Windows Analysis Report
DocuSign_Payapp#5_Pay_Requests.pdf

Overview

General Information

Sample name:	DocuSign_Payapp#5_Pay_Requests.pdf
Analysis ID:	1432348
MD5:	109a4241b4f0cbe21b8a0fe0a3611a42
SHA1:	cc65a971e44b131e31027a6320a002b04840e1f5
SHA256:	252bea4419f587bd99427d7080eeaccfb60e61cbf0d6b1024b45524746581c39
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found potential malicious PDF (bad image similarity)

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Suspicious PDF detected (based on various text indicators)

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML page contains obfuscate script src

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Unable to load, office file is protected or invalid

Classification

Signatures

Phishing

Phishing site detected (based on favicon image match)

Source: https://pivitai.net	Matcher: Template: microsoft matched with high similarity
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&sc	Matcher: Template: microsoft matched
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	Matcher: Template: microsoft matched
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	Matcher: Template: microsoft matched
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	Matcher: Template: microsoft matched

Suspicious PDF detected (based on various text indicators)

Source: Adobe Acrobat PDF

OCR Text: DocuSign Account AP sent a new document to review and sign. REVIEW DOCUMENT Please DocuSign & PAYMENT INSTRUCTION 04-22-24 (Updated). Hi Signee, Please review and approve the enclosed revised & PAYMENT INSTRUCTION 04-22-24 (Updated) documents. Click on the button above to review and electronically sign the document. No hard copy is required when DocuSign is utilized. by Microsoft Do Not Share This Email This email contains a secure link to DocuSign. Please do not share this email, link, or access Vith others. About DocuSign Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an offce, at home, on-the-go or even across the globe DocuSign provides a professional trusted solution for Digital Transaction Management. Que<ions about the Document? If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly. Stop receiving this email Report this email or read more about Declining to sign and Managing notifications. If you are having trouble signing the document, please visit the Help nith Signing page on our Support Center. [hwnload the DocuSign App If you nould rather not receive email from this ender you may mntact the ender with your requed.

Found iframes

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: Iframe src: https://bdfdbdf.pivitai.net/owa/prefetch.aspx
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: Iframe src: https://bdfdbdf.pivitai.net/owa/prefetch.aspx

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

HTTP Parser: Base64 decoded: function c(){if(!document.querySelector(".b") || !document.querySelector(".g")){document.head.appendChild(Object.assign(document.createElement("div"),{classList:["b"]}));document.documentElement.style.filter="hue-rotate(4deg)";document.head.appendChild(Ob...

HTML page contains obfuscate script src

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok	HTTP Parser: Script src: data:text/javascript;base64,ZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcigiRE9NQ29udGVudExvYWRlZCIsKGZ1bmN0aW9uKCl7ZnVuY3Rpb24gZShlKXtyZXR1cm4gbmV3IFByb21pc2UoKHQ9Pntjb25zdCBuPWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoZSk7aWYobilyZXR1cm4gdChuKTtjb25zdCBvPW5ldyBNdXRhdGlvbk
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok	HTTP Parser: Script src: data:text/javascript;base64,ZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcigiRE9NQ29udGVudExvYWRlZCIsKGZ1bmN0aW9uKCl7ZnVuY3Rpb24gZShlKXtyZXR1cm4gbmV3IFByb21pc2UoKHQ9Pntjb25zdCBuPWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoZSk7aWYobilyZXR1cm4gdChuKTtjb25zdCBvPW5ldyBNdXRhdGlvbk
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok	HTTP Parser: Script src: data:text/javascript;base64,ZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcigiRE9NQ29udGVudExvYWRlZCIsKGZ1bmN0aW9uKCl7ZnVuY3Rpb24gZShlKXtyZXR1cm4gbmV3IFByb21pc2UoKHQ9Pntjb25zdCBuPWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoZSk7aWYobilyZXR1cm4gdChuKTtjb25zdCBvPW5ldyBNdXRhdGlvbk
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

HTTP Parser: <input type="password" .../> found

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH	HTTP Parser: No favicon
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: No favicon
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: No favicon
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	HTTP Parser: No favicon
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	HTTP Parser: No favicon
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	HTTP Parser: No favicon

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.7.32:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.219.0.175:443 -> 192.168.2.17:49771 version: TLS 1.2

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 152.199.4.44 152.199.4.44
Source: Joe Sandbox View	IP Address: 104.94.108.142 104.94.108.142
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 104.21.93.58 104.21.93.58

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112

Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SkP4Hx1tLvaAHe8&MD=VM8OULnM HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF5XZwY-2B6xtEf4K-2F0OUqW9J0ZCgtiHnuKPgwO57BN4nbMytPQKOXIsVPbDdaBFDQtTyzoa5R25WwanU8fj5yZvqu-2B0aEG-2FQ4kSONuVxLFMM-2FqYS1MSJTaXLSNFuW4lt9FGNOi682M0ACrKV4PH6f0bRGoXVwDSky-2BmaGT29AW5EV3RuTchu-2Boru3Y4Wm16cjugy6y-2F2BOZGZgPXLOR-2FFuMVOmBKDWyrgq2GUQxylBbCGXaTxKLNXuzOh1ksEsgdWOGQpbxMyYTcDgeZTrmeDmO727fKFS9y56TUe-2B-2BoBxWffpolwRAl10klJE3e621FXqSu7J-2BoO4HtcqciqN2yEmVQDTZeOiI4bgA5aknYFJoRzj5hZU63gJGvvMRh8Tqehj6cDyF9iHzG2g-2ByPvGjv9-2BY2hfcC7pMyfhaUZcB007mefDydRUmf5iRpMEgHR9Sg2XT7F31nGyAVtnPUHLCd-2F0y5N0zs-2B-2B-2FZf3TppEDBz4F3-2F6x2TfixqzzHPJHmGaDqIEsVqDag0p1CiLubdh-2BQ9ZwrdhYiMWvARGXRC5xDGIds3LiaJ35XcsroyLybhVsqMnQF-2FGK3qBYg4qiYPmbojMT2hi6OKOruTks5dTxn7bWIIh9iyVhgVqKl911azwSXtdb0Tm9w-2Bm4xTESGeIWacX5XwsvgSZkTgnF2q1XheonEnppza3CcFNYhOKVzSKP-2BlzMVWdhorzfsmpCaugAN1ynPRWwMr3nCm27Kqi2LjVKPmnvGtSA-2BdPJFkoDN2x0HWjiJX4bj-2B5Qie7gT7SHJ30pvX8eXFRnjOdpRN2wQ-3D-3DLEZO_-2B9RHaNlJTuT8Wl45M2xpmvRCZtWd0m9fTP74dNraSGfMgLd3R9QIuzEYL9XI7ldyhHZWVscd7CKMBwn5KQO96mWzbN7-2F2q4GodMF-2Bp-2F1fPX3Lf0iglsshTS0TOMR7hthNJ2CQy9yjw1G5cYyoERctW7e1GyPFYDp6vYSDyV5A4-2BJeBVPfbAvVUxlDOpG6mXhHdLD4qO-2FeBdvvviJNlAFYkkSI7OxVaZQWre8K8FmsEFfFn3tBRDg2y1QkCQbkio5uQVBqj7YZNB-2BirBQxaWLq7mOy73heMnBdF8oJlaD0rwTWaaKAWVo4aiElmNs-2F03diU6TJ2RAZcvQxWsKaj6LQDKVxlH8MellZqpFF9oT00ELhes2kznJXgLyrqkuGkALM5d3zJow1npVj8EdzY-2B-2BnchbUD2q62tvI8AE-2B7kpMhX-2Br64oZOfhYphysBoCXInqXvm9-2F0Vvha-2FctJroCDCPBx2zfhffD0NbMi-2BZ1k3FbKz2fLKoH4Nx7qkPYmAD08JG HTTP/1.1Host: email.wantyourfeedback.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D HTTP/1.1Host: email.wantyourfeedback.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wlFGCNZO HTTP/1.1Host: dyjt.pivitai.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D HTTP/1.1Host: email.wantyourfeedback.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wlFGCNZO HTTP/1.1Host: dyjt.pivitai.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/ HTTP/1.1Host: bdfdbdf.pivitai.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH HTTP/1.1Host: dfgrt.pivitai.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: wreg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true HTTP/1.1Host: dfgrt.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UHAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d; esctx-3UthQiNWeYA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IBaozxtGlk9P_MZmIstVk93o4LiNrXf0bizuXBgbTY70owvrgpnWlSUx1zGJjIhc3Iunu-oKF4oU8rlO43wX8g0ruZ4KdBe8tJ0I7b7XGMikWIa8HWOF1zjbbBIYxjgiZWvk-fUQ1b7PgUm_UebpoyAA; fpc=Aklos_I7PTVNnQgzHKlcwXQ; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8NOyYEDa-V5afKvKYt4dy5p5NwnVj7EKdnpgsar5OU14_SrjYe1SvjEDghyftj1pHfqv-2Okr3H7w3gHZ2d_GzR_cqQTJpNCgvkCZJ8ndyBpEZqN6LODtSyHiSCwLAkP-zUp9VxBA7dSmn1WLsp4gh_FMnYbnTj6z4M0brj-a-b0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dfgrt.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UHAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d; esctx-3UthQiNWeYA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IBaozxtGlk9P_MZmIstVk93o4LiNrXf0bizuXBgbTY70owvrgpnWlSUx1zGJjIhc3Iunu-oKF4oU8rlO43wX8g0ruZ4KdBe8tJ0I7b7XGMikWIa8HWOF1zjbbBIYxjgiZWvk-fUQ1b7PgUm_UebpoyAA; fpc=Aklos_I7PTVNnQgzHKlcwXQ; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8NOyYEDa-V5afKvKYt4dy5p5NwnVj7EKdnpgsar5OU14_SrjYe1SvjEDghyftj1pHfqv-2Okr3H7w3gHZ2d_GzR_cqQTJpNCgvkCZJ8ndyBpEZqN6LODtSyHiSCwLAkP-zUp9VxBA7dSmn1WLsp4gh_FMnYbnTj6z4M0brj-a-b0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1Host: wreg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: dwqef.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SkP4Hx1tLvaAHe8&MD=VM8OULnM HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: bdfdbdf.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d; ClientId=8838F4499FA6461C8518945BCAB542A3; OIDC=1; OpenIdConnect.nonce.v3.5UDRh8VSYItZsY0vZ-eA4eoOVm8MNLhbsrKXRDaCSHc=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6; X-OWA-RedirectHistory=ArLym14B6VgJBC5m3Ag
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDgAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAZuJ96Lu0h17VTAAgmgHyOpH%2BMwz4ucSop2ZqBMCotRAsg0BS5RHRy%2BgEOGYmg8VUd5X6SUo499h2DUHa6gcQn4MetTK%2Bfn4hBtmHUx9Lg2BYERM5WL9hogNsGKt4e0pZXDvNv11/xBZ3e3VOzF%2B%2BTI73bdmzHezAWhzSiW5M42p8XVfHGnwEMsiAateRpZ4sI9pwPogwb/13Q9J1ayd/VaqH70VmGn3PbhWTLeM3Ex0OWFfKL29aYvR0Hy4gQxzQCR2yHx7LaefGuXdpppVGYDnGolP4eSf1Py9k777dJAf7okg3XLhHmWPhBYBhUrK5cj9pt5HR3pAIINtmJ05EWwDZgAACICuGgQQjhtHsAHovJPr14Gg3JvrD2VqavHRfhk14mK9mZcFn286dFVem7mVaB%2BpmHHS9X051LEAOvrces0AAYoINjrojQuzeELmUGPQT9DevMBr9ReoGPnmYOUTzsBMWa7RAveFpSEO2I/vCh5yuSNrzdyWsKYj9l0uDjxz2mipdvAUf0JGhOvMewHvOqWVFgDsJAWN/mnXxEoZrdyWlTgGPzJBAepKXu04C/Mk4HEUbHw94LriLJsMSnLbKEt9c/6L10z8hfEmpytfcY%2BPpM620snevvVELl9YUJ5tEoqDFlTF9hrW64Rw55mthbpzglu8N5YiQ6qFZO7Og6CHYAjMjwkaX7wziuGQrYxZG%2BKtkbZtqi7LtOSfBnJtVXg%2B/oe3QPv72/ph8TjzO9ADw%2BJPKMGyvWjmMM6Vh6P3n4xVVm/Wo8zvCx5O2tK0T86luLqRr9000wh0OYRs9BEAJ9Wfzm%2B4SMupFTF4/Yvjj4kEs6usnTHZyMsffFEceQakG2JETlARaCyHgXct8BfS0sml4KqIWFxE%2B%2BtgH1wqD3Jl0x4d3ZRZ2kRIXJfFp/xDZu1XB0jMKKKhjnDbAQ%3D%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1714162752User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 35388D629A864227A6FF8680AFC52667X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B

Source: global traffic	DNS traffic detected: DNS query: dyjt.pivitai.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: bdfdbdf.pivitai.net
Source: global traffic	DNS traffic detected: DNS query: dfgrt.pivitai.net
Source: global traffic	DNS traffic detected: DNS query: wreg.pivitai.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: yukrtg.pivitai.net
Source: global traffic	DNS traffic detected: DNS query: dwqef.pivitai.net
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 20:18:24 GMTTransfer-Encoding: chunkedConnection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+sin"}]}X-Ms-Ests-Server: 2.1.17910.10 - SEASLR1 ProdSlicesX-Ms-Request-Id: 345e8d32-8a44-41b5-abb7-5b95189ab900X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 87a943038d3d74b6-MIAalt-svc: h3=":443"; ma=86400

Source: DocuSign_Payapp#5_Pay_Requests.pdf	String found in binary or memory: http://email.wantyourfeedback.com/ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF
Source: chromecache_191.17.dr	String found in binary or memory: http://feross.org
Source: chromecache_187.17.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_197.17.dr, chromecache_204.17.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_197.17.dr, chromecache_204.17.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_201.17.dr	String found in binary or memory: https://device.dfgrt.pivitai.net
Source: chromecache_201.17.dr	String found in binary or memory: https://dfgrt.pivitai.net
Source: chromecache_191.17.dr, chromecache_184.17.dr, chromecache_197.17.dr, chromecache_204.17.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_201.17.dr	String found in binary or memory: https://login-us.microsoftonline.com
Source: chromecache_201.17.dr	String found in binary or memory: https://login.chinacloudapi.cn
Source: chromecache_201.17.dr	String found in binary or memory: https://login.microsoftonline.de
Source: chromecache_201.17.dr	String found in binary or memory: https://login.microsoftonline.us
Source: chromecache_201.17.dr	String found in binary or memory: https://login.partner.microsoftonline.cn
Source: chromecache_201.17.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_201.17.dr	String found in binary or memory: https://login.windows.net
Source: chromecache_201.17.dr	String found in binary or memory: https://logincert.microsoftonline.com
Source: chromecache_201.17.dr	String found in binary or memory: https://ujty.pivitai.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.7.32:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.219.0.175:443 -> 192.168.2.17:49771 version: TLS 1.2

System Summary

Found potential malicious PDF (bad image similarity)

Source: DocuSign_Payapp#5_Pay_Requests.pdf

Static PDF information: Image stream: 12

Unable to load, office file is protected or invalid

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Window title found: dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b"id_token"%3a%7b"xms_cc"%3a%7b"values"%3a%5b"cp1"%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=dctbfoagcabrrddxserbpa5wbft2_vj82u1oke1hcxkjaujtpgdprississnxlo6rrt8ukexr6d0ndbv55sim0mo9yjvz-uh - google chrome chrome legacy window

Source: classification engine

Classification label: mal76.phis.winPDF@31/105@26/9

Source: DocuSign_Payapp#5_Pay_Requests.pdf	Initial sample: http://email.wantyourfeedback.com/ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF5XZwY-2B6xtEf4K-2F0OUqW9J0ZCgtiHnuKPgwO57BN4nbMytPQKOXIsVPbDdaBFDQtTyzoa5R25WwanU8fj5yZvqu-2B0aEG-2FQ4kSONuVxLFMM-2FqYS1MSJTaXLSNFuW4lt9FGNOi682M0ACrKV4PH6f0bRGoXVwDSky-2BmaGT29AW5EV3RuTchu-2Boru3Y4Wm16cjugy6y-2F2BOZGZgPXLOR-2FFuMVOmBKDWyrgq2GUQxylBbCGXaTxKLNXuzOh1ksEsgdWOGQpbxMyYTcDgeZTrmeDmO727fKFS9y56TUe-2B-2BoBxWffpolwRAl10klJE3e621FXqSu7J-2BoO4HtcqciqN2yEmVQDTZeOiI4bgA5aknYFJoRzj5hZU63gJGvvMRh8Tqehj6cDyF9iHzG2g-2ByPvGjv9-2BY2hfcC7pMyfhaUZcB007mefDydRUmf5iRpMEgHR9Sg2XT7F31nGyAVtnPUHLCd-2F0y5N0zs-2B-2B-2FZf3TppEDBz4F3-2F6x2TfixqzzHPJHmGaDqIEsVqDag0p1CiLubdh-2BQ9ZwrdhYiMWvARGXRC5xDGIds3LiaJ35XcsroyLybhVsqMnQF-2FGK3qBYg4qiYPmbojMT2hi6OKOruTks5dTxn7bWIIh9iyVhgVqKl911azwSXtdb0Tm9w-2Bm4xTESGeIWacX5XwsvgSZkTgnF2q1XheonEnppza3CcFNYhOKVzSKP-2BlzMVWdhorzfsmpCaugAN1ynPRWwMr3nCm27Kqi2LjVKPmnvGtSA-2BdPJFkoDN2x0HWjiJX4bj-2B5Qie7gT7SHJ30pvX8eXFRnjOdpRN2wQ-3D-3DLEZO_-2B9RHaNlJTuT8Wl45M2xpmvRCZtWd0m9fTP74dNraSGfMgLd3R9QIuzEYL9XI7ldyhHZWVscd7CKMBwn5KQO96mWzbN7-2F2q4GodMF-2Bp-2F1fPX3Lf0iglsshTS0TOMR7hthNJ2CQy9yjw1G5cYyoERctW7e1GyPFYDp6vYSDyV5A4-2BJeBVPfbAvVUxlDOpG6mXhHdLD4qO-2FeBdvvviJNlAFYkkSI7OxVaZQWre8K8FmsEFfFn3tBRDg2y1QkCQbkio5uQVBqj7YZNB-2BirBQxaWLq7mOy73heMnBdF8oJlaD0rwTWaaKAWVo4aiElmNs-2F03diU6TJ2RAZcvQxWsKaj6LQDKVxlH8MellZqpFF9oT00ELhes2kznJXgLyrqkuGkALM5d3zJow1npVj8EdzY-2B-2BnchbUD2q62tvI8AE-2B7kpMhX-2Br64oZOfhYphysBoCXInqXvm9-2F0Vvha-2FctJroCDCPBx2zfhffD0NbMi-2BZ1k3FbKz2fLKoH4Nx7qkPYmAD08JG
Source: DocuSign_Payapp#5_Pay_Requests.pdf	Initial sample: http://email.wantyourfeedback.com/ls/click?upn=u001.kefinuywklssadlx7clhngjdvmuvho1aw1vm0ypuexgejfcf5xzwy-2b6xtef4k-2f0ouqw9j0zcgtihnukpgwo57bn4nbmytpqkoxisvpbddabfdqttyzoa5r25wwanu8fj5yzvqu-2b0aeg-2fq4ksonuvxlfmm-2fqys1msjtaxlsnfuw4lt9fgnoi682m0acrkv4ph6f0brgoxvwdsky-2bmagt29aw5ev3rutchu-2boru3y4wm16cjugy6y-2f2bozgzgpxlor-2ffumvombkdwyrgq2guqxylbbcgxatxklnxuzoh1ksesgdwogqpbxmyytcdgeztrmedmo727fkfs9y56tue-2b-2bobxwffpolwral10klje3e621fxqsu7j-2boo4htcqciqn2yemvqdtzeoii4bga5aknyfjorzj5hzu63gjgvvmrh8tqehj6cdyf9ihzg2g-2bypvgjv9-2by2hfcc7pmyfhauzcb007mefdydrumf5irpmeghr9sg2xt7f31ngyavtnpuhlcd-2f0y5n0zs-2b-2b-2fzf3tppedbz4f3-2f6x2tfixqzzhpjhmgadqiesvqdag0p1cilubdh-2bq9zwrdhyimwvargxrc5xdgids3liaj35xcsroylybhvsqmnqf-2fgk3qbyg4qiypmbojmt2hi6okorutks5dtxn7bwiih9iyvhgvqkl911azwsxtdb0tm9w-2bm4xtesgeiwacx5xwsvgszktgnf2q1xheonenppza3ccfnyhokvzskp-2blzmvwdhorzfsmpcaugan1ynprwwmr3ncm27kqi2ljvkpmnvgtsa-2bdpjfkodn2x0hwjijx4bj-2b5qie7gt7shj30pvx8exfrnjodprn2wq-3d-3dlezo_-2b9rhanljtut8wl45m2xpmvrcztwd0m9ftp74dnrasgfmgld3r9qiuzeyl9xi7ldyhhzwvscd7ckmbwn5kqo96mwzbn7-2f2q4godmf-2bp-2f1fpx3lf0iglsshts0tomr7hthnj2cqy9yjw1g5cyyoerctw7e1gypfydp6vysdyv5a4-2bjebvpfbavvuxldopg6mxhhdld4qo-2febdvvvijnlafykksi7oxvazqwre8k8fmsefffn3tbrdg2y1qkcqbkio5uqvbqj7yznb-2birbqxawlq7moy73hemnbdf8ojlad0rwtwaakawvo4aielmns-2f03diu6tj2razcvqxwskaj6lqdkvxlh8mellzqpff9ot00elhes2kznjxglyrqkugkalm5d3zjow1npvj8edzy-2b-2bnchbud2q62tvi8ae-2b7kpmhx-2br64ozofhyphysbocxinqxvm9-2f0vvha-2fctjrocdcpbx2zfhffd0nbmi-2bz1k3fbkz2flkoh4nx7qkpymad08jg

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 22-17-34-896.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\DocuSign_Payapp#5_Pay_Requests.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1624 --field-trial-handle=1548,i,17368980991378574226,11935322208934243998,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://email.wantyourfeedback.com/ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF5XZwY-2B6xtEf4K-2F0OUqW9J0ZCgtiHnuKPgwO57BN4nbMytPQKOXIsVPbDdaBFDQtTyzoa5R25WwanU8fj5yZvqu-2B0aEG-2FQ4kSONuVxLFMM-2FqYS1MSJTaXLSNFuW4lt9FGNOi682M0ACrKV4PH6f0bRGoXVwDSky-2BmaGT29AW5EV3RuTchu-2Boru3Y4Wm16cjugy6y-2F2BOZGZgPXLOR-2FFuMVOmBKDWyrgq2GUQxylBbCGXaTxKLNXuzOh1ksEsgdWOGQpbxMyYTcDgeZTrmeDmO727fKFS9y56TUe-2B-2BoBxWffpolwRAl10klJE3e621FXqSu7J-2BoO4HtcqciqN2yEmVQDTZeOiI4bgA5aknYFJoRzj5hZU63gJGvvMRh8Tqehj6cDyF9iHzG2g-2ByPvGjv9-2BY2hfcC7pMyfhaUZcB007mefDydRUmf5iRpMEgHR9Sg2XT7F31nGyAVtnPUHLCd-2F0y5N0zs-2B-2B-2FZf3TppEDBz4F3-2F6x2TfixqzzHPJHmGaDqIEsVqDag0p1CiLubdh-2BQ9ZwrdhYiMWvARGXRC5xDGIds3LiaJ35XcsroyLybhVsqMnQF-2FGK3qBYg4qiYPmbojMT2hi6OKOruTks5dTxn7bWIIh9iyVhgVqKl911azwSXtdb0Tm9w-2Bm4xTESGeIWacX5XwsvgSZkTgnF2q1XheonEnppza3CcFNYhOKVzSKP-2BlzMVWdhorzfsmpCaugAN1ynPRWwMr3nCm27Kqi2LjVKPmnvGtSA-2BdPJFkoDN2x0HWjiJX4bj-2B5Qie7gT7SHJ30pvX8eXFRnjOdpRN2wQ-3D-3DLEZO_-2B9RHaNlJTuT8Wl45M2xpmvRCZtWd0m9fTP74dNraSGfMgLd3R9QIuzEYL9XI7ldyhHZWVscd7CKMBwn5KQO96mWzbN7-2F2q4GodMF-2Bp-2F1fPX3Lf0iglsshTS0TOMR7hthNJ2CQy9yjw1G5cYyoERctW7e1GyPFYDp6vYSDyV5A4-2BJeBVPfbAvVUxlDOpG6mXhHdLD4qO-2FeBdvvviJNlAFYkkSI7OxVaZQWre8K8FmsEFfFn3tBRDg2y1QkCQbkio5uQVBqj7YZNB-2BirBQxaWLq7mOy73heMnBdF8oJlaD0rwTWaaKAWVo4aiElmNs-2F03diU6TJ2RAZcvQxWsKaj6LQDKVxlH8MellZqpFF9oT00ELhes2kznJXgLyrqkuGkALM5d3zJow1npVj8EdzY-2B-2BnchbUD2q62tvI8AE-2B7kpMhX-2Br64oZOfhYphysBoCXInqXvm9-2F0Vvha-2FctJroCDCPBx2zfhffD0NbMi-2BZ1k3FbKz2fLKoH4Nx7qkPYmAD08JG
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1760,i,4409796165917685690,4155670508853813645,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://email.wantyourfeedback.com/ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF5XZwY-2B6xtEf4K-2F0OUqW9J0ZCgtiHnuKPgwO57BN4nbMytPQKOXIsVPbDdaBFDQtTyzoa5R25WwanU8fj5yZvqu-2B0aEG-2FQ4kSONuVxLFMM-2FqYS1MSJTaXLSNFuW4lt9FGNOi682M0ACrKV4PH6f0bRGoXVwDSky-2BmaGT29AW5EV3RuTchu-2Boru3Y4Wm16cjugy6y-2F2BOZGZgPXLOR-2FFuMVOmBKDWyrgq2GUQxylBbCGXaTxKLNXuzOh1ksEsgdWOGQpbxMyYTcDgeZTrmeDmO727fKFS9y56TUe-2B-2BoBxWffpolwRAl10klJE3e621FXqSu7J-2BoO4HtcqciqN2yEmVQDTZeOiI4bgA5aknYFJoRzj5hZU63gJGvvMRh8Tqehj6cDyF9iHzG2g-2ByPvGjv9-2BY2hfcC7pMyfhaUZcB007mefDydRUmf5iRpMEgHR9Sg2XT7F31nGyAVtnPUHLCd-2F0y5N0zs-2B-2B-2FZf3TppEDBz4F3-2F6x2TfixqzzHPJHmGaDqIEsVqDag0p1CiLubdh-2BQ9ZwrdhYiMWvARGXRC5xDGIds3LiaJ35XcsroyLybhVsqMnQF-2FGK3qBYg4qiYPmbojMT2hi6OKOruTks5dTxn7bWIIh9iyVhgVqKl911azwSXtdb0Tm9w-2Bm4xTESGeIWacX5XwsvgSZkTgnF2q1XheonEnppza3CcFNYhOKVzSKP-2BlzMVWdhorzfsmpCaugAN1ynPRWwMr3nCm27Kqi2LjVKPmnvGtSA-2BdPJFkoDN2x0HWjiJX4bj-2B5Qie7gT7SHJ30pvX8eXFRnjOdpRN2wQ-3D-3DLEZO_-2B9RHaNlJTuT8Wl45M2xpmvRCZtWd0m9fTP74dNraSGfMgLd3R9QIuzEYL9XI7ldyhHZWVscd7CKMBwn5KQO96mWzbN7-2F2q4GodMF-2Bp-2F1fPX3Lf0iglsshTS0TOMR7hthNJ2CQy9yjw1G5cYyoERctW7e1GyPFYDp6vYSDyV5A4-2BJeBVPfbAvVUxlDOpG6mXhHdLD4qO-2FeBdvvviJNlAFYkkSI7OxVaZQWre8K8FmsEFfFn3tBRDg2y1QkCQbkio5uQVBqj7YZNB-2BirBQxaWLq7mOy73heMnBdF8oJlaD0rwTWaaKAWVo4aiElmNs-2F03diU6TJ2RAZcvQxWsKaj6LQDKVxlH8MellZqpFF9oT00ELhes2kznJXgLyrqkuGkALM5d3zJow1npVj8EdzY-2B-2BnchbUD2q62tvI8AE-2B7kpMhX-2Br64oZOfhYphysBoCXInqXvm9-2F0Vvha-2FctJroCDCPBx2zfhffD0NbMi-2BZ1k3FbKz2fLKoH4Nx7qkPYmAD08JG	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1624 --field-trial-handle=1548,i,17368980991378574226,11935322208934243998,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1760,i,4409796165917685690,4155670508853813645,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: DocuSign_Payapp#5_Pay_Requests.pdf	Initial sample: PDF keyword /JS count = 0
Source: DocuSign_Payapp#5_Pay_Requests.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: DocuSign_Payapp#5_Pay_Requests.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
104.94.108.142	unknown	United States	16625	AKAMAI-ASUS	false
104.21.32.98	dyjt.pivitai.net	United States	13335	CLOUDFLARENETUS	false
142.250.217.164	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.21.93.58	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.223.170	dfgrt.pivitai.net	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17

Contacted Domains

Name	IP	Active
dfgrt.pivitai.net	172.67.223.170	true
part-0013.t-0009.t-msedge.net	13.107.246.41	true
a.nel.cloudflare.com	35.190.80.1	true
cs1100.wpc.omegacdn.net	152.199.4.44	true
yukrtg.pivitai.net	172.67.223.170	true
www.google.com	142.250.217.164	true
dyjt.pivitai.net	104.21.32.98	true
wreg.pivitai.net	172.67.223.170	true
bdfdbdf.pivitai.net	104.21.32.98	true
dwqef.pivitai.net	172.67.223.170	true
identity.nel.measure.office.net	unknown	unknown
r4.res.office365.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://yukrtg.pivitai.net/shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js	false	Avira URL Cloud: safe	unknown
https://yukrtg.pivitai.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	Avira URL Cloud: safe	unknown
https://wreg.pivitai.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js	false	Avira URL Cloud: safe	unknown
https://dfgrt.pivitai.net/favicon.ico	false	Avira URL Cloud: safe	unknown
https://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D	false	Avira URL Cloud: safe	unknown
https://yukrtg.pivitai.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	false	Avira URL Cloud: safe	unknown
https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH	false		unknown
https://yukrtg.pivitai.net/shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg	false	Avira URL Cloud: safe	unknown
https://yukrtg.pivitai.net/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg	false	Avira URL Cloud: safe	unknown
https://bdfdbdf.pivitai.net/owa/prefetch.aspx	true		unknown
https://dwqef.pivitai.net/Me.htm?v=3	false	Avira URL Cloud: safe	unknown
https://dyjt.pivitai.net/wlFGCNZO	false	Avira URL Cloud: safe	unknown
https://yukrtg.pivitai.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css	false	Avira URL Cloud: safe	unknown
https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	true		unknown
https://yukrtg.pivitai.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	false	Avira URL Cloud: safe	unknown
https://bdfdbdf.pivitai.net/owa/	false	Avira URL Cloud: safe	unknown
https://wreg.pivitai.net/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js	false	Avira URL Cloud: safe	unknown
https://yukrtg.pivitai.net/shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png	false	Avira URL Cloud: safe	unknown
https://yukrtg.pivitai.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js	false	Avira URL Cloud: safe	unknown
https://yukrtg.pivitai.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js	false	Avira URL Cloud: safe	unknown

Phishing

Phishing site detected (based on favicon image match)

Source: https://pivitai.net	Matcher: Template: microsoft matched with high similarity
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&sc	Matcher: Template: microsoft matched
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	Matcher: Template: microsoft matched
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	Matcher: Template: microsoft matched
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	Matcher: Template: microsoft matched

Suspicious PDF detected (based on various text indicators)

Source: Adobe Acrobat PDF

Found iframes

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: Iframe src: https://bdfdbdf.pivitai.net/owa/prefetch.aspx
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: Iframe src: https://bdfdbdf.pivitai.net/owa/prefetch.aspx

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

HTML page contains obfuscate script src

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok	HTTP Parser: Script src: data:text/javascript;base64,ZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcigiRE9NQ29udGVudExvYWRlZCIsKGZ1bmN0aW9uKCl7ZnVuY3Rpb24gZShlKXtyZXR1cm4gbmV3IFByb21pc2UoKHQ9Pntjb25zdCBuPWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoZSk7aWYobilyZXR1cm4gdChuKTtjb25zdCBvPW5ldyBNdXRhdGlvbk
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok	HTTP Parser: Script src: data:text/javascript;base64,ZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcigiRE9NQ29udGVudExvYWRlZCIsKGZ1bmN0aW9uKCl7ZnVuY3Rpb24gZShlKXtyZXR1cm4gbmV3IFByb21pc2UoKHQ9Pntjb25zdCBuPWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoZSk7aWYobilyZXR1cm4gdChuKTtjb25zdCBvPW5ldyBNdXRhdGlvbk
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_tok	HTTP Parser: Script src: data:text/javascript;base64,ZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcigiRE9NQ29udGVudExvYWRlZCIsKGZ1bmN0aW9uKCl7ZnVuY3Rpb24gZShlKXtyZXR1cm4gbmV3IFByb21pc2UoKHQ9Pntjb25zdCBuPWRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoZSk7aWYobilyZXR1cm4gdChuKTtjb25zdCBvPW5ldyBNdXRhdGlvbk
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

HTTP Parser: <input type="password" .../> found

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH	HTTP Parser: No favicon
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: No favicon
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: No favicon
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	HTTP Parser: No favicon
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	HTTP Parser: No favicon
Source: https://bdfdbdf.pivitai.net/owa/prefetch.aspx	HTTP Parser: No favicon

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.7.32:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.219.0.175:443 -> 192.168.2.17:49771 version: TLS 1.2

HTTP GET or POST without a user agent

Source: global traffic

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 152.199.4.44 152.199.4.44
Source: Joe Sandbox View	IP Address: 104.94.108.142 104.94.108.142
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 104.21.93.58 104.21.93.58

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.204.76.112

Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SkP4Hx1tLvaAHe8&MD=VM8OULnM HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF5XZwY-2B6xtEf4K-2F0OUqW9J0ZCgtiHnuKPgwO57BN4nbMytPQKOXIsVPbDdaBFDQtTyzoa5R25WwanU8fj5yZvqu-2B0aEG-2FQ4kSONuVxLFMM-2FqYS1MSJTaXLSNFuW4lt9FGNOi682M0ACrKV4PH6f0bRGoXVwDSky-2BmaGT29AW5EV3RuTchu-2Boru3Y4Wm16cjugy6y-2F2BOZGZgPXLOR-2FFuMVOmBKDWyrgq2GUQxylBbCGXaTxKLNXuzOh1ksEsgdWOGQpbxMyYTcDgeZTrmeDmO727fKFS9y56TUe-2B-2BoBxWffpolwRAl10klJE3e621FXqSu7J-2BoO4HtcqciqN2yEmVQDTZeOiI4bgA5aknYFJoRzj5hZU63gJGvvMRh8Tqehj6cDyF9iHzG2g-2ByPvGjv9-2BY2hfcC7pMyfhaUZcB007mefDydRUmf5iRpMEgHR9Sg2XT7F31nGyAVtnPUHLCd-2F0y5N0zs-2B-2B-2FZf3TppEDBz4F3-2F6x2TfixqzzHPJHmGaDqIEsVqDag0p1CiLubdh-2BQ9ZwrdhYiMWvARGXRC5xDGIds3LiaJ35XcsroyLybhVsqMnQF-2FGK3qBYg4qiYPmbojMT2hi6OKOruTks5dTxn7bWIIh9iyVhgVqKl911azwSXtdb0Tm9w-2Bm4xTESGeIWacX5XwsvgSZkTgnF2q1XheonEnppza3CcFNYhOKVzSKP-2BlzMVWdhorzfsmpCaugAN1ynPRWwMr3nCm27Kqi2LjVKPmnvGtSA-2BdPJFkoDN2x0HWjiJX4bj-2B5Qie7gT7SHJ30pvX8eXFRnjOdpRN2wQ-3D-3DLEZO_-2B9RHaNlJTuT8Wl45M2xpmvRCZtWd0m9fTP74dNraSGfMgLd3R9QIuzEYL9XI7ldyhHZWVscd7CKMBwn5KQO96mWzbN7-2F2q4GodMF-2Bp-2F1fPX3Lf0iglsshTS0TOMR7hthNJ2CQy9yjw1G5cYyoERctW7e1GyPFYDp6vYSDyV5A4-2BJeBVPfbAvVUxlDOpG6mXhHdLD4qO-2FeBdvvviJNlAFYkkSI7OxVaZQWre8K8FmsEFfFn3tBRDg2y1QkCQbkio5uQVBqj7YZNB-2BirBQxaWLq7mOy73heMnBdF8oJlaD0rwTWaaKAWVo4aiElmNs-2F03diU6TJ2RAZcvQxWsKaj6LQDKVxlH8MellZqpFF9oT00ELhes2kznJXgLyrqkuGkALM5d3zJow1npVj8EdzY-2B-2BnchbUD2q62tvI8AE-2B7kpMhX-2Br64oZOfhYphysBoCXInqXvm9-2F0Vvha-2FctJroCDCPBx2zfhffD0NbMi-2BZ1k3FbKz2fLKoH4Nx7qkPYmAD08JG HTTP/1.1Host: email.wantyourfeedback.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D HTTP/1.1Host: email.wantyourfeedback.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wlFGCNZO HTTP/1.1Host: dyjt.pivitai.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D HTTP/1.1Host: email.wantyourfeedback.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wlFGCNZO HTTP/1.1Host: dyjt.pivitai.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/ HTTP/1.1Host: bdfdbdf.pivitai.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH HTTP/1.1Host: dfgrt.pivitai.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js HTTP/1.1Host: wreg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UH&sso_reload=true HTTP/1.1Host: dfgrt.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UHAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d; esctx-3UthQiNWeYA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IBaozxtGlk9P_MZmIstVk93o4LiNrXf0bizuXBgbTY70owvrgpnWlSUx1zGJjIhc3Iunu-oKF4oU8rlO43wX8g0ruZ4KdBe8tJ0I7b7XGMikWIa8HWOF1zjbbBIYxjgiZWvk-fUQ1b7PgUm_UebpoyAA; fpc=Aklos_I7PTVNnQgzHKlcwXQ; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8NOyYEDa-V5afKvKYt4dy5p5NwnVj7EKdnpgsar5OU14_SrjYe1SvjEDghyftj1pHfqv-2Okr3H7w3gHZ2d_GzR_cqQTJpNCgvkCZJ8ndyBpEZqN6LODtSyHiSCwLAkP-zUp9VxBA7dSmn1WLsp4gh_FMnYbnTj6z4M0brj-a-b0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dfgrt.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2de7d3a2-b15a-b0a1-7d30-6f38e323fb09&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6&state=DctBFoAgCABRrddxSERBPA5WbFt2_Vj82U1OKe1hCxkjaUjTPgdPRiSsisSnXLo6rRt8ukEXr6D0NDBV55sIm0mO9yjvZ-UHAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d; esctx-3UthQiNWeYA=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8IBaozxtGlk9P_MZmIstVk93o4LiNrXf0bizuXBgbTY70owvrgpnWlSUx1zGJjIhc3Iunu-oKF4oU8rlO43wX8g0ruZ4KdBe8tJ0I7b7XGMikWIa8HWOF1zjbbBIYxjgiZWvk-fUQ1b7PgUm_UebpoyAA; fpc=Aklos_I7PTVNnQgzHKlcwXQ; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8NOyYEDa-V5afKvKYt4dy5p5NwnVj7EKdnpgsar5OU14_SrjYe1SvjEDghyftj1pHfqv-2Okr3H7w3gHZ2d_GzR_cqQTJpNCgvkCZJ8ndyBpEZqN6LODtSyHiSCwLAkP-zUp9VxBA7dSmn1WLsp4gh_FMnYbnTj6z4M0brj-a-b0gAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1Host: wreg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: dwqef.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=SkP4Hx1tLvaAHe8&MD=VM8OULnM HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: bdfdbdf.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d; ClientId=8838F4499FA6461C8518945BCAB542A3; OIDC=1; OpenIdConnect.nonce.v3.5UDRh8VSYItZsY0vZ-eA4eoOVm8MNLhbsrKXRDaCSHc=638497595002018025.6c8b42bd-f9fa-46f1-82e3-a88f5d2203a6; X-OWA-RedirectHistory=ArLym14B6VgJBC5m3Ag
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://dfgrt.pivitai.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: yukrtg.pivitai.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FAro=e6dedb1dd77bcca95c871ca26b83a96b988d4133bdab2407fbd6994c9d2c356d
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDgAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAZuJ96Lu0h17VTAAgmgHyOpH%2BMwz4ucSop2ZqBMCotRAsg0BS5RHRy%2BgEOGYmg8VUd5X6SUo499h2DUHa6gcQn4MetTK%2Bfn4hBtmHUx9Lg2BYERM5WL9hogNsGKt4e0pZXDvNv11/xBZ3e3VOzF%2B%2BTI73bdmzHezAWhzSiW5M42p8XVfHGnwEMsiAateRpZ4sI9pwPogwb/13Q9J1ayd/VaqH70VmGn3PbhWTLeM3Ex0OWFfKL29aYvR0Hy4gQxzQCR2yHx7LaefGuXdpppVGYDnGolP4eSf1Py9k777dJAf7okg3XLhHmWPhBYBhUrK5cj9pt5HR3pAIINtmJ05EWwDZgAACICuGgQQjhtHsAHovJPr14Gg3JvrD2VqavHRfhk14mK9mZcFn286dFVem7mVaB%2BpmHHS9X051LEAOvrces0AAYoINjrojQuzeELmUGPQT9DevMBr9ReoGPnmYOUTzsBMWa7RAveFpSEO2I/vCh5yuSNrzdyWsKYj9l0uDjxz2mipdvAUf0JGhOvMewHvOqWVFgDsJAWN/mnXxEoZrdyWlTgGPzJBAepKXu04C/Mk4HEUbHw94LriLJsMSnLbKEt9c/6L10z8hfEmpytfcY%2BPpM620snevvVELl9YUJ5tEoqDFlTF9hrW64Rw55mthbpzglu8N5YiQ6qFZO7Og6CHYAjMjwkaX7wziuGQrYxZG%2BKtkbZtqi7LtOSfBnJtVXg%2B/oe3QPv72/ph8TjzO9ADw%2BJPKMGyvWjmMM6Vh6P3n4xVVm/Wo8zvCx5O2tK0T86luLqRr9000wh0OYRs9BEAJ9Wfzm%2B4SMupFTF4/Yvjj4kEs6usnTHZyMsffFEceQakG2JETlARaCyHgXct8BfS0sml4KqIWFxE%2B%2BtgH1wqD3Jl0x4d3ZRZ2kRIXJfFp/xDZu1XB0jMKKKhjnDbAQ%3D%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1714162752User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 35388D629A864227A6FF8680AFC52667X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B

Source: global traffic	DNS traffic detected: DNS query: dyjt.pivitai.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: bdfdbdf.pivitai.net
Source: global traffic	DNS traffic detected: DNS query: dfgrt.pivitai.net
Source: global traffic	DNS traffic detected: DNS query: wreg.pivitai.net
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: yukrtg.pivitai.net
Source: global traffic	DNS traffic detected: DNS query: dwqef.pivitai.net
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

Source: global traffic

Source: DocuSign_Payapp#5_Pay_Requests.pdf	String found in binary or memory: http://email.wantyourfeedback.com/ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF
Source: chromecache_191.17.dr	String found in binary or memory: http://feross.org
Source: chromecache_187.17.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_197.17.dr, chromecache_204.17.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_197.17.dr, chromecache_204.17.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_201.17.dr	String found in binary or memory: https://device.dfgrt.pivitai.net
Source: chromecache_201.17.dr	String found in binary or memory: https://dfgrt.pivitai.net
Source: chromecache_191.17.dr, chromecache_184.17.dr, chromecache_197.17.dr, chromecache_204.17.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_201.17.dr	String found in binary or memory: https://login-us.microsoftonline.com
Source: chromecache_201.17.dr	String found in binary or memory: https://login.chinacloudapi.cn
Source: chromecache_201.17.dr	String found in binary or memory: https://login.microsoftonline.de
Source: chromecache_201.17.dr	String found in binary or memory: https://login.microsoftonline.us
Source: chromecache_201.17.dr	String found in binary or memory: https://login.partner.microsoftonline.cn
Source: chromecache_201.17.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_201.17.dr	String found in binary or memory: https://login.windows.net
Source: chromecache_201.17.dr	String found in binary or memory: https://logincert.microsoftonline.com
Source: chromecache_201.17.dr	String found in binary or memory: https://ujty.pivitai.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.7.32:443 -> 192.168.2.17:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.219.0.175:443 -> 192.168.2.17:49771 version: TLS 1.2

System Summary

Found potential malicious PDF (bad image similarity)

Source: DocuSign_Payapp#5_Pay_Requests.pdf

Static PDF information: Image stream: 12

Unable to load, office file is protected or invalid

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Source: classification engine

Classification label: mal76.phis.winPDF@31/105@26/9

Source: DocuSign_Payapp#5_Pay_Requests.pdf	Initial sample: http://email.wantyourfeedback.com/ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF5XZwY-2B6xtEf4K-2F0OUqW9J0ZCgtiHnuKPgwO57BN4nbMytPQKOXIsVPbDdaBFDQtTyzoa5R25WwanU8fj5yZvqu-2B0aEG-2FQ4kSONuVxLFMM-2FqYS1MSJTaXLSNFuW4lt9FGNOi682M0ACrKV4PH6f0bRGoXVwDSky-2BmaGT29AW5EV3RuTchu-2Boru3Y4Wm16cjugy6y-2F2BOZGZgPXLOR-2FFuMVOmBKDWyrgq2GUQxylBbCGXaTxKLNXuzOh1ksEsgdWOGQpbxMyYTcDgeZTrmeDmO727fKFS9y56TUe-2B-2BoBxWffpolwRAl10klJE3e621FXqSu7J-2BoO4HtcqciqN2yEmVQDTZeOiI4bgA5aknYFJoRzj5hZU63gJGvvMRh8Tqehj6cDyF9iHzG2g-2ByPvGjv9-2BY2hfcC7pMyfhaUZcB007mefDydRUmf5iRpMEgHR9Sg2XT7F31nGyAVtnPUHLCd-2F0y5N0zs-2B-2B-2FZf3TppEDBz4F3-2F6x2TfixqzzHPJHmGaDqIEsVqDag0p1CiLubdh-2BQ9ZwrdhYiMWvARGXRC5xDGIds3LiaJ35XcsroyLybhVsqMnQF-2FGK3qBYg4qiYPmbojMT2hi6OKOruTks5dTxn7bWIIh9iyVhgVqKl911azwSXtdb0Tm9w-2Bm4xTESGeIWacX5XwsvgSZkTgnF2q1XheonEnppza3CcFNYhOKVzSKP-2BlzMVWdhorzfsmpCaugAN1ynPRWwMr3nCm27Kqi2LjVKPmnvGtSA-2BdPJFkoDN2x0HWjiJX4bj-2B5Qie7gT7SHJ30pvX8eXFRnjOdpRN2wQ-3D-3DLEZO_-2B9RHaNlJTuT8Wl45M2xpmvRCZtWd0m9fTP74dNraSGfMgLd3R9QIuzEYL9XI7ldyhHZWVscd7CKMBwn5KQO96mWzbN7-2F2q4GodMF-2Bp-2F1fPX3Lf0iglsshTS0TOMR7hthNJ2CQy9yjw1G5cYyoERctW7e1GyPFYDp6vYSDyV5A4-2BJeBVPfbAvVUxlDOpG6mXhHdLD4qO-2FeBdvvviJNlAFYkkSI7OxVaZQWre8K8FmsEFfFn3tBRDg2y1QkCQbkio5uQVBqj7YZNB-2BirBQxaWLq7mOy73heMnBdF8oJlaD0rwTWaaKAWVo4aiElmNs-2F03diU6TJ2RAZcvQxWsKaj6LQDKVxlH8MellZqpFF9oT00ELhes2kznJXgLyrqkuGkALM5d3zJow1npVj8EdzY-2B-2BnchbUD2q62tvI8AE-2B7kpMhX-2Br64oZOfhYphysBoCXInqXvm9-2F0Vvha-2FctJroCDCPBx2zfhffD0NbMi-2BZ1k3FbKz2fLKoH4Nx7qkPYmAD08JG
Source: DocuSign_Payapp#5_Pay_Requests.pdf	Initial sample: http://email.wantyourfeedback.com/ls/click?upn=u001.kefinuywklssadlx7clhngjdvmuvho1aw1vm0ypuexgejfcf5xzwy-2b6xtef4k-2f0ouqw9j0zcgtihnukpgwo57bn4nbmytpqkoxisvpbddabfdqttyzoa5r25wwanu8fj5yzvqu-2b0aeg-2fq4ksonuvxlfmm-2fqys1msjtaxlsnfuw4lt9fgnoi682m0acrkv4ph6f0brgoxvwdsky-2bmagt29aw5ev3rutchu-2boru3y4wm16cjugy6y-2f2bozgzgpxlor-2ffumvombkdwyrgq2guqxylbbcgxatxklnxuzoh1ksesgdwogqpbxmyytcdgeztrmedmo727fkfs9y56tue-2b-2bobxwffpolwral10klje3e621fxqsu7j-2boo4htcqciqn2yemvqdtzeoii4bga5aknyfjorzj5hzu63gjgvvmrh8tqehj6cdyf9ihzg2g-2bypvgjv9-2by2hfcc7pmyfhauzcb007mefdydrumf5irpmeghr9sg2xt7f31ngyavtnpuhlcd-2f0y5n0zs-2b-2b-2fzf3tppedbz4f3-2f6x2tfixqzzhpjhmgadqiesvqdag0p1cilubdh-2bq9zwrdhyimwvargxrc5xdgids3liaj35xcsroylybhvsqmnqf-2fgk3qbyg4qiypmbojmt2hi6okorutks5dtxn7bwiih9iyvhgvqkl911azwsxtdb0tm9w-2bm4xtesgeiwacx5xwsvgszktgnf2q1xheonenppza3ccfnyhokvzskp-2blzmvwdhorzfsmpcaugan1ynprwwmr3ncm27kqi2ljvkpmnvgtsa-2bdpjfkodn2x0hwjijx4bj-2b5qie7gt7shj30pvx8exfrnjodprn2wq-3d-3dlezo_-2b9rhanljtut8wl45m2xpmvrcztwd0m9ftp74dnrasgfmgld3r9qiuzeyl9xi7ldyhhzwvscd7ckmbwn5kqo96mwzbn7-2f2q4godmf-2bp-2f1fpx3lf0iglsshts0tomr7hthnj2cqy9yjw1g5cyyoerctw7e1gypfydp6vysdyv5a4-2bjebvpfbavvuxldopg6mxhhdld4qo-2febdvvvijnlafykksi7oxvazqwre8k8fmsefffn3tbrdg2y1qkcqbkio5uqvbqj7yznb-2birbqxawlq7moy73hemnbdf8ojlad0rwtwaakawvo4aielmns-2f03diu6tj2razcvqxwskaj6lqdkvxlh8mellzqpff9ot00elhes2kznjxglyrqkugkalm5d3zjow1npvj8edzy-2b-2bnchbud2q62tvi8ae-2b7kpmhx-2br64ozofhyphysbocxinqxvm9-2f0vvha-2fctjrocdcpbx2zfhffd0nbmi-2bz1k3fbkz2flkoh4nx7qkpymad08jg

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 22-17-34-896.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\DocuSign_Payapp#5_Pay_Requests.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1624 --field-trial-handle=1548,i,17368980991378574226,11935322208934243998,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://email.wantyourfeedback.com/ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF5XZwY-2B6xtEf4K-2F0OUqW9J0ZCgtiHnuKPgwO57BN4nbMytPQKOXIsVPbDdaBFDQtTyzoa5R25WwanU8fj5yZvqu-2B0aEG-2FQ4kSONuVxLFMM-2FqYS1MSJTaXLSNFuW4lt9FGNOi682M0ACrKV4PH6f0bRGoXVwDSky-2BmaGT29AW5EV3RuTchu-2Boru3Y4Wm16cjugy6y-2F2BOZGZgPXLOR-2FFuMVOmBKDWyrgq2GUQxylBbCGXaTxKLNXuzOh1ksEsgdWOGQpbxMyYTcDgeZTrmeDmO727fKFS9y56TUe-2B-2BoBxWffpolwRAl10klJE3e621FXqSu7J-2BoO4HtcqciqN2yEmVQDTZeOiI4bgA5aknYFJoRzj5hZU63gJGvvMRh8Tqehj6cDyF9iHzG2g-2ByPvGjv9-2BY2hfcC7pMyfhaUZcB007mefDydRUmf5iRpMEgHR9Sg2XT7F31nGyAVtnPUHLCd-2F0y5N0zs-2B-2B-2FZf3TppEDBz4F3-2F6x2TfixqzzHPJHmGaDqIEsVqDag0p1CiLubdh-2BQ9ZwrdhYiMWvARGXRC5xDGIds3LiaJ35XcsroyLybhVsqMnQF-2FGK3qBYg4qiYPmbojMT2hi6OKOruTks5dTxn7bWIIh9iyVhgVqKl911azwSXtdb0Tm9w-2Bm4xTESGeIWacX5XwsvgSZkTgnF2q1XheonEnppza3CcFNYhOKVzSKP-2BlzMVWdhorzfsmpCaugAN1ynPRWwMr3nCm27Kqi2LjVKPmnvGtSA-2BdPJFkoDN2x0HWjiJX4bj-2B5Qie7gT7SHJ30pvX8eXFRnjOdpRN2wQ-3D-3DLEZO_-2B9RHaNlJTuT8Wl45M2xpmvRCZtWd0m9fTP74dNraSGfMgLd3R9QIuzEYL9XI7ldyhHZWVscd7CKMBwn5KQO96mWzbN7-2F2q4GodMF-2Bp-2F1fPX3Lf0iglsshTS0TOMR7hthNJ2CQy9yjw1G5cYyoERctW7e1GyPFYDp6vYSDyV5A4-2BJeBVPfbAvVUxlDOpG6mXhHdLD4qO-2FeBdvvviJNlAFYkkSI7OxVaZQWre8K8FmsEFfFn3tBRDg2y1QkCQbkio5uQVBqj7YZNB-2BirBQxaWLq7mOy73heMnBdF8oJlaD0rwTWaaKAWVo4aiElmNs-2F03diU6TJ2RAZcvQxWsKaj6LQDKVxlH8MellZqpFF9oT00ELhes2kznJXgLyrqkuGkALM5d3zJow1npVj8EdzY-2B-2BnchbUD2q62tvI8AE-2B7kpMhX-2Br64oZOfhYphysBoCXInqXvm9-2F0Vvha-2FctJroCDCPBx2zfhffD0NbMi-2BZ1k3FbKz2fLKoH4Nx7qkPYmAD08JG
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1760,i,4409796165917685690,4155670508853813645,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://email.wantyourfeedback.com/ls/click?upn=u001.KEFiNUywklssADlx7ClhNgjdvMuvho1aW1VM0ypUexGejfcF5XZwY-2B6xtEf4K-2F0OUqW9J0ZCgtiHnuKPgwO57BN4nbMytPQKOXIsVPbDdaBFDQtTyzoa5R25WwanU8fj5yZvqu-2B0aEG-2FQ4kSONuVxLFMM-2FqYS1MSJTaXLSNFuW4lt9FGNOi682M0ACrKV4PH6f0bRGoXVwDSky-2BmaGT29AW5EV3RuTchu-2Boru3Y4Wm16cjugy6y-2F2BOZGZgPXLOR-2FFuMVOmBKDWyrgq2GUQxylBbCGXaTxKLNXuzOh1ksEsgdWOGQpbxMyYTcDgeZTrmeDmO727fKFS9y56TUe-2B-2BoBxWffpolwRAl10klJE3e621FXqSu7J-2BoO4HtcqciqN2yEmVQDTZeOiI4bgA5aknYFJoRzj5hZU63gJGvvMRh8Tqehj6cDyF9iHzG2g-2ByPvGjv9-2BY2hfcC7pMyfhaUZcB007mefDydRUmf5iRpMEgHR9Sg2XT7F31nGyAVtnPUHLCd-2F0y5N0zs-2B-2B-2FZf3TppEDBz4F3-2F6x2TfixqzzHPJHmGaDqIEsVqDag0p1CiLubdh-2BQ9ZwrdhYiMWvARGXRC5xDGIds3LiaJ35XcsroyLybhVsqMnQF-2FGK3qBYg4qiYPmbojMT2hi6OKOruTks5dTxn7bWIIh9iyVhgVqKl911azwSXtdb0Tm9w-2Bm4xTESGeIWacX5XwsvgSZkTgnF2q1XheonEnppza3CcFNYhOKVzSKP-2BlzMVWdhorzfsmpCaugAN1ynPRWwMr3nCm27Kqi2LjVKPmnvGtSA-2BdPJFkoDN2x0HWjiJX4bj-2B5Qie7gT7SHJ30pvX8eXFRnjOdpRN2wQ-3D-3DLEZO_-2B9RHaNlJTuT8Wl45M2xpmvRCZtWd0m9fTP74dNraSGfMgLd3R9QIuzEYL9XI7ldyhHZWVscd7CKMBwn5KQO96mWzbN7-2F2q4GodMF-2Bp-2F1fPX3Lf0iglsshTS0TOMR7hthNJ2CQy9yjw1G5cYyoERctW7e1GyPFYDp6vYSDyV5A4-2BJeBVPfbAvVUxlDOpG6mXhHdLD4qO-2FeBdvvviJNlAFYkkSI7OxVaZQWre8K8FmsEFfFn3tBRDg2y1QkCQbkio5uQVBqj7YZNB-2BirBQxaWLq7mOy73heMnBdF8oJlaD0rwTWaaKAWVo4aiElmNs-2F03diU6TJ2RAZcvQxWsKaj6LQDKVxlH8MellZqpFF9oT00ELhes2kznJXgLyrqkuGkALM5d3zJow1npVj8EdzY-2B-2BnchbUD2q62tvI8AE-2B7kpMhX-2Br64oZOfhYphysBoCXInqXvm9-2F0Vvha-2FctJroCDCPBx2zfhffD0NbMi-2BZ1k3FbKz2fLKoH4Nx7qkPYmAD08JG	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1624 --field-trial-handle=1548,i,17368980991378574226,11935322208934243998,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1760,i,4409796165917685690,4155670508853813645,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.16.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: DocuSign_Payapp#5_Pay_Requests.pdf	Initial sample: PDF keyword /JS count = 0
Source: DocuSign_Payapp#5_Pay_Requests.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: DocuSign_Payapp#5_Pay_Requests.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

ID:	1432348
Product:	CloudBasic
Start time:	22:16:34
Start date:	26.04.2024
Sample:	DocuSign_Payapp#5_Pay_Requests.pdf
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	109a4241b4f0cbe21b8a0fe0a3611a42
SHA1:	cc65a971e44b131e31027a6320a002b04840e1f5
SHA256:	252bea4419f587bd99427d7080eeaccfb60e61cbf0d6b1024b45524746581c39
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	11E8386EC5031D37B6A1CB29C191A502	9AC65720F68E1AF689F56E8F14DC5C99873243F8	3F6120593FAE73BE3CCC4E62EBB931CBF30F106671AD33CBF5AE0588E87BD708
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)	ASCII text	11E8386EC5031D37B6A1CB29C191A502	9AC65720F68E1AF689F56E8F14DC5C99873243F8	3F6120593FAE73BE3CCC4E62EBB931CBF30F106671AD33CBF5AE0588E87BD708
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG	ASCII text	E62573978D744F3A5D3D888D82B212B1	D801AA2FE282468DFCF83F1FDB2054A45B33333E	19CCD437F6F641EF3E5FDF467DE094AF7FE9BDE48B3FF62CDF2BED1DCC5C3B11
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)	ASCII text	E62573978D744F3A5D3D888D82B212B1	D801AA2FE282468DFCF83F1FDB2054A45B33333E	19CCD437F6F641EF3E5FDF467DE094AF7FE9BDE48B3FF62CDF2BED1DCC5C3B11
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)	JSON data	9AC354BEF4E744B201FE5A190880A56B	BB8700F3DB9C9BEB87D8985846A071922419EBA4	B6680F7121CB6AD88523909A3A8EF3C4D06674D17B9709CD8C79EEC5B5AFF518
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\af91835e-fdc6-4238-b572-f41d693acf08.tmp	JSON data	9AC354BEF4E744B201FE5A190880A56B	BB8700F3DB9C9BEB87D8985846A071922419EBA4	B6680F7121CB6AD88523909A3A8EF3C4D06674D17B9709CD8C79EEC5B5AFF518
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log	data	4725D920CF89A72F91A2A646DCB9E225	8D63B858FF4EF83D1A063B3DB3DE18F1FA555F3D	6CCB549D7E904E75F6D50EC02508132012D7396D8B58B3E70BEA36FB52056715
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG	ASCII text	E9FBDDA2ECB9968C160FD468CFB6F263	3F95682E1B6EFF97A6AA1ABBA8B24B85E2895146	979C5CF76C106474FFA5F6D0E2D07008452A57762FDEC6223D5CE52853EC1C8D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)	ASCII text	E9FBDDA2ECB9968C160FD468CFB6F263	3F95682E1B6EFF97A6AA1ABBA8B24B85E2895146	979C5CF76C106474FFA5F6D0E2D07008452A57762FDEC6223D5CE52853EC1C8D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log	data	D91F747E992AFD31DC336E49E6FA4925	71F45B4F6FB5183E927D3510202A9AB7607A25C9	DB924F115FEB21B766B5A91C8137E0B7BCBAE4C91CB09AF79C4237254B9AD719
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG	ASCII text	C17977E4F76349978137575CF32585C8	886B9AEE5D83AD944C9446A6D40CF303626D3F6E	29A22DA4490823B7F712EEE34985CC3900130D5A3756875608A66461354A421C
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log	data	A05963DD9E2C7C3F13C18A9245AD5934	15A87493591860C6C22499DF3A705ACB3CB466BD	F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG	ASCII text	E61962FA40AC6A0EE0034DF96BAEA5DD	7F6DC1C55AA6060E5A85DB6F90D968F76E74B66C	C7AF6BB84CEEC8F6465D5E6A058042F56C6D553631D94F06BE9EF28D662D3C68
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426201737Z-192.bmp	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54	D745869B520BD3B02BDAD3CDCA9E6F7B	09AB17ABF3D0070F628BCACD7489E33EFCB03905	C5EDCF0FC647A0E77BDFDC479ED217F8D34A5B6352E5B825E724EDBC6E3ED9D8
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11	47BB215953E91777AE407123CB3170F7	A7FC3DF3664C60AB9951BE5B7DC9B3E817FA7CB0	9A71DE7F682E3AD4EE53140B8E430E872891FEC7A429DE1F4A8254B213C26315
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	35D147EBBF5EA69B24A11E0748906728	6A5C8895E4C48AC390C401107256B9684F8A4403	E1CF4FC06C03C0236C98AF83D73A3B68C355B195D04171F0851442FD013101E0
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID	JSON data	C8D3B7ABCFE1C708BB1A47E6C984CCA9	3D1B41708B795DA8572CF954607DF4C7FAC69BC0	A35BB515D619713A91E969FF7CC7078F63290EF02042CF6A274584747425A7F7
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface	JSON data	61F90A84A7ED261B8B3427AFF27524CE	A42ABBD66F3BDF7DEF1F7F4675E24F19E0438C02	58E94624C54E39F7CD79CD571AC0512C52AC46A1875BC3A3EFDA93EA9B80DFE7
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface	JSON data	42DD74D9E916841E2A46A17C45A88B25	8067849DD655D87C665DB2E2C8BF943C3090CA29	E621C59EC6E74538F521E02B32549117ACD3F66EF98ABB76399D9D0CA21E827D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD	JSON data	5847310A79E15329EF720A38ED1A66AA	D8C325F4C5EE70E18016AA1BCCB9D616CE24EA7F	EB47D2CD47723BB1CDC0B687F119F1D91AC829DF52C798868A90B6BA9AC0A675
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner	JSON data	90D8715ED15B3D6997DA05C5EE2ECE4B	BCD4815CEDDFAC856F0F9322A2D05F9FB04E15D9	B25AF7CAD9D00072BF489BEC86E9FF0E4AA82394ED3F6876775592CA382F7DB3
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner	JSON data	702BB3CAC9E1955BEA6565F66837D106	5F722F4E85BBAB08F50CAB6D94182502691A2A36	022324D8B5D40C8F540693AC82D7C2D39CFCF8745D4E59A7D97D35EA08E2A794
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention	JSON data	4DA3FA4EEECB9EC6901B03A62F2AD398	68FC6F2042E36098F56C120D1DEE4366D5DEE715	CE07A794DC73F8C77AF885F6240D3D2B636A53869E52FFC060AB28D21542B3C6
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner	JSON data	BE9FD0DEA5261838ACF765AE37A8CAC5	4DB31DDB81B294DC9F266B3FC9AFFCC078D4C890	9FB4E60CEB96290E0A450E2F86A5B9DEE811549AF317F43DDDE3B9F874E99C9C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner	JSON data	9623246C2BB68C1E5F3BBD7657C477D6	E115B2A56D1DB36E99644AA88B5522934D0A3052	CAA60D5CD325D5C9FC2C3F33422A74BFA547974885207CFF9BDB602C3736CE0F
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner	JSON data	AC1BF932D97BFB3044B7E837242FA6D6	9AE00D4C668B66FC1E9309E09E0F131BE299EEB1	293E05910B2DADA08C283499702C69355733501EF0C8038996C145B529DBCB0F
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner	JSON data	3B42E5837C35C4A2184E3C467F492BF4	6D8571E171AB38C72777B095B7F9DAF3DFB53ED4	16DC89B794F3269A18732CB4D635E5053676AB482BCBE802A7B4C624B5F87DE5
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner	JSON data	AFDB6500A68546E5866CAE0CBB328382	FB68F0FA68B7BB52EE9CC87FB7DCAACB2FE8FDD8	53C6E267F9183C337E7AE3D5FADE0990D96F30BD121A5ACADEF3D5732CCA68C1
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention	JSON data	6F01434DE23CBCA1F0588CC35AC28A05	D2A49C3A93ECFEB4F116B77CDE045F0FE74408FD	F6BC112C94E8B81E3026BDBC070D6ACB645F452467CDCF458F52EB7CBD327D57
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner	JSON data	7E050AE02ACFC524FC66F576D7E4EFD3	C39AD9FBB5AF8E2ABDE3D387F87F82997CA92436	AA3EAEE6C810574DC0C4727C00BBD318D3DBC6A09B7F1A757D6725793D74B1D7
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards	JSON data	D1CC2CE228D7D49E1DF448C120D2998A	273E48B6750B1F525E917CA30AEACEB850137084	21C807DDB56E49DEE5CA747D461329A90157B6EA876C42F9ED08C0C1AE4648D8
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020	JSON data	DBF165E182E552319A597925CDEF2044	0DADC36B851DEF56EDCD1507C4A90AAE5140B90D	0D1CD229E3518972581D7DF54E5677D7B7F0AE032D76982D45B655B191455DED
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json	JSON data	4E4E76539A34A34EC3276968AFFF53D0	132757348C8030F7E2C7DD2565E368ADFCC24A00	379DF341299900EF0F42BF1406E769CFE09CA0A36E6648E9F641D07A6C98FC33
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23	BE99D1E6CF04679A2DAC49779EDF6329	FE086BC1087A25587383A9EC4C927B1F8B19E6BA	6607FA8C8F0217BB7EC877F9B6876F40AD979ACF6CA8AE1D922A75E41F587D92
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal	SQLite Rollback Journal	9B18153EB90C916A5045E40AB3573916	1E79642D9E582F6315FBAF1B932810C54637C1BF	F5207688C76E01F2DA9299E9247657629C75C7E56C08A5B4AF72B672D9939C65
C:\Users\user\AppData\Local\Temp\MSI3eed1.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	DFEA0CFCED7EF1244DF9528D87CC80A8	8238344573CFAE8BA2DCFD803D13803A14BB6975	5A8BEE3171057B8FF4BC1BB9D2D595BDB173DEDF32CF6A8ED56880DCDFC9F76D
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 22-17-34-896.log	ASCII text, with very long lines (393)	06DEAEDB81D09FD8FB5FF668D8E09CB2	28A02BCBD5975117B97A08AFB049F2C94F334726	D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log	ASCII text, with very long lines (393), with CRLF line terminators	10E9281F83C8B600AAD623358E65525C	57EA15BC1EA7BD3E480A5F6098A3ED1D1E2A35DC	B9A00BFB4889C617892C4CD4EA91F68858A7A61BAB981ECA09B13B011B2094FD
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt	ASCII text, with CRLF line terminators	3EDF54B18D6206B85E52C6867755C5C6	DA66F4482F461F1F5FB4F7FC7684908BD7B12AF0	23BD873EBE8032078A90F2AA651CBBD317C2A8899D17CB089ACC9B166CD47B4E
C:\Users\user\AppData\Local\Temp\acrocef_low\4adc6533-3eb7-45bf-8260-c22c075a72e2.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081	A9C99A0DD153B23D2C4DC943CC1567B4	B7B59DEEA23EDB8F8868D28D6BD67B20B21AFC58	2BAC328B0024285F5D0CC1407253D2C82EF65770FE5538FDB5863E05837D96D9
C:\Users\user\AppData\Local\Temp\acrocef_low\5422d204-6a77-49e6-9d23-d695592ff518.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022	5C48B0AD2FEF800949466AE872E1F1E2	337D617AE142815EDDACB48484628C1F16692A2F	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
C:\Users\user\AppData\Local\Temp\acrocef_low\6e305fda-988e-4690-a300-abb1da93725c.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538	91BB1BDDBFEB3DE05BBF8C096F6D6F4C	727CEBB36C9825B03B21A966500FADF2EA8EE450	87CF49769653DAC0CF5971AAF4964F20E5E4D04AF2BBC6276E2B66EB2F0B6EEA
C:\Users\user\AppData\Local\Temp\acrocef_low\8a261583-5ac7-41fe-a3ff-3a2535e87da2.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932	5B21A6981E55EF9576D169BBED44BCDB	B3A14100B7E7C2C01D61B010A54937952D111E20	9555E661370D1DC26605DAE88BDBC1ABA68038C769BF6E354A256B1A1C4C110E
C:\Users\user\AppData\Local\Temp\acrocef_low\a7b402cf-c062-4cd2-9fbd-4644c848e093.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142	0A347312E361322436D1AF1D5145D2AB	1D6C06A274705F8A295F62AD90CF8CA27555C226	094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:18:14 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	E69BA919B8EA3FF7BB91D27A1DCBDC4A	5D6739828049D1DC00DC8FA1346B043CE410BB37	86B32960DB50CCB40F22911F4B20481D955EF357EA0A825F8A6DF0A626C923A5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:18:14 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	51F4A46640794329C838F1F3BF65EFF1	AD7E0A123A3BB3D2C5FFEC4443E8BDA67AE4679F	E58EDC041341A10462402BCCAB8A6A760BD6CB19C6E6C48AB898BFC3FF222B16
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	18520CF098C4848C4786D3CD8CB9B776	DB662609902C68A1FCD72A57328AA156D6438074	40A24701FF4135E55E374B1B51D181674A67463BB47349EFC6150FB97FA72C49
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:18:14 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	8D9B08B380671430F7925886299E14C2	DE4969961283AB86A87BFA0F77F31766C2FD0291	ADBC83FC2D0C4C20ABE8F4C6C1B8AB99B8A3EAFAE6F7A2B268D7770A525436AE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:18:14 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	3D2342C9A290EF00CDEBCCD8BF4A27BC	100FE30A997EF8E1B10FCE7C4BB260DF7BDEA4B2	FF2600A5034295DA94052D0F116EF038BDC537D12C4A301B7394DFFCAA1282C8
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 19:18:14 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	F02838E470F5E619FD99CEF854561D66	8211B4A608BEC814D194EFA9323E7410F53C3C7C	B9FB5710A0FC6E1FDF58E316B53056EBC52AA081BC238D56EAE4A9D3BE14ACA5
Chrome Cache Entry: 181	Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators	12204899D75FC019689A92ED57559B94	CCF6271C6565495B18C1CED2F7273D5875DBFB1F	39DAFD5ACA286717D9515F24CF9BE0C594DFD1DDF746E6973B1CE5DE8B2DD21B
Chrome Cache Entry: 182	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3	E58AAFC980614A9CD7796BEA7B5EA8F0	D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA	8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
Chrome Cache Entry: 183	Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators	D9E3D2CE0228D2A5079478AAE5759698	412F45951C6AEDA5F3DF2C52533171FC7BDD5961	7041D585609800051E4F451792AEC2B8BD06A4F2D29ED6F5AD8841AAE5107502
Chrome Cache Entry: 184	ASCII text, with very long lines (64612)	5B0E3778C74235B06DA49808DD8DF90A	AD25897B0870B81568412F55B19898E406CC11B3	7530B843A86F3155CE07CDA787A40DA87052664B09C22F3D4DB5E9238664DBE0
Chrome Cache Entry: 185	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 186	Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators	9786D38346567E5E93C7D03B06E3EA2D	23EF8C59C5C9AA5290865933B29C9C56AB62E3B0	263307E3FE285C85CB77CF5BA69092531CE07B7641BF316EF496DCB5733AF76C
Chrome Cache Entry: 187	Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators	761CE9E68C8D14F49B8BF1A0257B69D6	8CF5D714D35EFFA54F3686065CB62CCE028E2C77	BEAA65AD34340E61E9E701458E2CCFF8F9073FDEBBC3593A2C7EC8AFEACB69C1
Chrome Cache Entry: 188	PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced	8B36337037CFF88C3DF203BB73D58E41	1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E	E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
Chrome Cache Entry: 189	ASCII text, with no line terminators	9F9FA94F28FE0DE82BC8FD039A7BDB24	6FE91F82974BD5B101782941064BCB2AFDEB17D8	9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
Chrome Cache Entry: 190	ASCII text, with very long lines (994), with no line terminators	E2110B813F02736A4726197271108119	D7AC10CC425A7B67BF16DDA0AAEF1FEB00A79857	6D1BE7ED96DD494447F348986317FAF64728CCF788BE551F2A621B31DDC929AC
Chrome Cache Entry: 191	ASCII text, with very long lines (43896)	5252837FFA272234E1CBF2D3D83EF32C	CAA4E48A54A2B1CA09327E42F24F6031FDF21CDA	DF2E852C347ECF82F70A0C8A4B91713FBB0914D58F2CBAB01316BFE646ABEE7C
Chrome Cache Entry: 192	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 193	ASCII text, with very long lines (65536), with no line terminators	AF8D946B64D139A380CF3A1C27BDBEB0	C76845B6FFEAF14450795C550260EB618ABD60AB	37619B16288166CC76403F0B7DF6586349B2D5628DE00D5850C815D019B17904
Chrome Cache Entry: 194	ASCII text, with very long lines (61177)	D62B4EDEB512B07ABEF4688E27ECDDE3	981A7825DA5E29938AB6FE0CBFE2DB622F7B8333	4B01A0A34CE8ED4BC8A8713BE0442D49DA6A756236B7B4424622CA3DEE820F41
Chrome Cache Entry: 195	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 196	JPEG image data, baseline, precision 8, 1920x1080, components 3	7916A894EBDE7D29C2CC29B267F1299F	78345CA08F9E2C3C2CC9B318950791B349211296	D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
Chrome Cache Entry: 197	ASCII text, with very long lines (64616)	B83D2A085DA6F86FFA1E079AE0DC9480	C2032DF50E93BA51F1E926710739B8C796AA4E75	F2A6AEC6BD796879BE1868ADC44CA6E22BF7BBAC484E6A2A896F09B08463D41C
Chrome Cache Entry: 198	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 199	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3	E58AAFC980614A9CD7796BEA7B5EA8F0	D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA	8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
Chrome Cache Entry: 200	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 201	HTML document, ASCII text, with very long lines (2326), with CRLF line terminators	2C1C13537042D5BAB963343B5D7A86EC	F6471F9961BDA0CFCA50725ED284850B65671187	772D8D3D2D8931C0FF465BBCB9FD1D4F57016FA491E37874F1BB7881A58207CF
Chrome Cache Entry: 202	JPEG image data, baseline, precision 8, 1920x1080, components 3	7916A894EBDE7D29C2CC29B267F1299F	78345CA08F9E2C3C2CC9B318950791B349211296	D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
Chrome Cache Entry: 203	Unicode text, UTF-8 text, with very long lines (32153)	976055749170B7AF7B5F38AE857A56B2	E3D736B8BC648B97AA403A7283ED6985A6FCF6B2	190D2504B5C2EFE44DCE83474157D309A62DF8FA2B6BDF5D52B2CDDC1EB9E0D7
Chrome Cache Entry: 204	ASCII text, with very long lines (45563)	7A29681E178404D1BF531B75F82ADCC2	0AC449F1417FEFD69089B1993564B2C744C8AFE3	EC4CB8590AAD908F5950EE6214ECCA29D315BE43D59FFFBECC54B460BB1936C9
Chrome Cache Entry: 205	PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced	3EDA15637AFEAC6078F56C9DCC9BBDB8	97B900884183CB8CF99BA069EEDC280C599C1B74	68C66D144855BA2BC8B8BEE88BB266047367708C1E281A21B9D729B1FBD23429
Chrome Cache Entry: 206	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 207	PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced	8B36337037CFF88C3DF203BB73D58E41	1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E	E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898

Windows Analysis Report
DocuSign_Payapp#5_Pay_Requests.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report DocuSign_Payapp#5_Pay_Requests.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
DocuSign_Payapp#5_Pay_Requests.pdf