Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1

Overview

General Information

Sample URL:https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1
Analysis ID:1371679
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Downloads suspicious files via Chrome
Drops password protected ZIP file
Creates files inside the system directory
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 5056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 4716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2016,i,16021955280150430270,9218569801120598785,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • rundll32.exe (PID: 7108 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • Acrobat.exe (PID: 2808 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL01-GT01.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2712 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5160 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1592,i,12652318734232072329,13101468371483513775,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • Acrobat.exe (PID: 6568 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL01-GT01.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 5624 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 3608 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,18087792427896453930,11597101659364907411,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 173.222.162.58:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49725 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 13.67.144.177
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.84
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 13.67.144.177
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.58
Source: unknownTCP traffic detected without corresponding DNS query: 23.46.30.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.46.30.30
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.149&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.149Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1 HTTP/1.1Host: www.dropbox.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cd/0/get/CLASiPpXiwlMPNnFx7TE97uXPgWaMkengZhcwDwJzCB1GOiVIDmtNh3mY8uUttxDMkjQN9RnIjfVznWtWIIE1g4wot6pXweWqrnsa6CegMmXmjpzIuaTfSg41gepbcoVBqc8n6IFj0h96Gf80PSo9D9W/file?dl=1 HTTP/1.1Host: ucce5d67987d42bda8ae8696f13a.dl.dropboxusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lw+5d5FLtcZLsFU&MD=NP8Dn3kG HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lw+5d5FLtcZLsFU&MD=NP8Dn3kG HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: geo2.adobe.comConnection: keep-aliveAccept: application/jsonAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000002A9380B0BC HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownDNS traffic detected: queries for: www.dropbox.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 173.222.162.58:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.17:49725 version: TLS 1.2

System Summary

barindex
Downloads suspicious files via Chrome
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile dump: C:\Users\user\Downloads\pdf.zip (copy)Jump to dropped file
Drops password protected ZIP file
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_5056_1963378538Jump to behavior
Source: classification engineClassification label: mal48.win@44/66@14/10
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-01-09 10-03-41-084.logJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2016,i,16021955280150430270,9218569801120598785,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL01-GT01.pdf
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1592,i,12652318734232072329,13101468371483513775,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL01-GT01.pdf
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,18087792427896453930,11597101659364907411,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2016,i,16021955280150430270,9218569801120598785,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1592,i,12652318734232072329,13101468371483513775,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,18087792427896453930,11597101659364907411,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfgJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: pdf.zip.crdownload.0.drBinary or memory string: MWRdoQEMux
Source: pdf.zip.crdownload.0.drBinary or memory string: Vmci<

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		11
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Rundll32		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic Duplication1
Ingress Tool Transfer		Data DestructionVirtual Private ServerEmployee Names

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1371679 URL: https://www.dropbox.com/scl... Startdate: 09/01/2024 Architecture: WINDOWS Score: 48 32 www.google.com 2->32 48 Drops password protected ZIP file 2->48 50 Downloads suspicious files via Chrome 2->50 8 chrome.exe 20 2->8         started        12 Acrobat.exe 61 2->12         started        14 Acrobat.exe 65 2->14         started        16 rundll32.exe 2->16         started        signatures3 process4 dnsIp5 40 192.168.2.17, 443, 49715, 49716 unknown unknown 8->40 42 239.255.255.250 unknown Reserved 8->42 30 C:\Users\user\Downloads\pdf.zip (copy), Zip 8->30 dropped 18 chrome.exe 8->18         started        21 AcroCEF.exe 75 12->21         started        23 AcroCEF.exe 74 14->23         started        file6 process7 dnsIp8 34 www.google.com 142.250.191.164 GOOGLEUS United States 18->34 36 accounts.google.com 142.251.4.84, 443, 49715 GOOGLEUS United States 18->36 38 8 other IPs or domains 18->38 25 AcroCEF.exe 4 21->25         started        28 AcroCEF.exe 4 23->28         started        process9 dnsIp10 44 104.114.164.157 AKAMAI-ASUS United States 25->44 46 23.219.48.155 EPMTelecomunicacionesSAESPCO United States 28->46

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=10%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.251.4.84
truefalse
    		high
    edge-block-www-env.dropbox-dns.com
    		162.125.3.15
    		truefalse
      		unknown
      www-env.dropbox-dns.com
      		162.125.3.18
      		truefalse
        		unknown
        www.google.com
        		142.250.191.164
        		truefalse
          		high
          clients.l.google.com
          		172.217.1.110
          		truefalse
            		high
            clients1.google.com
            		unknown
            		unknownfalse
              		high
              clients2.google.com
              		unknown
              		unknownfalse
                		high
                www.dropbox.com
                		unknown
                		unknownfalse
                  		high
                  ucce5d67987d42bda8ae8696f13a.dl.dropboxusercontent.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.149&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
                      		high
                      https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1false
                        		high
                        https://clients1.google.com/tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000002A9380B0BCfalse
                          		high
                          https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            23.219.48.155
                            		unknownUnited States
                            		13489EPMTelecomunicacionesSAESPCOfalse
                            142.251.4.84
                            		accounts.google.comUnited States
                            		15169GOOGLEUSfalse
                            172.217.1.110
                            		clients.l.google.comUnited States
                            		15169GOOGLEUSfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            104.114.164.157
                            		unknownUnited States
                            		16625AKAMAI-ASUSfalse
                            162.125.3.18
                            		www-env.dropbox-dns.comUnited States
                            		19679DROPBOXUSfalse
                            172.217.2.46
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.191.164
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse
                            162.125.3.15
                            		edge-block-www-env.dropbox-dns.comUnited States
                            		19679DROPBOXUSfalse

                            Private

                            IP
                            192.168.2.17

                            General Information

                            Joe Sandbox version:38.0.0 Ammolite
                            Analysis ID:1371679
                            Start date and time:2024-01-09 10:02:08 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 4m 46s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                            Sample URL:https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:16
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal48.win@44/66@14/10
                            EGA Information:Failed
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 0
                            • Number of non-executed functions: 0

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                            • Excluded IPs from analysis (whitelisted): 172.217.1.99, 34.104.35.123, 23.52.42.49, 172.64.41.3, 162.159.61.3, 142.250.191.131, 23.220.246.13, 23.220.246.42, 50.16.47.176, 18.213.11.84, 54.224.241.105, 34.237.241.83, 3.219.243.226, 52.22.41.97, 52.6.155.20, 3.233.129.217
                            • Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
                            • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size exceeded maximum capacity and may have missing network information.

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASNs

                            No context

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.177342003262396
                            Encrypted:false
                            SSDEEP:6:HOcIKH9VOq2PsHO2nKuAl9OmbnIFUt8+OcIK2XZmw++OcIKhVkwOsHO2nKuAl9Oe:HOLvkHVHAahFUt8+O//++O2V51HVHAae
                            MD5:45B20375308B1B18F359AB545290139E
                            SHA1:23C2EDFB054FC77C3422B04A7345270BB5452203
                            SHA-256:C5069AEA4F953FEC693C22A3CF1B1CBD0B24F24EAA020379547EBB2A0F08F548
                            SHA-512:5AE475C526D788F06E9D411866345815300FD81709C0759A7C77D9D9E5A2A00855C270D026CF24D919C33A316F38F3F1C72CA7D5D33A6548385027220B21B6F9
                            Malicious:false
                            Reputation:low
                            Preview:2024/01/09-10:04:06.752 b80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/01/09-10:04:06.753 b80 Recovering log #3.2024/01/09-10:04:06.754 b80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.177342003262396
                            Encrypted:false
                            SSDEEP:6:HOcIKH9VOq2PsHO2nKuAl9OmbnIFUt8+OcIK2XZmw++OcIKhVkwOsHO2nKuAl9Oe:HOLvkHVHAahFUt8+O//++O2V51HVHAae
                            MD5:45B20375308B1B18F359AB545290139E
                            SHA1:23C2EDFB054FC77C3422B04A7345270BB5452203
                            SHA-256:C5069AEA4F953FEC693C22A3CF1B1CBD0B24F24EAA020379547EBB2A0F08F548
                            SHA-512:5AE475C526D788F06E9D411866345815300FD81709C0759A7C77D9D9E5A2A00855C270D026CF24D919C33A316F38F3F1C72CA7D5D33A6548385027220B21B6F9
                            Malicious:false
                            Reputation:low
                            Preview:2024/01/09-10:04:06.752 b80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/01/09-10:04:06.753 b80 Recovering log #3.2024/01/09-10:04:06.754 b80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF535abe.TMP (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.177342003262396
                            Encrypted:false
                            SSDEEP:6:HOcIKH9VOq2PsHO2nKuAl9OmbnIFUt8+OcIK2XZmw++OcIKhVkwOsHO2nKuAl9Oe:HOLvkHVHAahFUt8+O//++O2V51HVHAae
                            MD5:45B20375308B1B18F359AB545290139E
                            SHA1:23C2EDFB054FC77C3422B04A7345270BB5452203
                            SHA-256:C5069AEA4F953FEC693C22A3CF1B1CBD0B24F24EAA020379547EBB2A0F08F548
                            SHA-512:5AE475C526D788F06E9D411866345815300FD81709C0759A7C77D9D9E5A2A00855C270D026CF24D919C33A316F38F3F1C72CA7D5D33A6548385027220B21B6F9
                            Malicious:false
                            Reputation:low
                            Preview:2024/01/09-10:04:06.752 b80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/01/09-10:04:06.753 b80 Recovering log #3.2024/01/09-10:04:06.754 b80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):335
                            Entropy (8bit):5.095976023023258
                            Encrypted:false
                            SSDEEP:6:HOcIKZli+q2PsHO2nKuAl9Ombzo2jMGIFUt8+OcIK3Zmw++OcIKeVkwOsHO2nKuA:HOgli+vkHVHAa8uFUt8+Oa/++OPV51HW
                            MD5:AB2C1961ADC289A6972AA6AB52500EB2
                            SHA1:D6560E467C69AA3814F3F4274906F6BB9CC2CC27
                            SHA-256:A07D7ABE8DAB82013E71F42485988341BD59383BED17DEB08A26263DA8EAE2C4
                            SHA-512:472664D7C765B15527B3A0BADFCC702AD4461E598EC42B015B386219D7855DEC7D53CFE083BAFC3BD4D93B1F0DE1CDA16714CBD69D873EB6D6DCEDA6AD4308D0
                            Malicious:false
                            Reputation:low
                            Preview:2024/01/09-10:04:06.918 bbc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/01/09-10:04:06.920 bbc Recovering log #3.2024/01/09-10:04:06.921 bbc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):335
                            Entropy (8bit):5.095976023023258
                            Encrypted:false
                            SSDEEP:6:HOcIKZli+q2PsHO2nKuAl9Ombzo2jMGIFUt8+OcIK3Zmw++OcIKeVkwOsHO2nKuA:HOgli+vkHVHAa8uFUt8+Oa/++OPV51HW
                            MD5:AB2C1961ADC289A6972AA6AB52500EB2
                            SHA1:D6560E467C69AA3814F3F4274906F6BB9CC2CC27
                            SHA-256:A07D7ABE8DAB82013E71F42485988341BD59383BED17DEB08A26263DA8EAE2C4
                            SHA-512:472664D7C765B15527B3A0BADFCC702AD4461E598EC42B015B386219D7855DEC7D53CFE083BAFC3BD4D93B1F0DE1CDA16714CBD69D873EB6D6DCEDA6AD4308D0
                            Malicious:false
                            Reputation:low
                            Preview:2024/01/09-10:04:06.918 bbc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/01/09-10:04:06.920 bbc Recovering log #3.2024/01/09-10:04:06.921 bbc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old~RF535b5b.TMP (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):335
                            Entropy (8bit):5.095976023023258
                            Encrypted:false
                            SSDEEP:6:HOcIKZli+q2PsHO2nKuAl9Ombzo2jMGIFUt8+OcIK3Zmw++OcIKeVkwOsHO2nKuA:HOgli+vkHVHAa8uFUt8+Oa/++OPV51HW
                            MD5:AB2C1961ADC289A6972AA6AB52500EB2
                            SHA1:D6560E467C69AA3814F3F4274906F6BB9CC2CC27
                            SHA-256:A07D7ABE8DAB82013E71F42485988341BD59383BED17DEB08A26263DA8EAE2C4
                            SHA-512:472664D7C765B15527B3A0BADFCC702AD4461E598EC42B015B386219D7855DEC7D53CFE083BAFC3BD4D93B1F0DE1CDA16714CBD69D873EB6D6DCEDA6AD4308D0
                            Malicious:false
                            Reputation:low
                            Preview:2024/01/09-10:04:06.918 bbc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/01/09-10:04:06.920 bbc Recovering log #3.2024/01/09-10:04:06.921 bbc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6a9b503d-876e-43f8-8ecd-18b1156971ce.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:modified
                            Size (bytes):476
                            Entropy (8bit):4.976412843151953
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqFCtsBdOg2HGcaq3QYiubEP7E4T3y:Y2sRds3OdMH53QYhbY7nby
                            MD5:5391A82E5A99667040552FE42F49632D
                            SHA1:E717F51437F323DE57A1B8B9171E232220B71820
                            SHA-256:373230CCBF70CB890EF1AB2D01017F37BF8D2F63AB24F1274F7568BC98DB4DCE
                            SHA-512:5554200F09F6D3A13FA04E8D51BFFD2C89C3BD82AD522C0F7A26A14E1F4F2476C7F3E9079C5AA02ADC9921550AEAFD1A03C25F815AE74408A1EE0EB2F2EFC908
                            Malicious:false
                            Reputation:low
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13349351022819487","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":109165},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8da94090-dfd0-4d16-82d7-36a5c741b07f.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:modified
                            Size (bytes):476
                            Entropy (8bit):4.97580256152285
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqFCtsBdOg2HGcaq3QYiubEP7E4TX:Y2sRds3OdMH53QYhbY7n7
                            MD5:87C20107734AB82FEE2015B403840828
                            SHA1:1F913FB56C03DB97DD80CE9A2E0DF836DC4AA022
                            SHA-256:59096458DEF357023CCAAB066ABC8732BEF006F8D4E12EAC14A98AD7703548A5
                            SHA-512:8A8A75481A1B384957B968D664912CC5562E81F34F601102583A17CD599C8447E13AA0D9F92BCA264283735FCDA7272F1F4DB6B52F33DB0E8C056F1884866E2B
                            Malicious:false
                            Reputation:low
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13349351022819487","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":109165},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):476
                            Entropy (8bit):4.976412843151953
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqFCtsBdOg2HGcaq3QYiubEP7E4T3y:Y2sRds3OdMH53QYhbY7nby
                            MD5:5391A82E5A99667040552FE42F49632D
                            SHA1:E717F51437F323DE57A1B8B9171E232220B71820
                            SHA-256:373230CCBF70CB890EF1AB2D01017F37BF8D2F63AB24F1274F7568BC98DB4DCE
                            SHA-512:5554200F09F6D3A13FA04E8D51BFFD2C89C3BD82AD522C0F7A26A14E1F4F2476C7F3E9079C5AA02ADC9921550AEAFD1A03C25F815AE74408A1EE0EB2F2EFC908
                            Malicious:false
                            Reputation:low
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13349351022819487","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":109165},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF53970c.TMP (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):476
                            Entropy (8bit):4.976412843151953
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqFCtsBdOg2HGcaq3QYiubEP7E4T3y:Y2sRds3OdMH53QYhbY7nby
                            MD5:5391A82E5A99667040552FE42F49632D
                            SHA1:E717F51437F323DE57A1B8B9171E232220B71820
                            SHA-256:373230CCBF70CB890EF1AB2D01017F37BF8D2F63AB24F1274F7568BC98DB4DCE
                            SHA-512:5554200F09F6D3A13FA04E8D51BFFD2C89C3BD82AD522C0F7A26A14E1F4F2476C7F3E9079C5AA02ADC9921550AEAFD1A03C25F815AE74408A1EE0EB2F2EFC908
                            Malicious:false
                            Reputation:low
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13349351022819487","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":109165},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):7164
                            Entropy (8bit):5.244020332792447
                            Encrypted:false
                            SSDEEP:192:TUi8h+F8Aj8DRCGwtqzmsLnNreR2ZpjRe4I8qr9jnNI92D3jC+3ETKEAE8HM+C4T:jX8eQd2T
                            MD5:89D34EEA5B835C3A25B39B1DD2F86AD4
                            SHA1:22F605E5DF290D29926EF0DA6613117B7D4D4485
                            SHA-256:F16CBD957594CE2ECF29F5296929D3272FFCFD5B90E1C128ABBA66D4B29C6BDD
                            SHA-512:0859C1B902C84DAB939090D95FFBD4AF6ABF8A694575EEB89911FFE9AD27BDCF97E327CA8FD1D21E6D08C2D0477B7164446812316109F15CCB788AD0C8E640A9
                            Malicious:false
                            Reputation:low
                            Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):323
                            Entropy (8bit):5.106319095985214
                            Encrypted:false
                            SSDEEP:6:HOcIKmji+q2PsHO2nKuAl9OmbzNMxIFUt8+OcIKmSlGXZmw++OcIKmHiVkwOsHOS:HOE+vkHVHAa8jFUt8+O0m/++OgV51HVv
                            MD5:E6AF6D63383D7DDF24DE0930AA180266
                            SHA1:FCD1759EA4B8CBEEC8B5752E0BF4A8053FAD3920
                            SHA-256:81AFB6A2B15E6F413E0179AE825A003CE3EE7067719E4FF20CFBC1AF15C49195
                            SHA-512:13CD9208C95D670E64760FB16886C78C5C7DDC79C9E4A17D0789E95C62A43BFA4E81D88FE05576E330E95FE3A35E59FFC549675CD0AD512DDA102A216DF90192
                            Malicious:false
                            Reputation:low
                            Preview:2024/01/09-10:04:07.084 bbc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/01/09-10:04:07.087 bbc Recovering log #3.2024/01/09-10:04:07.088 bbc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):323
                            Entropy (8bit):5.106319095985214
                            Encrypted:false
                            SSDEEP:6:HOcIKmji+q2PsHO2nKuAl9OmbzNMxIFUt8+OcIKmSlGXZmw++OcIKmHiVkwOsHOS:HOE+vkHVHAa8jFUt8+O0m/++OgV51HVv
                            MD5:E6AF6D63383D7DDF24DE0930AA180266
                            SHA1:FCD1759EA4B8CBEEC8B5752E0BF4A8053FAD3920
                            SHA-256:81AFB6A2B15E6F413E0179AE825A003CE3EE7067719E4FF20CFBC1AF15C49195
                            SHA-512:13CD9208C95D670E64760FB16886C78C5C7DDC79C9E4A17D0789E95C62A43BFA4E81D88FE05576E330E95FE3A35E59FFC549675CD0AD512DDA102A216DF90192
                            Malicious:false
                            Reputation:low
                            Preview:2024/01/09-10:04:07.084 bbc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/01/09-10:04:07.087 bbc Recovering log #3.2024/01/09-10:04:07.088 bbc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old~RF535c06.TMP (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):323
                            Entropy (8bit):5.106319095985214
                            Encrypted:false
                            SSDEEP:6:HOcIKmji+q2PsHO2nKuAl9OmbzNMxIFUt8+OcIKmSlGXZmw++OcIKmHiVkwOsHOS:HOE+vkHVHAa8jFUt8+O0m/++OgV51HVv
                            MD5:E6AF6D63383D7DDF24DE0930AA180266
                            SHA1:FCD1759EA4B8CBEEC8B5752E0BF4A8053FAD3920
                            SHA-256:81AFB6A2B15E6F413E0179AE825A003CE3EE7067719E4FF20CFBC1AF15C49195
                            SHA-512:13CD9208C95D670E64760FB16886C78C5C7DDC79C9E4A17D0789E95C62A43BFA4E81D88FE05576E330E95FE3A35E59FFC549675CD0AD512DDA102A216DF90192
                            Malicious:false
                            Reputation:low
                            Preview:2024/01/09-10:04:07.084 bbc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/01/09-10:04:07.087 bbc Recovering log #3.2024/01/09-10:04:07.088 bbc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                            Category:dropped
                            Size (bytes):86016
                            Entropy (8bit):4.444503706097613
                            Encrypted:false
                            SSDEEP:384:yeZci5ttiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:FGs3OazzU89UTTgUL
                            MD5:6B11D219F12C57FC084AFC94AC29A879
                            SHA1:F041FEA7D8FBDA1436C2F17B8D2AEDE598247FC6
                            SHA-256:197B18D2B709B13E2D71EEE72B1EA7D49C5C5A07D009326130BB46F864A460A8
                            SHA-512:9E486F450316C757E3E607EBE185213A5C1915BDDD382692AD8F202CCC872588A948F3D59F36195801994A42CAEE273BAE92DFAFEAF3CA35D782C42575DB71C6
                            Malicious:false
                            Reputation:low
                            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite Rollback Journal
                            Category:dropped
                            Size (bytes):8720
                            Entropy (8bit):3.770900507793078
                            Encrypted:false
                            SSDEEP:48:7MAJioyVyioy4oy1C7oy16oy1oKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1OY:77JuyI3XjBiXb9IVXEBodRBkj
                            MD5:4C6872702A566833E6E792AF40A028FA
                            SHA1:E1225F5BDA3AC8E1DA34AA48970895DBB95A90EA
                            SHA-256:F9E1633E56529A83CBF2168A8DC50463EC8A16268AA033A08301767EC94CA700
                            SHA-512:C94B7F2041A3D649FCEAA4F117B893816702F31CAED7749F567313960EC9756D9AD625966D96AEDDFB701F5152854F33A87145168295AD1CC80CC317FC02946A
                            Malicious:false
                            Reputation:low
                            Preview:.... .c.....>.|................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):1233
                            Entropy (8bit):5.233980037532449
                            Encrypted:false
                            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                            MD5:8BA9D8BEBA42C23A5DB405994B54903F
                            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                            Malicious:false
                            Reputation:low
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4092

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):1233
                            Entropy (8bit):5.233980037532449
                            Encrypted:false
                            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                            MD5:8BA9D8BEBA42C23A5DB405994B54903F
                            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                            Malicious:false
                            Reputation:low
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6160

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):185099
                            Entropy (8bit):5.182478651346149
                            Encrypted:false
                            SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                            MD5:94185C5850C26B3C6FC24ABC385CDA58
                            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                            Malicious:false
                            Reputation:low
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):1233
                            Entropy (8bit):5.233980037532449
                            Encrypted:false
                            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                            MD5:8BA9D8BEBA42C23A5DB405994B54903F
                            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                            Malicious:false
                            Reputation:low
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):10880
                            Entropy (8bit):5.214360287289079
                            Encrypted:false
                            SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                            MD5:B60EE534029885BD6DECA42D1263BDC0
                            SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                            SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                            SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                            Malicious:false
                            Reputation:low
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.4092

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):10880
                            Entropy (8bit):5.214360287289079
                            Encrypted:false
                            SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                            MD5:B60EE534029885BD6DECA42D1263BDC0
                            SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                            SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                            SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                            Malicious:false
                            Reputation:low
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):259864
                            Entropy (8bit):3.202660492858591
                            Encrypted:false
                            SSDEEP:1536:WpKP7iyzDtrh1cK3XEiv07VC/3AYvYwgn7rRo7+sn:AKP5T/3AYvYwg7Fo7+sn
                            MD5:BE9BCC8BB2DB177C5D0157BDE4A1D3FE
                            SHA1:31836566F2EBE2EB88519AA3771D24DB439D9457
                            SHA-256:19D825CC20881511801CAA8DD9107805442C3B7685AF39FF16944287482659AD
                            SHA-512:6BB9C6B2AD532D72F5B5D687B8D9F04CFBB4DFC62294283DCE484928F20BCAFD21E61798F303FA3CF7288B10CF0F4A6AC2B83E17C55BE9E819A9960ABF61BDCE
                            Malicious:false
                            Reputation:low
                            Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):295
                            Entropy (8bit):5.329714089878129
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX5Cni+mW/jx6mJ0YsWoAvJM3g98kUwPeUkwRe9:YvXKX5SaW/jx6mItGMbLUkee9
                            MD5:B399BF0BD8DDB43960944AD3971EE10D
                            SHA1:6A093829A890662B5691DA9E4A239EE268020E39
                            SHA-256:E279FD73FB2FA91DF78C4C83EC186220FC3281A9EEB8E037A050213E189C47D9
                            SHA-512:99EEDBAFDC298FF54567755CD6C36A6701497016A7157E5DDAE4C72FD96B5BDADB346765234A5C05A6D33F748B87E7C199C3F7FEC2CC33C1EB64F638D0FFA6F9
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):294
                            Entropy (8bit):5.276379728321621
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX5Cni+mW/jx6mJ0YsWoAvJfBoTfXpnrPeUkwRe9:YvXKX5SaW/jx6mItGWTfXcUkee9
                            MD5:FC18E3B135FE499F3319B7BBBF7E0A54
                            SHA1:2C860D3FE066B21D8BC3A1C124175187CE6EC2B2
                            SHA-256:0A5EB29561AA103FBCEEA33DDEDC8A6ECDB7F239FC585E13939652C1AF76FAB7
                            SHA-512:DB0D2E0342D73FE3A62DB5425FB70E7C72E53506FA2C739DFAB32D1419E769F37B32F075921C567989AD0F892406DF48F440EE232314437339B0EB2172981DE0
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):294
                            Entropy (8bit):5.2549280448476265
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX5Cni+mW/jx6mJ0YsWoAvJfBD2G6UpnrPeUkwRe9:YvXKX5SaW/jx6mItGR22cUkee9
                            MD5:F31881BE52FDCBA27E8A8A56C67F8534
                            SHA1:FF9181200E6678C1B4B8D08B649EB7B84063305D
                            SHA-256:DE1323C27A49FF0C27C56D355644EC8288A1921688EB0ED0EB95E72BA3E4DF12
                            SHA-512:3E4F3E38E77EF2AFCD271840DE3AB785D8D021F627900FB3BB7A3A6FBA6380C427330A94E839BFDBDCF292B361554C1D894F9A3216C51762FAA0D3B311816B13
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):285
                            Entropy (8bit):5.314629896573595
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX5Cni+mW/jx6mJ0YsWoAvJfPmwrPeUkwRe9:YvXKX5SaW/jx6mItGH56Ukee9
                            MD5:9A145DADDDA3922B13A671CEA53964C9
                            SHA1:60C8EC5E6A30E5409D444E02B9185DB8ACCB9059
                            SHA-256:3B6C4D033DE30B2E5D02639372294D51DD2B1AFC398374B65EFD868EC0F3E272
                            SHA-512:D1C9FFFCA47FA6BD6ABAFC2E2DF480AF7372AB437FC8AEE5608EEA1E68812E3DEA8BC7F9D6D113F47AFFB21800C3818FAA2196A68F698AE5487E649EBB62CCC4
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1255
                            Entropy (8bit):5.694815250462625
                            Encrypted:false
                            SSDEEP:24:Yv6X5St/d65SpLgEsv4ce3KnctSrymTBcu14wChluBks8ctq3HIP:YvZt8EhgnvjRrNTB5OJhABks8c2He
                            MD5:2693BB7A4D453E145BB843F9DB3511CD
                            SHA1:452230BD8F920FDAB08AD5C4DE138FA8261BE6DD
                            SHA-256:FAFF968A2C8E99CBEB5ED08D97BE9FC7E14B71B06E1524C40EE0020446D8663B
                            SHA-512:C9C02CC2498202BE2166914512ACB550B6AD91DC7CC8EA88D81B272F8A03F344584D1EA4ECCB934969AB9E28658B266CDEDAEDC8C5A0FE2FD1C01A2F16429F64
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_0","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"f7fa0e9f-7d25-4321-b719-c501bbb8a162","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJDb252ZXJ0IGZpbGVzIHRvIGFuZCBmcm9tIFBERiBcbndpdGhvdXQgbGltaXRzLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5k

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1250
                            Entropy (8bit):5.704657079332331
                            Encrypted:false
                            SSDEEP:24:Yv6X5St/d65UVLgEsy4c19ZrGmTBcu14wCh5rgos8ctq3HIe:YvZt8eFgnyl9ZrBTB5OJhFgos8c2HP
                            MD5:84E979119775C4922703DFEBFB239179
                            SHA1:088CB1A707E5ED3897D06E4F0918AA370381548E
                            SHA-256:AB662EFD3D656B1F39DB0B8FA7560EFDF76BD036B740EF07EEF4601122FCB583
                            SHA-512:06C366E78889C18A11757A13A36AF6CADC9747B239699FA70F60FBAE729B8B7F85C3F994E1284C05E6C996FE5659B60A97C2B15596ABEC793928EFD14C47A482
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_1","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"250f56c6-2d66-4fca-8033-eabbd2bc9951","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJDb252ZXJ0LCBlZGl0IGFuZCBlLXNpZ24gUERGXG4gZm9ybXMgJiBhZ3JlZW1lbnRzLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5kX2Nvb

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):292
                            Entropy (8bit):5.268052178058506
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX5Cni+mW/jx6mJ0YsWoAvJfQ1rPeUkwRe9:YvXKX5SaW/jx6mItGY16Ukee9
                            MD5:F1F0EE4B849A773147BE56E0D5D404D5
                            SHA1:BEC38323B471C572C39873238C8A0DB42523407D
                            SHA-256:FD493447EA7451B89F77E16B209CC6617765ABC0D5D15723CABA22DE1F4627BB
                            SHA-512:D130BAEE983E6A8CB2C9EF339F9709488726C875851BE8A5E0994C665ED9DF3FD98113D8BFC303153393B9B3E9E2AD21D59815C9904CCF47896F04C666B7C4AD
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1230
                            Entropy (8bit):5.6879565642642405
                            Encrypted:false
                            SSDEEP:24:Yv6X5St/d6552LgEsk4ccVrhmTBcu14wChds8ctq3HIe:YvZt8rognkMVrYTB5OJhds8c2HP
                            MD5:AE09FFA3172213B538E063D76959A39D
                            SHA1:53937606F9FC21E9EDA6DB1E19621614674C40D2
                            SHA-256:4ECEE780291F187C4029B5CC6356B3E9130676A584B465C9BE5980E885AEC2AA
                            SHA-512:82254595A9C57F54A479E0952B4DDD67C6C18D9E546C3C284D79682385D57BA047325619B623456795F730649E8F078BEB982097DA799C6C7E5AF66E78BF7892
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_3","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"07caa165-20a7-4c5f-adf8-061ef3d98af3","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5kX2NvbG9yX2RhcmtfdGhlbWUiO

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1368
                            Entropy (8bit):5.748203407946342
                            Encrypted:false
                            SSDEEP:24:Yv6X5St/d65JKLgEGcooZbq0jCaBrwJoZct5uWaHbX3HIP:YvZt8nEgNoNtlSJEc3uWaHbHHe
                            MD5:F2316FFB7D5EB4997A2DAF57C045E3EE
                            SHA1:5FDD6426596D919256B19F9EE533F25B72571F13
                            SHA-256:069C81F8587A87FACE56299642CF14BA130830BFCF1820FCDAA4138392834246
                            SHA-512:228AE9FB465CB3CEF3BB58ED889019A16DACE0B3DCD1C8750E5F31362531FFB2D27B50F2515D8F226BACBD9C308DEC211DE28D138485C88C0079F18E795F08ED
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"70654_217714ActionBlock_0","campaignId":70654,"containerId":"1","controlGroupId":"","treatmentId":"692283b7-dc9d-4f79-9ee2-bccf324c2980","variationId":"217714"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNyIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTEiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBhbGwgUERGIGFuZCBlLXNpZ25pbmcgdG9vbHMuIiwiYmFja2d

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):289
                            Entropy (8bit):5.273082059428279
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX5Cni+mW/jx6mJ0YsWoAvJfYdPeUkwRe9:YvXKX5SaW/jx6mItGg8Ukee9
                            MD5:1293D98145F0FC9978F204F2A6EF2A47
                            SHA1:343124E691F3AC4029DCD822D8F39073D0E80CB3
                            SHA-256:B2AACAE0F5E5B4B35F62139F97B63E627A70B0A6A2878CB7D29ED9111CE77BFF
                            SHA-512:2EFC285E9BBC1FAE4F3A43552910C761A497CACA8DF46483223B0A23A7D18D2828D33D93C008C90384CD2DEB9875CFE5268B88BE3F57DD43FB30124B7C8125EF
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1395
                            Entropy (8bit):5.773599493544379
                            Encrypted:false
                            SSDEEP:24:Yv6X5St/d65krLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNHP:YvZt86HgDv3W2aYQfgB5OUupHrQ9FJB
                            MD5:B62375CA254F38F3ED307E327000C610
                            SHA1:BB26AAA29336E423F614FD008A62B8119EEAEFB1
                            SHA-256:63E4D931729AC7CD172B3E5B4922275EA6105953BFBB1F2BB4648F19A26A140C
                            SHA-512:E78A63C01322CE69085269A0A4958625BC949DF84D6E7E299F612D5F111FA00046B410003184A4A4B153FD85F49C6D9C8CD6A7BA4ECA89D8942EB34E8DBAAC4A
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.256814160130127
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX5Cni+mW/jx6mJ0YsWoAvJfbPtdPeUkwRe9:YvXKX5SaW/jx6mItGDV8Ukee9
                            MD5:FEF465A496BED7CC6B3F52206FEA8D3F
                            SHA1:C9F93BDC615C880C0B0455EFE06A26348B0CC7A1
                            SHA-256:0529C49FA600F80A14979BCEF96D021373A1630BEBB0FAECC4E8C4A99C5896F3
                            SHA-512:7BAB6B51DDED789C39A9D19C6F95094D1145551A6BAECA5552CB21DE28E48FAE61B3BEACCD2E10CD660EEFE868E885E1DC36A26E7F4490A99A20AA7A1EC24288
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):287
                            Entropy (8bit):5.258690071671448
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX5Cni+mW/jx6mJ0YsWoAvJf21rPeUkwRe9:YvXKX5SaW/jx6mItG+16Ukee9
                            MD5:E2C223A4A6E33CBD06178C30B8769779
                            SHA1:90E065EAF68081573EDF6BD0B4AAA25DD3DFB534
                            SHA-256:0BFA296274E54F580C2C895E9A441C1ED3BCEF54C37DB1B5F294F47EF11A02F8
                            SHA-512:B598068EAB6407009F33E0CBF2FA6E34DD10EF91AAA11AF8A464D560B9F55FB229D6C97B37AF3234B0915D997AF57E515D01F1CBF3A8A521C8DE9ECC2DE9728C
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1250
                            Entropy (8bit):5.717091626193739
                            Encrypted:false
                            SSDEEP:24:Yv6X5St/d65OamXayLgEs54c3drNaHmTBcu14wChqx+plVCV9FJN3HIe:YvZt8mBgn5drpTB5OJhr9Q9FJ9HP
                            MD5:9646B3B0411AB6A2FD6FCCAD21F95476
                            SHA1:9083AB3BABB343DA9CB1D4135A949F19B97AB89F
                            SHA-256:90AC54157E20CAE1F87667E03D74DEB3760029E47846C3BB1430D3AE14595573
                            SHA-512:346725FF68B4B8E558C2E7146DA4ED62D709410E723C17BEFBE95999E52850F6346457872AECBF02942B935FD11CBEA4F325EBFD1D1D78DF23E2F81CEADE81B9
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_2","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"8deb148d-1a64-4e57-9648-e8bf939c598e","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJTZW5kIGRvY3VtZW50cyAmIGZvcm1zIFxuZm9yIGZhc3QgZS1zaWduaW5nIG9ubGluZS4iLCJiYWNrZ3JvdW5kX3N0eWxpbmciOnsiYmFja2dyb3VuZF9jb

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):4820
                            Entropy (8bit):5.808509010443582
                            Encrypted:false
                            SSDEEP:48:YvZt8efgJ3zOepOskCBMHgEIGi6nOskSBMHoAVEIgbEIGg6OOLrBMHGOiwY6ao4A:G/zg9BxOTJrFhLwTrBr3wha0Tzww
                            MD5:B2B4ACF803B4DC5B5D2CCBC54CABFD08
                            SHA1:FBF50DE2E3A86ED6E3E840C1D4C61A2C4EF1C2BA
                            SHA-256:E271311BB1EE8B2CDD0073EF5508BECB4967978B8304D19C5AB95310FE52095D
                            SHA-512:1E076ED78518FF433689EC51868FA1C5E3A6F4528B2A16D1C80CED2D7146BDF1D9B040CA8396007DCAAA94DB707DAEF56694B7191ADCFBE0503A0096B32EFEBB
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Upsell_Cards"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"72064_221944ActionBlock_0","campaignId":72064,"containerId":"1","controlGroupId":"","treatmentId":"83dddc30-630f-4453-88d4-0ad7df3c2714","variationId":"221944"},"containerId":1,"containerLabel":"JSON for DC Reader Upsell Cards","content":{"data":"eyJSZWRhY3RQREYiOnsiZGF0YVR5cGUiOiJ1cmwiLCJkYXRhIjp7ImxpZ2h0IjoiaHR0cHM6Ly9jdnMuYWRvYmUuY29tL2NvbnRlbnQvZGFtL2N2cy9hY3JvYmF0ZGVza3RvcC91cHNlbGxjYXJkcy9yZ3MwMjkyL3Y1L2luZGV4Lmh0bWw\/ZXhwZXJpZW5jZT1yZWRhY3R8ZW58MHxsaWdodCIsImRhcmsiOiJodHRwczovL2N2cy5hZG9iZS5jb20vY29udGVudC9kYW0vY3ZzL2Fjcm9iYXRkZXNrdG9wL3Vwc2VsbGNhcmRzL3JnczAyOTIvdjUvaW5kZXguaHRtbD9leHBlcmllbmNlPXJlZGFjdHxlbnwwfGRhcmsif

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):782
                            Entropy (8bit):5.358999063350746
                            Encrypted:false
                            SSDEEP:12:YvXKX5SaW/jx6mItGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWrpp:Yv6X5St/d65Z168CgEXX5kcIfANhIP
                            MD5:0FAE020F41FA3053410D9A42D66E7F30
                            SHA1:5FEDCD3471623A4427435747E598D6935456BD67
                            SHA-256:CD13D94E52DF03C54F82492F30AA7EFB1DF1D2C4A73B89DE2ED8CA34FC6855AD
                            SHA-512:F8F09AD2D825C1286F4FDC3C5D067AE95B0D2C2BE333D53431CD78493F5B16FE73BB5BD82D1881C9205C89859E80BC1242F29C80CFF659426BE8349F9F4225E5
                            Malicious:false
                            Reputation:low
                            Preview:{"analyticsData":{"responseGUID":"c4a2732a-a65e-4939-9447-64eca4fb3042","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1704967722184,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1704791052220}}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):4
                            Entropy (8bit):0.8112781244591328
                            Encrypted:false
                            SSDEEP:3:e:e
                            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                            Malicious:false
                            Reputation:low
                            Preview:....

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):2819
                            Entropy (8bit):5.1225643655594135
                            Encrypted:false
                            SSDEEP:24:Yjm0WakxtnhB3ay7vG51xZo2715TCxo1nAuZhMwjoj0SB24GP2LSuPK/5rfn9AKl:Yj2tnXRE/571lFKu9qt8P8PK/lf9AUVt
                            MD5:CCC2BE7EAD3443EC49BD788AACE58153
                            SHA1:3FADC8F5A22B72894D9074CB47F3002AF1BAE9AF
                            SHA-256:BAB6A031145F700EF45B1B6F299528865722585F24E585CCADE9BE2E90507F8F
                            SHA-512:A1113F950B8083BC0D37B7B9E55A45049662F67025A46D8905540F9F75572A8B0FB424F74631D53DB6EAB733CBDC69F67330A18A6FE19710B865DCEC69570E51
                            Malicious:false
                            Reputation:low
                            Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"682646cc0b77aeb3b2085b2faa850f2c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1368,"ts":1704791051000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"4e656a5e8000eb231b0a79e52b905615","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1704791051000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"830922be5560f1f8f5f04f312bec7546","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1704791051000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"8f7132bcdb2d06a38b0acb12b12407f6","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1230,"ts":1704791051000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cf9190990d9bd9a4b782daae3654c1e3","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1704791051000},{"id":"DC_Reader_Upsell_Cards","info":{"dg":"5b8ba07386aebc2eb0adb3bee7ea981c","sid":"DC_Reader_Upsell_Cards"},"mimeType":"file","size":482

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                            Category:dropped
                            Size (bytes):12288
                            Entropy (8bit):1.361040000506246
                            Encrypted:false
                            SSDEEP:48:TGufl2GL7ms7cRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ujBj5BvPy:lNVmsIZnrctK
                            MD5:4831AF5E83F208BB85844E4C7786779B
                            SHA1:A3161E05FC43E6008D624CD61B2F24F863443A56
                            SHA-256:098B0440EEB7009679E661CC96A73A7336A389BFC16CDE52744CDBEB0A1A02A3
                            SHA-512:199A788B883D47DCBE72768F321D0B1BB94358F6E40826E16BF8CD79A88B8627A10009F28D2F10E76854AB25303A3EAC2E581E0A60400C32400169E1A653DC4B
                            Malicious:false
                            Reputation:low
                            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite Rollback Journal
                            Category:dropped
                            Size (bytes):8720
                            Entropy (8bit):1.8357737423753773
                            Encrypted:false
                            SSDEEP:48:7MLcRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCsHj5BvPAqFl2GL7msW:7VZnrFct4KVmsW
                            MD5:379D3574D1C9F3DAD610A67BCEE91B4E
                            SHA1:1A447B8031D1B98A33FFCD5366BD35A14E938A02
                            SHA-256:13F9236430628A52C36BEBE40FC436FEE26D7EC59EA7DD7D40E520DA2EFCBDBF
                            SHA-512:F99C38C8D78A5661E20BE0EAE659BD3BD854CD4A03EAD537CAC881EA3747C8D107A21B4706A1982EB59CD25CB13E1C34879234A416EC2500EB2F379D4EB58728
                            Malicious:false
                            Reputation:low
                            Preview:.... .c.....L........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v....../...../.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):66726
                            Entropy (8bit):5.3927211007449944
                            Encrypted:false
                            SSDEEP:768:RNOpblrU6TBH44ADKZkgb9sk9nPXFPUJVKlS0SZYNYqztYyu:6a6TZ44ADkb9z9PX2JsN1tK
                            MD5:AC6F055E886FB5564DBA30D8DB1B037C
                            SHA1:710C4E6731BFF4BECD90B099D1DAAB9AA8CB5C4A
                            SHA-256:B528B5ABD619BE08564945DCDC4DC34970E0403E37A31025BFE55E666F1177CA
                            SHA-512:9BE5DD1BCBAD4BD8676E1B10D4CCC12596CDAC6B48F021C0012526BC9639370308979256D15BC5E0BB1BAF8BC3C43971266416E0AFD82F9AA8BCD1C46ADEC12D
                            Malicious:false
                            Reputation:low
                            Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                            C:\Users\user\AppData\Local\Temp\MSI37a5c.LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):246
                            Entropy (8bit):3.4985264301455885
                            Encrypted:false
                            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88RQadNU:Qw946cPbiOxDlbYnuRKLQr
                            MD5:B76C6AF07FC26614BD4D948487860059
                            SHA1:2A922EF08AD2C820B4E295D00627E2321758D732
                            SHA-256:2A617A0C30EFD54A4B5E059D661A026C33A905F4F48C970775CBAC087EFC1DA1
                            SHA-512:B68DF653BE3A42EF66610F176524B96448E3B37CBB15591BC4475240C9938B24E5D495BD56F059494A8F5BEB4D1E66E29FF74D419FF476DE29A76F56D6881746
                            Malicious:false
                            Reputation:low
                            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.9./.0.1./.2.0.2.4. . .1.0.:.0.4.:.1.4. .=.=.=.....

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91y6btls_1vnexti_35o.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PDF document, version 1.6, 0 pages
                            Category:dropped
                            Size (bytes):358
                            Entropy (8bit):5.073037063658229
                            Encrypted:false
                            SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOpDdmmFpdmm0CSyAAO:IngVMre9T0HQIDmy9g06JXZpmmFXmm0R
                            MD5:289B91311E95A0A4076EB081133BB91A
                            SHA1:20CEDBBA41E1A2064A6067160B0465D9026E60C1
                            SHA-256:2711DF810A20004161AC59965AC5D467822D523466E3B85012385A28E18F43AA
                            SHA-512:92CAF0F2F92CAB6E7D78DAC7E41F13BCA91B7D9BCB76FC44BD51B81655078BCBE38304EBE5D5DF036DC722235EE49E288A904F9D91F7F48361C22883C2B32BBB
                            Malicious:false
                            Reputation:low
                            Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<9889A968E0C74C44B82B50D75D774F2C><9889A968E0C74C44B82B50D75D774F2C>]>>..startxref..127..%%EOF..

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-01-09 10-03-41-084.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393)
                            Category:dropped
                            Size (bytes):16525
                            Entropy (8bit):5.359827924713262
                            Encrypted:false
                            SSDEEP:384:yNDmLJAZYTtvEcrd/GVMimVRMTzpCeb9sJVPbvHktuFKr4Bnk2DfNSNq8iwyhZ9u:bAPaRH9E3/
                            MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
                            SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
                            SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
                            SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
                            Malicious:false
                            Reputation:low
                            Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-01-09 10-04-08-966.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393)
                            Category:dropped
                            Size (bytes):16529
                            Entropy (8bit):5.32500491321973
                            Encrypted:false
                            SSDEEP:384:YVvC3pwZI0ebt3iKXQEdEBPGFhMTTdjLQR0ioeGYbu07jxweR5Eder6r0PUqsW/e:kHETM
                            MD5:5A5B3AAC70F75ED3D9121B7F43875CB1
                            SHA1:3EFD69BBA17D08F4A65FA022C363CA0B1B4D0701
                            SHA-256:E41ADECA4C6BAFE3D43784E568955089BEB5FEBB2ECDC392AAD5B4A05E0E6449
                            SHA-512:CD505B5699E4B4050CA67348ED7BA64F21E99CFFB311961D4EB8A265362F59BB877F486D3D0682DA28BAD0001A5844935124C47D29DF5886DA940A9E16377C5B
                            Malicious:false
                            Reputation:low
                            Preview:SessionID=d30103ff-8155-4d98-bf57-640bd7128aaf.1704791021100 Timestamp=2024-01-09T10:03:41:100+0100 ThreadID=2796 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=d30103ff-8155-4d98-bf57-640bd7128aaf.1704791021100 Timestamp=2024-01-09T10:03:41:101+0100 ThreadID=2796 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=d30103ff-8155-4d98-bf57-640bd7128aaf.1704791021100 Timestamp=2024-01-09T10:03:41:101+0100 ThreadID=2796 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=d30103ff-8155-4d98-bf57-640bd7128aaf.1704791021100 Timestamp=2024-01-09T10:03:41:101+0100 ThreadID=2796 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=d30103ff-8155-4d98-bf57-640bd7128aaf.1704791021100 Timestamp=2024-01-09T10:03:41:101+0100 ThreadID=2796 Component=ngl-lib_NglAppLib Description="SetConfig:

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393), with CRLF line terminators
                            Category:dropped
                            Size (bytes):15114
                            Entropy (8bit):5.310309393190673
                            Encrypted:false
                            SSDEEP:384:+yQnYqxSZ4CRTzWKk+fjQ5x0C5+JNFfszJ7g4u7zGfsTF4flAmu6L6riYqIXoIgv:AX
                            MD5:C01A7578D645FFEC1144156AAA0579A2
                            SHA1:365B93133F4D5C54E567519D7F0808FCDF7ED034
                            SHA-256:3EC0E9B54791208E34BD14A4A2160BA1D50C79F8452A9BA3E13F8C80DC420B5C
                            SHA-512:B6E90AB22C4A616FBBBD1ED0222FF7D79D3B1256327E274C4AE9F2AD11145BDD2E62A1DC12C8B610E0A9DA7D463A7434729D79A2C3E8ED13F645246B76333A67
                            Malicious:false
                            Reputation:low
                            Preview:SessionID=a4799da6-eb79-40b8-8445-8be01d134a91.1704791048977 Timestamp=2024-01-09T10:04:08:977+0100 ThreadID=6664 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=a4799da6-eb79-40b8-8445-8be01d134a91.1704791048977 Timestamp=2024-01-09T10:04:08:978+0100 ThreadID=6664 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=a4799da6-eb79-40b8-8445-8be01d134a91.1704791048977 Timestamp=2024-01-09T10:04:08:978+0100 ThreadID=6664 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=a4799da6-eb79-40b8-8445-8be01d134a91.1704791048977 Timestamp=2024-01-09T10:04:08:978+0100 ThreadID=6664 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=a4799da6-eb79-40b8-8445-8be01d134a91.1704791048977 Timestamp=2024-01-09T10:04:08:978+0100 ThreadID=6664 Component=ngl-lib_NglAppLib Description="SetConf

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):41690
                            Entropy (8bit):5.415278404819845
                            Encrypted:false
                            SSDEEP:192:fcbmI6ccb9cb+IqccbdcbIIl3cbXcbWIS+cb4cbIIJzcbEcbAIkGcbmcbWICccbp:g6sqGlVS/JCkvC7
                            MD5:149546BC6ACC6E520D224445553F4CE3
                            SHA1:D2CF75DF1F333E0F59E6D12C9CCB2A7908955623
                            SHA-256:13D1248511774E4200AF3783BF3AA726658C849D21523467834723360007E972
                            SHA-512:A2114C465C71D0C4EF121D350450F315A23ACEA8BFFC243C2DA753B40BDA873FDD24DB9BFBF08FAF91BFF0A6C46FC32482DCC3FB5FD81C92C3DCB6E6C4531C1D
                            Malicious:false
                            Reputation:low
                            Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

                            C:\Users\user\AppData\Local\Temp\acrocef_low\079e480d-2867-4f08-8e0c-00609b02a12c.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                            Category:dropped
                            Size (bytes):758601
                            Entropy (8bit):7.98639316555857
                            Encrypted:false
                            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                            MD5:3A49135134665364308390AC398006F1
                            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                            Malicious:false
                            Reputation:low
                            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                            C:\Users\user\AppData\Local\Temp\acrocef_low\257ee80f-5571-4395-a1e0-5df2b3d307c1.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                            Category:dropped
                            Size (bytes):758601
                            Entropy (8bit):7.98639316555857
                            Encrypted:false
                            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                            MD5:3A49135134665364308390AC398006F1
                            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                            Malicious:false
                            Reputation:low
                            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                            C:\Users\user\AppData\Local\Temp\acrocef_low\3584b260-23c4-4209-92d6-e15783314362.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                            Category:dropped
                            Size (bytes):386528
                            Entropy (8bit):7.9736851559892425
                            Encrypted:false
                            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                            MD5:5C48B0AD2FEF800949466AE872E1F1E2
                            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                            Malicious:false
                            Reputation:low
                            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                            C:\Users\user\AppData\Local\Temp\acrocef_low\619941b2-0a33-4be6-b4d0-10918c17106b.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                            Category:dropped
                            Size (bytes):1407294
                            Entropy (8bit):7.97605879016224
                            Encrypted:false
                            SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa
                            MD5:22B260CB8C51C0D68C6550E4B061E25A
                            SHA1:DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E
                            SHA-256:DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0
                            SHA-512:503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9
                            Malicious:false
                            Reputation:low
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                            C:\Users\user\AppData\Local\Temp\acrocef_low\6ba16299-67ce-4631-b12a-b1fe2618e4c2.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                            Category:dropped
                            Size (bytes):386528
                            Entropy (8bit):7.9736851559892425
                            Encrypted:false
                            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                            MD5:5C48B0AD2FEF800949466AE872E1F1E2
                            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                            Malicious:false
                            Reputation:low
                            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                            C:\Users\user\AppData\Local\Temp\acrocef_low\e7a00b18-e2e7-49ff-b4fa-b37f82947eb5.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                            Category:dropped
                            Size (bytes):572544
                            Entropy (8bit):7.979305012097393
                            Encrypted:false
                            SSDEEP:12288:/xnA8qZEj3T6keS7uK33MALwjZbZsYxeoJF4vNamTkdaJ:/xA7ouWLGwYIGNPS
                            MD5:D8BE0E238521FBE8BCAE411C4708245A
                            SHA1:6A4C902D7F0F180B89AE11D373C816A59D523471
                            SHA-256:4289C4670931F978E57644D3F2AAA0C2010EFB4A28720AB9DE34A62CC0BD1C59
                            SHA-512:C497EE6B962A6B46A4F742D84211DA06A0C9171DDF82ED7FF9D29E20E6EE04F4608BF73FC22C5EEEC563D992B8E48B999189E6244E15DCD7B1E77959D221C496
                            Malicious:false
                            Reputation:low
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                            C:\Users\user\AppData\Local\Temp\acrocef_low\e9f70211-01e6-4ee8-9cfe-9d24d1b184e0.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                            Category:dropped
                            Size (bytes):1419751
                            Entropy (8bit):7.976496077007677
                            Encrypted:false
                            SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                            MD5:18E3D04537AF72FDBEB3760B2D10C80E
                            SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                            SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                            SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                            Malicious:false
                            Reputation:low
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 9 08:02:43 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):3.9905065641933186
                            Encrypted:false
                            SSDEEP:48:8CgDdcTx7IfCHmidAKZdA1JehwiZUklqehRy+3:8JKOfbey
                            MD5:F51C96644425D549205E4EE6B42F747D
                            SHA1:09EB1B2827154DA0232C88D76D0651183D0F71F1
                            SHA-256:5E8E1EE6E9853BDB47D261D42BB8DB5BB68A5F7DC1A619FC31788DF340B0F506
                            SHA-512:0CE7AAE09FF1B68244FAA5DF592CC821FC9A8EE3298F732F4E102357537E33EAB3593D31A166B50F9492CD37D15C476D4BC1F2261EEDF01B3357047740CC100F
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,.......B......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I)XLH....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)XTH....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V)XTH....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V)XTH...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V)XVH...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 9 08:02:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2679
                            Entropy (8bit):4.007566811125932
                            Encrypted:false
                            SSDEEP:48:8bDdcTx7IfCHmidAKZdA10eh/iZUkAQkqehOy+2:8bKOfZ9Qjy
                            MD5:3C15A40AF9B7E9103AE396D3036A8B44
                            SHA1:FB4F1674457DBF046AAC0DEAE0D42C1EEA151268
                            SHA-256:382B811E5AE76DAEBFBC79B086735754E0AD15E9E74785B2A1E337C85B97A532
                            SHA-512:BF497308901AF9050BEA01FD899B5565F88D88ECFC3F2DB15007AA87DD27F6CD20622E9DAF492C4C9957C3C3806FB274EA3DFAD64150868C7565B14A26B1D34A
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,.........B......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I)XLH....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)XTH....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V)XTH....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V)XTH...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V)XVH...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2693
                            Entropy (8bit):4.0150888763480985
                            Encrypted:false
                            SSDEEP:48:8eDdcTx7IfjHmidAKZdA14tIeh7sFiZUkmgqeh7soy+BX:8eKOfunyy
                            MD5:9A62ADE1B522D306463F097BB567BE56
                            SHA1:B5DCD68335A89BA53FA606DEC4626F1010DEF0D1
                            SHA-256:7631BBFC7BE05B6EBA3940DF1DDAF0DA5802E6E48604363E7E58CACABF6C1189
                            SHA-512:EA9EAE78BE5C2B5E0434E2027D3AE7D43F17D62B2717BA674ED8A1F36A9C09D6F07E9D726858617DC18F5543C8B4E88F40AF65431B88E34350753353A96B60C6
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I)XLH....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)XTH....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V)XTH....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V)XTH...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 9 08:02:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2681
                            Entropy (8bit):4.003540924063783
                            Encrypted:false
                            SSDEEP:48:8XDdcTx7IfCHmidAKZdA1behDiZUkwqehKy+R:8XKOfqAy
                            MD5:EBDA8B65E102FADC379D606D28FF100D
                            SHA1:5D1F875726AE1D6BD0AE2F58C6692BB9C81D5293
                            SHA-256:1EE0C6EA29A2868437B56278FE4AF9EE06D14A865169EF774B988586B3FA4586
                            SHA-512:B19961465FA3E7BECD1F535CC6229E660B946AB6C0800807E5FA37D708538C71A60A90C32B4D98695A360D9D2545FF798B3592A5C780A8ABE885E3FF7F8F6D9E
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,........B......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I)XLH....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)XTH....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V)XTH....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V)XTH...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V)XVH...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 9 08:02:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2681
                            Entropy (8bit):3.9935521656588278
                            Encrypted:false
                            SSDEEP:48:8CQDdcTx7IfCHmidAKZdA1VehBiZUk1W1qehMy+C:8LKOfq9sy
                            MD5:71ECEE0A6D09433337449D67EE59A2E6
                            SHA1:18D927276004AAE55F3B99CD29B052D121E6CC50
                            SHA-256:ED38949AC18881869999C436E7102CF583350CE1233C95CC72F61A41A628BA4E
                            SHA-512:ECD4DC6E867EDDA145C84DBFE56EF974D455655AFC2893573515A72493FA2F5E0A63D2B4EEFB11542D959C778683B211354AE52109326BA7FF83BA18E7E87BBC
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,........B......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I)XLH....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)XTH....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V)XTH....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V)XTH...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V)XVH...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 9 08:02:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2683
                            Entropy (8bit):4.005046098239348
                            Encrypted:false
                            SSDEEP:48:8dDdcTx7IfCHmidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbyy+yT+:8dKOf4TTTbxWOvTbyy7T
                            MD5:DFFD5EA5656B9A69F0150AB578BEF8D3
                            SHA1:AB92C3E2674B653CAAFF4E18A3C920DE1B9AC5E8
                            SHA-256:F7602472A92BB5600796DEFD61190006ED38E140A2DF57F7F9A622A4625C24F8
                            SHA-512:2D981071FA9F3C954B96BB25EB2F764E39FE68B27EE2287E2071ABF90DCE27899019C96DDA6F194C19092417CE1BE3D6AE7D16CB64A0C518294A4E5685B87D31
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,........B......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I)XLH....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)XTH....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V)XTH....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V)XTH...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V)XVH...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\Downloads\6281861e-c6df-4835-b77d-6ff558e8d6c3.tmp

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                            Category:dropped
                            Size (bytes):15619
                            Entropy (8bit):7.987562987749799
                            Encrypted:false
                            SSDEEP:384:OlwVNSHEOYVofubnCEkQJ0CljXJKk7yP6eEFZhh0pJjn8r:OGVkEOYVofub7kQqkXgkOP6e4Oh8r
                            MD5:E04934701AFEAE9B62BDA0D934DA3837
                            SHA1:90E1AA5AA4735EFED9E5AA90A4788DF64FDEA737
                            SHA-256:E23DC07DEE54274803A78710022CF859D149EA715511773CEC5DD226E6DD4DF0
                            SHA-512:2EE5F46391BA94F5B39710DAD41FCB31D37DE1B92006D640CA3469FFFF228D1F393BED144E724A32D7A5440D4E5E8C40253103F09593003F2FB8F59D219F5398
                            Malicious:false
                            Reputation:low
                            Preview:PK........3b(X.../.r..}.......PHL01-GT01.pdf.2.'.Hb.a.W.$.7.gz..>j.U......[8..,.lp.@E.... Q...P.j.)A....h....1 ..g.a,. A...k......%..0.iK...o*+t.$u...#....QpdpE...\...G.....[*@%T..J.....5.u.....U..luC.-.....E..Nh..}.(.Y.*.c:JF... ..y...'.f..z..485I-oR..g.i........./..`q5....p..KP;.1"+.s..N.u4.....g.7.vZ_...%..+P.l....z|,..6.+....}....S....~.mAAb^.]y...37...8...4.C....<..pz..H.9.D.........._.m.F.m@=...o@N..._.Zt..n.....i......B,.L.W.Q.P......9b....f^......... ....3,0...|[..9*.v......H...BtI.M...E.&.I#J../.Z........>...)...x.J.J...l.#.1..OF..;..x.e7....]..{.....~..I...d....<..w..b... .....E.....-..,..._.......bv.=.2v.2%..).....XY.Dc...A....$.+t.3..G..j..u..(.....4L(h.|.[F..yf ..3L....E.E[.E.x.dNCk..J./&@0~......4\.y..e{..2...j2DP.%|+...5.t3...rb.|...\3//....,...9U....Y......F^./J..$}.K.....M;.|...v...q.1J......q.*.6..&...Na...@^J...]..{....gB5.Y=..Y2.....s....%|T...%..+S8..Z..B.X.R...6....Y:m.....Z..xP;...=........z...3i....p....M.H`y....

                            C:\Users\user\Downloads\pdf.zip (copy)

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                            Category:dropped
                            Size (bytes):82413091
                            Entropy (8bit):7.999998161112773
                            Encrypted:true
                            SSDEEP:1572864:eltJdeUS9vgfkpfWpAj5eXkymEl5S12pOx7Z7Cy4xM84lTkI8Pv2F:ellj8vSkEuNeX1mEfAZP72684lv8X2F
                            MD5:C9E9024B0FA2708BB3CCC8181F44DEAC
                            SHA1:73871F81C09A5AB7ED8C77BD3A2C8D0306064C60
                            SHA-256:09D3747A3E2B2EC442CAAF89B9240E1C552418D3045F9082F5648D039910A1B0
                            SHA-512:84CC58860F2C73BA9A5525238910533A736DB6C13B27C45B81386346C562AB69C27DF623C218A920605F785EA7A784ABBCDBBD1CDC9EF4C9D6B0F9F1256D0EF2
                            Malicious:true
                            Reputation:low
                            Preview:PK........3b(X.../.r..}.......PHL01-GT01.pdf.2.'.Hb.a.W.$.7.gz..>j.U......[8..,.lp.@E.... Q...P.j.)A....h....1 ..g.a,. A...k......%..0.iK...o*+t.$u...#....QpdpE...\...G.....[*@%T..J.....5.u.....U..luC.-.....E..Nh..}.(.Y.*.c:JF... ..y...'.f..z..485I-oR..g.i........./..`q5....p..KP;.1"+.s..N.u4.....g.7.vZ_...%..+P.l....z|,..6.+....}....S....~.mAAb^.]y...37...8...4.C....<..pz..H.9.D.........._.m.F.m@=...o@N..._.Zt..n.....i......B,.L.W.Q.P......9b....f^......... ....3,0...|[..9*.v......H...BtI.M...E.&.I#J../.Z........>...)...x.J.J...l.#.1..OF..;..x.e7....]..{.....~..I...d....<..w..b... .....E.....-..,..._.......bv.=.2v.2%..).....XY.Dc...A....$.+t.3..G..j..u..(.....4L(h.|.[F..yf ..3L....E.E[.E.x.dNCk..J./&@0~......4\.y..e{..2...j2DP.%|+...5.t3...rb.|...\3//....,...9U....Y......F^./J..$}.K.....M;.|...v...q.1J......q.*.6..&...Na...@^J...]..{....gB5.Y=..Y2.....s....%|T...%..+S8..Z..B.X.R...6....Y:m.....Z..xP;...=........z...3i....p....M.H`y....

                            C:\Users\user\Downloads\pdf.zip.crdownload

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                            Category:dropped
                            Size (bytes):82413091
                            Entropy (8bit):7.999998161112773
                            Encrypted:true
                            SSDEEP:1572864:eltJdeUS9vgfkpfWpAj5eXkymEl5S12pOx7Z7Cy4xM84lTkI8Pv2F:ellj8vSkEuNeX1mEfAZP72684lv8X2F
                            MD5:C9E9024B0FA2708BB3CCC8181F44DEAC
                            SHA1:73871F81C09A5AB7ED8C77BD3A2C8D0306064C60
                            SHA-256:09D3747A3E2B2EC442CAAF89B9240E1C552418D3045F9082F5648D039910A1B0
                            SHA-512:84CC58860F2C73BA9A5525238910533A736DB6C13B27C45B81386346C562AB69C27DF623C218A920605F785EA7A784ABBCDBBD1CDC9EF4C9D6B0F9F1256D0EF2
                            Malicious:false
                            Reputation:low
                            Preview:PK........3b(X.../.r..}.......PHL01-GT01.pdf.2.'.Hb.a.W.$.7.gz..>j.U......[8..,.lp.@E.... Q...P.j.)A....h....1 ..g.a,. A...k......%..0.iK...o*+t.$u...#....QpdpE...\...G.....[*@%T..J.....5.u.....U..luC.-.....E..Nh..}.(.Y.*.c:JF... ..y...'.f..z..485I-oR..g.i........./..`q5....p..KP;.1"+.s..N.u4.....g.7.vZ_...%..+P.l....z|,..6.+....}....S....~.mAAb^.]y...37...8...4.C....<..pz..H.9.D.........._.m.F.m@=...o@N..._.Zt..n.....i......B,.L.W.Q.P......9b....f^......... ....3,0...|[..9*.v......H...BtI.M...E.&.I#J../.Z........>...)...x.J.J...l.#.1..OF..;..x.e7....]..{.....~..I...d....<..w..b... .....E.....-..,..._.......bv.=.2v.2%..).....XY.Dc...A....$.+t.3..G..j..u..(.....4L(h.|.[F..yf ..3L....E.E[.E.x.dNCk..J./&@0~......4\.y..e{..2...j2DP.%|+...5.t3...rb.|...\3//....,...9U....Y......F^./J..$}.K.....M;.|...v...q.1J......q.*.6..&...Na...@^J...]..{....gB5.Y=..Y2.....s....%|T...%..+S8..Z..B.X.R...6....Y:m.....Z..xP;...=........z...3i....p....M.H`y....

                            Static File Info

                            No static file info

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jan 9, 2024 10:02:36.192336082 CET49671443192.168.2.17204.79.197.203
                            Jan 9, 2024 10:02:36.286051989 CET49678443192.168.2.1720.42.65.84
                            Jan 9, 2024 10:02:37.489155054 CET49678443192.168.2.1720.42.65.84
                            Jan 9, 2024 10:02:39.900013924 CET49678443192.168.2.1720.42.65.84
                            Jan 9, 2024 10:02:41.719044924 CET49715443192.168.2.17142.251.4.84
                            Jan 9, 2024 10:02:41.719122887 CET44349715142.251.4.84192.168.2.17
                            Jan 9, 2024 10:02:41.719202042 CET49715443192.168.2.17142.251.4.84
                            Jan 9, 2024 10:02:41.719592094 CET49716443192.168.2.17172.217.1.110
                            Jan 9, 2024 10:02:41.719635963 CET44349716172.217.1.110192.168.2.17
                            Jan 9, 2024 10:02:41.719695091 CET49716443192.168.2.17172.217.1.110
                            Jan 9, 2024 10:02:41.720076084 CET49717443192.168.2.17162.125.3.18
                            Jan 9, 2024 10:02:41.720155001 CET44349717162.125.3.18192.168.2.17
                            Jan 9, 2024 10:02:41.720216036 CET49717443192.168.2.17162.125.3.18
                            Jan 9, 2024 10:02:41.722388983 CET49717443192.168.2.17162.125.3.18
                            Jan 9, 2024 10:02:41.722421885 CET44349717162.125.3.18192.168.2.17
                            Jan 9, 2024 10:02:41.722675085 CET49716443192.168.2.17172.217.1.110
                            Jan 9, 2024 10:02:41.722696066 CET44349716172.217.1.110192.168.2.17
                            Jan 9, 2024 10:02:41.723222017 CET49715443192.168.2.17142.251.4.84
                            Jan 9, 2024 10:02:41.723263979 CET44349715142.251.4.84192.168.2.17
                            Jan 9, 2024 10:02:41.735042095 CET49673443192.168.2.17173.222.162.58
                            Jan 9, 2024 10:02:41.735064030 CET49674443192.168.2.17173.222.162.58
                            Jan 9, 2024 10:02:42.000211000 CET44349716172.217.1.110192.168.2.17
                            Jan 9, 2024 10:02:42.000874996 CET49716443192.168.2.17172.217.1.110
                            Jan 9, 2024 10:02:42.000891924 CET44349716172.217.1.110192.168.2.17
                            Jan 9, 2024 10:02:42.001583099 CET44349716172.217.1.110192.168.2.17
                            Jan 9, 2024 10:02:42.001648903 CET49716443192.168.2.17172.217.1.110
                            Jan 9, 2024 10:02:42.003043890 CET44349716172.217.1.110192.168.2.17
                            Jan 9, 2024 10:02:42.003094912 CET49716443192.168.2.17172.217.1.110
                            Jan 9, 2024 10:02:42.017817020 CET44349715142.251.4.84192.168.2.17
                            Jan 9, 2024 10:02:42.021075964 CET49715443192.168.2.17142.251.4.84
                            Jan 9, 2024 10:02:42.021120071 CET44349715142.251.4.84192.168.2.17
                            Jan 9, 2024 10:02:42.021550894 CET49716443192.168.2.17172.217.1.110
                            Jan 9, 2024 10:02:42.021641970 CET44349716172.217.1.110192.168.2.17
                            Jan 9, 2024 10:02:42.021950960 CET49716443192.168.2.17172.217.1.110
                            Jan 9, 2024 10:02:42.021967888 CET44349716172.217.1.110192.168.2.17
                            Jan 9, 2024 10:02:42.024703979 CET44349715142.251.4.84192.168.2.17
                            Jan 9, 2024 10:02:42.024791956 CET49715443192.168.2.17142.251.4.84
                            Jan 9, 2024 10:02:42.026077986 CET49715443192.168.2.17142.251.4.84
                            Jan 9, 2024 10:02:42.026186943 CET44349715142.251.4.84192.168.2.17
                            Jan 9, 2024 10:02:42.026313066 CET49715443192.168.2.17142.251.4.84
                            Jan 9, 2024 10:02:42.026334047 CET44349715142.251.4.84192.168.2.17
                            Jan 9, 2024 10:02:42.069016933 CET49716443192.168.2.17172.217.1.110
                            Jan 9, 2024 10:02:42.069039106 CET49715443192.168.2.17142.251.4.84
                            Jan 9, 2024 10:02:42.094878912 CET44349717162.125.3.18192.168.2.17
                            Jan 9, 2024 10:02:42.095184088 CET49717443192.168.2.17162.125.3.18
                            Jan 9, 2024 10:02:42.095232010 CET44349717162.125.3.18192.168.2.17
                            Jan 9, 2024 10:02:42.096740961 CET44349717162.125.3.18192.168.2.17
                            Jan 9, 2024 10:02:42.096803904 CET49717443192.168.2.17162.125.3.18
                            Jan 9, 2024 10:02:42.097853899 CET49717443192.168.2.17162.125.3.18
                            Jan 9, 2024 10:02:42.097945929 CET44349717162.125.3.18192.168.2.17
                            Jan 9, 2024 10:02:42.098134041 CET49717443192.168.2.17162.125.3.18
                            Jan 9, 2024 10:02:42.098148108 CET44349717162.125.3.18192.168.2.17
                            Jan 9, 2024 10:02:42.148135900 CET49717443192.168.2.17162.125.3.18
                            Jan 9, 2024 10:02:42.225533962 CET44349716172.217.1.110192.168.2.17
                            Jan 9, 2024 10:02:42.225728989 CET44349716172.217.1.110192.168.2.17
                            Jan 9, 2024 10:02:42.225775003 CET49716443192.168.2.17172.217.1.110
                            Jan 9, 2024 10:02:42.226435900 CET49716443192.168.2.17172.217.1.110
                            Jan 9, 2024 10:02:42.226459980 CET44349716172.217.1.110192.168.2.17
                            Jan 9, 2024 10:02:42.299362898 CET44349715142.251.4.84192.168.2.17
                            Jan 9, 2024 10:02:42.299624920 CET49715443192.168.2.17142.251.4.84
                            Jan 9, 2024 10:02:42.299685955 CET44349715142.251.4.84192.168.2.17
                            Jan 9, 2024 10:02:42.299823046 CET44349715142.251.4.84192.168.2.17
                            Jan 9, 2024 10:02:42.299896002 CET49715443192.168.2.17142.251.4.84
                            Jan 9, 2024 10:02:42.300112963 CET49715443192.168.2.17142.251.4.84
                            Jan 9, 2024 10:02:42.300143957 CET44349715142.251.4.84192.168.2.17
                            Jan 9, 2024 10:02:43.106957912 CET44349717162.125.3.18192.168.2.17
                            Jan 9, 2024 10:02:43.107058048 CET44349717162.125.3.18192.168.2.17
                            Jan 9, 2024 10:02:43.107192993 CET49717443192.168.2.17162.125.3.18
                            Jan 9, 2024 10:02:43.109380960 CET49717443192.168.2.17162.125.3.18
                            Jan 9, 2024 10:02:43.109406948 CET44349717162.125.3.18192.168.2.17
                            Jan 9, 2024 10:02:43.224910975 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:43.224950075 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:43.225061893 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:43.225455046 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:43.225471020 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:43.560754061 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:43.561055899 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:43.561079025 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:43.562556982 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:43.562619925 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:43.562629938 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:43.562901020 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:43.563755989 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:43.563838959 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:43.563988924 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:43.563997030 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:43.614046097 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:43.758868933 CET49684443192.168.2.1713.67.144.177
                            Jan 9, 2024 10:02:44.048435926 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.048502922 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.048523903 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.048593998 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.048593998 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.048619986 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.048633099 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.048676014 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.157447100 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.157510996 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.157557964 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.157609940 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.157625914 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.157664061 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.198992968 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.199035883 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.199105978 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.199134111 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.199150085 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.199172974 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.243457079 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.243504047 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.243550062 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.243566990 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.243593931 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.243613005 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.275177956 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.275268078 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.275290012 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.275306940 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.275336981 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.275356054 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.303930044 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.303961992 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.304054022 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.304070950 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.304102898 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.331701040 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.331770897 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.331785917 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.331804037 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.331841946 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.352674007 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.352726936 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.352773905 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.352787018 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.352826118 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.366442919 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.366487980 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.366528988 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.366539955 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.366552114 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.366599083 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.381078005 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.381120920 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.381159067 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.381172895 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.381198883 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.381216049 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.393939018 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.394002914 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.394040108 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.394057989 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.394072056 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.394092083 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.406893015 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.406917095 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.407001019 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.407013893 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.407052040 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.420516968 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.420536041 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.420603991 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.420617104 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.420653105 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.432486057 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.432547092 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.432581902 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.432594061 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.432624102 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.432647943 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.443228006 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.443296909 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.443325043 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.443334103 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.443365097 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.443382978 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.454819918 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.454850912 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.454890013 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.454896927 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.454940081 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.464086056 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.464107990 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.464159966 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.464168072 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.464191914 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.464207888 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.473298073 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.473360062 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.473395109 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.473402977 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.473437071 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.481024027 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.481060028 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.481103897 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.481112957 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.481126070 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.481146097 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.489644051 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.489681005 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.489726067 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.489736080 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.489762068 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.489773035 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.496612072 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.496640921 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.496697903 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.496711969 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.496731997 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.496750116 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.503832102 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.503861904 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.503905058 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.503916025 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.503948927 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.503959894 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.511111975 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.511141062 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.511174917 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.511184931 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.511209965 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.511226892 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.516973972 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.517004967 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.517182112 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.517182112 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.517194033 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.517241955 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.522562981 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.522583961 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.522639990 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.522651911 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.522679090 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.522697926 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.528414965 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.528449059 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.528498888 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.528506994 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.528537035 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.528554916 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.534656048 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.534686089 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.534725904 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.534733057 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.534765005 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.534780979 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.539520025 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.539563894 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.539591074 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.539598942 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.539621115 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.539643049 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.545070887 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.545114994 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.545140028 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.545159101 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.545171976 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.545202017 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.550170898 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.550213099 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.550244093 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.550251961 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.550278902 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.550297976 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.554691076 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.554735899 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.554778099 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.554785967 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.554806948 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.554830074 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.559720039 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.559761047 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.559798002 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.559806108 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.559833050 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.559854984 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.564028978 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.564073086 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.564110994 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.564117908 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.564143896 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.564161062 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.568521023 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.568578005 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.568631887 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.568640947 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.568662882 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.568680048 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.572540045 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.572583914 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.572618961 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.572627068 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.572653055 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.572670937 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.577198982 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.577241898 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.577272892 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.577280045 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.577306986 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.577325106 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.581156969 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.581198931 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.581227064 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.581234932 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.581259966 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.581279039 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.585649967 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.585679054 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.585724115 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.585732937 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.585757017 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.585774899 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.589327097 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.589339972 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.589400053 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.589406967 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.589442015 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.593039989 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.593053102 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.593107939 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.593115091 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.593154907 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.596585989 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.596599102 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.596662045 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.596668005 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.596704960 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.600864887 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.600878954 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.600934029 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.600939989 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.600980997 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.604266882 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.604280949 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.604351044 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.604357004 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.604398966 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.607605934 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.607623100 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.607675076 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.607681036 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.607722044 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.611674070 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.611691952 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.611731052 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.611735106 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.611768007 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.614881039 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.614901066 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.614975929 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.614980936 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.615020037 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.618078947 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.618096113 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.618165016 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.618170023 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.618206024 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.621803999 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.621818066 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.621871948 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.621877909 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.621915102 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.624814987 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.624835014 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.624886036 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.624892950 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.624934912 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.627294064 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.627307892 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.627360106 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.627366066 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.627401114 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.631091118 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.631103992 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.631160021 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.631165028 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.631194115 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.633896112 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.633909941 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.633969069 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.633975029 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.634004116 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.636607885 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.636622906 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.636668921 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.636674881 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.636713028 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.639319897 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.639333010 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.639383078 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.639389992 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.639431000 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.642716885 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.642731905 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.642782927 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.642788887 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.642832994 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.645338058 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.645350933 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.645409107 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.645414114 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.645450115 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.647900105 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.647912025 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.647964954 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.647969961 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.648008108 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.650177002 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.650190115 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.650248051 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.650253057 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.650298119 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.653368950 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.653399944 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.653455973 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.653460979 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.653502941 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.655711889 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.655725956 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.655780077 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.655786037 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.655821085 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.658360958 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.658375025 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.658427954 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.658435106 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.658479929 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.660615921 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.660629988 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.660681009 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.660686016 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.660723925 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.663204908 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.663218975 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.663273096 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.663279057 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.663314104 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.665232897 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.665249109 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.665313005 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.665328026 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.665366888 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.667753935 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.667768955 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.667823076 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.667834044 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.667874098 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.669814110 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.669826984 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.669881105 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.669903040 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.669984102 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.672338963 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.672353983 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.672439098 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.672447920 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.672486067 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.674185038 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.674197912 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.674252033 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.674261093 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.674303055 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.676697969 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.676712036 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.676763058 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.676770926 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.676805019 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.678553104 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.678567886 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.678613901 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.678622961 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.678654909 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.680838108 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.680852890 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.680922031 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.680931091 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.680959940 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.682790041 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.682805061 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.682853937 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.682863951 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.682894945 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.685009003 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.685024023 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.685074091 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.685086012 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.685120106 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.686985016 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.686999083 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.687056065 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.687066078 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.687100887 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.688855886 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.688872099 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.688916922 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.688927889 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.688961029 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.690764904 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.690779924 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.690834045 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.690845013 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.690877914 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.692884922 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.692900896 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.692975998 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.692987919 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.693031073 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.694785118 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.694798946 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.694837093 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.694847107 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.694875956 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.696536064 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.696563005 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.696599960 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.696609020 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.696635008 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.696652889 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.698308945 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.698322058 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.698364019 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.698374987 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.698405027 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.700433969 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.700448036 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.700494051 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.700500965 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.700532913 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.702137947 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.702152967 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.702203989 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.702214956 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.702245951 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.703888893 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.703902006 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.703949928 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.703959942 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.703995943 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.705779076 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.705794096 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.705837011 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.705847025 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.705877066 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.707026005 CET49678443192.168.2.1720.42.65.84
                            Jan 9, 2024 10:02:44.707536936 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.707551003 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.707602978 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.707607031 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.707642078 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.709422112 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.709436893 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.709501028 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.709506035 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.709539890 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.711278915 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.711292982 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.711349964 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.711359024 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.711388111 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.712407112 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.712420940 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.712483883 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.712492943 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.712524891 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.714381933 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.714395046 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.714452982 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.714466095 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.714500904 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.716123104 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.716145992 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.716190100 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.716200113 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.716224909 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.716239929 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.717879057 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.717900038 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.717951059 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.717961073 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.717994928 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.718019962 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.718899012 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.718916893 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.718977928 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.718987942 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.719031096 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.720823050 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.720838070 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.720885992 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.720896006 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.720926046 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.722558022 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.722578049 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.722637892 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.722646952 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.722680092 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.724248886 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.724263906 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.724328995 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.724338055 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.724371910 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.725411892 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.725425005 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.725471020 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.725480080 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.725511074 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.727116108 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.727128983 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.727176905 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.727186918 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.727221966 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.728849888 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.728863001 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.728919983 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.728929043 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.728960037 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.730144024 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.730156898 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.730223894 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.730233908 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.730261087 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.731688976 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.731702089 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.731751919 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.731760979 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.731794119 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.733515024 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.733531952 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.733580112 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.733589888 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.733624935 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.735084057 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.735096931 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.735140085 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.735148907 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.735182047 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.736224890 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.736238003 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.736279011 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.736290932 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.736301899 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.736336946 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.738105059 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.738116980 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.738161087 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.738172054 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.738182068 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.738207102 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.738993883 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.739006996 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.739051104 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.739059925 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.739095926 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.740617037 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.740631104 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.740691900 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.740703106 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.740751982 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.741708994 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.741720915 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.741769075 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.741779089 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.741816998 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.743400097 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.743415117 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.743458033 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.743468046 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.743506908 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.744466066 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.744482994 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.744535923 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.744544983 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.744582891 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.746977091 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.746989965 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.747037888 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.747046947 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.747087002 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.747797012 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.747808933 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.747852087 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.747859955 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.747898102 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.748879910 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.748892069 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.748935938 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.748945951 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.748994112 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.750736952 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.750749111 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.750794888 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.750804901 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.750833988 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.752213001 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.752229929 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.752271891 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.752281904 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.752320051 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.753654003 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.753665924 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.753715038 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.753724098 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.753760099 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.754736900 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.754750967 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.754796982 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.754806995 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.754843950 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.756319046 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.756330013 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.756386042 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.756396055 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.756453037 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.757564068 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.757575035 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.757627010 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.757637024 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.757672071 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.758588076 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.758599997 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.758662939 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.758675098 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.758708000 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.759526014 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.759540081 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.759588957 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.759598970 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.759630919 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.760955095 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.760973930 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.761020899 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.761028051 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.761066914 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.762165070 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.762224913 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.762243986 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.762300014 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.763757944 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.763777971 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.763827085 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.763830900 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.763869047 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.764957905 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.764976978 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.765022039 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.765029907 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.765067101 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.766036987 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.766057968 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.766100883 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.766110897 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.766136885 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.767625093 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.767637014 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.767714977 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.767724037 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.767761946 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.768446922 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.768460035 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.768505096 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.768515110 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.768554926 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.769793987 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.769807100 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.769849062 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.769857883 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.769905090 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.770556927 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.770569086 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.770611048 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.770620108 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.770656109 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.772257090 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.772270918 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.772337914 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.772346973 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.772378922 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.773418903 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.773432016 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.773475885 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.773483992 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.773520947 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.774341106 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.774353027 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.774399042 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.774409056 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.774437904 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.775111914 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.775125027 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.775176048 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.775185108 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.775217056 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.776289940 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.776303053 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.776350975 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.776360989 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.776401043 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.778233051 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.778245926 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.778295994 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.778310061 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.778347969 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.778772116 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.778786898 CET44349719162.125.3.15192.168.2.17
                            Jan 9, 2024 10:02:44.778826952 CET49719443192.168.2.17162.125.3.15
                            Jan 9, 2024 10:02:44.778836012 CET44349719162.125.3.15192.168.2.17

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Jan 9, 2024 10:02:41.571150064 CET192.168.2.171.1.1.10x2e14Standard query (0)www.dropbox.comA (IP address)IN (0x0001)false
                            Jan 9, 2024 10:02:41.572006941 CET192.168.2.171.1.1.10xf905Standard query (0)www.dropbox.com65IN (0x0001)false
                            Jan 9, 2024 10:02:41.584639072 CET192.168.2.171.1.1.10xa80cStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                            Jan 9, 2024 10:02:41.584853888 CET192.168.2.171.1.1.10x71a5Standard query (0)clients2.google.com65IN (0x0001)false
                            Jan 9, 2024 10:02:41.585444927 CET192.168.2.171.1.1.10x6a3Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                            Jan 9, 2024 10:02:41.585894108 CET192.168.2.171.1.1.10x69dStandard query (0)accounts.google.com65IN (0x0001)false
                            Jan 9, 2024 10:02:43.110527992 CET192.168.2.171.1.1.10x311Standard query (0)ucce5d67987d42bda8ae8696f13a.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                            Jan 9, 2024 10:02:43.110759020 CET192.168.2.171.1.1.10x3804Standard query (0)ucce5d67987d42bda8ae8696f13a.dl.dropboxusercontent.com65IN (0x0001)false
                            Jan 9, 2024 10:02:46.095544100 CET192.168.2.171.1.1.10xfa5dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                            Jan 9, 2024 10:02:46.095670938 CET192.168.2.171.1.1.10x3535Standard query (0)www.google.com65IN (0x0001)false
                            Jan 9, 2024 10:04:11.272650003 CET192.168.2.171.1.1.10x9a90Standard query (0)clients1.google.comA (IP address)IN (0x0001)false
                            Jan 9, 2024 10:04:11.272845030 CET192.168.2.171.1.1.10xd76dStandard query (0)clients1.google.com65IN (0x0001)false
                            Jan 9, 2024 10:04:46.218905926 CET192.168.2.171.1.1.10x3320Standard query (0)www.google.comA (IP address)IN (0x0001)false
                            Jan 9, 2024 10:04:46.219002962 CET192.168.2.171.1.1.10xb4e0Standard query (0)www.google.com65IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Jan 9, 2024 10:02:41.680258989 CET1.1.1.1192.168.2.170x2e14No error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                            Jan 9, 2024 10:02:41.680258989 CET1.1.1.1192.168.2.170x2e14No error (0)www-env.dropbox-dns.com162.125.3.18A (IP address)IN (0x0001)false
                            Jan 9, 2024 10:02:41.682137966 CET1.1.1.1192.168.2.170xf905No error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                            Jan 9, 2024 10:02:41.693378925 CET1.1.1.1192.168.2.170xa80cNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                            Jan 9, 2024 10:02:41.693378925 CET1.1.1.1192.168.2.170xa80cNo error (0)clients.l.google.com172.217.1.110A (IP address)IN (0x0001)false
                            Jan 9, 2024 10:02:41.694053888 CET1.1.1.1192.168.2.170x71a5No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                            Jan 9, 2024 10:02:41.694722891 CET1.1.1.1192.168.2.170x6a3No error (0)accounts.google.com142.251.4.84A (IP address)IN (0x0001)false
                            Jan 9, 2024 10:02:43.224148035 CET1.1.1.1192.168.2.170x311No error (0)ucce5d67987d42bda8ae8696f13a.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                            Jan 9, 2024 10:02:43.224148035 CET1.1.1.1192.168.2.170x311No error (0)edge-block-www-env.dropbox-dns.com162.125.3.15A (IP address)IN (0x0001)false
                            Jan 9, 2024 10:02:43.224462986 CET1.1.1.1192.168.2.170x3804No error (0)ucce5d67987d42bda8ae8696f13a.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                            Jan 9, 2024 10:02:46.201282978 CET1.1.1.1192.168.2.170x3535No error (0)www.google.com65IN (0x0001)false
                            Jan 9, 2024 10:02:46.201900005 CET1.1.1.1192.168.2.170xfa5dNo error (0)www.google.com142.250.191.164A (IP address)IN (0x0001)false
                            Jan 9, 2024 10:04:11.378684044 CET1.1.1.1192.168.2.170x9a90No error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                            Jan 9, 2024 10:04:11.378684044 CET1.1.1.1192.168.2.170x9a90No error (0)clients.l.google.com172.217.2.46A (IP address)IN (0x0001)false
                            Jan 9, 2024 10:04:11.379062891 CET1.1.1.1192.168.2.170xd76dNo error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                            Jan 9, 2024 10:04:46.325267076 CET1.1.1.1192.168.2.170xb4e0No error (0)www.google.com65IN (0x0001)false
                            Jan 9, 2024 10:04:46.325283051 CET1.1.1.1192.168.2.170x3320No error (0)www.google.com142.250.191.228A (IP address)IN (0x0001)false

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.1749716172.217.1.1104434716C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-01-09 09:02:42 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.149&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                            Host: clients2.google.com
                            Connection: keep-alive
                            X-Goog-Update-Interactivity: fg
                            X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                            X-Goog-Update-Updater: chromecrx-117.0.5938.149
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: empty
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-01-09 09:02:42 UTC731INHTTP/1.1 200 OK
                            Content-Security-Policy: script-src 'report-sample' 'nonce-un_oNSF6BVr0jVaZXTiGjw' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                            Pragma: no-cache
                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                            Date: Tue, 09 Jan 2024 09:02:42 GMT
                            Content-Type: text/xml; charset=UTF-8
                            X-Daynum: 6217
                            X-Daystart: 3762
                            X-Content-Type-Options: nosniff
                            X-Frame-Options: SAMEORIGIN
                            X-XSS-Protection: 1; mode=block
                            Server: GSE
                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                            Accept-Ranges: none
                            Vary: Accept-Encoding
                            Connection: close
                            Transfer-Encoding: chunked
                            2024-01-09 09:02:42 UTC521INData Raw: 32 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 31 37 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 37 36 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20
                            Data Ascii: 2c8<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6217" elapsed_seconds="3762"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                            2024-01-09 09:02:42 UTC198INData Raw: 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                            Data Ascii: 3f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                            2024-01-09 09:02:42 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.1749715142.251.4.844434716C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-01-09 09:02:42 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                            Host: accounts.google.com
                            Connection: keep-alive
                            Content-Length: 1
                            Origin: https://www.google.com
                            Content-Type: application/x-www-form-urlencoded
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: empty
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: NID=511=X9Z9GC2VZ5PTUFlYUNdhKnJP24TRGpGqZqKFL9Pw-Ezk_duysZ_VzzYNGWyHcs80O3scFIEGWC4ejePhlgeAzI7DW28lCxtFqnZqwLPsW3aG59Guvp647PtH9EGoiqhxBjO7Es0rJ7PDVhdGCfedVrlCik0Vmojg2gUg6Tqi0JI
                            2024-01-09 09:02:42 UTC1OUTData Raw: 20
                            Data Ascii:
                            2024-01-09 09:02:42 UTC1627INHTTP/1.1 200 OK
                            Content-Type: application/json; charset=utf-8
                            Access-Control-Allow-Origin: https://www.google.com
                            Access-Control-Allow-Credentials: true
                            X-Content-Type-Options: nosniff
                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                            Pragma: no-cache
                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                            Date: Tue, 09 Jan 2024 09:02:42 GMT
                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                            Cross-Origin-Opener-Policy: same-origin
                            Content-Security-Policy: script-src 'report-sample' 'nonce-UVLsGY4WasO4EyGgJC3GKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                            Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                            Server: ESF
                            X-XSS-Protection: 0
                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                            Accept-Ranges: none
                            Vary: Accept-Encoding
                            Connection: close
                            Transfer-Encoding: chunked
                            2024-01-09 09:02:42 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                            Data Ascii: 11["gaia.l.a.r",[]]
                            2024-01-09 09:02:42 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.1749717162.125.3.184434716C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-01-09 09:02:42 UTC731OUTGET /scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1 HTTP/1.1
                            Host: www.dropbox.com
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: navigate
                            Sec-Fetch-User: ?1
                            Sec-Fetch-Dest: document
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-01-09 09:02:43 UTC1466INHTTP/1.1 302 Found
                            Content-Type: text/html; charset=utf-8
                            Location: https://ucce5d67987d42bda8ae8696f13a.dl.dropboxusercontent.com/cd/0/get/CLASiPpXiwlMPNnFx7TE97uXPgWaMkengZhcwDwJzCB1GOiVIDmtNh3mY8uUttxDMkjQN9RnIjfVznWtWIIE1g4wot6pXweWqrnsa6CegMmXmjpzIuaTfSg41gepbcoVBqc8n6IFj0h96Gf80PSo9D9W/file?dl=1#
                            Pragma: no-cache
                            Referrer-Policy: strict-origin-when-cross-origin
                            Set-Cookie: gvc=MTE4OTg5NTI5MTI0MzY0MTE5MTAyNjI3NzM3OTg4Nzc3NDUyOTI=; Path=/; Expires=Sun, 07 Jan 2029 09:02:42 GMT; HttpOnly; Secure; SameSite=None
                            Set-Cookie: t=azenICCfJlTl_5G14MOjBUNP; Path=/; Domain=dropbox.com; Expires=Fri, 08 Jan 2027 09:02:42 GMT; HttpOnly; Secure; SameSite=None
                            Set-Cookie: __Host-js_csrf=azenICCfJlTl_5G14MOjBUNP; Path=/; Expires=Fri, 08 Jan 2027 09:02:42 GMT; Secure; SameSite=None
                            Set-Cookie: __Host-ss=YClXe1CWeA; Path=/; Expires=Fri, 08 Jan 2027 09:02:42 GMT; HttpOnly; Secure; SameSite=Strict
                            Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 07 Jan 2029 09:02:42 GMT
                            X-Content-Type-Options: nosniff
                            X-Permitted-Cross-Domain-Policies: none
                            X-Robots-Tag: noindex, nofollow, noimageindex
                            X-Xss-Protection: 1; mode=block
                            Date: Tue, 09 Jan 2024 09:02:43 GMT
                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                            Server: envoy
                            Cache-Control: no-cache, no-store
                            Vary: Accept-Encoding
                            X-Dropbox-Response-Origin: far_remote
                            X-Dropbox-Request-Id: 0dffaab08ae8453a8cc7fde987df3c65
                            Connection: close
                            Transfer-Encoding: chunked
                            2024-01-09 09:02:43 UTC270INData Raw: 31 30 32 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 63 63 65 35 64 36 37 39 38 37 64 34 32 62 64 61 38 61 65 38 36 39 36 66 31 33 61 2e 64 6c 2e 64 72 6f 70 62 6f 78 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 63 64 2f 30 2f 67 65 74 2f 43 4c 41 53 69 50 70 58 69 77 6c 4d 50 4e 6e 46 78 37 54 45 39 37 75 58 50 67 57 61 4d 6b 65 6e 67 5a 68 63 77 44 77 4a 7a 43 42 31 47 4f 69 56 49 44 6d 74 4e 68 33 6d 59 38 75 55 74 74 78 44 4d 6b 6a 51 4e 39 52 6e 49 6a 66 56 7a 6e 57 74 57 49 49 45 31 67 34 77 6f 74 36 70 58 77 65 57 71 72 6e 73 61 36 43 65 67 4d 6d 58 6d 6a 70 7a 49 75 61 54 66 53 67 34 31 67 65 70 62 63 6f 56 42 71 63 38 6e 36 49 46 6a 30 68 39 36 47 66 38 30 50 53 6f 39 44 39 57 2f 66 69 6c 65 3f 64 6c 3d 31 23 22 3e 46 6f 75 6e
                            Data Ascii: 102<a href="https://ucce5d67987d42bda8ae8696f13a.dl.dropboxusercontent.com/cd/0/get/CLASiPpXiwlMPNnFx7TE97uXPgWaMkengZhcwDwJzCB1GOiVIDmtNh3mY8uUttxDMkjQN9RnIjfVznWtWIIE1g4wot6pXweWqrnsa6CegMmXmjpzIuaTfSg41gepbcoVBqc8n6IFj0h96Gf80PSo9D9W/file?dl=1#">Foun


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.1749719162.125.3.154434716C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-01-09 09:02:43 UTC868OUTGET /cd/0/get/CLASiPpXiwlMPNnFx7TE97uXPgWaMkengZhcwDwJzCB1GOiVIDmtNh3mY8uUttxDMkjQN9RnIjfVznWtWIIE1g4wot6pXweWqrnsa6CegMmXmjpzIuaTfSg41gepbcoVBqc8n6IFj0h96Gf80PSo9D9W/file?dl=1 HTTP/1.1
                            Host: ucce5d67987d42bda8ae8696f13a.dl.dropboxusercontent.com
                            Connection: keep-alive
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: navigate
                            Sec-Fetch-User: ?1
                            Sec-Fetch-Dest: document
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-01-09 09:02:44 UTC765INHTTP/1.1 200 OK
                            Accept-Ranges: bytes
                            Cache-Control: max-age=60
                            Content-Disposition: attachment; filename="pdf.zip"; filename*=UTF-8''pdf.zip
                            Content-Security-Policy: sandbox
                            Etag: 1704735711801983d
                            Pragma: public
                            Referrer-Policy: no-referrer
                            Vary: Origin
                            X-Content-Security-Policy: sandbox
                            X-Content-Type-Options: nosniff
                            X-Robots-Tag: noindex, nofollow, noimageindex
                            X-Server-Response-Time: 306
                            X-Webkit-Csp: sandbox
                            Content-Type: application/binary
                            Accept-Encoding: identity,gzip
                            Date: Tue, 09 Jan 2024 09:02:43 GMT
                            Server: envoy
                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                            Content-Length: 82413091
                            X-Dropbox-Response-Origin: far_remote
                            X-Dropbox-Request-Id: 9daf3dccd9604f328cc847328dcc5a8f
                            Connection: close
                            2024-01-09 09:02:44 UTC15619INData Raw: 50 4b 03 04 14 00 03 00 08 00 33 62 28 58 c3 f1 f2 2f be 72 03 00 7d ab 03 00 0e 00 00 00 50 48 4c 30 31 2d 47 54 30 31 2e 70 64 66 a8 32 e6 27 d9 48 62 ca 61 d1 57 0a 24 cb 37 c6 67 7a c3 91 b4 3e 6a a3 55 f2 b7 fc a5 fd c5 07 5b 38 86 cf 2c c9 6c 70 a0 40 45 92 9b c0 94 20 51 fc 8a ed 50 b0 6a eb b4 90 29 41 99 8a cd 84 b6 68 18 a1 c0 94 31 20 b5 e1 b9 67 b9 61 2c f8 20 41 fc 82 fc 6b 93 8d b0 ff 8c 9e 25 e2 e6 30 9d 69 4b da 03 dd 6f 2a 2b 74 02 24 75 8c e2 db 23 1d 92 12 ca 9e 51 70 64 70 45 8f f6 df 5c 16 89 c8 47 f6 c1 01 fa c4 5b 2a 40 25 54 b8 f1 4a 9f fa fc f2 c4 35 dd 75 a6 15 bf c4 d6 55 0c fe 6c 75 43 05 2d e6 95 f0 dc f4 a2 45 a0 f7 4e 68 99 a0 7d e4 28 0c 59 ec 2a e4 63 3a 4a 46 a0 8a 02 20 ac a6 79 d1 fd a3 27 d5 66 0d ef 7a ae 10 34 38 35
                            Data Ascii: PK3b(X/r}PHL01-GT01.pdf2'HbaW$7gz>jU[8,lp@E QPj)Ah1 ga, Ak%0iKo*+t$u#QpdpE\G[*@%TJ5uUluC-ENh}(Y*c:JF y'fz485
                            2024-01-09 09:02:44 UTC16384INData Raw: f5 21 04 fb e9 30 82 0a 1c d0 bc b3 92 bb c9 fb a3 2d 25 3a e5 cd 74 64 c3 08 24 96 fa 93 da 14 dc a3 36 31 03 da 19 e8 c7 89 ca 3e 9e e3 45 b1 18 fd b8 5d dc 18 41 7b 63 d8 38 d2 39 9e 92 eb 32 0b 36 fa 64 98 6a 75 77 44 af 09 28 5b 82 27 88 87 97 91 04 49 12 02 55 da b3 a3 d6 2d 9b 4e 27 fd 11 a3 0c 2a 71 91 e7 70 89 34 09 3f 30 a7 2c b3 c9 f8 fc 7d ff dc 72 cc 6e b7 88 4c f4 ae 82 0a 79 3d 0a 8d d1 db c1 67 a9 10 30 e7 6f e0 f6 c4 49 2f 12 23 3b ee 51 cd 2b 1d 13 dd 7d 90 d1 6d fc 86 5c e3 4c 64 b1 80 53 6b a4 1a b9 8e d6 fa 3a 65 24 d4 75 a6 5f 80 46 67 56 33 3f 3d 73 93 26 74 eb bb 81 3a 5d a5 7a 65 38 7b 7d e1 6a 5c 7c d9 62 9c 31 05 17 6c 5f 85 29 2d 2d 40 e5 b1 d3 af 18 50 b7 77 7b ca 4b 05 17 8e 7d 66 d9 f0 02 00 21 81 fa c7 f2 3b e4 8b 9e ac 9b
                            Data Ascii: !0-%:td$61>E]A{c8926djuwD(['IU-N'*qp4?0,}rnLy=g0oI/#;Q+}m\LdSk:e$u_FgV3?=s&t:]ze8{}j\|b1l_)--@Pw{K}f!;
                            2024-01-09 09:02:44 UTC16384INData Raw: 9d 04 e1 fd ee ac 3a aa fc 40 0d e7 b2 87 71 57 78 a1 b0 4d 71 75 96 27 9b 71 fc 37 3b a8 bd 57 af 84 d5 9c 65 23 3e 9b c6 9d 0a 95 0b fc 99 7f 18 ad 57 ff a6 41 50 a2 6e b7 71 89 77 da 91 b1 61 86 6b 5f 2b b4 21 a6 32 92 09 0c 59 72 e0 ca 53 5b 5c 16 05 6a 9d 4f 0f 48 07 08 2b 74 6b 84 be 10 f9 05 4f 66 91 53 4b df c9 ae 8c f6 68 24 5c f6 95 e6 c1 b8 cd ed 37 e9 15 7e 9f 09 b5 d0 62 cd 81 d6 6e 3f 4d 20 3d 05 8a 19 46 c8 a0 20 70 3f a4 6d 8d 3e 21 8e 73 ef ac a4 f0 da 98 b7 87 0c c3 bf 8a 31 bb 6e 66 77 80 a8 73 93 a2 fd c8 24 12 67 2d b3 f8 39 b1 34 45 e6 69 14 a3 c3 85 fe 30 3a 9d a0 e0 f1 4a 37 81 2a d5 b3 6f 90 d7 f3 e1 a0 5d 7e 20 89 82 12 78 a6 0d 07 48 e6 bd e1 19 e2 fd 4b f4 ae 40 89 b8 cb ec af 61 be 30 de ba 05 d0 0a 8d 47 63 ef 5c c1 ae 1c 24
                            Data Ascii: :@qWxMqu'q7;We#>WAPnqwak_+!2YrS[\jOH+tkOfSKh$\7~bn?M =F p?m>!s1nfws$g-94Ei0:J7*o]~ xHK@a0Gc\$
                            2024-01-09 09:02:44 UTC16384INData Raw: 66 bf e8 77 1f 87 cc 24 08 d7 27 9f 08 61 8d e7 83 2f ae 70 d9 9f c0 a0 fd 4a 69 76 07 78 78 fa e4 8b 37 c5 fe b7 1e d5 1d 9f 2e 41 17 47 53 7d 92 04 d9 75 04 6b 69 7e a2 86 51 9a a8 bb 1c 62 6e 9d 8d ed 5f b0 cc 1d d9 6a 65 94 64 85 57 79 99 67 30 17 b8 ef 82 41 bf 2a da 61 55 70 55 d5 fd c5 a9 3b db 76 53 56 76 d5 9e 67 22 36 1a 1e ed 26 65 f8 7c 8f 1d 0a c6 25 43 a9 e9 ce 1b 05 93 78 6f 8a ba d8 15 dc 18 5b 2a 9f 5c ec 30 50 7e 77 85 28 21 3f 52 1f 8a 49 ac f7 ec 04 c5 52 ef 76 f1 70 4e 12 92 92 21 95 98 3a b0 20 3a b5 eb 70 8b 3b 2d 21 5c ae 36 e8 88 43 24 d6 51 ce bd e3 7a 75 19 58 57 3b b3 98 46 f1 29 ce df 34 c7 29 b9 03 eb 3b 04 c2 59 ad df bd 2e 58 6e ce 49 a8 2e 18 18 32 5e 95 a8 41 44 38 d0 bd fb d7 ba c1 81 f1 c9 ff c4 34 12 d4 7d 41 88 98 f2
                            Data Ascii: fw$'a/pJivxx7.AGS}uki~Qbn_jedWyg0A*aUpU;vSVvg"6&e|%Cxo[*\0P~w(!?RIRvpN!: :p;-!\6C$QzuXW;F)4);Y.XnI.2^AD84}A
                            2024-01-09 09:02:44 UTC16384INData Raw: fa 68 0d 8c ad 03 1f 99 11 09 4a 76 af 29 c3 8d fd ac 09 18 b6 49 eb c6 09 91 2d 8a 04 33 f3 bb e1 68 d1 7b 50 c3 fb 0a 14 46 7b 99 3d c4 06 03 da 44 dc 21 f5 bd 88 53 69 e4 f7 89 e8 75 93 fa 20 e6 cb 53 c3 2d 62 8c 26 62 e3 72 b3 40 cd a6 3a d1 f9 fb 04 82 dd a8 dd db b1 88 91 ad 48 bd ae ca a2 a3 0a 19 53 4c 83 8e 02 2d ec a9 8b 5b bd 6a e8 e8 9b a6 8c aa 45 5b ef 69 6d d6 b1 2b 5d f0 48 08 73 3b 1f 9c 62 e7 52 7b b1 70 cb 2d 25 2d b9 49 b8 09 7c 7f eb 50 44 70 9a c4 32 e4 0a 5e d8 09 cf 78 37 3d c6 37 b0 13 c6 22 a1 cf 36 f2 e6 34 44 75 7e 81 6c d8 db 70 aa 69 cf 5e a3 f3 17 f4 e0 0d a9 4e 2b 9a 57 fd 67 f0 81 4c 73 aa c0 d1 9a 75 95 a2 13 6c a4 b3 9e c3 ba c7 c7 8e 4a 46 a1 8a bc 4d 95 02 5e b8 5b 18 65 ff 32 cd cc 33 82 bb 3a e8 c3 0d 99 fd c9 6b c7
                            Data Ascii: hJv)I-3h{PF{=D!Siu S-b&br@:HSL-[jE[im+]Hs;bR{p-%-I|PDp2^x7=7"64Du~lpi^N+WgLsulJFM^[e23:k
                            2024-01-09 09:02:44 UTC16384INData Raw: 00 5a b4 c5 76 b4 9c 2d 2b 5a 1c 2f 5d 90 f3 c0 66 cd 5f 7c 18 aa 19 96 9e 4f de ed 02 f1 f5 09 62 44 6a 99 2c 32 f6 66 cb 51 1b 41 87 38 ef 88 5e e6 d9 49 18 3d 68 f7 90 97 ad cc 08 60 cb 33 32 30 09 b7 cb 53 c6 c9 a6 32 89 38 6c 36 43 e4 39 bd 1b 0c 32 86 eb ca ba cf 2b 95 6c 5c f5 f3 1b 75 9a 64 b3 f6 02 29 31 f5 a9 f0 40 2f 38 e0 63 2c 8c b8 44 0e fd bf d7 88 06 01 e2 8b d9 c7 82 b2 a5 ce 00 58 6a cc 9f 42 a0 16 1e 6b 75 16 97 c4 68 06 d1 b4 fc e2 80 26 f6 f3 41 f6 a1 42 e7 f7 95 e3 92 17 f5 a1 52 21 5f ed f5 ea 41 91 ac 35 ee 3a a8 c2 d1 92 bc 5b cb 55 c2 68 09 4b e6 c8 7a 00 09 c3 42 9f 4b ce a5 7b cb 2c 8b f5 20 af fa 37 b2 9c 0f 81 1e 35 d5 83 6d 45 9e 30 a3 70 4d 2b 24 db 62 8f 4c fa d3 49 a0 0c f8 b3 4d 7a f2 a8 30 a9 bd 46 99 6d 36 38 b0 c0 57
                            Data Ascii: Zv-+Z/]f_|ObDj,2fQA8^I=h`320S28l6C92+l\ud)1@/8c,DXjBkuh&ABR!_A5:[UhKzBK{, 75mE0pM+$bLIMz0Fm68W
                            2024-01-09 09:02:44 UTC16384INData Raw: b7 e5 85 f2 99 1a 25 1d bf 9f 77 4c da 59 3e b2 19 4c 59 15 60 ea ea 6d 15 f3 f6 1b 8d 8e 3e c0 f1 ef c4 9a da bd 67 2b 15 d3 da d2 09 4c ca 02 86 37 11 19 1c 25 6d 54 93 c6 c6 b8 aa 09 56 55 3d 53 a7 ce 65 1a 91 0d 10 f3 38 75 f9 8c f7 a2 72 b6 d6 b4 60 73 69 d2 40 cd a9 c8 8d 66 9e ab 68 00 f9 6f 93 ec 79 54 58 32 a4 87 34 7d 2d 2f c9 c0 2f ab 06 71 69 a8 16 61 45 7a f6 12 5c 50 6a 89 58 8f 87 6a 42 a4 15 c7 bd cd 73 08 e7 a1 70 fa 23 0a 52 0d 0b 78 2a 5c bd 55 41 00 5c 43 eb 18 81 d7 d3 3b 15 d7 ee de 19 90 6e ae b5 63 d0 b0 59 22 0d a8 3f d3 57 f1 30 27 67 16 9b a9 78 0b 41 76 75 4d 57 b9 6d fb 70 28 8d 90 0c 4d e6 05 48 49 73 88 0b 86 f4 0a 44 e5 2e 45 2e 44 f8 65 f6 05 59 e2 c5 2b 34 ed 65 f2 d1 f8 86 51 d2 7d ed ad b1 fe 7a e7 7e 7c 8e 73 f9 c1 06
                            Data Ascii: %wLY>LY`m>g+L7%mTVU=Se8ur`si@fhoyTX24}-//qiaEz\PjXjBsp#Rx*\UA\C;ncY"?W0'gxAvuMWmp(MHIsD.E.DeY+4eQ}z~|s
                            2024-01-09 09:02:44 UTC16384INData Raw: a0 b0 c8 ae a0 a0 23 3d a4 70 ad 27 d0 c4 93 54 30 8a 69 64 4d 4c 10 c1 b5 3d 25 54 32 33 19 c1 b1 22 ee 11 22 5c aa 7b e0 54 64 47 39 03 33 d9 07 98 c9 a5 99 c8 22 0a 9a 68 cd b8 f4 4b 1f 3c fd 3c b5 7b 99 b6 a9 17 94 ab ce 3d dc c5 1e 41 95 92 d6 e8 ff fb cb 2e 20 1c 67 66 c6 ea 2b 40 95 e1 f5 77 d0 9d 12 4e c8 5c 71 5d 99 fa 0b 5e 94 4e c8 14 1a 31 97 e5 ca 8e ab 45 8f a2 06 a5 bf 0f eb a3 1a 51 d8 bb 93 4e a8 18 ec 6c 6f 61 70 33 37 2b 28 be 6f 30 65 aa 78 af d0 b6 0b 5b 22 3f 9e 5b 1f 5c 45 59 e7 80 35 a5 6b 0e a3 cf 7f b9 11 5b 53 14 2a ff 97 f0 8f bf 9a fe 51 5c 9b 19 40 24 78 fb 31 95 64 6e db 10 d5 70 e2 77 b8 3d 29 2c d1 94 9d 8b 4e b8 5d 73 d9 d7 fe be 70 90 d3 d3 7c 2e d4 84 1f e3 5f 47 ec 50 33 b3 ab ce 5a 8a 7e 38 b8 93 4f 6b 12 ed 5c 61 e9
                            Data Ascii: #=p'T0idML=%T23""\{TdG93"hK<<{=A. gf+@wN\q]^N1EQNloap37+(o0ex["?[\EY5k[S*Q\@$x1dnpw=),N]sp|._GP3Z~8Ok\a
                            2024-01-09 09:02:44 UTC16384INData Raw: 80 59 33 fe 3b 41 71 22 bf 44 4a 68 12 bc f9 14 99 c7 3d a7 54 d8 12 39 b2 12 ca 47 88 4b ba 3a de 1c 2e ca ce 84 5d 6c ff cd 60 54 03 df 81 9b a8 59 a5 cd 0b 01 d8 0b 92 dd 66 2c 20 ec ed e3 95 ac 36 f5 92 1b 9d 16 59 9e 61 8b f6 ea 88 8e 99 a0 4d 27 b7 ee 59 32 ed 20 f6 1d 9e 98 3b b6 4f 30 af 43 e8 68 fd 28 50 db 5c 07 5f 22 28 58 a4 52 9e e6 dd c6 5e 6c cc 86 1d 36 2c 23 aa cb 5f 84 21 4a 7f e8 d7 92 f7 c2 a0 6e fd 4c ed 06 90 70 87 26 e9 bc a1 ec 2d 10 71 9e 66 a7 7f ae 3d 6d a0 bd 86 b3 e7 3d e1 c8 bc fb 24 0f ce bf 4e 80 4f c2 5b 5a b3 59 6b 3c cd 46 e3 23 75 42 07 c0 ff ce 51 2c 2c c6 b6 1f 06 9e 89 82 87 0c ad 9a b0 36 0f ff f2 62 88 cd 0f c8 cf 00 15 d0 01 31 b0 d9 c9 f5 aa 2a db c8 dc f6 a3 5a 45 7a 4d 8d 7a 19 8a 91 45 1b 93 45 17 fe a6 e8 5e
                            Data Ascii: Y3;Aq"DJh=T9GK:.]l`TYf, 6YaM'Y2 ;O0Ch(P\_"(XR^l6,#_!JnLp&-qf=m=$NO[ZYk<F#uBQ,,6b1*ZEzMzEE^
                            2024-01-09 09:02:44 UTC16384INData Raw: 1a cc 14 f0 f1 22 a8 9a bd 8a 75 99 f5 cc 6f 71 17 b2 95 cc 50 2e 47 1c 64 f0 68 82 43 5d ae 5a ec ae d2 62 d6 4a 5a 11 e4 2c 6a c6 09 27 9d 91 59 c8 7d ed ff d5 9c bd 1a e8 67 56 86 67 b8 fd ed d9 ca e4 60 ea 1a 2b 3b d0 e4 d2 57 fb 98 b2 14 d2 6f 11 2b 44 61 e2 0a 3e c3 be 65 64 67 77 21 9e 6e 1a 0c 61 ee 7c a3 98 45 bd 70 8a e8 73 86 97 be 3a ed 62 9f a9 1f b8 37 0c 05 8f 2a 97 35 57 44 5a ce 71 fe 68 83 8c 76 81 44 51 f8 85 3c cd 85 be 11 bc 27 6f ff 17 36 ec e8 f9 27 f3 8d 6f 34 69 06 68 e1 d7 fa e1 a1 ea e8 7b fc b7 08 ef 45 46 5a f1 14 ef 60 bd 98 b1 68 9e ac 5b ae 53 00 dd 8e 68 db 5f f2 c5 aa 03 52 ed 3b 26 be f4 20 88 57 1f f7 ca 4f 18 09 33 17 d3 df fb 75 7c 37 0a eb 33 8a 98 3a 2c 10 de 90 f0 d4 6d 16 c1 36 a5 4c 70 53 bd c5 2a 22 cc d4 b0 e6
                            Data Ascii: "uoqP.GdhC]ZbJZ,j'Y}gVg`+;Wo+Da>edgw!na|Eps:b7*5WDZqhvDQ<'o6'o4ih{EFZ`h[Sh_R;& WO3u|73:,m6LpS*"


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            4192.168.2.174972213.85.23.86443
                            TimestampBytes transferredDirectionData
                            2024-01-09 09:02:53 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lw+5d5FLtcZLsFU&MD=NP8Dn3kG HTTP/1.1
                            Connection: Keep-Alive
                            Accept: */*
                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                            Host: slscr.update.microsoft.com
                            2024-01-09 09:02:53 UTC560INHTTP/1.1 200 OK
                            Cache-Control: no-cache
                            Pragma: no-cache
                            Content-Type: application/octet-stream
                            Expires: -1
                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                            MS-CorrelationId: f0986f0d-b7cf-451c-bc10-b6ad5f84e5e7
                            MS-RequestId: b8f6b0bb-3fb4-4549-99d7-d4aa071d1145
                            MS-CV: 81CrmAlUC0qOeXoT.0
                            X-Microsoft-SLSClientCache: 2880
                            Content-Disposition: attachment; filename=environment.cab
                            X-Content-Type-Options: nosniff
                            Date: Tue, 09 Jan 2024 09:02:52 GMT
                            Connection: close
                            Content-Length: 24490
                            2024-01-09 09:02:53 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                            2024-01-09 09:02:53 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                            Session IDSource IPSource PortDestination IPDestination Port
                            5192.168.2.1749723173.222.162.58443
                            TimestampBytes transferredDirectionData
                            2024-01-09 09:02:53 UTC2197OUTPOST /threshold/xls.aspx HTTP/1.1
                            Origin: https://www.bing.com
                            Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                            Accept: */*
                            Accept-Language: en-CH
                            Content-type: text/xml
                            X-Agent-DeviceId: 01000A41090080B6
                            X-BM-CBT: 1696586925
                            X-BM-DateFormat: dd/MM/yyyy
                            X-BM-DeviceDimensions: 784x984
                            X-BM-DeviceDimensionsLogical: 784x984
                            X-BM-DeviceScale: 100
                            X-BM-DTZ: 120
                            X-BM-Market: CH
                            X-BM-Theme: 000000;0078d7
                            X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                            X-Device-ClientSession: AC9A64CD89F84E63943FA8FE73357759
                            X-Device-isOptin: false
                            X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                            X-Device-OSSKU: 48
                            X-Device-Touch: false
                            X-DeviceID: 01000A41090080B6
                            X-MSEdge-ExternalExp: asynccls1cf,bfbwsbcm0921tf,d-thshld42,fliptrat6,msaslm5t,qfswpos_t1,wsbref-t,wsbuacf
                            X-MSEdge-ExternalExpType: JointCoord
                            X-PositionerType: Desktop
                            X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                            X-Search-CortanaAvailableCapabilities: None
                            X-Search-SafeSearch: Moderate
                            X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                            X-UserAgeClass: Unknown
                            Accept-Encoding: gzip, deflate, br
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                            Host: www.bing.com
                            Content-Length: 950
                            Connection: Keep-Alive
                            Cache-Control: no-cache
                            Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=1DC02F3E55E9691B00B73C9C54F0686B&CPID=1696586926722&AC=1&CPH=4790f32e; _EDGE_S=SID=1DC02F3E55E9691B00B73C9C54F0686B; SRCHUID=V=2&GUID=1F8137B2323E40B3851AF1909FBE6E0A&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1696586886&IPMH=f2fb8120&IPMID=1696586925774&LUT=1696586525257; CortanaAppUID=99325A50A46066F842A6B684698F464A; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                            2024-01-09 09:02:53 UTC950OUTData Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 34 35 39 30 33 36 32 42 42 35 43 46 34 37 32 42 39 35 42 42 45 44 42 33 31 31 32 44 34 42 37 42 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 33 41 36 34 37 39 34 36 41 30 33 38 34 36 31 30 41 38 35 45 38 39 38 38 32 41 35 30 34 43 45 35 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43
                            Data Ascii: <ClientInstRequest><CID>4590362BB5CF472B95BBEDB3112D4B7B</CID><Events><E><T>Event.ClientInst</T><IG>3A647946A0384610A85E89882A504CE5</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"C
                            2024-01-09 09:02:53 UTC476INHTTP/1.1 204 No Content
                            Access-Control-Allow-Origin: *
                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            X-MSEdge-Ref: Ref A: E73019395A5344EE835FBFBB7F1DD634 Ref B: BY3EDGE0520 Ref C: 2024-01-09T09:02:53Z
                            Date: Tue, 09 Jan 2024 09:02:53 GMT
                            Connection: close
                            Alt-Svc: h3=":443"; ma=93600
                            X-CDN-TraceID: 0.3aa6dc17.1704790973.f85bb4da


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            6192.168.2.174972513.85.23.86443
                            TimestampBytes transferredDirectionData
                            2024-01-09 09:03:30 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lw+5d5FLtcZLsFU&MD=NP8Dn3kG HTTP/1.1
                            Connection: Keep-Alive
                            Accept: */*
                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                            Host: slscr.update.microsoft.com
                            2024-01-09 09:03:30 UTC560INHTTP/1.1 200 OK
                            Cache-Control: no-cache
                            Pragma: no-cache
                            Content-Type: application/octet-stream
                            Expires: -1
                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                            ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                            MS-CorrelationId: e54c1633-ff2a-49d5-bc9f-052b0d0f7ac3
                            MS-RequestId: f76a393f-12a3-45f1-b028-cf3374f9ef86
                            MS-CV: Rr1/vy8fJUKXaiWV.0
                            X-Microsoft-SLSClientCache: 2160
                            Content-Disposition: attachment; filename=environment.cab
                            X-Content-Type-Options: nosniff
                            Date: Tue, 09 Jan 2024 09:03:29 GMT
                            Connection: close
                            Content-Length: 25457
                            2024-01-09 09:03:30 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                            Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                            2024-01-09 09:03:30 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                            Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            7192.168.2.1749730104.114.164.1574435160C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            TimestampBytes transferredDirectionData
                            2024-01-09 09:03:42 UTC378OUTGET / HTTP/1.1
                            Host: geo2.adobe.com
                            Connection: keep-alive
                            Accept: application/json
                            Accept-Language: en-US
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            2024-01-09 09:03:43 UTC217INHTTP/1.1 200 OK
                            Content-Length: 48
                            Date: Tue, 09 Jan 2024 09:03:42 GMT
                            Connection: close
                            Content-Type: application/json
                            Throughput: low
                            Network-Type:
                            Country: RO
                            Cross-Origin-Resource-Policy: cross-origin
                            2024-01-09 09:03:43 UTC48INData Raw: 43 6f 75 6e 74 72 79 3a 20 22 52 4f 22 20 73 74 61 74 65 3a 20 22 22 20 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 65 3a 20 22 65 6e 2d 55 53 22
                            Data Ascii: Country: "RO" state: "" Accept-Language: "en-US"


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            8192.168.2.1749735172.217.2.464434716C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-01-09 09:04:11 UTC449OUTGET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000002A9380B0BC HTTP/1.1
                            Host: clients1.google.com
                            Connection: keep-alive
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: empty
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept-Encoding: gzip, deflate, br
                            2024-01-09 09:04:11 UTC817INHTTP/1.1 200 OK
                            Content-Security-Policy: script-src 'report-sample' 'nonce-GF9YM-EbFOhZ9AFZiNBuYA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                            Content-Security-Policy: script-src 'report-sample' 'nonce-rS0hFCiWCRaKJjr3xrnxiQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                            Content-Type: text/plain; charset=utf-8
                            Content-Length: 220
                            Date: Tue, 09 Jan 2024 09:04:11 GMT
                            Expires: Tue, 09 Jan 2024 09:04:11 GMT
                            Cache-Control: private, max-age=0
                            X-Content-Type-Options: nosniff
                            X-Frame-Options: SAMEORIGIN
                            X-XSS-Protection: 1; mode=block
                            Server: GSE
                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                            Connection: close
                            2024-01-09 09:04:11 UTC220INData Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 32 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 32 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 32 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 32 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 32 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 32 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 36 38 31 65 63 37 30 36 0a
                            Data Ascii: rlzC1: 1C1ONGR_enUS1092rlzC2: 1C2ONGR_enUS1092rlzC7: 1C7ONGR_enUS1092dcc: set_dcc: C1:1C1ONGR_enUS1092,C2:1C2ONGR_enUS1092,C7:1C7ONGR_enUS1092events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: 681ec706


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            9192.168.2.174973823.219.48.1554433608C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            TimestampBytes transferredDirectionData
                            2024-01-09 09:04:20 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                            Host: armmf.adobe.com
                            Connection: keep-alive
                            Accept-Language: en-US,en;q=0.9
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            If-None-Match: "78-5faa31cce96da"
                            If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                            2024-01-09 09:04:20 UTC198INHTTP/1.1 304 Not Modified
                            Content-Type: text/plain; charset=UTF-8
                            Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                            ETag: "78-5faa31cce96da"
                            Date: Tue, 09 Jan 2024 09:04:20 GMT
                            Connection: close


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:10:02:39
                            Start date:09/01/2024
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1
                            Imagebase:0x7ff6fa1e0000
                            File size:3'242'272 bytes
                            MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:1
                            Start time:10:02:40
                            Start date:09/01/2024
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2016,i,16021955280150430270,9218569801120598785,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                            Imagebase:0x7ff6fa1e0000
                            File size:3'242'272 bytes
                            MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:2
                            Start time:10:02:49
                            Start date:09/01/2024
                            Path:C:\Windows\System32\rundll32.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            Imagebase:0x7ff7542c0000
                            File size:71'680 bytes
                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:5
                            Start time:10:03:32
                            Start date:09/01/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL01-GT01.pdf
                            Imagebase:0x7ff688680000
                            File size:5'641'176 bytes
                            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:6
                            Start time:10:03:33
                            Start date:09/01/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                            Imagebase:0x7ff6fef50000
                            File size:3'581'912 bytes
                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:7
                            Start time:10:03:34
                            Start date:09/01/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1592,i,12652318734232072329,13101468371483513775,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                            Imagebase:0x7ff6fef50000
                            File size:3'581'912 bytes
                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:10
                            Start time:10:04:05
                            Start date:09/01/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL01-GT01.pdf
                            Imagebase:0x7ff688680000
                            File size:5'641'176 bytes
                            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:11
                            Start time:10:04:06
                            Start date:09/01/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                            Imagebase:0x7ff6fef50000
                            File size:3'581'912 bytes
                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:12
                            Start time:10:04:06
                            Start date:09/01/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,18087792427896453930,11597101659364907411,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                            Imagebase:0x7ff6fef50000
                            File size:3'581'912 bytes
                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:false
                            Has administrator privileges:false
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            Disassembly

                            No disassembly