Edit tour

Windows Analysis Report
https://www.leoni.com/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf

Overview

General Information

Sample URL:	https://www.leoni.com/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf
Analysis ID:	1430152
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Drops files with a non-matching file extension (content does not match file extension)

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6812 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2216,i,11174362035811413858,6951727311425926158,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.leoni.com/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://d1619fmrcx9c43.cloudfront.net/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf?1663161028

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49723 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.8:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.8:49720 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49723 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.17
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.17
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf HTTP/1.1Host: www.leoni.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf?1663161028 HTTP/1.1Host: d1619fmrcx9c43.cloudfront.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: d1619fmrcx9c43.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://d1619fmrcx9c43.cloudfront.net/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf?1663161028Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: d1619fmrcx9c43.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: www.leoni.com

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A4109008217X-BM-CBT: 1696494873X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 229C124F14F843F693B4EF574DFCAAABX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109008217X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40X-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=7A0479E0E07C4D7D91A8C7552F34E6D4&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696493908190&IPMH=7bc3b11d&IPMID=1696494873321&HV=1696494765; CortanaAppUID=0A2376201E427A029407F32A9072506A; MUID=4E6D5F19647E45969740B90CC0355D4C; _SS=SID=1F4D6C7F4B26664337657FDE4A3767CB&CPID=1696494874312&AC=1&CPH=893a1c21; _EDGE_S=SID=1F4D6C7F4B26664337657FDE4A3767CB; MUIDB=4E6D5F19647E45969740B90CC0355D4C

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.8:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.8:49720 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@20/11@8/5

Source: chromecache_61.2.dr

Initial sample: mailto:data-protection@leoni.com

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2216,i,11174362035811413858,6951727311425926158,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.leoni.com/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2216,i,11174362035811413858,6951727311425926158,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 61
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 61			Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	11 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www.leoni.com/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf	0%	Virustotal		Browse

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.65.228	true	false	high
leoni-website-live-519859459.eu-central-1.elb.amazonaws.com	18.159.182.129	true	false	high
d1619fmrcx9c43.cloudfront.net	13.35.90.37	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
www.leoni.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://d1619fmrcx9c43.cloudfront.net/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf?1663161028	false	high
https://www.leoni.com/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf	false	unknown
https://d1619fmrcx9c43.cloudfront.net/favicon.ico	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.65.228	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.159.182.129	leoni-website-live-519859459.eu-central-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
13.35.90.37	d1619fmrcx9c43.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.8

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430152
Start date and time:	2024-04-23 08:12:14 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.leoni.com/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@20/11@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.81.227, 142.250.80.14, 172.253.115.84, 34.104.35.123, 40.68.123.157, 192.229.211.108, 52.165.164.15, 20.166.126.56, 142.250.64.67, 142.251.41.14
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 05:13:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.981715917402522
Encrypted:	false
SSDEEP:	48:8J0dNTVRfKHoidAKZdA1oehwiZUklqehJy+3:8Jy30Cy
MD5:	4C8F76114D9654BE4AD2D877482C4E25
SHA1:	ABB4ACC6E77CBAE22D3DC1EA25A10CFD1C4C770A
SHA-256:	D14CFA5F2B116DFB21CBB0D7AF51574B9B4B0C356FA12279E650ED2DF270489B
SHA-512:	60812D13B1ED179156527BC3A82948794F1E107EC20060BAE22A651D871F4CBA8C43368A67491DCB2FF35BEFFA9BB9D0885186CC4DFD566C73A0317AD1A87E7E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....`.OPE...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.1....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+Z9......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 05:13:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.995769982146452
Encrypted:	false
SSDEEP:	48:8m0dNTVRfKHoidAKZdA1leh/iZUkAQkqehyy+2:8my3G9Qjy
MD5:	1DBCE8B535EA36360EEA4C632A59F03C
SHA1:	5C606A4AA4FBAB0291E8134304F4CAA9DDDE20E1
SHA-256:	D7CD5AD1A35E7F8165F311C53691B72BEC38418E2B3511E797A91EF1A1ECF34F
SHA-512:	B23DB77EB090868BE986A0276396D8D2F4E09D3F331825F0C223C692F0BF051FA2C163692B8F44DF76EEF06BED1FA3B51C105B8E8C7C67D92878F226FDC6CD30
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....B BPE...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.1....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+Z9......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.008867157019445
Encrypted:	false
SSDEEP:	48:8A0dNTVRfbHoidAKZdA14t5eh7sFiZUkmgqeh7sky+BX:8Ay3hnmy
MD5:	DA2114F7307A36358D025DD8D71FCF9B
SHA1:	923C901442B093BD98DD7283D4CF42A164DD9316
SHA-256:	3FC4FE3EDADB823CD40211F3BF249FE5999A524BD4230728B8171BBA4E9BC840
SHA-512:	DE44C2D59A3AF8CD5B80FCA6D9A4F30445D45C013644DE55D03262159A9BA82BE63813448D925DE9355C91EC9CA9483E2FE73B8DA8D8CF84AF30B54DAE2C7DC6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.1....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+Z9......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 05:13:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9981763142252844
Encrypted:	false
SSDEEP:	48:8W0dNTVRfKHoidAKZdA16ehDiZUkwqeh+y+R:8Wy3d8y
MD5:	DA28112009D0EA2328AB2090C7DF2F2C
SHA1:	DDE230A65AA8E7B011338580B2B7E87376855E5B
SHA-256:	5AA1AC9A16CB2DDA6E440EC2FE405A452A7DDA8E9C9F78C579120779C8B11E5B
SHA-512:	748F41F4B1436096641CB04FF6C3E16D6BFCD3483E261640D36B39201090EFA3C49475F946066717189792F2CE88E43E466A288EB34B1A7CB95510726FC50271
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....z<PE...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.1....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+Z9......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 05:13:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9809922140516987
Encrypted:	false
SSDEEP:	48:8c0dNTVRfKHoidAKZdA1UehBiZUk1W1qeh4y+C:8cy3d9Yy
MD5:	D4185906C765A59373D8A60C1B5E1EF1
SHA1:	7131B6AA9FD84F2334CD631F4BE9FD151F93D18C
SHA-256:	65DADE54A491C0AAECF25F0D55767A79C2060232A62A7B288CE38A0D433C34FD
SHA-512:	1B802A38A62375388F696BC4A16CF9B7AD0046B436CBA4CCD66AFB6F7F38F53B76200E3BE562438A88C5CD15AA56CB1F8D18E372236F0F0EC12FAD0934157153
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....e1HPE...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.1....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+Z9......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 05:13:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.995196677426355
Encrypted:	false
SSDEEP:	48:8t0dNTVRfKHoidAKZdA1duTrehOuTbbiZUk5OjqehOuTbmy+yT+:8ty3aTYTbxWOvTbmy7T
MD5:	E9489385705ED22E8066FF0AC1FCEF09
SHA1:	390A2BC3DA1E4389021AC1B9ACE3FAF98A25A2BD
SHA-256:	B6DD073DF0C1D5D6EE880223AFF2AB6BAD1C0D6771FD9949DD095EE60A0FDDC7
SHA-512:	C9FD47BCFDE2B48A940CAD9B00140B3C6757F2B26DAA4C972C385567950AAC24199B790915FAA05765CED298E736BC372E0484B1C6C88CCAAF2292589C61AD7C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....s2PE...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.1....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........+Z9......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	4.041131349538279
Encrypted:	false
SSDEEP:	12:7IAIIIIIIIIIIIIl7hcOYKKzt54YYlJ8gZFZ9k:pIIIIIIIIIIIIlGOYBzt5A8e
MD5:	6CD6909EFDB32BEB5A7429796B3F2C7E
SHA1:	52BB7F65F1B62277D37B04C0F74354CFF5F0EE15
SHA-256:	0C77738F28233059AE1913CCFFCC3B63EC716EB69E7E0B4F81A3E962AA1EFC8F
SHA-512:	303DA6A3B4199860B0982E4C4FB92AB4652B0AD21B07317DDDE35E292D5BE404FE100B9FDCDA22AB8016B965E4041B93AD843247BE15A169737666A33F0F0DA6
Malicious:	false
Reputation:	low
URL:	https://d1619fmrcx9c43.cloudfront.net/favicon.ico
Preview:	............ .h.......(....... ..... .............................................................................................................................................................................................................................................f...f...f...f...f...f...f.......................................f...f...f...f...f...f...f.......................................f...f...f...f...f...f...f.......................................f...f...f.......................................................f...f...f.......................................................f...f...f.......................................................f...f...f.......................................................f...f...f.......................................................f...f...f.......................................................f...f...f.............................................................................................................................................

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	1150
Entropy (8bit):	4.041131349538279
Encrypted:	false
SSDEEP:	12:7IAIIIIIIIIIIIIl7hcOYKKzt54YYlJ8gZFZ9k:pIIIIIIIIIIIIlGOYBzt5A8e
MD5:	6CD6909EFDB32BEB5A7429796B3F2C7E
SHA1:	52BB7F65F1B62277D37B04C0F74354CFF5F0EE15
SHA-256:	0C77738F28233059AE1913CCFFCC3B63EC716EB69E7E0B4F81A3E962AA1EFC8F
SHA-512:	303DA6A3B4199860B0982E4C4FB92AB4652B0AD21B07317DDDE35E292D5BE404FE100B9FDCDA22AB8016B965E4041B93AD843247BE15A169737666A33F0F0DA6
Malicious:	false
Reputation:	low
Preview:	............ .h.......(....... ..... .............................................................................................................................................................................................................................................f...f...f...f...f...f...f.......................................f...f...f...f...f...f...f.......................................f...f...f...f...f...f...f.......................................f...f...f.......................................................f...f...f.......................................................f...f...f.......................................................f...f...f.......................................................f...f...f.......................................................f...f...f.......................................................f...f...f.............................................................................................................................................

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.7, 3 pages
Category:	downloaded
Size (bytes):	125512
Entropy (8bit):	7.921363915963636
Encrypted:	false
SSDEEP:	3072:mDDygAvmjgUt8V2YXY82HTF2NBJhVg7Akyw+/3wijYz:8DTAvmL8IIYVuGq7YiC
MD5:	BEA7CCF9112650A0AA80BF5C92FD7DE7
SHA1:	912083B34B6B3F16D16F6CBC9C82478F30386683
SHA-256:	6F6F3A1B81E5D1046F3133AEA84347D0C114CF6D3402077AEB22FBB77445FB85
SHA-512:	89A7565E8C668589FABD72A3736768BE419796E9EBFEC00FD78BC6D62C93581DDC72F730D893127FF9ED60F8A2841E2EB232EF8440964DF50B7F6BDA4BF9C1E6
Malicious:	false
Reputation:	low
URL:	https://d1619fmrcx9c43.cloudfront.net/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf?1663161028
Preview:	%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(de-DE) /StructTreeRoot 30 0 R/MarkInfo<</Marked true>>/Metadata 132 0 R/ViewerPreferences 133 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 3/Kids[ 3 0 R 24 0 R 26 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 14 0 R/F4 19 0 R/F5 22 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image21 21 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 841.92] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 5940>>..stream..x..][o..~......,..(.......`f7{..b19.J..hGv{......x..q...`.n...d....O.v..K..'/_........"....v..^........}s.^7.v{}....=\z...7........ei..U.dI..Z.<O...u..6.......^}\|...-K...._.?..Y....U^$2..W...2.....L..(._Y....oW3.........._...<.v.z....."..,.%7.N.6C..,c.i.2cY~*...?.ju'..f....+V......f..t..Yv.2..7.D._.c..A_W.......V..r..u.r...g..uZ.1i..N.`iQ>.$........W.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 08:12:59.424618006 CEST	49676	443	192.168.2.8	52.182.143.211
Apr 23, 2024 08:13:02.065264940 CEST	49673	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:02.440306902 CEST	49672	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:04.237066031 CEST	49676	443	192.168.2.8	52.182.143.211
Apr 23, 2024 08:13:05.502763033 CEST	49671	443	192.168.2.8	204.79.197.203
Apr 23, 2024 08:13:09.503074884 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:09.503103018 CEST	443	49710	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:09.503195047 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:09.503546953 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:09.503563881 CEST	443	49710	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:09.504196882 CEST	49711	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:09.504235029 CEST	443	49711	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:09.504336119 CEST	49711	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:09.504591942 CEST	49711	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:09.504623890 CEST	443	49711	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.023025036 CEST	443	49710	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.023319006 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.023333073 CEST	443	49710	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.026381016 CEST	443	49710	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.026469946 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.028472900 CEST	443	49711	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.028934002 CEST	49711	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.028951883 CEST	443	49711	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.030078888 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.030224085 CEST	443	49710	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.030340910 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.033844948 CEST	443	49711	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.033931971 CEST	49711	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.034740925 CEST	49711	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.034821987 CEST	443	49711	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.072125912 CEST	443	49710	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.073580980 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.073591948 CEST	443	49710	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.089395046 CEST	49711	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.089427948 CEST	443	49711	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.119111061 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.135773897 CEST	49711	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.211266041 CEST	443	49710	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.211421013 CEST	443	49710	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.211494923 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.218323946 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.218346119 CEST	443	49710	18.159.182.129	192.168.2.8
Apr 23, 2024 08:13:10.218354940 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.218421936 CEST	49710	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:10.325453997 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:10.325496912 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.325587034 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:10.325795889 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:10.325803041 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.522680044 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.523097992 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:10.523123980 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.524640083 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.524719954 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:10.526501894 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:10.526588917 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.526839972 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:10.526846886 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.574146032 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:10.920770884 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.920847893 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.920867920 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.920905113 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.920909882 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:10.920937061 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.920974016 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:10.922921896 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.922975063 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:10.922981024 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:10.965537071 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.017992020 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.018002033 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.018043995 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.018049955 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.018064022 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.018109083 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.018126965 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.018167019 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.024382114 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.024460077 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.031483889 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.031574011 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.102181911 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.102235079 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.102262020 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.102288961 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.102307081 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.112001896 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.112040043 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.112081051 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.112091064 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.112137079 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.126913071 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.126939058 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.126986027 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.126993895 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.127041101 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.132989883 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.133042097 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.147871971 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.147916079 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.147957087 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.147968054 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.148013115 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.192877054 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.198093891 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.198138952 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.198198080 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.198214054 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.198262930 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.202312946 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.205365896 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.205430984 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.205452919 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.205468893 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.205512047 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.425621986 CEST	49713	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.425662041 CEST	443	49713	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.668591022 CEST	49673	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:11.841181993 CEST	49715	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.841226101 CEST	443	49715	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:11.841403961 CEST	49715	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.841917038 CEST	49715	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:11.841941118 CEST	443	49715	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:12.024497986 CEST	49716	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:13:12.024589062 CEST	443	49716	142.250.65.228	192.168.2.8
Apr 23, 2024 08:13:12.024673939 CEST	49716	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:13:12.024830103 CEST	443	49715	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:12.026005030 CEST	49716	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:13:12.026042938 CEST	443	49716	142.250.65.228	192.168.2.8
Apr 23, 2024 08:13:12.026369095 CEST	49715	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:12.026387930 CEST	443	49715	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:12.026751041 CEST	443	49715	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:12.027570009 CEST	49715	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:12.027642012 CEST	443	49715	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:12.027910948 CEST	49715	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:12.056576967 CEST	49672	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:12.072117090 CEST	443	49715	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:12.217978001 CEST	443	49716	142.250.65.228	192.168.2.8
Apr 23, 2024 08:13:12.221757889 CEST	49716	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:13:12.221801043 CEST	443	49716	142.250.65.228	192.168.2.8
Apr 23, 2024 08:13:12.223083973 CEST	443	49716	142.250.65.228	192.168.2.8
Apr 23, 2024 08:13:12.223189116 CEST	49716	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:13:12.421407938 CEST	443	49715	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:12.421503067 CEST	443	49715	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:12.421576977 CEST	49715	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:12.478574991 CEST	49715	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:12.478605032 CEST	443	49715	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:12.725410938 CEST	49716	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:13:12.725641966 CEST	443	49716	142.250.65.228	192.168.2.8
Apr 23, 2024 08:13:12.780122995 CEST	49716	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:13:12.780191898 CEST	443	49716	142.250.65.228	192.168.2.8
Apr 23, 2024 08:13:12.822293997 CEST	49716	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:13:13.431452990 CEST	443	49703	23.206.229.226	192.168.2.8
Apr 23, 2024 08:13:13.431543112 CEST	49703	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:13.528193951 CEST	49718	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:13.528220892 CEST	443	49718	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:13.528278112 CEST	49718	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:13.528975964 CEST	49718	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:13.528984070 CEST	443	49718	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:13.530035019 CEST	49719	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:13.530066013 CEST	443	49719	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:13.530220985 CEST	49719	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:13.532763004 CEST	49719	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:13.532773018 CEST	443	49719	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:13.709125042 CEST	443	49718	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:13.709450960 CEST	49718	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:13.709460974 CEST	443	49718	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:13.710510015 CEST	443	49718	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:13.710623026 CEST	49718	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:13.711350918 CEST	49718	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:13.711399078 CEST	443	49718	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:13.711724043 CEST	49718	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:13.711728096 CEST	443	49718	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:13.716308117 CEST	443	49719	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:13.716386080 CEST	49719	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:13.723129988 CEST	49719	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:13.723140001 CEST	443	49719	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:13.723408937 CEST	443	49719	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:13.765012026 CEST	49719	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:13.765063047 CEST	49718	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:13.843089104 CEST	49676	443	192.168.2.8	52.182.143.211
Apr 23, 2024 08:13:13.897758961 CEST	443	49718	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:13.897893906 CEST	443	49718	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:13.898498058 CEST	49718	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:13.978327990 CEST	49718	443	192.168.2.8	13.35.90.37
Apr 23, 2024 08:13:13.978363037 CEST	443	49718	13.35.90.37	192.168.2.8
Apr 23, 2024 08:13:13.978396893 CEST	49719	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:14.024132013 CEST	443	49719	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.068939924 CEST	443	49719	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.069190025 CEST	443	49719	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.069262028 CEST	49719	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:14.069363117 CEST	49719	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:14.069363117 CEST	49719	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:14.069386959 CEST	443	49719	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.069400072 CEST	443	49719	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.116816998 CEST	49720	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:14.116854906 CEST	443	49720	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.116947889 CEST	49720	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:14.117259026 CEST	49720	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:14.117275953 CEST	443	49720	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.297624111 CEST	443	49720	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.297691107 CEST	49720	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:14.299094915 CEST	49720	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:14.299108982 CEST	443	49720	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.299413919 CEST	443	49720	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.300712109 CEST	49720	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:14.348117113 CEST	443	49720	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.472388029 CEST	443	49720	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.472556114 CEST	443	49720	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:14.472609043 CEST	49720	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:14.513135910 CEST	49720	443	192.168.2.8	23.51.58.94
Apr 23, 2024 08:13:14.513170004 CEST	443	49720	23.51.58.94	192.168.2.8
Apr 23, 2024 08:13:22.272442102 CEST	443	49716	142.250.65.228	192.168.2.8
Apr 23, 2024 08:13:22.272510052 CEST	443	49716	142.250.65.228	192.168.2.8
Apr 23, 2024 08:13:22.272562981 CEST	49716	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:13:24.380884886 CEST	49716	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:13:24.380943060 CEST	443	49716	142.250.65.228	192.168.2.8
Apr 23, 2024 08:13:24.403012991 CEST	49703	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:24.403359890 CEST	49703	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:24.414783955 CEST	49723	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:24.414834976 CEST	443	49723	23.206.229.226	192.168.2.8
Apr 23, 2024 08:13:24.414943933 CEST	49723	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:24.416331053 CEST	49723	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:24.416343927 CEST	443	49723	23.206.229.226	192.168.2.8
Apr 23, 2024 08:13:24.556940079 CEST	443	49703	23.206.229.226	192.168.2.8
Apr 23, 2024 08:13:24.556986094 CEST	443	49703	23.206.229.226	192.168.2.8
Apr 23, 2024 08:13:24.749560118 CEST	443	49723	23.206.229.226	192.168.2.8
Apr 23, 2024 08:13:24.749680996 CEST	49723	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:24.765708923 CEST	49723	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:24.765731096 CEST	443	49723	23.206.229.226	192.168.2.8
Apr 23, 2024 08:13:24.766186953 CEST	443	49723	23.206.229.226	192.168.2.8
Apr 23, 2024 08:13:24.769594908 CEST	49723	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:24.770328999 CEST	49723	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:24.770328999 CEST	49723	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:24.770364046 CEST	443	49723	23.206.229.226	192.168.2.8
Apr 23, 2024 08:13:25.120481968 CEST	443	49723	23.206.229.226	192.168.2.8
Apr 23, 2024 08:13:25.120661020 CEST	443	49723	23.206.229.226	192.168.2.8
Apr 23, 2024 08:13:25.120682955 CEST	49723	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:25.120733976 CEST	49723	443	192.168.2.8	23.206.229.226
Apr 23, 2024 08:13:54.761307955 CEST	49704	80	192.168.2.8	23.200.0.17
Apr 23, 2024 08:13:54.849611998 CEST	80	49704	23.200.0.17	192.168.2.8
Apr 23, 2024 08:13:54.849670887 CEST	49704	80	192.168.2.8	23.200.0.17
Apr 23, 2024 08:13:55.089132071 CEST	49711	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:13:55.089170933 CEST	443	49711	18.159.182.129	192.168.2.8
Apr 23, 2024 08:14:11.921395063 CEST	49711	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:14:11.921515942 CEST	443	49711	18.159.182.129	192.168.2.8
Apr 23, 2024 08:14:11.921571016 CEST	49711	443	192.168.2.8	18.159.182.129
Apr 23, 2024 08:14:11.983546019 CEST	49726	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:14:11.983593941 CEST	443	49726	142.250.65.228	192.168.2.8
Apr 23, 2024 08:14:11.983664036 CEST	49726	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:14:11.984298944 CEST	49726	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:14:11.984318972 CEST	443	49726	142.250.65.228	192.168.2.8
Apr 23, 2024 08:14:12.170226097 CEST	443	49726	142.250.65.228	192.168.2.8
Apr 23, 2024 08:14:12.170528889 CEST	49726	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:14:12.170552969 CEST	443	49726	142.250.65.228	192.168.2.8
Apr 23, 2024 08:14:12.170991898 CEST	443	49726	142.250.65.228	192.168.2.8
Apr 23, 2024 08:14:12.171323061 CEST	49726	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:14:12.171416044 CEST	443	49726	142.250.65.228	192.168.2.8
Apr 23, 2024 08:14:12.214078903 CEST	49726	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:14:22.162750959 CEST	443	49726	142.250.65.228	192.168.2.8
Apr 23, 2024 08:14:22.162902117 CEST	443	49726	142.250.65.228	192.168.2.8
Apr 23, 2024 08:14:22.162991047 CEST	49726	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:14:23.920890093 CEST	49726	443	192.168.2.8	142.250.65.228
Apr 23, 2024 08:14:23.920929909 CEST	443	49726	142.250.65.228	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 08:13:07.672959089 CEST	53	60190	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:07.741174936 CEST	53	59328	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:08.286276102 CEST	53	57896	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:09.185640097 CEST	51136	53	192.168.2.8	1.1.1.1
Apr 23, 2024 08:13:09.185806036 CEST	60045	53	192.168.2.8	1.1.1.1
Apr 23, 2024 08:13:09.494786024 CEST	53	51136	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:09.502247095 CEST	53	60045	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:10.219305992 CEST	56233	53	192.168.2.8	1.1.1.1
Apr 23, 2024 08:13:10.219465971 CEST	63324	53	192.168.2.8	1.1.1.1
Apr 23, 2024 08:13:10.321815968 CEST	53	63324	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:10.324903011 CEST	53	56233	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:11.924947977 CEST	51871	53	192.168.2.8	1.1.1.1
Apr 23, 2024 08:13:11.925370932 CEST	50932	53	192.168.2.8	1.1.1.1
Apr 23, 2024 08:13:12.013535023 CEST	53	50932	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:12.013559103 CEST	53	51871	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:13.416987896 CEST	50773	53	192.168.2.8	1.1.1.1
Apr 23, 2024 08:13:13.417505026 CEST	49607	53	192.168.2.8	1.1.1.1
Apr 23, 2024 08:13:13.512564898 CEST	53	49607	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:13.518965960 CEST	53	50773	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:25.692665100 CEST	53	62458	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:45.302977085 CEST	53	50139	1.1.1.1	192.168.2.8
Apr 23, 2024 08:13:54.665015936 CEST	138	138	192.168.2.8	192.168.2.255
Apr 23, 2024 08:14:07.339428902 CEST	53	61779	1.1.1.1	192.168.2.8
Apr 23, 2024 08:14:09.597529888 CEST	53	54426	1.1.1.1	192.168.2.8
Apr 23, 2024 08:14:36.224678040 CEST	53	51160	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2024 08:13:09.185640097 CEST	192.168.2.8	1.1.1.1	0xae59	Standard query (0)	www.leoni.com	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:09.185806036 CEST	192.168.2.8	1.1.1.1	0xb29c	Standard query (0)	www.leoni.com	65	IN (0x0001)	false
Apr 23, 2024 08:13:10.219305992 CEST	192.168.2.8	1.1.1.1	0x6d2c	Standard query (0)	d1619fmrcx9c43.cloudfront.net	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:10.219465971 CEST	192.168.2.8	1.1.1.1	0xdd7a	Standard query (0)	d1619fmrcx9c43.cloudfront.net	65	IN (0x0001)	false
Apr 23, 2024 08:13:11.924947977 CEST	192.168.2.8	1.1.1.1	0x9489	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:11.925370932 CEST	192.168.2.8	1.1.1.1	0x3d78	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 23, 2024 08:13:13.416987896 CEST	192.168.2.8	1.1.1.1	0xb520	Standard query (0)	d1619fmrcx9c43.cloudfront.net	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:13.417505026 CEST	192.168.2.8	1.1.1.1	0x69c	Standard query (0)	d1619fmrcx9c43.cloudfront.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 23, 2024 08:13:09.494786024 CEST	1.1.1.1	192.168.2.8	0xae59	No error (0)	www.leoni.com	leoni-website-live-519859459.eu-central-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2024 08:13:09.494786024 CEST	1.1.1.1	192.168.2.8	0xae59	No error (0)	leoni-website-live-519859459.eu-central-1.elb.amazonaws.com		18.159.182.129	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:09.494786024 CEST	1.1.1.1	192.168.2.8	0xae59	No error (0)	leoni-website-live-519859459.eu-central-1.elb.amazonaws.com		35.157.71.104	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:09.502247095 CEST	1.1.1.1	192.168.2.8	0xb29c	No error (0)	www.leoni.com	leoni-website-live-519859459.eu-central-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2024 08:13:10.324903011 CEST	1.1.1.1	192.168.2.8	0x6d2c	No error (0)	d1619fmrcx9c43.cloudfront.net		13.35.90.37	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:10.324903011 CEST	1.1.1.1	192.168.2.8	0x6d2c	No error (0)	d1619fmrcx9c43.cloudfront.net		13.35.90.23	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:10.324903011 CEST	1.1.1.1	192.168.2.8	0x6d2c	No error (0)	d1619fmrcx9c43.cloudfront.net		13.35.90.56	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:10.324903011 CEST	1.1.1.1	192.168.2.8	0x6d2c	No error (0)	d1619fmrcx9c43.cloudfront.net		13.35.90.87	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:12.013535023 CEST	1.1.1.1	192.168.2.8	0x3d78	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 23, 2024 08:13:12.013559103 CEST	1.1.1.1	192.168.2.8	0x9489	No error (0)	www.google.com		142.250.65.228	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:13.518965960 CEST	1.1.1.1	192.168.2.8	0xb520	No error (0)	d1619fmrcx9c43.cloudfront.net		13.35.90.37	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:13.518965960 CEST	1.1.1.1	192.168.2.8	0xb520	No error (0)	d1619fmrcx9c43.cloudfront.net		13.35.90.87	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:13.518965960 CEST	1.1.1.1	192.168.2.8	0xb520	No error (0)	d1619fmrcx9c43.cloudfront.net		13.35.90.23	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:13.518965960 CEST	1.1.1.1	192.168.2.8	0xb520	No error (0)	d1619fmrcx9c43.cloudfront.net		13.35.90.56	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:22.893708944 CEST	1.1.1.1	192.168.2.8	0x9f5	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2024 08:13:22.893708944 CEST	1.1.1.1	192.168.2.8	0x9f5	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:13:37.521603107 CEST	1.1.1.1	192.168.2.8	0x84c5	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2024 08:13:37.521603107 CEST	1.1.1.1	192.168.2.8	0x84c5	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:14:01.349701881 CEST	1.1.1.1	192.168.2.8	0x91db	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2024 08:14:01.349701881 CEST	1.1.1.1	192.168.2.8	0x91db	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:14:21.751666069 CEST	1.1.1.1	192.168.2.8	0x3ebb	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2024 08:14:21.751666069 CEST	1.1.1.1	192.168.2.8	0x3ebb	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Apr 23, 2024 08:14:51.318667889 CEST	1.1.1.1	192.168.2.8	0x585f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2024 08:14:51.318667889 CEST	1.1.1.1	192.168.2.8	0x585f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.leoni.com

d1619fmrcx9c43.cloudfront.net

https:

www.bing.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49710	18.159.182.129	443	6812	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 06:13:10 UTC	756	OUT	GET /fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf HTTP/1.1 Host: www.leoni.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 06:13:10 UTC	741	IN	HTTP/1.1 303 See Other Date: Tue, 23 Apr 2024 06:13:10 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close Server: Apache Expires: Thu, 01 Jan 1970 00:00:00 GMT Last-Modified: Tue, 23 Apr 2024 06:13:10 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 Pragma: no-cache, no-store Location: https://d1619fmrcx9c43.cloudfront.net/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf?1663161028 X-Varnish: 5439965 Age: 0 Via: 1.1 varnish-v4 Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Referrer-Policy: same-origin X-XSS-Protection: 1; mode=block

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49713	13.35.90.37	443	6812	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 06:13:10 UTC	783	OUT	GET /fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf?1663161028 HTTP/1.1 Host: d1619fmrcx9c43.cloudfront.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 06:13:10 UTC	685	IN	HTTP/1.1 200 OK Content-Type: application/pdf Content-Length: 125512 Connection: close Date: Tue, 23 Apr 2024 06:13:10 GMT Server: nginx Last-Modified: Wed, 14 Sep 2022 13:10:28 GMT Link: <https://www.leoni.com/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf>; rel="canonical" X-Content-Type-Options: nosniff Cache-Control: public, max-age=31536000 X-Varnish: 5080989 1573360 Via: 1.1 varnish-v4, 1.1 922167d169fb5d47cad92d0fd0cd14aa.cloudfront.net (CloudFront) Accept-Ranges: bytes X-Cache: Miss from cloudfront X-Amz-Cf-Pop: JFK50-P8 X-Amz-Cf-Id: _1OY15cb7TFwExx5iTnm9joBNeaOH7mrlzH90iAGDYPly5HZ0IwMiw== Age: 0
2024-04-23 06:13:10 UTC	11388	IN	Data Raw: 25 50 44 46 2d 31 2e 37 0d 0a 25 b5 b5 b5 b5 0d 0a 31 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 2f 50 61 67 65 73 20 32 20 30 20 52 2f 4c 61 6e 67 28 64 65 2d 44 45 29 20 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 33 30 20 30 20 52 2f 4d 61 72 6b 49 6e 66 6f 3c 3c 2f 4d 61 72 6b 65 64 20 74 72 75 65 3e 3e 2f 4d 65 74 61 64 61 74 61 20 31 33 32 20 30 20 52 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 31 33 33 20 30 20 52 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 32 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 73 2f 43 6f 75 6e 74 20 33 2f 4b 69 64 73 5b 20 33 20 30 20 52 20 32 34 20 30 20 52 20 32 36 20 30 20 52 5d 20 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 33 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f Data Ascii: %PDF-1.7%1 0 obj<</Type/Catalog/Pages 2 0 R/Lang(de-DE) /StructTreeRoot 30 0 R/MarkInfo<</Marked true>>/Metadata 132 0 R/ViewerPreferences 133 0 R>>endobj2 0 obj<</Type/Pages/Count 3/Kids[ 3 0 R 24 0 R 26 0 R] >>endobj3 0 obj<</Type/
2024-04-23 06:13:10 UTC	2594	IN	Data Raw: 9f bc bf 81 39 fc 4d 70 e6 14 79 a3 ed 17 43 af 07 56 d2 e4 7d 4e 5b e3 47 fc 8f 9f f6 e9 1f f3 6a f3 ca f4 5f 8d 2b b7 c7 68 73 9d d6 71 9f d5 87 f4 af 3a ae ac 2f f0 63 e8 73 e2 3f 88 cf 59 f8 15 ff 00 21 9d 5b fe bd d3 ff 00 42 35 ee 55 e1 bf 02 bf e4 33 ab 7f d7 ba 7f e8 46 bd ca bc 7c 77 f1 d9 e9 61 3f 84 8f 2d f8 e7 ff 00 22 be 9f ff 00 5f a3 ff 00 40 6a f0 6a f7 9f 8e 7f f2 2b 69 ff 00 f5 fa 3f f4 06 af 06 af 4f 01 fc 04 70 e3 3f 8a 14 51 45 76 9c a1 45 14 50 07 ba 7c 0a ff 00 90 0e a9 ff 00 5f 4b ff 00 a0 0a f5 7a f2 8f 81 5f f2 00 d5 3f eb e9 7f f4 01 5e af 5f 3b 8b fe 3c 8f 6b 0d fc 24 14 51 45 73 1b 85 7c c9 f1 43 fe 4a 26 ab fe f2 7f e8 02 be 9b af 99 3e 28 7f c9 44 d5 3f de 4f fd 00 57 a1 96 ff 00 15 fa 1c 78 df e1 af 53 8f a2 8a eb fe 1b 68 Data Ascii: 9MpyCV}N[Gj_+hsq:/cs?Y![B5U3F\|wa?-"_@jj+i?Op?QEvEP\|_Kz_?^_;<k$QEs\|CJ&>(D?OWxSh
2024-04-23 06:13:11 UTC	16384	IN	Data Raw: a0 7a 7f e0 44 7f e3 45 14 57 47 d6 ea 18 fd 5a 07 ff d9 0d 0a 65 6e 64 73 74 72 65 61 6d 0d 0a 65 6e 64 6f 62 6a 0d 0a 32 32 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 46 6f 6e 74 2f 53 75 62 74 79 70 65 2f 54 72 75 65 54 79 70 65 2f 4e 61 6d 65 2f 46 35 2f 42 61 73 65 46 6f 6e 74 2f 41 72 69 61 6c 4d 54 2f 45 6e 63 6f 64 69 6e 67 2f 57 69 6e 41 6e 73 69 45 6e 63 6f 64 69 6e 67 2f 46 6f 6e 74 44 65 73 63 72 69 70 74 6f 72 20 32 33 20 30 20 52 2f 46 69 72 73 74 43 68 61 72 20 33 32 2f 4c 61 73 74 43 68 61 72 20 33 32 2f 57 69 64 74 68 73 20 31 33 31 20 30 20 52 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 32 33 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 46 6f 6e 74 44 65 73 63 72 69 70 74 6f 72 2f 46 6f 6e 74 4e 61 6d 65 2f 41 72 69 61 6c 4d 54 2f 46 6c Data Ascii: zDEWGZendstreamendobj22 0 obj<</Type/Font/Subtype/TrueType/Name/F5/BaseFont/ArialMT/Encoding/WinAnsiEncoding/FontDescriptor 23 0 R/FirstChar 32/LastChar 32/Widths 131 0 R>>endobj23 0 obj<</Type/FontDescriptor/FontName/ArialMT/Fl
2024-04-23 06:13:11 UTC	5858	IN	Data Raw: 96 7e 68 b9 11 6e 50 e3 d0 f2 28 3a 81 1e 45 a7 d0 db a8 1b 0d 40 cd 9d 68 1f 9a 80 1b ce eb 68 18 6d 83 fe ee 45 c7 d1 63 50 de 1d ee e7 79 08 b7 a2 3d e8 10 7a 00 7d 19 3d 0e 25 f5 50 c6 8d b8 12 ea ef 86 3e 26 d0 9d 30 da 09 68 37 ce fd 9d f3 bf 34 d0 6b 91 06 9d 9c ff cf f9 aa b9 6f 5e 7b 8d 4c 23 25 f8 c7 b0 e6 a3 b0 a2 5d b0 96 cb a8 9f 8e 47 77 d1 8e f9 3f e2 94 f9 4f 68 d1 fc 6f a8 83 f3 9f e0 dc f9 ff 40 22 72 3f 09 77 55 ee 16 47 9e 03 09 92 70 1b 2c 81 5b 69 83 27 35 4b 40 94 9e ae 91 3d af ab 81 2f 02 9b 5e 10 52 98 60 85 98 b4 14 30 64 9b 41 e9 73 53 18 39 df bf f8 fe c5 73 6e 78 94 aa 92 12 ec 7c ff fd 8b 97 b8 98 d3 a9 b8 04 5f ef cf e6 e4 62 a5 59 c9 3f f1 32 42 20 88 67 2c 29 d9 44 81 2d bf d0 e5 ca ab 20 0a f2 ad 96 14 19 c1 e7 e5 17 16 Data Ascii: ~hnP(:E@hhmEcPy=z}=%P>&0h74ko^{L#%]Gw?Oho@"r?wUGp,[i'5K@=/^R`0dAsS9snx\|_bY?2B g,)D-
2024-04-23 06:13:11 UTC	6718	IN	Data Raw: 14 7f ef ef be 14 ba f4 47 f0 69 3f 1f 20 67 8a 47 9f dd 72 e7 53 77 15 14 8d 3e 3b 7a e7 53 77 16 de 9d ec 1d eb 6c 1b 6b 4c 8d 84 f8 c3 cd 2f 1f 69 ac 3e 70 7a eb e6 97 ef 6f a8 3a 70 7a 6f f3 f1 bb dc a5 1b 8f b7 b5 3c 74 67 45 e9 d0 71 58 cf 73 73 0f 93 af c3 7a 32 51 39 f2 79 b2 37 ad d8 b3 82 e8 5c 81 37 65 ef c9 26 e8 74 4c 93 d8 fc ff d8 f9 12 f0 38 aa 33 c1 57 57 df 47 f5 7d 4a dd 52 5f 6a 75 ab 5b 52 eb 68 5d 56 4b b2 8e d6 6d 1d 96 0d b2 b1 ac 5b d6 65 4b b2 2d db 1c 76 02 0e 09 09 c4 31 41 64 23 13 82 92 98 1c 9b 88 18 58 c8 b2 d9 5d d8 2c 26 80 43 32 24 3b f9 80 4c 66 e7 9b 59 76 c3 24 61 73 30 24 6a ed 7b af aa 0f 9d 18 be cc ce b7 3b ad ff 53 d5 ab 57 d5 ef fd f7 ff bf a3 aa 44 b2 aa f3 3d 01 74 92 92 e2 2c 9a c9 87 83 76 4b 94 ed 28 5b 61 Data Ascii: Gi? gGrSw>;zSwlkL/i>pzo:pzo<tgEqXssz2Q9y7\7e&tL83WWG}JR_ju[Rh]VKm[eK-v1Ad#X],&C2$;LfYv$as0$j{;SWD=t,vK([a
2024-04-23 06:13:11 UTC	12188	IN	Data Raw: cb a2 33 ad 95 60 6d 79 8d bc 08 31 35 40 6d 87 11 57 60 5b 86 1a 63 54 d8 97 18 46 92 b9 a4 be 47 92 22 b8 4d 5f b6 d9 80 9f 5e 9f f2 5d 9b 12 f2 a2 b7 fd 78 d3 30 e2 8e 45 75 cd 12 32 1c 1c 3d 59 56 a2 72 b3 e3 c7 0e f4 d3 ef 97 1f ae 75 c6 de c6 18 bd 6c d4 d2 8c 7a f6 48 59 54 41 93 b1 eb b7 20 79 46 60 b6 d3 c0 bc 0d c7 f4 95 11 5b c9 15 9b df e6 97 1b af 00 b9 77 29 10 60 42 4b c6 12 c6 f9 09 c9 c3 2c ab e3 d6 ba 0a 83 f1 7d d8 c1 ed be f1 42 7a dc dc 5c ea e6 d5 17 12 22 0d 75 2f b9 fc 42 36 20 43 cc 8d 86 3d 42 91 50 22 15 67 15 45 0b 9a 6f 09 f7 1e ed 0d 7b f6 1e 2a b5 96 15 7a 24 0c a3 12 65 e6 55 ba 1b ea ca 7a 07 7b cb a8 6f 97 f6 56 64 2a a0 5f 13 e9 b4 66 8d d6 a4 dd 5b e5 0b e7 7a 4a 3b ab 0b 5a 8b 2c 62 a5 46 cc a8 0c 7e 95 4e 15 f1 fb 4a Data Ascii: 3`my15@mW`[cTFG"M_^]x0Eu2=YVrulzHYTA yF`[w)`BK,}Bz\"u/B6 C=BP"gEo{z$eUz{oVd_f[zJ;Z,bF~NJ
2024-04-23 06:13:11 UTC	9532	IN	Data Raw: a1 e1 e2 09 ea a4 5d 4d dd b4 af a8 4e 54 51 a5 98 d3 fa 0e ca 75 62 2a d5 99 26 22 f6 73 03 05 46 3b b4 11 3f 81 7b d2 30 f1 29 39 64 1b 6d 0d d9 f4 ef 28 53 5b 4d 5d b4 b5 64 fb 23 fd f9 5f 35 cc 6b 12 bb ff ec 5e 04 2c 60 01 0b 18 9b 76 bd 08 3b 69 5d 05 ed 6b 5b c6 77 ac 6e 86 bf 13 3d ac 99 e9 ea ff 64 3f f4 76 24 b4 8f 7e fb 1e d0 ea f1 0e 01 4e d9 f6 57 7a e2 48 fc 1c 5a 03 2c ff 4d 1e 17 9d 0f 2c ff bd b8 d3 ea 6b 36 5d d8 b6 1c dc 19 18 cc fc df 36 d3 15 34 4d 7b 91 1c fa 5e 9a 0e 94 98 dc d4 51 7f 1b dc 8f 56 eb 3e ca 06 57 01 93 f1 7d 78 04 70 3f b0 10 98 01 d8 81 1a 60 36 50 05 8c 37 90 47 33 b4 0d d4 5e 3f 87 26 eb f5 54 a6 6f a6 0c 7d 26 55 ea db 68 ae 5e 44 59 fa 83 54 ac 3f 42 e3 71 86 18 07 6c 00 6a 80 e9 c0 40 60 06 50 09 4c 05 4a 64 cc Data Ascii: ]MNTQub*&"sF;?{0)9dm(S[M]d#_5k^,`v;i]k[wn=d?v$~NWzHZ,M,k6]64M{^QV>W}xp?`6P7G3^?&To}&Uh^DYT?Bqlj@`PLJd
2024-04-23 06:13:11 UTC	16384	IN	Data Raw: 04 25 96 28 a4 49 ce e6 b5 da 7c 56 8e 28 f4 e1 80 44 9c 72 40 62 aa dd 97 05 ea 22 b2 1e df a5 c3 f7 73 2e 7f cc 79 a5 d9 2d f1 0b a8 d8 7a ea 00 63 60 48 0a 44 66 20 e7 1f 2a 7d fe 58 55 84 77 55 b8 4f 4f 90 8f f9 aa 9c 9c 5e f2 da 54 1f 00 bd 2e 62 6d d8 63 48 b9 c4 cd 66 ab 66 76 f4 6e d6 de 8d e8 fd 1d 68 76 ab 66 76 2b 32 bb cf 50 5b 9b 82 66 4f c9 66 f8 02 4e 4c 09 3c 3c 02 a7 a4 e0 29 02 e6 5b 3a 6a a8 35 c7 29 27 e4 53 88 31 64 23 68 e6 f3 ac 9c 4c 43 39 68 3a a7 81 ac b5 28 da 54 35 65 2c 16 0f db ed b6 0b 18 d4 47 3a d2 b1 32 7c 52 37 19 6d 2e 63 93 2b 1e 0e db 0a 97 05 3a 3d 04 41 b0 92 5f 96 fd 16 b6 da 35 ea 8d fb bd 22 de ec 6d 4c d5 cb 38 88 4e 92 df 69 0f 58 d8 3e 2b 48 70 38 6f 2a 4e fc 2e f3 a9 96 fe 07 07 4e ff ad 44 d4 8f 57 84 0c 8e Data Ascii: %(I\|V(Dr@b"s.y-zc`HDf }XUwUOO^T.bmcHffvnhvfv+2P[fOfNL<<)[:j5)'S1d#hLC9h:(T5e,G:2\|R7m.c+:=A_5"mL8NiX>+Hp8oN.NDW
2024-04-23 06:13:11 UTC	4149	IN	Data Raw: 62 6c df 68 05 84 09 0f a8 36 8c 46 3a a3 56 42 85 b9 5d 89 75 69 ce c0 d0 56 b7 d7 65 a2 75 d4 c3 8f 56 16 a7 d2 c9 ca 7c b7 b9 32 ee 48 76 fa a1 6f 14 25 be 8f 3f ab f6 62 dd d8 35 68 95 d6 62 c1 4c dc 79 7c b6 6c 4e c7 c3 da c7 da 0f 84 4f 70 27 d2 07 bd 87 4c 07 51 74 5f 17 db 2a de 2e 5e 10 cb f1 6d ed da c7 84 f6 03 e9 f0 09 21 cd 81 7f e2 91 28 4c 57 26 9c 1b 2b 87 dc 6a 5d 46 dd cd 4a 7b fc 59 42 a5 26 d5 19 07 8c 85 8e d0 26 a3 e1 36 b5 c9 63 b3 03 66 4f 19 80 7d 9a 72 14 c6 8a 8e 82 5d 47 11 d4 3f 98 2c 7a c2 48 7b d2 be 5e a7 d7 e7 5c 2a 01 d6 ab 20 ff f1 ff e1 f4 79 9d dd 3d 33 5d 6e ad 4e 6b b4 61 24 96 c6 df 21 f6 00 9d 1d c4 26 b0 6b b1 5f 8a f9 8e 4d f8 28 96 c4 2c f8 0c 96 01 ce e1 e6 67 0a 19 f0 13 f3 ac 3b 8f 6f 3e ad c1 26 a1 31 f3 60 Data Ascii: blh6F:VB]uiVeuV\|2Hvo%?b5hbLy\|lNOp'LQt_.^m!(LW&+j]FJ{YB&&6cfO}r]G?,zH{^\ y=3]nNka$!&k_M(,g;o>&1`
2024-04-23 06:13:11 UTC	15667	IN	Data Raw: 76 9f 3a 89 6e 78 5c 24 13 93 38 98 97 ae 7f f6 c5 39 d0 07 8e 2d 10 40 22 7f 87 51 f8 41 64 10 bc bf 01 bc ff 2d ff fe 66 64 10 8c 9b 77 e2 13 d8 d7 c1 fc 7e 99 06 34 64 d5 31 75 40 03 9e e3 87 4a d2 10 e1 df 43 0d 78 ae 60 85 06 4c 5b 73 56 9d d1 a8 b1 23 14 a3 55 28 38 39 a5 15 ab ac 5a ce aa 12 a1 89 db 56 9c f3 65 e1 b7 2e 2e f8 fa 49 fa b7 44 fe ca 73 0c 03 b3 50 20 0b 52 ea 7a d2 0b 00 f8 08 72 34 19 f9 36 bb f3 08 97 19 47 b7 45 f2 bd 12 2e 37 88 1c e0 ba b8 2e a4 76 e3 9e f3 66 97 39 ff e0 c7 6c df c7 6d 6d 4d 02 c9 11 ef 4e 07 c9 9a c1 cf 50 f9 c7 b1 a3 ed 4d 9f 0c 81 81 25 fc 4e 32 e4 15 a0 34 0c bc bf c8 5c 84 d1 ae 60 bc f9 21 1f 93 ff 43 e6 ed f7 d8 50 e8 3c 9b dc 8f d6 63 de 73 3e 06 9e ca 1e fc 38 d6 d6 07 fe ad 7a 70 0c 3c 19 3c 7a a8 e9 Data Ascii: v:nx\$89-@"QAd-fdw~4d1u@JCx`L[sV#U(89ZVe..IDsP Rzr46GE.7.vf9lmmMNPM%N24\`!CP<cs>8zp<<z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49715	13.35.90.37	443	6812	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 06:13:12 UTC	725	OUT	GET /favicon.ico HTTP/1.1 Host: d1619fmrcx9c43.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://d1619fmrcx9c43.cloudfront.net/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf?1663161028 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 06:13:12 UTC	552	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Content-Length: 1150 Connection: close Date: Tue, 23 Apr 2024 06:13:12 GMT Server: nginx Last-Modified: Tue, 20 Feb 2024 10:52:40 GMT X-Content-Type-Options: nosniff Cache-Control: public, max-age = 3600 X-Varnish: 5439983 1051281 Via: 1.1 varnish-v4, 1.1 c05b7ff061569d914bb28a2bfaa77d34.cloudfront.net (CloudFront) Accept-Ranges: bytes Vary: Accept-Encoding X-Cache: Miss from cloudfront X-Amz-Cf-Pop: JFK50-P8 X-Amz-Cf-Id: qdvD4uA2uZHA9tfvYbym4RAgIY5AYl802aOfL-IuwdVFXCQsp-VRsA== Age: 0
2024-04-23 06:13:12 UTC	1150	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cb cb cb fd cb cb cb fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd ce ce ce fd ce ce ce fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d1 d1 d1 fd d1 d1 d1 fd d6 Data Ascii: h(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49718	13.35.90.37	443	6812	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-23 06:13:13 UTC	364	OUT	GET /favicon.ico HTTP/1.1 Host: d1619fmrcx9c43.cloudfront.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-23 06:13:13 UTC	551	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Content-Length: 1150 Connection: close Date: Tue, 23 Apr 2024 06:13:12 GMT Server: nginx Last-Modified: Tue, 20 Feb 2024 10:52:40 GMT X-Content-Type-Options: nosniff Cache-Control: public, max-age = 3600 X-Varnish: 5439983 1051281 Via: 1.1 varnish-v4, 1.1 3ffc96c97d8be4bd38d62dce94cb1db0.cloudfront.net (CloudFront) Accept-Ranges: bytes Vary: Accept-Encoding X-Cache: Hit from cloudfront X-Amz-Cf-Pop: JFK50-P8 X-Amz-Cf-Id: -hGtfJQXABsyaSQdffv6anoxjQUS6gfOp6BgUkveXqCFjLyVBL2eMA== Age: 1
2024-04-23 06:13:13 UTC	1150	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cc cc cc fd cb cb cb fd cb cb cb fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd cf cf cf fd ce ce ce fd ce ce ce fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d2 d2 d2 fd d1 d1 d1 fd d1 d1 d1 fd d6 Data Ascii: h(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49719	23.51.58.94	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 06:13:13 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-23 06:13:14 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0790) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=71501 Date: Tue, 23 Apr 2024 06:13:14 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49720	23.51.58.94	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 06:13:14 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-23 06:13:14 UTC	455	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 Cache-Control: public, max-age=71507 Date: Tue, 23 Apr 2024 06:13:14 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-23 06:13:14 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.8	49723	23.206.229.226	443

Timestamp	Bytes transferred	Direction	Data
2024-04-23 06:13:24 UTC	2171	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A4109008217 X-BM-CBT: 1696494873 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: 229C124F14F843F693B4EF574DFCAAAB X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109008217 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40 X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 516 Connection: Keep-Alive Cache-Control: no-cache Cookie: SRCHUID=V=2&GUID=7A0479E0E07C4D7D91A8C7552F34E6D4&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696493908190&IPMH=7bc3b11d&IPMID=1696494873321&HV=1696494765; CortanaAppUID=0A2376201E427A029407F32A9072506A; MUID=4E6D5F19647E45969740B90CC0355D4C; _SS=SID=1F4D6C7F4B26664337657FDE4A3767CB&CPID=1696494874312&AC=1&CPH=893a1c21; _EDGE_S=SID=1F4D6C7F4B26664337657FDE4A3767CB; MUIDB=4E6D5F19647E45969740B90CC0355D4C
2024-04-23 06:13:24 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-04-23 06:13:24 UTC	515	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 34 45 36 44 35 46 31 39 36 34 37 45 34 35 39 36 39 37 34 30 42 39 30 43 43 30 33 35 35 44 34 43 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 30 36 38 37 30 43 30 39 41 31 46 37 34 43 39 43 42 33 41 42 46 30 34 30 46 43 39 46 30 41 37 38 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>4E6D5F19647E45969740B90CC0355D4C</CID><Events><E><T>Event.ClientInst</T><IG>06870C09A1F74C9CB3ABF040FC9F0A78</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-04-23 06:13:25 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 365734AAE7654655BE9BB84F89C87E84 Ref B: LAX311000112007 Ref C: 2024-04-23T06:13:24Z Date: Tue, 23 Apr 2024 06:13:25 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.e2d7ce17.1713852804.787e2126

Target ID:	0
Start time:	08:13:02
Start date:	23/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	08:13:06
Start date:	23/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2216,i,11174362035811413858,6951727311425926158,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	08:13:08
Start date:	23/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.leoni.com/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.leoni.com/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3672, Parent PID: 2252

General

Chronological Activities

Analysis Process: chrome.exePID: 6812, Parent PID: 3672

General

Windows Analysis Report
https://www.leoni.com/fileadmin/common/data_protection/data_protection_information_for_business_partners_and_customers.pdf