi9%Q)\.k6I^AK=?+
2024-09-30 10:20:59 UTC	1369	IN	Data Raw: 07 37 e3 9f f9 12 b5 6f fa f7 6a f9 a1 0f ce f5 f4 b7 8e bf e4 49 d5 ff 00 eb dd ab e6 55 6f bf f5 af 37 1a bd e4 7d af 0b 4a d4 a7 ea 48 5e 82 f5 19 6a 69 6a e1 48 fa b7 50 93 75 6a f8 68 e7 c4 fa 6f fd 7c c3 ff 00 a1 ad 62 96 ad 6f 0d 1c f8 a3 4b ff 00 af a8 7f f4 25 ad 20 bd e4 71 e2 ea 5e 8c 97 93 3d c7 e2 97 fc 88 57 5b 7a ef 4f fd 0a b8 bf 83 62 f3 fb 6a f9 88 73 6b e4 05 24 fd dd f9 18 af 5b d4 af 2c 6c 6c 4c ba 94 b0 c7 6c b8 0c d3 63 6e 4f 03 af bd 73 f7 5e 3e f0 a6 97 6a cd 1e a1 6a f8 e4 45 6c 03 31 fc 05 7a 92 84 79 d4 db d8 f8 2c 3e 2a a3 c1 cb 0d 0a 77 e6 7b 9c 5f c6 b6 41 a8 69 3f df d8 d9 fa 64 57 a0 78 9b fe 49 f6 a3 ff 00 5e 07 ff 00 40 af 02 f1 6f 89 66 f1 46 ba da 83 26 c8 97 09 0a 77 45 c9 c6 7d cf 53 5e fb e2 5f f9 27 9a 8f fd 83 db Data Ascii: 7ojIUo7}JH^jijHPujho\|boK% q^=W[zObjsk$[,llLlcnOs^>jjEl1zy,>*w{_Ai?dWxI^@ofF&wE}S^_'
2024-09-30 10:20:59 UTC	1369	IN	Data Raw: fb ed 7f c6 8f f8 56 fe 34 ff 00 a0 2c ff 00 f7 da ff 00 8d 7d 53 c5 04 56 7f 57 89 d0 f3 8a e7 ca 7f f0 ad bc 67 ff 00 40 2b 8f fb ed 3f f8 aa 69 f8 69 e3 5f fa 01 5c 7f df 49 ff 00 c5 57 d5 dc 51 8a af 61 11 3c da bb e8 7c 97 37 c3 ff 00 17 c1 22 c7 26 8d 3a 97 fb aa 5d 7f c6 9b ff 00 0a fb c6 1f f4 09 9b fe fe 27 ff 00 15 5f 52 ea 7f f1 f3 63 ff 00 5d 8f fe 80 d4 fc 53 f6 11 27 fb 4e b1 f2 bf fc 2b df 18 7f d0 26 7f fb f8 9f fc 55 27 fc 2b df 17 7f d0 22 6f fb fa 9f fc 55 7d 4f 49 8a 3d 8c 45 fd a7 57 b1 f2 cf fc 2b df 17 7f d0 26 6f fb f8 9f fc 55 27 fc 2b ef 17 7f d0 22 6f fb f8 9f fc 55 7d 4d 8a 4c 51 ec 62 2f ed 2a bd 8f 96 ff 00 e1 5f 78 bb fe 81 33 7f df c4 ff 00 e2 a9 3f e1 5f 78 bb fe 81 33 7f df c4 ff 00 e2 ab ea 5c 52 51 ec 62 1f da 35 7b 1f Data Ascii: V4,}SVWg@+?ii_\IWQa<\|7"&:]'_Rc]S'N+&U'+"oU}OI=EW+&oU'+"oU}MLQb/*_x3?_x3\RQb5{
2024-09-30 10:20:59 UTC	1369	IN	Data Raw: 15 ce 78 9f 51 97 c5 7e 2e 16 f6 df 34 61 c4 10 8e dd 79 6f c6 bd 8b 4a d3 e1 d2 b4 db 7b 18 be e4 31 85 ff 00 78 fb fb 9a e0 a7 fb ea ee 7d 22 7d 1e 25 7d 43 2e 8d 0f b7 53 57 e8 73 fe 38 f0 da eb da 53 3c 0b fe 9b 00 2d 1f fb 43 fb 9f 8f 6a e0 7c 0f e2 5f ec 0d 40 d8 de b3 0b 29 9f 6b ee ff 00 96 2c 38 dd fe 35 ed 55 e7 3e 3c f0 57 da 37 ea fa 6c 7f be 1c cf 12 af df ff 00 69 7f a8 a7 88 a3 28 c9 55 a7 ba 23 2a c6 d2 9d 27 82 c4 fc 32 d9 f6 67 a0 8f 9f e6 5e 41 f9 83 2d 2e 2b ca fc 13 e3 73 60 53 4c d5 1b f7 03 88 e6 3f f2 cf d9 bd ab d4 d1 d2 48 95 d1 94 86 1b 83 2f 35 d3 46 b4 6a c6 f1 3c cc 7e 02 ae 0e a7 2c f6 e8 fb 86 29 b8 a7 e2 96 b5 38 88 a9 31 52 62 9b 8a 04 37 14 94 ea 4c 50 31 b8 a7 e8 9f f2 0c 1f f5 d2 4f fd 08 d2 62 97 44 ff 00 90 60 ff 00 Data Ascii: xQ~.4ayoJ{1x}"}%}C.SWs8S<-Cj\|_@)k,85U><W7li(U#*'2g^A-.+s`SL?H/5Fj<~,)81Rb7LP1ObD`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:21:01 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-30 10:21:01 UTC	494	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=25960 Date: Mon, 30 Sep 2024 10:21:01 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49724	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:21:02 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-30 10:21:03 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=25977 Date: Mon, 30 Sep 2024 10:21:02 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-30 10:21:03 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49728	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:21:09 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4OOa8Fl3AUK+sGY&MD=NWsH1MXA HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-30 10:21:09 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: c20125f7-2af7-43b0-9f5c-cab817a1fc03 MS-RequestId: b9a6b159-893c-4d77-805c-73f4b3d0115e MS-CV: wCUqMZnBW0qxXyZL.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 30 Sep 2024 10:21:09 GMT Connection: close Content-Length: 24490
2024-09-30 10:21:09 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-09-30 10:21:09 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49731	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:21:24 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 38 7a 7a 36 4d 74 63 54 39 6b 57 4e 47 35 67 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 63 33 35 63 66 35 33 64 63 63 66 37 62 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 8zz6MtcT9kWNG5gr.1Context: 22c35cf53dccf7b9
2024-09-30 10:21:24 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-30 10:21:24 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 38 7a 7a 36 4d 74 63 54 39 6b 57 4e 47 35 67 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 63 33 35 63 66 35 33 64 63 63 66 37 62 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 4e 4b 38 62 75 69 73 34 46 69 56 42 76 50 64 4e 59 78 6f 49 58 2b 2f 42 57 6e 67 39 7a 78 38 52 51 33 56 74 37 75 54 62 52 2b 36 31 4a 38 34 54 72 6d 55 57 49 79 59 53 6d 42 37 4b 52 62 45 75 6e 59 77 45 61 6e 55 37 6c 42 67 42 32 75 58 41 32 38 43 78 61 6b 2f 68 46 68 37 68 4e 33 50 32 52 39 36 43 75 6c 52 70 36 4c 32 77 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 8zz6MtcT9kWNG5gr.2Context: 22c35cf53dccf7b9<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASNK8buis4FiVBvPdNYxoIX+/BWng9zx8RQ3Vt7uTbR+61J84TrmUWIyYSmB7KRbEunYwEanU7lBgB2uXA28Cxak/hFh7hN3P2R96CulRp6L2w
2024-09-30 10:21:24 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 38 7a 7a 36 4d 74 63 54 39 6b 57 4e 47 35 67 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 63 33 35 63 66 35 33 64 63 63 66 37 62 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 8zz6MtcT9kWNG5gr.3Context: 22c35cf53dccf7b9<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-30 10:21:24 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-30 10:21:24 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 61 30 44 54 6c 44 43 72 71 45 61 78 43 4b 71 7a 35 47 31 4c 79 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: a0DTlDCrqEaxCKqz5G1LyA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49732	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:21:47 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=4OOa8Fl3AUK+sGY&MD=NWsH1MXA HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-09-30 10:21:47 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 3f37a80f-7846-46db-9dcd-cb42dfa5d1a5 MS-RequestId: df981d94-e4d1-4f66-a8c2-8a3867728d67 MS-CV: S0Rj86S2vU+BfdGS.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 30 Sep 2024 10:21:46 GMT Connection: close Content-Length: 30005
2024-09-30 10:21:47 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-09-30 10:21:47 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49733	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:21:53 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 43 45 72 30 32 68 39 67 6c 30 61 6d 78 48 64 7a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 61 34 30 34 35 39 64 32 64 35 30 65 37 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: CEr02h9gl0amxHdz.1Context: a0a40459d2d50e78
2024-09-30 10:21:53 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-30 10:21:53 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 43 45 72 30 32 68 39 67 6c 30 61 6d 78 48 64 7a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 61 34 30 34 35 39 64 32 64 35 30 65 37 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 4e 4b 38 62 75 69 73 34 46 69 56 42 76 50 64 4e 59 78 6f 49 58 2b 2f 42 57 6e 67 39 7a 78 38 52 51 33 56 74 37 75 54 62 52 2b 36 31 4a 38 34 54 72 6d 55 57 49 79 59 53 6d 42 37 4b 52 62 45 75 6e 59 77 45 61 6e 55 37 6c 42 67 42 32 75 58 41 32 38 43 78 61 6b 2f 68 46 68 37 68 4e 33 50 32 52 39 36 43 75 6c 52 70 36 4c 32 77 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: CEr02h9gl0amxHdz.2Context: a0a40459d2d50e78<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASNK8buis4FiVBvPdNYxoIX+/BWng9zx8RQ3Vt7uTbR+61J84TrmUWIyYSmB7KRbEunYwEanU7lBgB2uXA28Cxak/hFh7hN3P2R96CulRp6L2w
2024-09-30 10:21:53 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 43 45 72 30 32 68 39 67 6c 30 61 6d 78 48 64 7a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 61 34 30 34 35 39 64 32 64 35 30 65 37 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: CEr02h9gl0amxHdz.3Context: a0a40459d2d50e78<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-30 10:21:53 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-30 10:21:53 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 66 6c 2b 4f 70 35 4d 71 38 30 65 39 76 73 6d 67 53 74 68 2b 6a 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: fl+Op5Mq80e9vsmgSth+jw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49741	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:22:25 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 72 32 64 76 58 44 74 6b 33 6b 32 4e 50 68 53 54 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 63 33 37 31 30 64 35 62 33 30 34 35 65 61 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: r2dvXDtk3k2NPhST.1Context: 2c3710d5b3045ea5
2024-09-30 10:22:25 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-30 10:22:25 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 72 32 64 76 58 44 74 6b 33 6b 32 4e 50 68 53 54 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 63 33 37 31 30 64 35 62 33 30 34 35 65 61 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 4e 4b 38 62 75 69 73 34 46 69 56 42 76 50 64 4e 59 78 6f 49 58 2b 2f 42 57 6e 67 39 7a 78 38 52 51 33 56 74 37 75 54 62 52 2b 36 31 4a 38 34 54 72 6d 55 57 49 79 59 53 6d 42 37 4b 52 62 45 75 6e 59 77 45 61 6e 55 37 6c 42 67 42 32 75 58 41 32 38 43 78 61 6b 2f 68 46 68 37 68 4e 33 50 32 52 39 36 43 75 6c 52 70 36 4c 32 77 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: r2dvXDtk3k2NPhST.2Context: 2c3710d5b3045ea5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASNK8buis4FiVBvPdNYxoIX+/BWng9zx8RQ3Vt7uTbR+61J84TrmUWIyYSmB7KRbEunYwEanU7lBgB2uXA28Cxak/hFh7hN3P2R96CulRp6L2w
2024-09-30 10:22:25 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 72 32 64 76 58 44 74 6b 33 6b 32 4e 50 68 53 54 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 63 33 37 31 30 64 35 62 33 30 34 35 65 61 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: r2dvXDtk3k2NPhST.3Context: 2c3710d5b3045ea5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-30 10:22:26 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-30 10:22:26 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 65 37 4b 69 51 79 45 64 69 6b 4b 77 67 6d 38 42 68 4d 42 32 32 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: e7KiQyEdikKwgm8BhMB22Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49744	23.41.168.139	443	3264	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:22:29 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-09-30 10:22:29 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Mon, 30 Sep 2024 10:22:29 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49749	188.114.96.3	443	3420	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:22:42 UTC	692	OUT	GET /SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/ HTTP/1.1 Host: ebvq.prenticeu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 10:22:42 UTC	178	IN	HTTP/1.1 403 Forbidden Server: cloudflare Date: Mon, 30 Sep 2024 10:22:42 GMT Content-Type: text/html Content-Length: 553 Connection: close CF-RAY: 8cb37e4dcbd38c0b-EWR
2024-09-30 10:22:42 UTC	553	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>cloudflare</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49752	188.114.96.3	443	3420	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:22:45 UTC	623	OUT	GET /favicon.ico HTTP/1.1 Host: ebvq.prenticeu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ebvq.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 10:22:45 UTC	178	IN	HTTP/1.1 403 Forbidden Server: cloudflare Date: Mon, 30 Sep 2024 10:22:45 GMT Content-Type: text/html Content-Length: 553 Connection: close CF-RAY: 8cb37e5d1de14345-EWR
2024-09-30 10:22:45 UTC	553	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>cloudflare</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49764	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:23:02 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 53 46 66 6a 6f 30 63 36 55 57 4e 35 64 4b 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 35 36 35 32 30 66 36 39 33 32 63 37 33 38 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: TSFfjo0c6UWN5dKP.1Context: 456520f6932c738f
2024-09-30 10:23:02 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-30 10:23:02 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 54 53 46 66 6a 6f 30 63 36 55 57 4e 35 64 4b 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 35 36 35 32 30 66 36 39 33 32 63 37 33 38 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 4e 4b 38 62 75 69 73 34 46 69 56 42 76 50 64 4e 59 78 6f 49 58 2b 2f 42 57 6e 67 39 7a 78 38 52 51 33 56 74 37 75 54 62 52 2b 36 31 4a 38 34 54 72 6d 55 57 49 79 59 53 6d 42 37 4b 52 62 45 75 6e 59 77 45 61 6e 55 37 6c 42 67 42 32 75 58 41 32 38 43 78 61 6b 2f 68 46 68 37 68 4e 33 50 32 52 39 36 43 75 6c 52 70 36 4c 32 77 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: TSFfjo0c6UWN5dKP.2Context: 456520f6932c738f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASNK8buis4FiVBvPdNYxoIX+/BWng9zx8RQ3Vt7uTbR+61J84TrmUWIyYSmB7KRbEunYwEanU7lBgB2uXA28Cxak/hFh7hN3P2R96CulRp6L2w
2024-09-30 10:23:02 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 53 46 66 6a 6f 30 63 36 55 57 4e 35 64 4b 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 35 36 35 32 30 66 36 39 33 32 63 37 33 38 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: TSFfjo0c6UWN5dKP.3Context: 456520f6932c738f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-30 10:23:02 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-30 10:23:02 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 70 78 4e 50 6b 5a 50 35 47 6b 75 48 4c 48 36 45 6b 61 6c 70 66 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: pxNPkZP5GkuHLH6EkalpfQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	50244	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 10:24:20 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 63 4d 56 77 6c 6b 6c 39 64 45 32 6a 67 36 48 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 65 38 32 65 65 66 62 37 38 64 61 62 65 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: cMVwlkl9dE2jg6Hb.1Context: c9e82eefb78dabe3
2024-09-30 10:24:20 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-30 10:24:20 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 63 4d 56 77 6c 6b 6c 39 64 45 32 6a 67 36 48 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 65 38 32 65 65 66 62 37 38 64 61 62 65 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 4e 4b 38 62 75 69 73 34 46 69 56 42 76 50 64 4e 59 78 6f 49 58 2b 2f 42 57 6e 67 39 7a 78 38 52 51 33 56 74 37 75 54 62 52 2b 36 31 4a 38 34 54 72 6d 55 57 49 79 59 53 6d 42 37 4b 52 62 45 75 6e 59 77 45 61 6e 55 37 6c 42 67 42 32 75 58 41 32 38 43 78 61 6b 2f 68 46 68 37 68 4e 33 50 32 52 39 36 43 75 6c 52 70 36 4c 32 77 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: cMVwlkl9dE2jg6Hb.2Context: c9e82eefb78dabe3<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASNK8buis4FiVBvPdNYxoIX+/BWng9zx8RQ3Vt7uTbR+61J84TrmUWIyYSmB7KRbEunYwEanU7lBgB2uXA28Cxak/hFh7hN3P2R96CulRp6L2w
2024-09-30 10:24:20 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 63 4d 56 77 6c 6b 6c 39 64 45 32 6a 67 36 48 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 65 38 32 65 65 66 62 37 38 64 61 62 65 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: cMVwlkl9dE2jg6Hb.3Context: c9e82eefb78dabe3<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-30 10:24:20 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-30 10:24:20 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 57 76 73 66 31 39 4a 35 64 55 4b 2b 38 48 7a 71 44 63 4f 6a 75 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Wvsf19J5dUK+8HzqDcOjug.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1908, Parent PID: 5728

General

Target ID:	0
Start time:	06:20:49
Start date:	30/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 416, Parent PID: 1908

General

Target ID:	2
Start time:	06:20:53
Start date:	30/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2228,i,319041663171776435,16184202748421723685,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3852, Parent PID: 5728

General

Target ID:	3
Start time:	06:20:55
Start date:	30/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: Acrobat.exePID: 1512, Parent PID: 4004

General

Target ID:	8
Start time:	06:22:13
Start date:	30/09/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Imagebase:	0x7ff651090000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6244, Parent PID: 1512

General

Target ID:	9
Start time:	06:22:14
Start date:	30/09/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff70df30000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 3264, Parent PID: 6244

General

Target ID:	10
Start time:	06:22:15
Start date:	30/09/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1572,i,15161498098078104214,11881614933159754623,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff70df30000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4196, Parent PID: 5728

General

Target ID:	15
Start time:	06:22:38
Start date:	30/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://ebvq.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3420, Parent PID: 4196

General

Target ID:	16
Start time:	06:22:39
Start date:	30/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2280,i,2513450487053188419,1616630016891420058,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8da833f9-4854-47fa-91a1-b1da3c809b39.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240930102219Z-181.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5784

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Windows Analysis Report
https://content.app-us1.com/5zbe53/2024/09/30/90541351-e055-464e-9744-a165b8efcbb7.pdf