Edit tour

Windows Analysis Report
ACRMNT.pdf

Overview

General Information

Sample name:	ACRMNT.pdf
Analysis ID:	1432278
MD5:	44159aca23f90b1cabf0005a7975f77c
SHA1:	8fe88115faaa0c3bda916d9e375588443fc10199
SHA256:	01109b3bc2fa06f9c6d47bda68d49ffed38556b9b18d978ef2fc576704df31ae
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Phishing site detected (based on OCR NLP Model)

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

No malicious behavior found, analyze the document also on other version of Office / Acrobat

Process Tree

System is w10x64

Acrobat.exe (PID: 7332 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ACRMNT.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7512 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7700 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1620,i,2245434487977849350,1117404074893898555,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://public-usa.mkt.dynamics.com/api/orgs/52f527c8-5afd-ee11-9048-000d3a106837/r/zYThiUJLBU2JHNZGgAw1qwEAAAA" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2224,i,14375637986676002986,8035494575245750603,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Adobe Acrobat PDF

ML Model on OCR Text: Matched 94.8% probability on "Jennifer Schoettler sent the document "Arcane Tinmen Storage Proposal" for your review in Microsoft OneDrive PDF View Documents In OneDrive This billing notification was sent to all owners, check your e-mail security settings to determine how attachments are handled. Thank You, Jeniffer Von Schoettler Trade Marketing Manager US I Sales Jeniffer.schoettler@arcaneunrnen.com +1 (786) 863 2257 "

Source: https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/standaloneforms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa#msdynmkt_trackingcontext=89e184cd-4b42-4d05-891c-d646800c35ab	HTTP Parser: No favicon
Source: https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/standaloneforms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa#msdynmkt_trackingcontext=89e184cd-4b42-4d05-891c-d646800c35ab	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49771 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox View	IP Address: 13.107.246.41 13.107.246.41
Source: Joe Sandbox View	IP Address: 52.146.76.30 52.146.76.30
Source: Joe Sandbox View	IP Address: 104.94.108.142 104.94.108.142
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.102
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.182.102
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vkF+oXvDPKsCOPm&MD=HWVEBc5B HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /api/orgs/52f527c8-5afd-ee11-9048-000d3a106837/r/zYThiUJLBU2JHNZGgAw1qwEAAAA HTTP/1.1Host: public-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/standaloneforms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usa/FormLoader/FormLoader.bundle.js HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://assets-usa.mkt.dynamics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/forms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/plainsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/standaloneforms/b99e27b7-9f00-ef11-a1fd-6045bddb1daaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://assets-usa.mkt.dynamics.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://assets-usa.mkt.dynamics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/standaloneforms/b99e27b7-9f00-ef11-a1fd-6045bddb1daaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/images/d28a00ec-9e00-ef11-a1fd-6045bddb1daa?ts=638493836057785250 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/forms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v1.0/orgs/52f527c8-5afd-ee11-9048-000d3a106837/landingpageforms/forms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa/visits HTTP/1.1Host: public-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/images/d28a00ec-9e00-ef11-a1fd-6045bddb1daa?ts=638493836057785250 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vkF+oXvDPKsCOPm&MD=HWVEBc5B HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: public-usa.mkt.dynamics.com
Source: global traffic	DNS traffic detected: DNS query: assets-usa.mkt.dynamics.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /api/v1.0/orgs/52f527c8-5afd-ee11-9048-000d3a106837/landingpageforms/forms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa/visits HTTP/1.1Host: public-usa.mkt.dynamics.comConnection: keep-aliveContent-Length: 215sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://assets-usa.mkt.dynamics.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 17:17:01 GMTContent-Type: text/htmlContent-Length: 548Connection: closeStrict-Transport-Security: max-age=2592000; preloadx-azure-ref: 20240426T171700Z-17644f8887fxsmp62x2nasg16g00000002hg0000000034a1x-fd-int-roxy-purgeid: 69215008X-Cache: TCP_MISS
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 26 Apr 2024 17:17:05 GMTContent-Length: 0Connection: closex-ms-trace-id: 845bcf146cfa5d58371ff067105e99baStrict-Transport-Security: max-age=2592000; preload

Source: chromecache_189.10.dr, chromecache_190.10.dr	String found in binary or memory: https://KCu.hinomyl.com/WLbwaVu/
Source: chromecache_194.10.dr	String found in binary or memory: https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/forms/b99e27b
Source: chromecache_189.10.dr, chromecache_190.10.dr	String found in binary or memory: https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/images/d28a00
Source: chromecache_194.10.dr	String found in binary or memory: https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js
Source: ACRMNT.pdf	String found in binary or memory: https://public-usa.mkt.dynamics.com/api/orgs/52f527c8-5afd-ee11-9048-000d3a106837/r/zYThiUJLBU2JHNZG
Source: chromecache_194.10.dr	String found in binary or memory: https://public-usa.mkt.dynamics.com/api/v1.0/orgs/52f527c8-5afd-ee11-9048-000d3a106837/landingpagefo

Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49771 version: TLS 1.2

Source: classification engine

Classification label: clean1.winPDF@40/58@10/8

Source: ACRMNT.pdf

Initial sample: https://public-usa.mkt.dynamics.com/api/orgs/52f527c8-5afd-ee11-9048-000d3a106837/r/zythiujlbu2jhnzggaw1qweaaaa

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7388

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 19-16-26-739.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ACRMNT.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1620,i,2245434487977849350,1117404074893898555,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://public-usa.mkt.dynamics.com/api/orgs/52f527c8-5afd-ee11-9048-000d3a106837/r/zYThiUJLBU2JHNZGgAw1qwEAAAA"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2224,i,14375637986676002986,8035494575245750603,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1620,i,2245434487977849350,1117404074893898555,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2224,i,14375637986676002986,8035494575245750603,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: ACRMNT.pdf	Initial sample: PDF keyword /JS count = 0
Source: ACRMNT.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: ACRMNT.pdf

Initial sample: PDF keyword stream count = 24

Source: ACRMNT.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
ACRMNT.pdf	0%	ReversingLabs
ACRMNT.pdf	2%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
part-0013.t-0009.t-msedge.net	0%	Virustotal		Browse

Name	IP	Active	Malicious	Antivirus Detection	Reputation
part-0013.t-0009.t-msedge.net	13.107.246.41	true	false	0%, Virustotal, Browse	unknown
prdia888eus0aks.mkt.dynamics.com	52.146.76.30	true	false		high
www.google.com	142.250.189.132	true	false		high
public-usa.mkt.dynamics.com	unknown	unknown	false		high
assets-usa.mkt.dynamics.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/standaloneforms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa	false	high
https://assets-usa.mkt.dynamics.com/favicon.ico	false	high
https://public-usa.mkt.dynamics.com/api/orgs/52f527c8-5afd-ee11-9048-000d3a106837/r/zYThiUJLBU2JHNZGgAw1qwEAAAA	false	high
https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/images/d28a00ec-9e00-ef11-a1fd-6045bddb1daa?ts=638493836057785250	false	high
https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/standaloneforms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa#msdynmkt_trackingcontext=89e184cd-4b42-4d05-891c-d646800c35ab	false	high
https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/forms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa	false	high
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/52f527c8-5afd-ee11-9048-000d3a106837/landingpageforms/forms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa/visits	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/52f527c8-5afd-ee11-9048-000d3a106837/landingpagefo	chromecache_194.10.dr	false	high
https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/images/d28a00	chromecache_189.10.dr, chromecache_190.10.dr	false	high
https://public-usa.mkt.dynamics.com/api/orgs/52f527c8-5afd-ee11-9048-000d3a106837/r/zYThiUJLBU2JHNZG	ACRMNT.pdf	false	high
https://KCu.hinomyl.com/WLbwaVu/	chromecache_189.10.dr, chromecache_190.10.dr	false	high
https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/forms/b99e27b	chromecache_194.10.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.189.132	www.google.com	United States	15169	GOOGLEUS	false
52.146.76.30	prdia888eus0aks.mkt.dynamics.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.94.108.142	unknown	United States	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.16
192.168.2.4
192.168.2.23

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432278
Start date and time:	2024-04-26 19:15:30 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	ACRMNT.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@40/58@10/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.221.212.219, 23.221.212.204, 23.204.76.141, 162.159.61.3, 172.64.41.3, 54.227.187.23, 52.202.204.11, 52.5.13.197, 23.22.254.206, 199.232.210.172, 192.229.211.108, 172.217.165.195, 142.250.189.142, 142.251.107.84, 34.104.35.123, 142.250.64.170, 142.250.64.138, 142.250.189.138, 172.217.2.202, 142.250.217.202, 172.217.165.202, 142.251.35.234, 142.250.217.234, 192.178.50.42, 142.250.64.234, 142.250.217.170, 192.178.50.74, 172.217.3.74, 172.217.15.202, 172.217.2.195, 192.178.50.46
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, assets-mkt-usa.azureedge.net, clientservices.googleapis.com, acroipm2.adobe.com, cxppusa1im4t7x7z5iubq.trafficmanager.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, assets-mkt-usa.afd.azureedge.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, azureedge-t-prod.trafficmanager.net, cxppusa1formui01cdnsa01-endpoint.azureedge.net, clients.l.google.com, geo2.adobe.com, cxppusa1formui01cdnsa01-endpoint.afd.azureedge.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.107.246.41	http://www.surveymonkey.com/tr/v1/te/PUEIZHbYTJGrZEIkVMWlCoicdktJQxDgUh5D5mhe1V5RrTmuIdynx7PnFHXRUx9slMgQjvZdyUWqhr_2Bl49oNXjy3TOleTjKMKR6WbsGcrstlT2syBMlSkW7U5aKlKcBD9NFqJqrxGyODSWJJr6_2BMbXsKkDA_2F0ep4iw23xw6huuM_3D	Get hash	malicious	Unknown	Browse	www.eand.com/en/index.html
	02-11-2024 MVP.html	Get hash	malicious	Unknown	Browse	www.mvphealthcare.com/
	02-11-2024 MVP.html	Get hash	malicious	Unknown	Browse	www.mvphealthcare.com/
	http://y84x.mjt.lu/lnk/CAAABPdweCoAAAAAAAAAAAVG8MwAAAA6pnMAAAAAAAvpOQBlhIO4-ImJ1UImRBC5CNVIkLSaswAL-7Q/2/r-vXj7XjX0azsD7QNKNH-A/aHR0cHM6Ly9hcHBjZW50ZXIubXMvaW52aXRhdGlvbnMvb3JnL2IxNjM2ZDYzMTE0YTM0MjBkYWFmNTg4YTE5N2Y0N2MxNGY4ZDViNWMyM2ZjM2RhYTgxMWM0ODgwOWM1ZTZkNjQ	Get hash	malicious	Unknown	Browse	appcenter.ms/
	http://url7816.acetaxi.com/ls/click?upn=k9eqZnPBEZmPVPka3LxS61O1ksdCJOgznvtiwccqzi2-2BneqvfCXEJ-2FQj-2BZo7snmCwDunBahf2LYhfs7qQp7-2F23xLStq-2BkxJ70xqVvyXzkWM-3D8Cie_z5TGfmB4A65PPE2hDgRdrx6OZsZ3AmrJLHJ0M9ePWeHP5QDTWsAVp117uXam9dNn-2BGSxHeP-2BInRF-2Bgy2v-2FXBPODjmLss6NRV2RYsUYD7um77hgLl0ET9pPGTHF-2BQ1m6-2Fw7-2B-2B9DJOpakZj874YLC8uUep0F7rZMDlM46gmHmQqqAeCV477M0h2b07T2IcXu0hzUcKftN0UG2jhPq8qo00cQl0gvOLl-2BjChyaOdLpENao-3D	Get hash	malicious	Unknown	Browse	twiliosolutions.azurefd.net/
239.255.255.250	https://cgigroup.blob.core.windows.net/cgi-protective-monitoring-service/tools/get-stinger.html	Get hash	malicious	Unknown	Browse
	https://unilever3.demdex.net/firstevent?d_event=click&d_bu=317196&c_medium=display&c_destination=Retailer&c_country=BD&c_campaignname=L-LifebuoyHandsanitizerLaunchComm&c_prodcat=CH1097&c_brandcode=BH0300&d_adgroup=All_KV&c_contenttype=display&c_source=Dhaka%20Tribune&d_rd=https://campaign-statistics.com/link_click/PidJvkyg2S_O4JTm/159dfdb0ade49a7c5597d3c1d9bd3d8a	Get hash	malicious	Unknown	Browse
	z55NF-Faturada-23042024.msi	Get hash	malicious	MicroClip	Browse
	Housecallpro Chase Bank ACH.htm	Get hash	malicious	Unknown	Browse
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0	Get hash	malicious	Captcha Phish	Browse
	http://relevanteduofficelogin.relevantedu.xyz	Get hash	malicious	HTMLPhisher	Browse
	Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.html	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse
	https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe	Get hash	malicious	Unknown	Browse
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3MzAwLCJtZXNzYWdlX2lkIjoiMGd5MGJnNjBqOTJwcmNuZjhhNHNxYWpwIzZjY2RmYjMyLWJiNzgtNGQwNC1hYWYwLTg3MjdkMTg4MjZlMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczMzAwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGhiYXJ0aGxvd0BzZWN1cnVzdGVjaG5vbG9naWVzLmNvbSZwYXRocz1hYm92ZSZsaW5rPUZheF9PdXRsb29rIiwiaW5kaXZpZHVhbF9pZCI6IjQ0NDY4NzI5YzA1N2Q5ZDJjYzNiYjZlOTc3NDg3MzUyIn0.AryFGbNWOut6hGg1x_WBQ4QL5QU_wggDk6q2PUj7rNI	Get hash	malicious	Captcha Phish	Browse
52.146.76.30	FW_ FHAS Inc_ - Private and Confidential.msg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DU_vL_MRfqZW9nS4IDBSHT8MfJfSAq9b0aOVvtJoUhpW1Ga8ePAnfV-2FfXwE0xIGnayeXag21qNKRc5VLcgMkPlIuCBf7Hi8EFUvj1-2FlklJpMLZNx1IQq8eO26tVdmeuxhGn-2B2zjA71oEkiC9pTrxX9Dz-2FMJk8mkJr62ye1KlBo-2B8fxBlVl-2B6T0POpB0GKoibGhcjh4Z-2FnPU453nMAkUkNy65MlaA-3D-3D	Get hash	malicious	HTMLPhisher	Browse
	https://u44058082.ct.sendgrid.net/ls/click?upn=u001.wjMLvmoK1OC9dTKy5UL4VbqcIJmZWkGKJypB0ZF6j6rXk8HVnxe0g2af-2BenroUoONz6EEWthgE-2Bi2vVRUosKTZRVQ5v63hCdxrdKCztVooIv51imK8tr-2Bb3beAsH6u-2FNluJlUKmd7nST-2B9m-2Bl2Rgv4y6uHLimO0TjhZzZ-2F-2BDlllJQne3tT99z6x4W12pJpddTL-2BoJ2-2Bdo6961pFN3dV2Rg-3D-3DeWGT_h-2FW4DSvZGhKY-2FmU3Rq-2F3L-2FXo2OZSHdaVvlpgAgHQWDXPYB9CNYi-2FcvonFCbsEhjt9RP-2BQa7dTwbMJOOaP3JRnMW6mQAitl6qAb1EkaAR-2BmnZDE6Bi3ooqtCrrMW-2F3TPNMK3AVi1YKIdTOZivmUJGaXdrtbqCykfnTTkN9KMRy80rdRqf6LWUCYWGeeaXb-2BD6jokMbr-2FaJKvKMHDNWAfHyhaE6QO9pw7souFUseKb40g-3D	Get hash	malicious	HTMLPhisher	Browse
	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DlLb9_7VBE-2BPKrWdDFE8TeQU0FNoYmRNt3BbsAfHCQfpyMVcUv91cWM1GbR6tMnpfVZqwoeCii1Z-2FHB6Wp4CGi-2FJ4Nq2flvhbRyRKwbWUqyssDslf87wBQZbBQ0EZsTXlvzjuj1ZnarL4QCJJlvUup-2FiM-2F9GPG6X3nhhKKp6sQ0v-2BBs5Jrrpzc3e5B2aUKKEJUx1Hjrx3xc16wmpK1HmM2sLiNIweMaJlJ9frDis7-2BK565mLw-3D	Get hash	malicious	HTMLPhisher	Browse
	https://assets-usa.mkt.dynamics.com/6f8aa86c-81f8-ee11-a1fa-0022482e8338/digitalassets/standaloneforms/4b367e61-8601-ef11-a1fd-0022482f3701	Get hash	malicious	HTMLPhisher	Browse
	infected.docx	Get hash	malicious	HTMLPhisher	Browse
	https://assets-usa.mkt.dynamics.com/97c9a062-91f8-ee11-9048-6045bd00330f/digitalassets/standaloneforms/8ba5ff5d-a1f8-ee11-a1ff-6045bd006d62	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse
	https://assets-usa.mkt.dynamics.com/dfec4c64-9df2-ee11-9048-6045bd016f3e/digitalassets/standaloneforms/692fca68-35f7-ee11-a1fd-6045bd098894#msdynmkt_trackingcontext=a1e2f77d-3fb4-4f9b-8447-219d31fdfcd9	Get hash	malicious	HTMLPhisher	Browse
	https://assets-usa.mkt.dynamics.com/bf3ca3b9-47ed-ee11-9048-00224806e307/digitalassets/standaloneforms/0cb76a16-5df6-ee11-a1fd-6045bd0a59e1	Get hash	malicious	HTMLPhisher	Browse
	https://s.id/24SUG	Get hash	malicious	HTMLPhisher	Browse
104.94.108.142	RFd2zutX8H.exe	Get hash	malicious	Unknown	Browse
	Benefits Open Enrollment 2024 #U007e Closes on Friday For Carboline	Get hash	malicious	HTMLPhisher	Browse
	Invoices.xls	Get hash	malicious	Unknown	Browse
	Orden_T7405.xla.xlsx	Get hash	malicious	Unknown	Browse
	IF-07b_SIGS-EN-ICS-IC-002_SMC-SCU ICD_v31_19-03-2014.pdf.exe	Get hash	malicious	Unknown	Browse
	btui2YGkc5.exe	Get hash	malicious	NetSupport RAT	Browse
	btui2YGkc5.exe	Get hash	malicious	NetSupport RAT	Browse
	swift_copy.xls	Get hash	malicious	Unknown	Browse
	kSWf9QrxMR.exe	Get hash	malicious	ScreenConnect Tool	Browse
	Iu4a4i5N15.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
part-0013.t-0009.t-msedge.net	Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.html	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQm	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	https://4yu76uyd4.best/ccon/	Get hash	malicious	Unknown	Browse	13.107.246.41
	DOC-Zcns1G_.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	DOC-Zcns1G_.html	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	DOC-Zcns1G_.html	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	https://shorturl.at/lMOT7	Get hash	malicious	Unknown	Browse	13.107.213.41
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fmyapps.microsoft.com%252Fsignin%252F08558f59-9161-41fc-88b3-f0434087a79c%253FtenantId%253D258ac4e4-146a-411e-9dc8-79a9e12fd6da%26data%3D05%257C01%257Cgary.fabrizio1%2540Service.wipro.com%257C8a0e1c61209e469846ba08dbe05e2370%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638350467206547446%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3Dp0jrjFUb%252Fusi2RID%252FGIlCE82AM9dEDuVAB4PHdDC1%252F4%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	13.107.246.41
	https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fapc01.safelinks.protection.outlook.com.mcas.ms%2F%3Furl%3Dhttps%253A%252F%252Fwittywebevents.wipro.com%252Femail-analytics%252Fapi%252Ft%252Fl%253FobjId%253D637c92a3e4b00b92caee94cc%26data%3D05%257C02%257Cgary.fabrizio1%2540wipro.com%257Cb8fe953db5914d2bac8108dc65645f6b%257C258ac4e4146a411e9dc879a9e12fd6da%257C0%257C0%257C638496729264132835%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C0%257C%257C%257C%26sdata%3DX8fjcrb6FJIv3A6MeNVFttkEvMY37x2gBwDUYM2DULg%253D%26reserved%3D0%26McasTsid%3D20893&McasCSRF=a0328b22f805eebb5f9c68ee3df482ea7a84065b3bbced70493927bf9ce1f085	Get hash	malicious	Unknown	Browse	13.107.246.41
prdia888eus0aks.mkt.dynamics.com	FW_ FHAS Inc_ - Private and Confidential.msg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	52.146.76.30
	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DU_vL_MRfqZW9nS4IDBSHT8MfJfSAq9b0aOVvtJoUhpW1Ga8ePAnfV-2FfXwE0xIGnayeXag21qNKRc5VLcgMkPlIuCBf7Hi8EFUvj1-2FlklJpMLZNx1IQq8eO26tVdmeuxhGn-2B2zjA71oEkiC9pTrxX9Dz-2FMJk8mkJr62ye1KlBo-2B8fxBlVl-2B6T0POpB0GKoibGhcjh4Z-2FnPU453nMAkUkNy65MlaA-3D-3D	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://u44058082.ct.sendgrid.net/ls/click?upn=u001.wjMLvmoK1OC9dTKy5UL4VbqcIJmZWkGKJypB0ZF6j6rXk8HVnxe0g2af-2BenroUoONz6EEWthgE-2Bi2vVRUosKTZRVQ5v63hCdxrdKCztVooIv51imK8tr-2Bb3beAsH6u-2FNluJlUKmd7nST-2B9m-2Bl2Rgv4y6uHLimO0TjhZzZ-2F-2BDlllJQne3tT99z6x4W12pJpddTL-2BoJ2-2Bdo6961pFN3dV2Rg-3D-3DeWGT_h-2FW4DSvZGhKY-2FmU3Rq-2F3L-2FXo2OZSHdaVvlpgAgHQWDXPYB9CNYi-2FcvonFCbsEhjt9RP-2BQa7dTwbMJOOaP3JRnMW6mQAitl6qAb1EkaAR-2BmnZDE6Bi3ooqtCrrMW-2F3TPNMK3AVi1YKIdTOZivmUJGaXdrtbqCykfnTTkN9KMRy80rdRqf6LWUCYWGeeaXb-2BD6jokMbr-2FaJKvKMHDNWAfHyhaE6QO9pw7souFUseKb40g-3D	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DlLb9_7VBE-2BPKrWdDFE8TeQU0FNoYmRNt3BbsAfHCQfpyMVcUv91cWM1GbR6tMnpfVZqwoeCii1Z-2FHB6Wp4CGi-2FJ4Nq2flvhbRyRKwbWUqyssDslf87wBQZbBQ0EZsTXlvzjuj1ZnarL4QCJJlvUup-2FiM-2F9GPG6X3nhhKKp6sQ0v-2BBs5Jrrpzc3e5B2aUKKEJUx1Hjrx3xc16wmpK1HmM2sLiNIweMaJlJ9frDis7-2BK565mLw-3D	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://assets-usa.mkt.dynamics.com/6f8aa86c-81f8-ee11-a1fa-0022482e8338/digitalassets/standaloneforms/4b367e61-8601-ef11-a1fd-0022482f3701	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	infected.docx	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://assets-usa.mkt.dynamics.com/97c9a062-91f8-ee11-9048-6045bd00330f/digitalassets/standaloneforms/8ba5ff5d-a1f8-ee11-a1ff-6045bd006d62	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse	52.146.76.30
	https://assets-usa.mkt.dynamics.com/dfec4c64-9df2-ee11-9048-6045bd016f3e/digitalassets/standaloneforms/692fca68-35f7-ee11-a1fd-6045bd098894#msdynmkt_trackingcontext=a1e2f77d-3fb4-4f9b-8447-219d31fdfcd9	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://assets-usa.mkt.dynamics.com/bf3ca3b9-47ed-ee11-9048-00224806e307/digitalassets/standaloneforms/0cb76a16-5df6-ee11-a1fd-6045bd0a59e1	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://s.id/24SUG	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	Unknown	Browse	23.50.112.29
	file.exe	Get hash	malicious	Unknown	Browse	23.50.112.28
	factura - ztcpyqiqtfiewxjhesna.msi	Get hash	malicious	Unknown	Browse	23.44.94.139
	file.exe	Get hash	malicious	Vidar	Browse	23.194.234.100
	RemotePCHost.exe	Get hash	malicious	Unknown	Browse	184.31.62.93
	https://autode.sk/4bb5BeV	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.214.187.157
	aios3.exe	Get hash	malicious	Unknown	Browse	184.31.60.185
	http://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D	Get hash	malicious	HTMLPhisher	Browse	23.59.235.214
	dwn1cGHIbV.elf	Get hash	malicious	Mirai	Browse	104.73.199.214
	https://bushelman-my.sharepoint.com/:b:/p/lance/ESXtc6Laa05KpaC4W3rpMEMBfLSUU1GZhgfhBL8opRqFHg?e=Wrw3le	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.223.31.42
MICROSOFT-CORP-MSN-AS-BLOCKUS	Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.html	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse	20.157.87.45
	https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	Get hash	malicious	HTMLPhisher	Browse	52.96.165.130
	file.exe	Get hash	malicious	Unknown	Browse	52.178.17.234
	file.exe	Get hash	malicious	Unknown	Browse	204.79.197.219
	https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	Get hash	malicious	HTMLPhisher	Browse	52.96.28.178
	https://github.com/bambulab/BambuStudio/releases/download/v01.08.04.51/Bambu_Studio_win_public-v01.08.04.51-20240117164301.exe	Get hash	malicious	Unknown	Browse	13.107.42.16
	factura - ztcpyqiqtfiewxjhesna.msi	Get hash	malicious	Unknown	Browse	20.118.56.6
	JHqNlw9U8c.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	20.157.87.45
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	20.157.87.45
MICROSOFT-CORP-MSN-AS-BLOCKUS	Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.html	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse	20.157.87.45
	https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	Get hash	malicious	HTMLPhisher	Browse	52.96.165.130
	file.exe	Get hash	malicious	Unknown	Browse	52.178.17.234
	file.exe	Get hash	malicious	Unknown	Browse	204.79.197.219
	https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	Get hash	malicious	HTMLPhisher	Browse	52.96.28.178
	https://github.com/bambulab/BambuStudio/releases/download/v01.08.04.51/Bambu_Studio_win_public-v01.08.04.51-20240117164301.exe	Get hash	malicious	Unknown	Browse	13.107.42.16
	factura - ztcpyqiqtfiewxjhesna.msi	Get hash	malicious	Unknown	Browse	20.118.56.6
	JHqNlw9U8c.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	20.157.87.45
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	20.157.87.45

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://unilever3.demdex.net/firstevent?d_event=click&d_bu=317196&c_medium=display&c_destination=Retailer&c_country=BD&c_campaignname=L-LifebuoyHandsanitizerLaunchComm&c_prodcat=CH1097&c_brandcode=BH0300&d_adgroup=All_KV&c_contenttype=display&c_source=Dhaka%20Tribune&d_rd=https://campaign-statistics.com/link_click/PidJvkyg2S_O4JTm/159dfdb0ade49a7c5597d3c1d9bd3d8a	Get hash	malicious	Unknown	Browse	23.204.76.112 20.114.59.183
	z55NF-Faturada-23042024.msi	Get hash	malicious	MicroClip	Browse	23.204.76.112 20.114.59.183
	Housecallpro Chase Bank ACH.htm	Get hash	malicious	Unknown	Browse	23.204.76.112 20.114.59.183
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0	Get hash	malicious	Captcha Phish	Browse	23.204.76.112 20.114.59.183
	http://relevanteduofficelogin.relevantedu.xyz	Get hash	malicious	HTMLPhisher	Browse	23.204.76.112 20.114.59.183
	Settlement DOL 08262024 - Victoria Brignon - Reference #27224675-2722934.html	Get hash	malicious	HTMLPhisher	Browse	23.204.76.112 20.114.59.183
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT	Browse	23.204.76.112 20.114.59.183
	https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe	Get hash	malicious	Unknown	Browse	23.204.76.112 20.114.59.183
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3MzAwLCJtZXNzYWdlX2lkIjoiMGd5MGJnNjBqOTJwcmNuZjhhNHNxYWpwIzZjY2RmYjMyLWJiNzgtNGQwNC1hYWYwLTg3MjdkMTg4MjZlMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczMzAwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGhiYXJ0aGxvd0BzZWN1cnVzdGVjaG5vbG9naWVzLmNvbSZwYXRocz1hYm92ZSZsaW5rPUZheF9PdXRsb29rIiwiaW5kaXZpZHVhbF9pZCI6IjQ0NDY4NzI5YzA1N2Q5ZDJjYzNiYjZlOTc3NDg3MzUyIn0.AryFGbNWOut6hGg1x_WBQ4QL5QU_wggDk6q2PUj7rNI	Get hash	malicious	Captcha Phish	Browse	23.204.76.112 20.114.59.183
	https://srmcorp.tecuidoc.com/?PSZlk=ViP	Get hash	malicious	HTMLPhisher	Browse	23.204.76.112 20.114.59.183

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.288518249181711
Encrypted:	false
SSDEEP:	6:Gd+q2Pwkn2nKuAl9OmbnIFUt8LJSXZmw+LJS3VkwOwkn2nKuAl9OmbjLJ:GYvYfHAahFUt8LAX/+LAF5JfHAaSJ
MD5:	8E92265E419A085F9A6823FFB54A7C0E
SHA1:	A87E518B369C5321A8B7CA3BF31247B11CD15177
SHA-256:	9A5C6886031942937E54E4E76598506867C6458F35A5420E6153D9A64A6D88AB
SHA-512:	BA9FEB90491E45DEE6695C4962C743529D0870390D19ADD7AC30A90C128FF756BA6C91C0A28F62C0255B191CC3106D9C22F93594537BCFB36844E095776A19D9
Malicious:	false
Reputation:	low
Preview:	2024/04/26-19:16:23.797 1dd8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/26-19:16:23.798 1dd8 Recovering log #3.2024/04/26-19:16:23.798 1dd8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1048)
Category:	downloaded
Size (bytes):	29591
Entropy (8bit):	4.436202631900466
Encrypted:	false
SSDEEP:	192:lHVYB4GEwZT1TpSGCeRH8u/Lj7Ma9xPcjBsvLNrqbVb+6JknFjlirg1qaR3H0ZP7:Y4V4iCqaRXTAC6
MD5:	BE7692F169C3A96A3E547E97775D722C
SHA1:	A732463A49B3F6A07ABCF6B462866C98C3766354
SHA-256:	52AFB16A4A7772F60E8D5683CBD6DC28515753995771E34EF708B53A86082D6E
SHA-512:	11C551790290196CF4C61CA5EE2DE3E79DE34CA4DA7D222716121F406501AB61AA692767C8BC9E5D2F5BF2D560AFDC06952D368929F2A194A3CD960DE0F7E5B2
Malicious:	false
URL:	https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/forms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa
Preview:	<!DOCTYPE html><html><head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Marketing Form</title>. <meta name="referrer" content="never">. <meta type="xrm/designer/setting" name="type" value="marketing-designer-content-editor-document">. <meta type="xrm/designer/setting" name="layout-editable" value="marketing-designer-layout-editable">. <style>. .editor-control-layout html {. box-sizing: border-box;. background-color: #fff;. }. .editor-control-layout ,. .editor-control-layout :before,. .editor-control-layout *:after {. box-sizing: inherit;. }.. .marketingForm h1 {. color: #000;. margin: 0px;. padding: 0px;. width: 100%;. font-family: "Segoe

File type:	PDF document, version 1.3, 1 pages
Entropy (8bit):	7.977854623222528
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	ACRMNT.pdf
File size:	143'638 bytes
MD5:	44159aca23f90b1cabf0005a7975f77c
SHA1:	8fe88115faaa0c3bda916d9e375588443fc10199
SHA256:	01109b3bc2fa06f9c6d47bda68d49ffed38556b9b18d978ef2fc576704df31ae
SHA512:	498597fa1b92c9862d7d0b1a59c27e1353ee7e154301203ba77bc64ade9dc11faf0e954648eb46ea63a6f272da5d3ab6e478a34fb080d0deb097b4a2bc09c5d2
SSDEEP:	3072:lP3YuN0HLCNhtbC0CrZXcgcfjfZ7kqzXW3lYnXp/ahi2Xofbvi:Z3YudNm0CdpcfjfZhXW3lYnXp6i24zK
TLSH:	88E302A8E109981DF690CA53A92638CBBD5C73D305C934C23574DA5EF607960AB337EB
File Content Preview:	%PDF-1.3.%............3 0 obj.<< /Filter /FlateDecode /Length 1862 >>.stream.x..Y...6.}.W(.....jE].4.%.C........b. -v.&i....\|wv<i0...e...!)...I....$.H8...1..a\|-..F.......(......^..?.?qG....++H..kA.I....i..................<K...~...n..w...............$.>...

General
Header:	%PDF-1.3
Total Entropy:	7.977855
Total Bytes:	143638
Stream Entropy:	7.996395
Stream Bytes:	135336
Entropy outside Streams:	5.131631
Bytes outside Streams:	8302
Number of EOF found:	1
Bytes after EOF:

Name	Count
obj	49
endobj	49
stream	24
endstream	24
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

ID	DHASH	MD5
5	0000000000000000	9c6da10117896a9337ef124f3eca38f0
23	0000000000000000	d04c7799b8e8387ba6e8cbf142c66529
24	0000000000000000	56f3dc58f5a04c8ab5a527809a1efc58
25	0000000000000000	c1ed9b7c235033e21c3d1c2ba27a3425
26	a0a0a1a0a0a080a2	6f6d56c74d77e9828138d59a4cf9b941

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 19:16:43.548587084 CEST	138	138	192.168.2.4	192.168.2.255
Apr 26, 2024 19:16:51.669594049 CEST	59721	53	192.168.2.4	1.1.1.1
Apr 26, 2024 19:16:51.669969082 CEST	49975	53	192.168.2.4	1.1.1.1
Apr 26, 2024 19:16:51.795423031 CEST	53	54543	1.1.1.1	192.168.2.4
Apr 26, 2024 19:16:51.819345951 CEST	53	61032	1.1.1.1	192.168.2.4
Apr 26, 2024 19:16:52.748346090 CEST	53	60604	1.1.1.1	192.168.2.4
Apr 26, 2024 19:16:55.762533903 CEST	49834	53	192.168.2.4	1.1.1.1
Apr 26, 2024 19:16:55.762533903 CEST	53477	53	192.168.2.4	1.1.1.1
Apr 26, 2024 19:16:55.897049904 CEST	50031	53	192.168.2.4	1.1.1.1
Apr 26, 2024 19:16:55.897399902 CEST	61699	53	192.168.2.4	1.1.1.1
Apr 26, 2024 19:16:56.022670031 CEST	53	50031	1.1.1.1	192.168.2.4
Apr 26, 2024 19:16:56.023099899 CEST	53	61699	1.1.1.1	192.168.2.4
Apr 26, 2024 19:17:01.678230047 CEST	50244	53	192.168.2.4	1.1.1.1
Apr 26, 2024 19:17:01.678421021 CEST	56256	53	192.168.2.4	1.1.1.1
Apr 26, 2024 19:17:04.759613991 CEST	56217	53	192.168.2.4	1.1.1.1
Apr 26, 2024 19:17:04.759762049 CEST	59578	53	192.168.2.4	1.1.1.1
Apr 26, 2024 19:17:06.768456936 CEST	53	51847	1.1.1.1	192.168.2.4
Apr 26, 2024 19:17:11.396409988 CEST	53	59588	1.1.1.1	192.168.2.4
Apr 26, 2024 19:17:30.273169994 CEST	53	61799	1.1.1.1	192.168.2.4
Apr 26, 2024 19:17:51.647015095 CEST	53	65003	1.1.1.1	192.168.2.4
Apr 26, 2024 19:17:53.129440069 CEST	53	63291	1.1.1.1	192.168.2.4
Apr 26, 2024 19:18:19.653497934 CEST	53	52128	1.1.1.1	192.168.2.4
Apr 26, 2024 19:19:05.043214083 CEST	53	55793	1.1.1.1	192.168.2.4

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 19:16:51.882383108 CEST	1.1.1.1	192.168.2.4	0x8475	No error (0)	public-usa.mkt.dynamics.com	cxppusa1im4t7x7z5iubq.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:16:51.882383108 CEST	1.1.1.1	192.168.2.4	0x8475	No error (0)	public-prdia888eus0aks.mkt.dynamics.com	prdia888eus0aks.mkt.dynamics.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:16:51.909508944 CEST	1.1.1.1	192.168.2.4	0xb612	No error (0)	public-usa.mkt.dynamics.com	cxppusa1im4t7x7z5iubq.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:16:51.909508944 CEST	1.1.1.1	192.168.2.4	0xb612	No error (0)	public-prdia888eus0aks.mkt.dynamics.com	prdia888eus0aks.mkt.dynamics.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:16:51.909508944 CEST	1.1.1.1	192.168.2.4	0xb612	No error (0)	prdia888eus0aks.mkt.dynamics.com		52.146.76.30	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:16:55.889184952 CEST	1.1.1.1	192.168.2.4	0x8044	No error (0)	assets-usa.mkt.dynamics.com	assets-mkt-usa.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:16:55.889184952 CEST	1.1.1.1	192.168.2.4	0x8044	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:16:55.889184952 CEST	1.1.1.1	192.168.2.4	0x8044	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:16:55.889184952 CEST	1.1.1.1	192.168.2.4	0x8044	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:16:55.929430008 CEST	1.1.1.1	192.168.2.4	0x845a	No error (0)	assets-usa.mkt.dynamics.com	assets-mkt-usa.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:16:56.022670031 CEST	1.1.1.1	192.168.2.4	0xde52	No error (0)	www.google.com		142.250.189.132	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:16:56.023099899 CEST	1.1.1.1	192.168.2.4	0xf163	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 26, 2024 19:16:57.975872993 CEST	1.1.1.1	192.168.2.4	0x1cb	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:16:57.975872993 CEST	1.1.1.1	192.168.2.4	0x1cb	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:16:57.975872993 CEST	1.1.1.1	192.168.2.4	0x1cb	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:17:01.253418922 CEST	1.1.1.1	192.168.2.4	0xb70c	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:17:01.253418922 CEST	1.1.1.1	192.168.2.4	0xb70c	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:17:01.253418922 CEST	1.1.1.1	192.168.2.4	0xb70c	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:17:01.844679117 CEST	1.1.1.1	192.168.2.4	0x4928	No error (0)	assets-usa.mkt.dynamics.com	assets-mkt-usa.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:17:01.844679117 CEST	1.1.1.1	192.168.2.4	0x4928	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:17:01.844679117 CEST	1.1.1.1	192.168.2.4	0x4928	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:17:01.844679117 CEST	1.1.1.1	192.168.2.4	0x4928	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:17:01.845983982 CEST	1.1.1.1	192.168.2.4	0xa619	No error (0)	assets-usa.mkt.dynamics.com	assets-mkt-usa.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:17:04.886209011 CEST	1.1.1.1	192.168.2.4	0xa783	No error (0)	public-usa.mkt.dynamics.com	cxppusa1im4t7x7z5iubq.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:17:04.886209011 CEST	1.1.1.1	192.168.2.4	0xa783	No error (0)	public-prdia888eus0aks.mkt.dynamics.com	prdia888eus0aks.mkt.dynamics.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:17:04.886209011 CEST	1.1.1.1	192.168.2.4	0xa783	No error (0)	prdia888eus0aks.mkt.dynamics.com		52.146.76.30	A (IP address)	IN (0x0001)	false
Apr 26, 2024 19:17:04.989305019 CEST	1.1.1.1	192.168.2.4	0xd485	No error (0)	public-usa.mkt.dynamics.com	cxppusa1im4t7x7z5iubq.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 26, 2024 19:17:04.989305019 CEST	1.1.1.1	192.168.2.4	0xd485	No error (0)	public-prdia888eus0aks.mkt.dynamics.com	prdia888eus0aks.mkt.dynamics.com		CNAME (Canonical name)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:16:32 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 17:16:33 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=49633 Date: Fri, 26 Apr 2024 17:16:32 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:16:34 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 17:16:35 UTC	530	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=49624 Date: Fri, 26 Apr 2024 17:16:35 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 17:16:35 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:16:36 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-04-26 17:16:36 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Fri, 26 Apr 2024 17:16:36 GMT Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:16:42 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vkF+oXvDPKsCOPm&MD=HWVEBc5B HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 17:16:43 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 2649b30e-2a02-4629-9b15-d12fe1e064dd MS-RequestId: a00002af-6aec-4696-918a-40faa333aa1e MS-CV: /m+UEDxMUEehloeT.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 17:16:42 GMT Connection: close Content-Length: 24490
2024-04-26 17:16:43 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-26 17:16:43 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:16:52 UTC	745	OUT	GET /api/orgs/52f527c8-5afd-ee11-9048-000d3a106837/r/zYThiUJLBU2JHNZGgAw1qwEAAAA HTTP/1.1 Host: public-usa.mkt.dynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 17:16:55 UTC	460	IN	HTTP/1.1 302 Found Server: nginx Date: Fri, 26 Apr 2024 17:16:55 GMT Content-Length: 0 Connection: close Location: https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/standaloneforms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa#msdynmkt_trackingcontext=89e184cd-4b42-4d05-891c-d646800c35ab x-ms-trace-id: 6deb889ccafccc8ac3f47da16ad20be5 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:16:56 UTC	773	OUT	GET /52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/standaloneforms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 17:16:57 UTC	495	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 17:16:57 GMT Content-Type: text/html Content-Length: 491 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=900, must-revalidate x-ms-trace-id: 8c024cb7eb6996444e2d24db97a5e599 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff x-azure-ref: 20240426T171656Z-1865489d5f46s4qnhr87brpyc40000000abg000000013cwt x-fd-int-roxy-purgeid: 69215008 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 17:16:57 UTC	491	IN	Data Raw: 3c 64 69 76 0a 20 20 20 20 20 20 20 20 64 61 74 61 2d 66 6f 72 6d 2d 69 64 3d 27 62 39 39 65 32 37 62 37 2d 39 66 30 30 2d 65 66 31 31 2d 61 31 66 64 2d 36 30 34 35 62 64 64 62 31 64 61 61 27 0a 20 20 20 20 20 20 20 20 64 61 74 61 2d 66 6f 72 6d 2d 61 70 69 2d 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 70 75 62 6c 69 63 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d 69 63 73 2e 63 6f 6d 2f 61 70 69 2f 76 31 2e 30 2f 6f 72 67 73 2f 35 32 66 35 32 37 63 38 2d 35 61 66 64 2d 65 65 31 31 2d 39 30 34 38 2d 30 30 30 64 33 61 31 30 36 38 33 37 2f 6c 61 6e 64 69 6e 67 70 61 67 65 66 6f 72 6d 73 27 0a 20 20 20 20 20 20 20 20 64 61 74 61 2d 63 61 63 68 65 64 2d 66 6f 72 6d 2d 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d Data Ascii: <div data-form-id='b99e27b7-9f00-ef11-a1fd-6045bddb1daa' data-form-api-url='https://public-usa.mkt.dynamics.com/api/v1.0/orgs/52f527c8-5afd-ee11-9048-000d3a106837/landingpageforms' data-cached-form-url='https://assets-usa.mkt.dynam

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:16:58 UTC	592	OUT	GET /usa/FormLoader/FormLoader.bundle.js HTTP/1.1 Host: cxppusa1formui01cdnsa01-endpoint.azureedge.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://assets-usa.mkt.dynamics.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 17:16:58 UTC	636	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 17:16:58 GMT Content-Type: application/javascript Content-Length: 711081 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Tue, 27 Feb 2024 09:22:18 GMT ETag: 0x8DC3775981D513B x-ms-request-id: ac1df01d-101e-009d-6ceb-9735f4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Allow-Origin: * x-azure-ref: 20240426T171658Z-1865489d5f4c7br6veundbra3w000000017g00000000hmyq x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-26 17:16:58 UTC	15748	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 46 6f 72 6d 4c 6f 61 64 65 72 2e 62 75 6e 64 6c 65 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 76 61 72 20 64 33 36 35 6d 6b 74 66 6f 72 6d 73 3b 28 28 29 3d 3e 7b 76 61 72 20 65 2c 74 2c 6e 3d 7b 33 31 37 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 73 65 6c 66 3f 73 65 6c 66 3a 74 68 69 73 2c 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 74 68 69 73 2e 66 65 74 63 68 3d 21 31 2c 74 68 69 73 2e 44 4f 4d 45 78 63 65 70 74 69 6f 6e 3d 6e 2e 44 4f 4d 45 78 63 65 70 74 69 6f 6e 7d 72 65 74 75 72 6e 20 65 2e 70 72 6f 74 6f Data Ascii: /! For license information please see FormLoader.bundle.js.LICENSE.txt /var d365mktforms;(()=>{var e,t,n={317:function(e,t){var n="undefined"!=typeof self?self:this,r=function(){function e(){this.fetch=!1,this.DOMException=n.DOMException}return e.proto
2024-04-26 17:16:58 UTC	16384	IN	Data Raw: 22 72 65 61 63 74 2e 6d 65 6d 6f 22 29 2c 6c 3d 64 28 22 72 65 61 63 74 2e 6c 61 7a 79 22 29 7d 76 61 72 20 70 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3b 66 75 6e 63 74 69 6f 6e 20 66 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 61 63 74 6a 73 2e 6f 72 67 2f 64 6f 63 73 2f 65 72 72 6f 72 2d 64 65 63 6f 64 65 72 2e 68 74 6d 6c 3f 69 6e 76 61 72 69 61 6e 74 3d 22 2b 65 2c 6e 3d 31 3b 6e 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 74 2b 3d 22 26 61 72 67 73 5b 5d 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 72 67 75 6d 65 6e 74 73 5b 6e 5d 29 3b 72 65 74 75 72 6e 22 4d 69 6e 69 66 69 65 64 20 52 Data Ascii: "react.memo"),l=d("react.lazy")}var p="function"==typeof Symbol&&Symbol.iterator;function f(e){for(var t="https://reactjs.org/docs/error-decoder.html?invariant="+e,n=1;n<arguments.length;n++)t+="&args[]="+encodeURIComponent(arguments[n]);return"Minified R
2024-04-26 17:16:58 UTC	16384	IN	Data Raw: 46 67 59 43 6e 6b 41 45 6d 64 4b 43 62 70 36 48 41 44 6d 51 66 44 70 53 51 45 58 63 77 69 41 78 55 61 69 78 47 79 49 4b 47 67 48 6b 4d 6c 41 71 65 43 77 4a 41 67 44 73 74 5a 41 67 51 77 4b 45 6a 68 5a 39 41 52 34 4d 41 41 53 47 46 72 67 30 6d 47 44 43 67 51 49 46 6d 62 4d 73 41 47 42 69 2b 38 36 4b 46 42 68 49 34 63 50 77 6d 7a 61 48 41 30 57 51 66 64 75 53 77 49 53 47 69 43 41 4d 70 56 6a 77 6e 45 67 51 41 49 66 6b 45 43 51 6b 41 4e 41 41 73 41 41 41 41 41 42 34 41 48 67 43 46 42 41 59 45 68 49 61 45 78 4d 62 45 52 45 4a 45 70 4b 61 6b 35 4f 62 6b 5a 47 4a 6b 4c 43 6f 73 6c 4a 61 55 31 4e 62 55 74 4c 61 30 39 50 62 30 48 42 6f 63 56 46 4a 55 64 48 4a 30 6a 49 36 4d 7a 4d 37 4d 72 4b 36 73 37 4f 37 73 50 44 34 38 6e 4a 36 63 33 4e 37 63 76 4c 36 38 44 41 Data Ascii: FgYCnkAEmdKCbp6HADmQfDpSQEXcwiAxUaixGyIKGgHkMlAqeCwJAgDstZAgQwKEjhZ9AR4MAASGFrg0mGDCgQIFmbMsAGBi+86KFBhI4cPwmzaHA0WQfduSwISGiCAMpVjwnEgQAIfkECQkANAAsAAAAAB4AHgCFBAYEhIaExMbEREJEpKak5ObkZGJkLCoslJaU1NbUtLa09Pb0HBocVFJUdHJ0jI6MzM7MrK6s7O7sPD48nJ6c3N7cvL68DA
2024-04-26 17:16:58 UTC	16384	IN	Data Raw: 69 6c 65 6e 74 3a 21 31 7d 3b 66 6f 72 28 76 61 72 20 69 20 69 6e 20 6e 29 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 6e 5b 69 5d 26 26 22 5b 6f 62 6a 65 63 74 20 41 72 72 61 79 5d 22 21 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 61 70 70 6c 79 28 6e 5b 69 5d 29 7c 7c 74 68 69 73 2e 61 64 64 52 65 73 6f 75 72 63 65 28 65 2c 74 2c 69 2c 6e 5b 69 5d 2c 7b 73 69 6c 65 6e 74 3a 21 30 7d 29 3b 72 2e 73 69 6c 65 6e 74 7c 7c 74 68 69 73 2e 65 6d 69 74 28 22 61 64 64 65 64 22 2c 65 2c 74 2c 6e 29 7d 7d 2c 7b 6b 65 79 3a 22 61 64 64 52 65 73 6f 75 72 63 65 42 75 6e 64 6c 65 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 69 29 7b 76 61 72 20 61 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 Data Ascii: ilent:!1};for(var i in n)"string"!=typeof n[i]&&"[object Array]"!==Object.prototype.toString.apply(n[i])\|\|this.addResource(e,t,i,n[i],{silent:!0});r.silent\|\|this.emit("added",e,t,n)}},{key:"addResourceBundle",value:function(e,t,n,r,i){var a=arguments.leng
2024-04-26 17:16:58 UTC	16384	IN	Data Raw: 72 28 31 3d 3d 65 3f 30 3a 32 3d 3d 65 3f 31 3a 65 3c 37 3f 32 3a 65 3c 31 31 3f 33 3a 34 29 7d 2c 31 31 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 31 3d 3d 65 7c 7c 31 31 3d 3d 65 3f 30 3a 32 3d 3d 65 7c 7c 31 32 3d 3d 65 3f 31 3a 65 3e 32 26 26 65 3c 32 30 3f 32 3a 33 29 7d 2c 31 32 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 65 25 31 30 21 3d 31 7c 7c 65 25 31 30 30 3d 3d 31 31 29 7d 2c 31 33 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 30 21 3d 3d 65 29 7d 2c 31 34 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 31 3d 3d 65 3f 30 3a 32 3d 3d 65 3f 31 3a 33 3d 3d 65 3f 32 3a 33 29 7d 2c 31 35 3a 66 75 6e 63 74 Data Ascii: r(1==e?0:2==e?1:e<7?2:e<11?3:4)},11:function(e){return Number(1==e\|\|11==e?0:2==e\|\|12==e?1:e>2&&e<20?2:3)},12:function(e){return Number(e%10!=1\|\|e%100==11)},13:function(e){return Number(0!==e)},14:function(e){return Number(1==e?0:2==e?1:3==e?2:3)},15:funct
2024-04-26 17:16:59 UTC	16384	IN	Data Raw: 64 4e 61 6d 65 73 70 61 63 65 28 74 29 3f 74 68 69 73 2e 6c 6f 67 67 65 72 2e 77 61 72 6e 28 27 64 69 64 20 6e 6f 74 20 73 61 76 65 20 6b 65 79 20 22 27 2e 63 6f 6e 63 61 74 28 6e 2c 27 22 20 61 73 20 74 68 65 20 6e 61 6d 65 73 70 61 63 65 20 22 27 29 2e 63 6f 6e 63 61 74 28 74 2c 27 22 20 77 61 73 20 6e 6f 74 20 79 65 74 20 6c 6f 61 64 65 64 27 29 2c 22 54 68 69 73 20 6d 65 61 6e 73 20 73 6f 6d 65 74 68 69 6e 67 20 49 53 20 57 52 4f 4e 47 20 69 6e 20 79 6f 75 72 20 73 65 74 75 70 2e 20 59 6f 75 20 61 63 63 65 73 73 20 74 68 65 20 74 20 66 75 6e 63 74 69 6f 6e 20 62 65 66 6f 72 65 20 69 31 38 6e 65 78 74 2e 69 6e 69 74 20 2f 20 69 31 38 6e 65 78 74 2e 6c 6f 61 64 4e 61 6d 65 73 70 61 63 65 20 2f 20 69 31 38 6e 65 78 74 2e 63 68 61 6e 67 65 4c 61 6e 67 75 Data Ascii: dNamespace(t)?this.logger.warn('did not save key "'.concat(n,'" as the namespace "').concat(t,'" was not yet loaded'),"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLangu
2024-04-26 17:16:59 UTC	16384	IN	Data Raw: 62 6a 65 63 74 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 6e 26 26 22 6f 62 6a 65 63 74 22 3d 3d 3d 77 65 28 6e 29 26 26 28 6e 3d 54 65 28 22 22 2c 6e 29 2e 73 6c 69 63 65 28 31 29 29 2c 65 2e 71 75 65 72 79 53 74 72 69 6e 67 50 61 72 61 6d 73 26 26 28 74 3d 54 65 28 74 2c 65 2e 71 75 65 72 79 53 74 72 69 6e 67 50 61 72 61 6d 73 29 29 3b 74 72 79 7b 76 61 72 20 69 3b 28 69 3d 76 65 3f 6e 65 77 20 76 65 3a 6e 65 77 20 62 65 28 22 4d 53 58 4d 4c 32 2e 58 4d 4c 48 54 54 50 2e 33 2e 30 22 29 29 2e 6f 70 65 6e 28 6e 3f 22 50 4f 53 54 22 3a 22 47 45 54 22 2c 74 2c 31 29 2c 65 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 69 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 2c 22 58 4d 4c 48 74 Data Ascii: bject?function(e,t,n,r){n&&"object"===we(n)&&(n=Te("",n).slice(1)),e.queryStringParams&&(t=Te(t,e.queryStringParams));try{var i;(i=ve?new ve:new be("MSXML2.XMLHTTP.3.0")).open(n?"POST":"GET",t,1),e.crossDomain\|\|i.setRequestHeader("X-Requested-With","XMLHt
2024-04-26 17:16:59 UTC	16384	IN	Data Raw: 74 65 72 3d 22 41 66 74 65 72 22 2c 65 2e 63 75 72 72 65 6e 74 3d 22 43 75 72 72 65 6e 74 22 7d 28 74 74 7c 7c 28 74 74 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 6e 6f 48 6f 6c 64 6f 75 74 3d 22 6e 6f 48 6f 6c 64 6f 75 74 22 2c 65 2e 68 6f 6c 64 6f 75 74 3d 22 68 6f 6c 64 6f 75 74 22 7d 28 6e 74 7c 7c 28 6e 74 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 43 6f 6e 64 69 74 69 6f 6e 4d 65 74 3d 22 43 6f 6e 64 69 74 69 6f 6e 4d 65 74 22 2c 65 2e 54 69 6d 65 4c 69 6d 69 74 3d 22 54 69 6d 65 4c 69 6d 69 74 22 7d 28 72 74 7c 7c 28 72 74 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 53 74 61 6e 64 41 6c 6f 6e 65 3d 22 53 74 61 6e 64 41 6c 6f 6e 65 22 2c 65 2e 53 69 6e 67 6c 65 41 63 74 69 6f 6e 3d 22 53 69 6e 67 6c Data Ascii: ter="After",e.current="Current"}(tt\|\|(tt={})),function(e){e.noHoldout="noHoldout",e.holdout="holdout"}(nt\|\|(nt={})),function(e){e.ConditionMet="ConditionMet",e.TimeLimit="TimeLimit"}(rt\|\|(rt={})),function(e){e.StandAlone="StandAlone",e.SingleAction="Singl
2024-04-26 17:16:59 UTC	16384	IN	Data Raw: 2e 70 75 73 68 28 5b 32 2c 34 2c 2c 35 5d 29 2c 5b 34 2c 50 72 6f 6d 69 73 65 2e 61 6c 6c 28 74 2e 6d 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 72 65 74 75 72 6e 20 69 5b 61 5d 26 26 69 5b 61 5d 2e 72 65 71 75 65 73 74 65 64 41 74 21 3d 3d 72 3f 6f 2e 74 72 79 52 65 74 72 69 65 76 65 56 61 6c 75 65 28 22 22 2e 63 6f 6e 63 61 74 28 65 2c 22 5f 22 29 2e 63 6f 6e 63 61 74 28 74 29 2c 6f 2e 65 78 70 69 72 61 74 69 6f 6e 43 61 63 68 65 2c 69 5b 61 5d 2c 6e 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 6e 75 6c 6c 29 7d 29 29 29 5d 3b 63 61 73 65 20 33 3a 72 65 74 75 72 6e 20 73 2e 73 65 6e 74 28 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 61 5b 74 5b 6e 5d 5d 3d 65 7d 29 29 2c 5b 32 2c 61 Data Ascii: .push([2,4,,5]),[4,Promise.all(t.map((function(t,a){return i[a]&&i[a].requestedAt!==r?o.tryRetrieveValue("".concat(e,"_").concat(t),o.expirationCache,i[a],n):Promise.resolve(null)})))];case 3:return s.sent().forEach((function(e,n){return a[t[n]]=e})),[2,a
2024-04-26 17:16:59 UTC	16384	IN	Data Raw: 7b 63 61 73 65 20 30 3a 72 65 74 75 72 6e 5b 34 2c 74 68 69 73 2e 66 65 74 63 68 47 65 74 28 65 29 5d 3b 63 61 73 65 20 31 3a 69 66 28 21 28 6e 3d 72 2e 73 65 6e 74 28 29 29 2e 6f 6b 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 22 2e 63 6f 6e 63 61 74 28 6e 75 6c 6c 3d 3d 74 3f 22 22 3a 74 2b 22 20 22 2c 22 53 74 61 74 75 73 3a 20 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 73 74 61 74 75 73 2c 22 20 2d 20 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 73 74 61 74 75 73 54 65 78 74 29 29 3b 72 65 74 75 72 6e 5b 34 2c 6e 2e 6a 73 6f 6e 28 29 5d 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 5b 32 2c 72 2e 73 65 6e 74 28 29 5d 7d 7d 29 29 7d 29 29 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 66 65 74 63 68 50 6f 73 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 Data Ascii: {case 0:return[4,this.fetchGet(e)];case 1:if(!(n=r.sent()).ok)throw new Error("".concat(null==t?"":t+" ","Status: ").concat(n.status," - ").concat(n.statusText));return[4,n.json()];case 2:return[2,r.sent()]}}))}))},e.prototype.fetchPost=function(e,t){retu

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:17:00 UTC	738	OUT	GET /52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/forms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: text/plain sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/standaloneforms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 17:17:01 UTC	589	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 17:17:01 GMT Content-Type: text/html Content-Length: 29591 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=900, must-revalidate x-ms-trace-id: fe1a92370e5d2ae7de5a1a9ddd095853 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff x-azure-ref: 20240426T171700Z-17644f8887fddqrtm10p4ae79g00000000y00000000091f0 x-fd-int-roxy-purgeid: 69215008 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 17:17:01 UTC	15795	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 72 6b 65 74 69 6e 67 20 46 6f 72 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Marketing Form</title> <meta name="referrer" cont
2024-04-26 17:17:01 UTC	13796	IN	Data Raw: 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 74 77 6f 4f 70 74 69 6f 6e 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 64 69 76 2e 72 61 64 69 6f 62 75 74 74 6f 6e 73 20 3e 20 64 69 76 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 74 77 6f 4f 70 74 69 6f 6e 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 64 69 76 2e 74 77 6f 6f 70 74 69 6f 6e 5f 63 68 65 63 6b 62 6f 78 20 3e 20 64 69 76 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 6f 70 74 69 6f 6e 53 65 74 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 64 69 76 2e 72 61 64 69 6f 62 75 74 74 6f 6e 73 20 3e 20 64 69 76 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 6d 75 6c 74 69 4f 70 74 69 6f 6e 53 65 74 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 66 69 65 6c 64 73 65 74 20 3e 20 64 69 76 2c Data Ascii: } .twoOptionFormFieldBlock div.radiobuttons > div, .twoOptionFormFieldBlock div.twooption_checkbox > div, .optionSetFormFieldBlock div.radiobuttons > div, .multiOptionSetFormFieldBlock fieldset > div,

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:17:00 UTC	650	OUT	GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1 Host: cxppusa1formui01cdnsa01-endpoint.azureedge.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://assets-usa.mkt.dynamics.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://assets-usa.mkt.dynamics.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 17:17:01 UTC	608	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 17:17:00 GMT Content-Type: application/json Content-Length: 1304 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Tue, 27 Feb 2024 09:22:19 GMT ETag: 0x8DC377598F59007 x-ms-request-id: 001bb379-401e-0080-58fd-975acd000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Allow-Origin: * x-azure-ref: 20240426T171700Z-1865489d5f469db67514m1tnm40000000bgg0000000083u4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 17:17:01 UTC	1304	IN	Data Raw: 7b 0d 0a 20 20 22 46 6f 72 6d 46 61 69 6c 65 64 54 6f 4c 6f 61 64 22 3a 20 22 46 61 69 6c 65 64 20 74 6f 20 6c 6f 61 64 20 66 6f 72 6d 22 2c 0d 0a 20 20 22 46 6f 72 6d 46 61 69 6c 65 64 54 6f 4c 6f 61 64 43 6f 72 73 22 3a 20 22 54 68 65 20 66 6f 72 6d 20 63 61 6e 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 20 6f 6e 20 61 20 64 6f 6d 61 69 6e 20 74 68 61 74 20 68 61 73 6e 27 74 20 62 65 65 6e 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 65 78 74 65 72 6e 61 6c 20 66 6f 72 6d 20 68 6f 73 74 69 6e 67 20 6f 72 20 74 68 65 72 65 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 69 73 73 75 65 22 2c 0d 0a 20 20 22 4c 65 61 72 6e 4d 6f 72 65 22 3a 20 22 4c 65 61 72 6e 20 6d 6f 72 65 22 2c 0d 0a 20 20 22 46 6f 72 6d 53 75 62 6d 69 74 74 65 Data Ascii: { "FormFailedToLoad": "Failed to load form", "FormFailedToLoadCors": "The form can not be loaded on a domain that hasn't been allowed for external form hosting or there is a network connectivity issue", "LearnMore": "Learn more", "FormSubmitte

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:17:00 UTC	713	OUT	GET /favicon.ico HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/standaloneforms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 17:17:01 UTC	313	IN	HTTP/1.1 404 Not Found Date: Fri, 26 Apr 2024 17:17:01 GMT Content-Type: text/html Content-Length: 548 Connection: close Strict-Transport-Security: max-age=2592000; preload x-azure-ref: 20240426T171700Z-17644f8887fxsmp62x2nasg16g00000002hg0000000034a1 x-fd-int-roxy-purgeid: 69215008 X-Cache: TCP_MISS
2024-04-26 17:17:01 UTC	548	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:17:01 UTC	422	OUT	GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1 Host: cxppusa1formui01cdnsa01-endpoint.azureedge.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 17:17:02 UTC	615	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 17:17:02 GMT Content-Type: application/json Content-Length: 1304 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Tue, 27 Feb 2024 09:22:19 GMT ETag: 0x8DC377598F59007 x-ms-request-id: aa2f63ca-b01e-006b-52fd-976aad000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Allow-Origin: * x-azure-ref: 20240426T171701Z-17644f8887f66bdz5dc1vumqq000000000zg000000005t5m x-fd-int-roxy-purgeid: 66630197 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 17:17:02 UTC	1304	IN	Data Raw: 7b 0d 0a 20 20 22 46 6f 72 6d 46 61 69 6c 65 64 54 6f 4c 6f 61 64 22 3a 20 22 46 61 69 6c 65 64 20 74 6f 20 6c 6f 61 64 20 66 6f 72 6d 22 2c 0d 0a 20 20 22 46 6f 72 6d 46 61 69 6c 65 64 54 6f 4c 6f 61 64 43 6f 72 73 22 3a 20 22 54 68 65 20 66 6f 72 6d 20 63 61 6e 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 20 6f 6e 20 61 20 64 6f 6d 61 69 6e 20 74 68 61 74 20 68 61 73 6e 27 74 20 62 65 65 6e 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 65 78 74 65 72 6e 61 6c 20 66 6f 72 6d 20 68 6f 73 74 69 6e 67 20 6f 72 20 74 68 65 72 65 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 69 73 73 75 65 22 2c 0d 0a 20 20 22 4c 65 61 72 6e 4d 6f 72 65 22 3a 20 22 4c 65 61 72 6e 20 6d 6f 72 65 22 2c 0d 0a 20 20 22 46 6f 72 6d 53 75 62 6d 69 74 74 65 Data Ascii: { "FormFailedToLoad": "Failed to load form", "FormFailedToLoadCors": "The form can not be loaded on a domain that hasn't been allowed for external form hosting or there is a network connectivity issue", "LearnMore": "Learn more", "FormSubmitte

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:17:02 UTC	668	OUT	GET /52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/images/d28a00ec-9e00-ef11-a1fd-6045bddb1daa?ts=638493836057785250 HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 17:17:05 UTC	483	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 17:17:04 GMT Content-Type: image/png Content-Length: 5802 Connection: close Access-Control-Allow-Origin: * x-ms-trace-id: 9390753d9f438bc5103810212deb95a4 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff x-azure-ref: 20240426T171702Z-1865489d5f4pfk67n80fmg1bbw0000000bgg000000009k8u Cache-Control: public, max-age=2592000 x-fd-int-roxy-purgeid: 69215008 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 17:17:05 UTC	5802	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2b 00 00 00 a8 08 03 00 00 00 8f 29 38 44 00 00 01 23 50 4c 54 45 ff ff ff 09 4a b2 ff ff fd ff ff fb ff ff f9 00 46 af ff ff f7 ff fe ff 4c 70 c2 08 4a b5 00 3a ae 00 46 b1 00 40 aa ff fd ff d5 e1 ed 00 3d ac af c1 e1 c8 d4 e8 f7 f9 fd 2b 5a b9 00 41 b0 dc e5 f6 00 3c b6 00 3c af 41 6b bf 84 9b cd 9b b0 d9 f6 fc fc 00 42 b1 64 80 c1 3b 64 bc 00 40 b5 b7 cd e8 00 4c b0 a5 b9 df 5e 7e c4 6b 89 cf e6 f1 f4 00 41 b3 00 38 b3 ff ff f2 00 36 a8 a9 c3 e4 00 3a a7 00 32 a8 00 4b aa fc f9 ff ff fc f6 46 74 c1 00 3a ba ce db e9 ed f7 f5 67 87 c3 00 2f ae 81 a0 cb b2 c8 e1 d8 e6 ec 97 af ce 39 69 b5 00 3f a2 73 95 cb e5 ed f8 ca d4 ef a1 b2 de 8d aa de 13 5e af 43 70 b4 d0 e7 f5 62 8e c0 b7 c6 e7 cd d7 e6 b2 Data Ascii: PNGIHDR+)8D#PLTEJFLpJ:F@=+ZA<<AkBd;d@L^~kA86:2KFt:g/9i?s^Cpb

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:17:02 UTC	605	OUT	OPTIONS /api/v1.0/orgs/52f527c8-5afd-ee11-9048-000d3a106837/landingpageforms/forms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa/visits HTTP/1.1 Host: public-usa.mkt.dynamics.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://assets-usa.mkt.dynamics.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 17:17:03 UTC	383	IN	HTTP/1.1 204 No Content Server: nginx Date: Fri, 26 Apr 2024 17:17:03 GMT Connection: close Access-Control-Allow-Headers: content-type Access-Control-Allow-Methods: GET,POST Access-Control-Allow-Origin: https://assets-usa.mkt.dynamics.com x-ms-trace-id: 7fe44e3330fb79e57740a25d3cd10b54 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ACRMNT.pdf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\04a66e01-8fda-4a7c-a117-d2536b3f9cd9.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426171628Z-166.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7388

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Windows Analysis Report
ACRMNT.pdf

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:17:03 UTC	715	OUT	POST /api/v1.0/orgs/52f527c8-5afd-ee11-9048-000d3a106837/landingpageforms/forms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa/visits HTTP/1.1 Host: public-usa.mkt.dynamics.com Connection: keep-alive Content-Length: 215 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json Content-Type: application/json sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://assets-usa.mkt.dynamics.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 17:17:03 UTC	215	OUT	Data Raw: 7b 22 70 61 67 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d 69 63 73 2e 63 6f 6d 2f 35 32 66 35 32 37 63 38 2d 35 61 66 64 2d 65 65 31 31 2d 39 30 34 38 2d 30 30 30 64 33 61 31 30 36 38 33 37 2f 64 69 67 69 74 61 6c 61 73 73 65 74 73 2f 73 74 61 6e 64 61 6c 6f 6e 65 66 6f 72 6d 73 2f 62 39 39 65 32 37 62 37 2d 39 66 30 30 2d 65 66 31 31 2d 61 31 66 64 2d 36 30 34 35 62 64 64 62 31 64 61 61 23 6d 73 64 79 6e 6d 6b 74 5f 74 72 61 63 6b 69 6e 67 63 6f 6e 74 65 78 74 3d 38 39 65 31 38 34 63 64 2d 34 62 34 32 2d 34 64 30 35 2d 38 39 31 63 2d 64 36 34 36 38 30 30 63 33 35 61 62 22 7d Data Ascii: {"pageUrl":"https://assets-usa.mkt.dynamics.com/52f527c8-5afd-ee11-9048-000d3a106837/digitalassets/standaloneforms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa#msdynmkt_trackingcontext=89e184cd-4b42-4d05-891c-d646800c35ab"}
2024-04-26 17:17:04 UTC	366	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Apr 2024 17:17:04 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: https://assets-usa.mkt.dynamics.com x-ms-trace-id: bd1b95eeb5b709c0ea8f3fcb9c18b7c9 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff
2024-04-26 17:17:04 UTC	54	IN	Data Raw: 32 62 0d 0a 7b 22 69 6e 74 65 72 61 63 74 69 6f 6e 53 74 61 74 75 73 22 3a 30 2c 22 65 72 72 6f 72 4d 65 73 73 61 67 65 22 3a 6e 75 6c 6c 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2b{"interactionStatus":0,"errorMessage":null}0

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:17:05 UTC	468	OUT	GET /api/v1.0/orgs/52f527c8-5afd-ee11-9048-000d3a106837/landingpageforms/forms/b99e27b7-9f00-ef11-a1fd-6045bddb1daa/visits HTTP/1.1 Host: public-usa.mkt.dynamics.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 17:17:05 UTC	218	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Fri, 26 Apr 2024 17:17:05 GMT Content-Length: 0 Connection: close x-ms-trace-id: 845bcf146cfa5d58371ff067105e99ba Strict-Transport-Security: max-age=2592000; preload

Timestamp	Bytes transferred	Direction	Data
2024-04-26 17:17:21 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vkF+oXvDPKsCOPm&MD=HWVEBc5B HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 17:17:22 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: aab8a549-d4bf-4d57-a46f-4f689faeddb3 MS-RequestId: 83f99976-d39f-451e-8e30-6908acd0df29 MS-CV: 0ooOQ856xUmBDthI.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 17:17:21 GMT Connection: close Content-Length: 25457
2024-04-26 17:17:22 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-26 17:17:22 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	19:16:22
Start date:	26/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ACRMNT.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	1
Start time:	19:16:23
Start date:	26/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	9
Start time:	19:16:48
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://public-usa.mkt.dynamics.com/api/orgs/52f527c8-5afd-ee11-9048-000d3a106837/r/zYThiUJLBU2JHNZGgAw1qwEAAAA"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	10
Start time:	19:16:50
Start date:	26/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2224,i,14375637986676002986,8035494575245750603,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre