Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1

Overview

General Information

Sample URL:https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1
Analysis ID:1371702
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Downloads suspicious files via Chrome
Drops password protected ZIP file
Creates files inside the system directory
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1940,i,10882735660332102158,10561879026730868476,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • rundll32.exe (PID: 3400 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • Acrobat.exe (PID: 6668 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL01-GT01.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 644 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 3996 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1684,i,4537548306538501435,3931959967124930142,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • Acrobat.exe (PID: 1012 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL03-CR02.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
  • Acrobat.exe (PID: 6080 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL20-SC01.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
  • Acrobat.exe (PID: 1412 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL11-GT09.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49731 version: TLS 1.0
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.1.237.25:443 -> 192.168.2.16:49731 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.78.8.145
Source: unknownTCP traffic detected without corresponding DNS query: 23.78.8.145
Source: unknownTCP traffic detected without corresponding DNS query: 23.78.8.145
Source: unknownTCP traffic detected without corresponding DNS query: 23.78.8.145
Source: unknownTCP traffic detected without corresponding DNS query: 23.78.8.145
Source: unknownTCP traffic detected without corresponding DNS query: 23.78.8.145
Source: unknownTCP traffic detected without corresponding DNS query: 23.78.8.145
Source: unknownTCP traffic detected without corresponding DNS query: 23.78.8.145
Source: unknownTCP traffic detected without corresponding DNS query: 23.78.8.145
Source: unknownTCP traffic detected without corresponding DNS query: 23.78.8.145
Source: unknownTCP traffic detected without corresponding DNS query: 208.111.186.0
Source: unknownTCP traffic detected without corresponding DNS query: 208.111.186.0
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1 HTTP/1.1Host: www.dropbox.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cd/0/get/CLBlPdvk3rCTP3Qaxrgc8WaL9H3Ok4DPhUGotR8_HvdXXjoXQtQ3OWSRobF-cj52m1UFsNXeIWG9lmUuwjA9n7Kpt8xtV1LN8FzkR6b_jlKUpUkRy7pbkFetYCZxTCNx4k3OX15YtWN70N3VhtwWmp2b/file?dl=1 HTTP/1.1Host: ucb0687e8dafcb77571d024410af.dl.dropboxusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ebBg3u3Dh2rt9tK&MD=S2d5C+Zw HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ebBg3u3Dh2rt9tK&MD=S2d5C+Zw HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000003AEE04D6FA HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
Source: unknownDNS traffic detected: queries for: www.dropbox.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: 8e456df4-0b14-40df-b096-dd7e85e123cc.tmp.9.dr, a52ac0dc-9bcf-4bed-8678-84b057616c49.tmp.9.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49738 version: TLS 1.2

System Summary

barindex
Downloads suspicious files via Chrome
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile dump: C:\Users\user\Downloads\pdf.zip (copy)Jump to dropped file
Drops password protected ZIP file
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: pdf.zip.crdownload.0.drZip Entry: encrypted
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_6344_1857352200Jump to behavior
Source: classification engineClassification label: mal48.win@36/55@12/9
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-01-09 11-40-57-248.logJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1940,i,10882735660332102158,10561879026730868476,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL01-GT01.pdf
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1684,i,4537548306538501435,3931959967124930142,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL03-CR02.pdf
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL20-SC01.pdf
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL11-GT09.pdf
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1940,i,10882735660332102158,10561879026730868476,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1684,i,4537548306538501435,3931959967124930142,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfgJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: pdf.zip.crdownload.0.drBinary or memory string: MWRdoQEMux
Source: pdf.zip.crdownload.0.drBinary or memory string: Vmci<

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		11
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Rundll32		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic Duplication1
Ingress Tool Transfer		Data DestructionVirtual Private ServerEmployee Names

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1371702 URL: https://www.dropbox.com/scl... Startdate: 09/01/2024 Architecture: WINDOWS Score: 48 39 Drops password protected ZIP file 2->39 41 Downloads suspicious files via Chrome 2->41 7 chrome.exe 20 2->7         started        11 Acrobat.exe 65 2->11         started        13 Acrobat.exe 41 2->13         started        15 3 other processes 2->15 process3 dnsIp4 35 192.168.2.16, 443, 49704, 49722 unknown unknown 7->35 37 239.255.255.250 unknown Reserved 7->37 25 C:\Users\user\Downloads\pdf.zip (copy), Zip 7->25 dropped 17 chrome.exe 7->17         started        20 AcroCEF.exe 72 11->20         started        file5 process6 dnsIp7 27 accounts.google.com 142.250.111.84, 443, 49724 GOOGLEUS United States 17->27 29 clients.l.google.com 142.250.190.142, 443, 49725 GOOGLEUS United States 17->29 31 8 other IPs or domains 17->31 22 AcroCEF.exe 6 20->22         started        process8 dnsIp9 33 23.78.8.145 AS6453US United States 22->33

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=10%VirustotalBrowse
https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=10%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
edge-block-www-env.dropbox-dns.com0%VirustotalBrowse
www-env.dropbox-dns.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://chrome.cloudflare-dns.com0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.111.84
truefalse
    		high
    edge-block-www-env.dropbox-dns.com
    		162.125.3.15
    		truefalseunknown
    www-env.dropbox-dns.com
    		162.125.3.18
    		truefalseunknown
    www.google.com
    		142.250.191.228
    		truefalse
      		high
      clients.l.google.com
      		142.250.190.142
      		truefalse
        		high
        clients1.google.com
        		unknown
        		unknownfalse
          		high
          ucb0687e8dafcb77571d024410af.dl.dropboxusercontent.com
          		unknown
          		unknownfalse
            		high
            clients2.google.com
            		unknown
            		unknownfalse
              		high
              www.dropbox.com
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1false
                  		high
                  https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1false
                    		high
                    https://ucb0687e8dafcb77571d024410af.dl.dropboxusercontent.com/cd/0/get/CLBlPdvk3rCTP3Qaxrgc8WaL9H3Ok4DPhUGotR8_HvdXXjoXQtQ3OWSRobF-cj52m1UFsNXeIWG9lmUuwjA9n7Kpt8xtV1LN8FzkR6b_jlKUpUkRy7pbkFetYCZxTCNx4k3OX15YtWN70N3VhtwWmp2b/file?dl=1false
                      		high
                      https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                        		high
                        https://clients1.google.com/tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000003AEE04D6FAfalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://chrome.cloudflare-dns.com8e456df4-0b14-40df-b096-dd7e85e123cc.tmp.9.dr, a52ac0dc-9bcf-4bed-8678-84b057616c49.tmp.9.drfalse
                          • URL Reputation: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          142.250.190.142
                          		clients.l.google.comUnited States
                          		15169GOOGLEUSfalse
                          23.78.8.145
                          		unknownUnited States
                          		6453AS6453USfalse
                          142.250.191.228
                          		www.google.comUnited States
                          		15169GOOGLEUSfalse
                          142.250.191.206
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          142.250.111.84
                          		accounts.google.comUnited States
                          		15169GOOGLEUSfalse
                          239.255.255.250
                          		unknownReserved
                          		unknownunknownfalse
                          162.125.3.18
                          		www-env.dropbox-dns.comUnited States
                          		19679DROPBOXUSfalse
                          162.125.3.15
                          		edge-block-www-env.dropbox-dns.comUnited States
                          		19679DROPBOXUSfalse

                          Private

                          IP
                          192.168.2.16

                          General Information

                          Joe Sandbox version:38.0.0 Ammolite
                          Analysis ID:1371702
                          Start date and time:2024-01-09 11:40:00 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 4m 42s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Sample URL:https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:16
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal48.win@36/55@12/9
                          EGA Information:Failed
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 0
                          • Number of non-executed functions: 0

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                          • Excluded IPs from analysis (whitelisted): 142.251.32.3, 34.104.35.123, 192.229.211.108, 104.114.164.157, 54.224.241.105, 18.213.11.84, 34.237.241.83, 50.16.47.176, 172.64.41.3, 162.159.61.3, 104.123.153.19, 104.123.153.18, 23.213.53.134, 23.213.53.137, 142.250.190.131
                          • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, geo2.adobe.com
                          • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing network information.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          11:41:45API Interceptor3x Sleep call for process: Acrobat.exe modified

                          Joe Sandbox View / Context

                          IPs

                          No context

                          Domains

                          No context

                          ASNs

                          No context

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):290
                          Entropy (8bit):5.090359914714975
                          Encrypted:false
                          SSDEEP:6:HOcIRTkyq2PRN2nKuAl9OmbnIFUt8+OcIRTTLFz1Zmw++OcIRTTLFlRkwORN2nKZ:HOpvaHAahFUt8+ODR1/++ODx5JHAaSJ
                          MD5:295840433682439B1607E86334D3921A
                          SHA1:9AB6A16026884BF79AA0A4E56B10DA0FB6DC309A
                          SHA-256:AFBD12817FC5E159A68AE940E3172CD147EF2BAA906A4BA5420A208F26AF5193
                          SHA-512:A07940D74346243F001A7FD6EB46D2C5614B92158097D15FE05247AB327A7F307C15FC1562852482767BED6DEB1FE560EFA29312DDD3F4CB04D2574EA1473DFC
                          Malicious:false
                          Reputation:low
                          Preview:2024/01/09-11:40:55.040 1a50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/01/09-11:40:55.041 1a50 Recovering log #3.2024/01/09-11:40:55.041 1a50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):290
                          Entropy (8bit):5.090359914714975
                          Encrypted:false
                          SSDEEP:6:HOcIRTkyq2PRN2nKuAl9OmbnIFUt8+OcIRTTLFz1Zmw++OcIRTTLFlRkwORN2nKZ:HOpvaHAahFUt8+ODR1/++ODx5JHAaSJ
                          MD5:295840433682439B1607E86334D3921A
                          SHA1:9AB6A16026884BF79AA0A4E56B10DA0FB6DC309A
                          SHA-256:AFBD12817FC5E159A68AE940E3172CD147EF2BAA906A4BA5420A208F26AF5193
                          SHA-512:A07940D74346243F001A7FD6EB46D2C5614B92158097D15FE05247AB327A7F307C15FC1562852482767BED6DEB1FE560EFA29312DDD3F4CB04D2574EA1473DFC
                          Malicious:false
                          Reputation:low
                          Preview:2024/01/09-11:40:55.040 1a50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/01/09-11:40:55.041 1a50 Recovering log #3.2024/01/09-11:40:55.041 1a50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):331
                          Entropy (8bit):5.129713485150822
                          Encrypted:false
                          SSDEEP:6:HOcIRTH1yq2PRN2nKuAl9Ombzo2jMGIFUt8+OcIRTkQ/1Zmw++OcIRTkQpRkwORn:HO31yvaHAa8uFUt8+Of/++ObR5JHAa8z
                          MD5:61D1DBEEFF14FA234CE4D3C3BCBB44C4
                          SHA1:D2451E309EAF2C3E95958EE518623A2C3BEF631B
                          SHA-256:80894FAD8386F99F6760993CADEDFE53AF386C779AA387C5DAFC876519511D70
                          SHA-512:4EFABE1634D9DE6A67DE0192FDD327A2B666971A21A819FEC098D26CC094616A0E8B4124E1F52AF56907DEF5AA5E6173E3729C4205E105CD769C1A7AB81D4027
                          Malicious:false
                          Reputation:low
                          Preview:2024/01/09-11:40:55.092 d54 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/01/09-11:40:55.094 d54 Recovering log #3.2024/01/09-11:40:55.094 d54 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):331
                          Entropy (8bit):5.129713485150822
                          Encrypted:false
                          SSDEEP:6:HOcIRTH1yq2PRN2nKuAl9Ombzo2jMGIFUt8+OcIRTkQ/1Zmw++OcIRTkQpRkwORn:HO31yvaHAa8uFUt8+Of/++ObR5JHAa8z
                          MD5:61D1DBEEFF14FA234CE4D3C3BCBB44C4
                          SHA1:D2451E309EAF2C3E95958EE518623A2C3BEF631B
                          SHA-256:80894FAD8386F99F6760993CADEDFE53AF386C779AA387C5DAFC876519511D70
                          SHA-512:4EFABE1634D9DE6A67DE0192FDD327A2B666971A21A819FEC098D26CC094616A0E8B4124E1F52AF56907DEF5AA5E6173E3729C4205E105CD769C1A7AB81D4027
                          Malicious:false
                          Reputation:low
                          Preview:2024/01/09-11:40:55.092 d54 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/01/09-11:40:55.094 d54 Recovering log #3.2024/01/09-11:40:55.094 d54 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8e456df4-0b14-40df-b096-dd7e85e123cc.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):403
                          Entropy (8bit):4.953858338552356
                          Encrypted:false
                          SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                          MD5:4C313FE514B5F4E7E89329630909F8DC
                          SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                          SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                          SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):403
                          Entropy (8bit):4.953858338552356
                          Encrypted:false
                          SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                          MD5:4C313FE514B5F4E7E89329630909F8DC
                          SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                          SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                          SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF492fb7.TMP (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):403
                          Entropy (8bit):4.953858338552356
                          Encrypted:false
                          SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                          MD5:4C313FE514B5F4E7E89329630909F8DC
                          SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                          SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                          SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a52ac0dc-9bcf-4bed-8678-84b057616c49.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:modified
                          Size (bytes):403
                          Entropy (8bit):4.98907081643162
                          Encrypted:false
                          SSDEEP:12:YHO8sqFXI0WsBdOg2H7gcaq3QYiubrP7E4T3y:YXsmt7dMH33QYhbz7nby
                          MD5:911B3E9F7938ACABDB3896CA7A5C9E6F
                          SHA1:5D601D5A3B02F3523E2B8FF286D8D63A88757474
                          SHA-256:68ECF261039979D58743306A644E29FED40D78420F044A2621C187EAC6BE3527
                          SHA-512:1BDEC925845129A587919A8E493F0A7A4B5F96C09CF78703A1EC7E1DA78C81642BBA36B4D4D37DA97406339CC6D5A51CE0B9906BCB34674A2385F2D41FE8715E
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13349356868580085","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":107536},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4099
                          Entropy (8bit):5.223967504752798
                          Encrypted:false
                          SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeqcKx4G+a:OLT0bTIeYa51Ogu/0OZARBT8kN88XKxp
                          MD5:DA6AD096D2289C4CE0D6A1E67E253F80
                          SHA1:E11C83B1C5B7A72D88CC988476507A818BC495F3
                          SHA-256:C84CE9976D2AEA33AE77520BD12E65E8E80F19FB8B5EB7B8C2D06E10225712FD
                          SHA-512:ADF801C9FE27E14445212D3231897E2FEB71BD8C25165F8C98FAF5C453F3BB812A95587773C09B9FFE1ABB05995C3B5CB48A2AEEAC23D6EBF7A75D9C974A487E
                          Malicious:false
                          Reputation:low
                          Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):319
                          Entropy (8bit):5.157862608950235
                          Encrypted:false
                          SSDEEP:6:HOcIRSpyq2PRN2nKuAl9OmbzNMxIFUt8+OcIRBrWj1Zmw++OcIRBCylRkwORN2nv:HOOpyvaHAa8jFUt8+OsJ/++OMeR5JHAo
                          MD5:B689699C89EDEF5C3599661E8FBBD932
                          SHA1:32661DF1C5307A0ED10323782B7104AD4F2642FC
                          SHA-256:87A35B817F15F4D9B84AA433E0006C6E6C703CE71851758F7BCA5293A157BF1C
                          SHA-512:9BE2B3A13B9B293542CD05C489232A9D8CF7947A7CFE66A00D374AA37DE15DED884AEEC5510DBE2460396DB336CF166BFC6CF46DCFC5117BDD2F8AE6DA65B8E9
                          Malicious:false
                          Reputation:low
                          Preview:2024/01/09-11:40:55.301 d54 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/01/09-11:40:55.312 d54 Recovering log #3.2024/01/09-11:40:55.313 d54 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):319
                          Entropy (8bit):5.157862608950235
                          Encrypted:false
                          SSDEEP:6:HOcIRSpyq2PRN2nKuAl9OmbzNMxIFUt8+OcIRBrWj1Zmw++OcIRBCylRkwORN2nv:HOOpyvaHAa8jFUt8+OsJ/++OMeR5JHAo
                          MD5:B689699C89EDEF5C3599661E8FBBD932
                          SHA1:32661DF1C5307A0ED10323782B7104AD4F2642FC
                          SHA-256:87A35B817F15F4D9B84AA433E0006C6E6C703CE71851758F7BCA5293A157BF1C
                          SHA-512:9BE2B3A13B9B293542CD05C489232A9D8CF7947A7CFE66A00D374AA37DE15DED884AEEC5510DBE2460396DB336CF166BFC6CF46DCFC5117BDD2F8AE6DA65B8E9
                          Malicious:false
                          Reputation:low
                          Preview:2024/01/09-11:40:55.301 d54 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/01/09-11:40:55.312 d54 Recovering log #3.2024/01/09-11:40:55.313 d54 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                          Category:dropped
                          Size (bytes):57344
                          Entropy (8bit):3.291927920232006
                          Encrypted:false
                          SSDEEP:192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
                          MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                          SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                          SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                          SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                          Malicious:false
                          Reputation:low
                          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):16928
                          Entropy (8bit):1.2150706231059563
                          Encrypted:false
                          SSDEEP:24:7+tuFvqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+s:7M0qLmFTIF3XmHjBoGGR+jMz+Lhv3
                          MD5:442E4FC942100A2BBBA30D0EAFAC17D6
                          SHA1:C441D197BB3489E78D48BFB5657B8622C09CF5A4
                          SHA-256:627EE2ACBEF7898AEC4618CFE13B1B7731BE4F0354C00AB3FE6C37E10CAC249B
                          SHA-512:F02C94AB89722389CA8498B9C54173764DE5E052D81CF9BF562729A078229643372A6254373FDF69FFCF37A66D0B783A6A7E2FE9A5EDC3BB3F69DB32AA215959
                          Malicious:false
                          Reputation:low
                          Preview:.... .c........v........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):1233
                          Entropy (8bit):5.233980037532449
                          Encrypted:false
                          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                          MD5:8BA9D8BEBA42C23A5DB405994B54903F
                          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                          Malicious:false
                          Reputation:low
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1004

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):1233
                          Entropy (8bit):5.233980037532449
                          Encrypted:false
                          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                          MD5:8BA9D8BEBA42C23A5DB405994B54903F
                          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                          Malicious:false
                          Reputation:low
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):1233
                          Entropy (8bit):5.233980037532449
                          Encrypted:false
                          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                          MD5:8BA9D8BEBA42C23A5DB405994B54903F
                          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                          Malicious:false
                          Reputation:low
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):10880
                          Entropy (8bit):5.214360287289079
                          Encrypted:false
                          SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                          MD5:B60EE534029885BD6DECA42D1263BDC0
                          SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                          SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                          SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                          Malicious:false
                          Reputation:low
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.1004

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):10880
                          Entropy (8bit):5.214360287289079
                          Encrypted:false
                          SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                          MD5:B60EE534029885BD6DECA42D1263BDC0
                          SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                          SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                          SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                          Malicious:false
                          Reputation:low
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.348219012065275
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXeyI4mRhJ2OQ5IRR4UhUR0Ysj/qoAvJM3g98kUwPeUkwRe9:YvXKXL+RhVQWRuUhUgDZGMbLUkee9
                          MD5:7AFF5E8A9075E4CDA96DF16F71A12762
                          SHA1:8D8FF48C8C2746212DEA8FFB411381E9D6089CA3
                          SHA-256:D9FEE67CBDE94CB00022DBCC2DB9D0E5B5CAABDFBABCD82B6861D5FE84C2F88A
                          SHA-512:9C3365F7FE46971377C764D4AFBB2E7247E5CBDFFCD5D372ECEDCECF9EF151477C488187EA60CDC2118AE788C55862AED9C88200D84F6588AC1AAF11EC112EEC
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.296520439878867
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXeyI4mRhJ2OQ5IRR4UhUR0Ysj/qoAvJfBoTfXpnrPeUkwRe9:YvXKXL+RhVQWRuUhUgDZGWTfXcUkee9
                          MD5:41AA3BE50B3222B7F8E5D1046FB86258
                          SHA1:62FCACB6E2496683AE5410535A2ED04DF88BFE0B
                          SHA-256:C3D6A2E85D867DEDB9568228C18FDF02D775C53ED6CFDEE6F93B57E4F3CE9880
                          SHA-512:C77D6C48D87170EA83D46DFE54163DB39468FB161219CDFD03D7CF492B84195524AD115106ED5DA3B661D22F2287811B99F73351AF740633DF4E94A96E109448
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.274659354624134
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXeyI4mRhJ2OQ5IRR4UhUR0Ysj/qoAvJfBD2G6UpnrPeUkwRe9:YvXKXL+RhVQWRuUhUgDZGR22cUkee9
                          MD5:A64C63D4B1FA35E333DFC43A36CBC209
                          SHA1:32940FF21DF752220FF3F8F49B06F7ADAB766BF7
                          SHA-256:90920099453947DC48C2C75432F37BC57D2FDCFAE61322E9922D6F121217DF7C
                          SHA-512:903F432723431CE9B1C77B9A23AAD6A9996C7CA9880E97BF87034CBB9A66C3FEB248E0475D00EBDA105A9D976AE23A49074C3DA7E4FC24F99D34A49829E8D67A
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):285
                          Entropy (8bit):5.336067819253571
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXeyI4mRhJ2OQ5IRR4UhUR0Ysj/qoAvJfPmwrPeUkwRe9:YvXKXL+RhVQWRuUhUgDZGH56Ukee9
                          MD5:C8061D738D2CBA7BE349B22D4F90A46D
                          SHA1:31D10AE27BEF4D61C23171587A2DD3ED8B315DF8
                          SHA-256:F50031F6012FC066B3651D655692668192A35CBBE7CE437F8F73C0302C7A2439
                          SHA-512:F78D0DE852E2F818C3A17E4119C356676FF10481126023E94E810B92E8D4554C5E01E2D12935B7274FB2D1C9170A2113FF485B3106FD62E16E757A102E979CE1
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1255
                          Entropy (8bit):5.686551070765311
                          Encrypted:false
                          SSDEEP:24:Yv6Xi3bUgapLgEsv4ce3KnctSrymTBcu14wChluBks8ctq3HIj:YvtLUhhgnvjRrNTB5OJhABks8c2HS
                          MD5:2768B877D05C2B46D6DF7F186ED8D52E
                          SHA1:BA41B0B71633AE27C6C4AA8CAA282AD1780C9043
                          SHA-256:D2D28CED0C9CE314610AA70A877479A4A7982B20A5FA64458BBFD9861B1B9ED2
                          SHA-512:F3718DB3E333103785BADDC29D23621802ADC11D523147DE712C9084481C39943CC8F7CCDB485156AB646632219B41BFA3F3AA570FE990C81C2DD0014C96F221
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_0","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"f7fa0e9f-7d25-4321-b719-c501bbb8a162","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJDb252ZXJ0IGZpbGVzIHRvIGFuZCBmcm9tIFBERiBcbndpdGhvdXQgbGltaXRzLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5k

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1250
                          Entropy (8bit):5.695230825273625
                          Encrypted:false
                          SSDEEP:24:Yv6Xi3bUg8VLgEsy4c19ZrGmTBcu14wCh5rgos8ctq3HIj:YvtLU9Fgnyl9ZrBTB5OJhFgos8c2HS
                          MD5:BEE9DA147E64102497D2FEF3DF0A4EF1
                          SHA1:6E13CFA37B646132D944A133D185E55257311C7D
                          SHA-256:096169DEDFD24BCA27FF49F4686D7D18501D6A4047D2D2AEE4C07DED2FE07BDB
                          SHA-512:00E866402AA9A84096F13999FFD0D4A64D10F5B891A084013E3CD70300A5F54E3514C3227F6D005A908A279DD04D303204846DC4AD669FAB835F6A5C0EDC96B2
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_1","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"250f56c6-2d66-4fca-8033-eabbd2bc9951","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJDb252ZXJ0LCBlZGl0IGFuZCBlLXNpZ24gUERGXG4gZm9ybXMgJiBhZ3JlZW1lbnRzLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5kX2Nvb

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.283779587856065
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXeyI4mRhJ2OQ5IRR4UhUR0Ysj/qoAvJfQ1rPeUkwRe9:YvXKXL+RhVQWRuUhUgDZGY16Ukee9
                          MD5:CA7B2F5423625CB31EB4D0631003353C
                          SHA1:2C73AB2650DA8F56E8FC1CC58A36A6CDAB239168
                          SHA-256:663BB045DA8DB4C8551CC7C8A370B67A740F2964913F86C4411D0429DED7333F
                          SHA-512:F18862EB752F6475CB2A361940DD728B6A53D661E51FAF97D6D77ADE479C8B78B2D8BC521AB35D975D85BB0D4DD2308D09B152625A4CCA5B1AC2CD8AF2876D06
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1230
                          Entropy (8bit):5.677455166126387
                          Encrypted:false
                          SSDEEP:24:Yv6Xi3bUgh2LgEsk4ccVrhmTBcu14wChds8ctq3HIj:YvtLU8ognkMVrYTB5OJhds8c2HS
                          MD5:04BAA2D8C6B931C065B8C9F4061F8FFF
                          SHA1:71D7B67EA496CB644CA560B31F1E78AA1F112890
                          SHA-256:1D9482AF6B74C912FBF757B0437BE9D96D524CBDA28393CCCC1CCB4295F3DA28
                          SHA-512:9182422D309E0342BBB21A82EE979555B687E8B9F05D7E1396734B74FB4F5E7562F4923F4991D4495981B9B1B5050D4BB00169FFC31F6702E5F359F9ABC5D494
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_3","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"07caa165-20a7-4c5f-adf8-061ef3d98af3","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5kX2NvbG9yX2RhcmtfdGhlbWUiO

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1368
                          Entropy (8bit):5.741590120712406
                          Encrypted:false
                          SSDEEP:24:Yv6Xi3bUghKLgEGcooZbq0jCaBrwJoZct5uWaHbX3HIj:YvtLU8EgNoNtlSJEc3uWaHbHHS
                          MD5:86B2E5EA21DD9FAAE50F2A6D10AA6254
                          SHA1:2C7568D877AA1B23C5D2EEC3269B5C7E2E90B05D
                          SHA-256:362D8B14B117C224B3F233FABA4E914AA138018A2DFF725D2DAD18F68FD3CE02
                          SHA-512:0B69762FFB2377C06517C388C677E169164B94B52F72BE99B820E1514A1F5274BBC65339E5B382C319A9B4DAEDEAAE13C0195DFF4560086E05CC48554EA5D6DF
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"70654_217714ActionBlock_0","campaignId":70654,"containerId":"1","controlGroupId":"","treatmentId":"692283b7-dc9d-4f79-9ee2-bccf324c2980","variationId":"217714"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNyIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTEiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBhbGwgUERGIGFuZCBlLXNpZ25pbmcgdG9vbHMuIiwiYmFja2d

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.286842398987049
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXeyI4mRhJ2OQ5IRR4UhUR0Ysj/qoAvJfYdPeUkwRe9:YvXKXL+RhVQWRuUhUgDZGg8Ukee9
                          MD5:C2E7D606FE3245AA21658858B59FF5A0
                          SHA1:4E99DD404BE678D1B19ACA520D3F26EB2667F758
                          SHA-256:810C59458F9748448B33600A5C1113FBE664FBA493FD4A104CE53A9F1C711AF5
                          SHA-512:512F43484AA5114A968784C264977D2EAA6896C712C357DE6E1E470993971343C26B48478CDCD729478BF33ABCE2AF37EEA4BC58A67D90AAB82CCC109E293167
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1395
                          Entropy (8bit):5.76664202182388
                          Encrypted:false
                          SSDEEP:24:Yv6Xi3bUgsrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNHJn:YvtLUzHgDv3W2aYQfgB5OUupHrQ9FJn
                          MD5:42A1BB0CBB3DA8DDEBBBD0AC81B6EDCA
                          SHA1:DFF96F20C18F59637D5770AF12B4D71D88811D24
                          SHA-256:4BD96C1065659FCC2378715030B6D1B2497674ACC52E399213D23D5CC3024112
                          SHA-512:ED6E779747643B991D6CAE4AD9721488E5A5318A57535A1470FF6B1D2FE1EE1A898DEFD925E110667EDF6E5471E0BB062F77C8230A8A39F9A421A3C9B8B67BE1
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):291
                          Entropy (8bit):5.270479926908425
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXeyI4mRhJ2OQ5IRR4UhUR0Ysj/qoAvJfbPtdPeUkwRe9:YvXKXL+RhVQWRuUhUgDZGDV8Ukee9
                          MD5:D57FA034AE0AC2EF8BB84D2E20DAB239
                          SHA1:DFE423DCC0602D0D0EB6A7C519AF9C7C08F2B805
                          SHA-256:19A956D79E0BB3B5A0F356652A1986EF15C40E339C01FFB0AC7C42D5A1F03C00
                          SHA-512:6C4116501DCB9A54BA3B3607C2983007F6F3C497EB69A0983EB92BD6EC703A2C616170A3B5705519E914787829E0E4F0F4E712173510760DC4895A5D7B4AF04E
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):287
                          Entropy (8bit):5.274519094462423
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXeyI4mRhJ2OQ5IRR4UhUR0Ysj/qoAvJf21rPeUkwRe9:YvXKXL+RhVQWRuUhUgDZG+16Ukee9
                          MD5:9D341AF95E4D249B482A966BC20551BA
                          SHA1:7A5259486464C0C370D8310AD7426CEDE1DA22A5
                          SHA-256:E18F65546DEACCA7AF77A47D64B1A2022DB2E21C2152B8B92FB877FAA011C588
                          SHA-512:3AD1B5992E8CD457DAE8D4282970B2081D6B2CA21AC6C33961FE94579936B8B93C98F8946CE446AD8B032C997A1BCD59739AC4D2EFCA5C992620086043FD89D6
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1250
                          Entropy (8bit):5.709096286554842
                          Encrypted:false
                          SSDEEP:24:Yv6Xi3bUgGamXayLgEs54c3drNaHmTBcu14wChqx+plVCV9FJN3HIj:YvtLUtBgn5drpTB5OJhr9Q9FJ9HS
                          MD5:0FC70049AE13D06082ADD12EF4B0BBC7
                          SHA1:BBCAB953D2015DFE896ECC05C738B19ED5F4C233
                          SHA-256:6E1A8F285D3A8F3B0133D0463B1E96D9ED74B3A0C7B46C0D2C709EDAB99A8BD7
                          SHA-512:8140AA6AF46F4922679E75860B5D1C4089EFF36D90094D809168E23B1F360B81FF005CBDC9A0C675D7ED50295835E82EEF3340B09D1DEAB59650F11EA8B88CFA
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_2","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"8deb148d-1a64-4e57-9648-e8bf939c598e","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJTZW5kIGRvY3VtZW50cyAmIGZvcm1zIFxuZm9yIGZhc3QgZS1zaWduaW5nIG9ubGluZS4iLCJiYWNrZ3JvdW5kX3N0eWxpbmciOnsiYmFja2dyb3VuZF9jb

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):4824
                          Entropy (8bit):5.807236694547929
                          Encrypted:false
                          SSDEEP:48:YvtLU3fglCw3zOuMOskxBMHwEIGy6XOskBBMH4AVEIQrEIGQ6eOLwBMHWO2wYdgR:GtLUPglhEC+TZb+RLQTbRwDwda+sTXwZ
                          MD5:DDCD21BE68FD6AE8E8234639FC1DDF65
                          SHA1:A342B92CB35A642F5ABE792DBD41CB98BD1B6263
                          SHA-256:34657FBE200C9E2E75418CBBAE6A5C8E9B07D482B107D3DEFFAEB79E8F5E7419
                          SHA-512:89A9E75860FAD71D9B93EFB466FB68F60A40835C8E4BB660454BD4882A7C6579E077EA17A57DA0A533699688BD07E8678B3391B5F2EE0CFE804BF397746D6051
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Upsell_Cards"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"72064_221945ActionBlock_0","campaignId":72064,"containerId":"1","controlGroupId":"","treatmentId":"c9187c9e-f9f8-4083-a73e-553593a2948e","variationId":"221945"},"containerId":1,"containerLabel":"JSON for DC Reader Upsell Cards","content":{"data":"eyJSZWRhY3RQREYiOnsiZGF0YVR5cGUiOiJ1cmwiLCJkYXRhIjp7ImxpZ2h0IjoiaHR0cHM6Ly9jdnMuYWRvYmUuY29tL2NvbnRlbnQvZGFtL2N2cy9hY3JvYmF0ZGVza3RvcC91cHNlbGxjYXJkcy9yZ3MwMjkyL3Y1L2luZGV4Lmh0bWw\/ZXhwZXJpZW5jZT1yZWRhY3R8ZW58MXxsaWdodCIsImRhcmsiOiJodHRwczovL2N2cy5hZG9iZS5jb20vY29udGVudC9kYW0vY3ZzL2Fjcm9iYXRkZXNrdG9wL3Vwc2VsbGNhcmRzL3JnczAyOTIvdjUvaW5kZXguaHRtbD9leHBlcmllbmNlPXJlZGFjdHxlbnwxfGRhcmsif

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):782
                          Entropy (8bit):5.359736135865102
                          Encrypted:false
                          SSDEEP:12:YvXKXL+RhVQWRuUhUgDZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW/:Yv6Xi3bUgR168CgEXX5kcIfANhIj
                          MD5:31289E5DD5783A386EEEA2CE4363005E
                          SHA1:630733D1FE80556D020FC81BFB092B753B1020C8
                          SHA-256:FF0D26004D100C8CF99829065780C392A6C2592D8C378B738FC8B50A226D3886
                          SHA-512:E4C48E811CC69D622A16ECD6F4D2FEB3B5DA1DD7108321348C092ECF6DF779A8D47D393B254C30BE34E8CF47B56C0ADDC35867E9D3C4D7B35A349435C450ACEA
                          Malicious:false
                          Reputation:low
                          Preview:{"analyticsData":{"responseGUID":"b3a3dc90-6e34-4edd-abac-ba35c0bba744","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1704973425697,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1704796860730}}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4
                          Entropy (8bit):0.8112781244591328
                          Encrypted:false
                          SSDEEP:3:e:e
                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                          Malicious:false
                          Reputation:low
                          Preview:....

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2819
                          Entropy (8bit):5.141914910478891
                          Encrypted:false
                          SSDEEP:24:YNE31GIaY3ayF70i7yxxd6I79vwfbERC3RnhSJJHaE3upMO7fPj/5qvj0SxC2P1S:Y69S7VRP4Bh2HZexn+A61126fe13h9d
                          MD5:1D149DBE35DD74123AC78DE7ACC7F5F3
                          SHA1:EC706C6A09E7C6BAC4DBF40494647497CA7C6D6F
                          SHA-256:87D48B23A86596822DD69C24934CC8E10C668B0991265580F2F4F3C8DBBB2BCD
                          SHA-512:F4958F491C3249BCA64F8F3F94BFEE0E470BFF148576D341736B2918B3FF602EF3AF76145FE933887CBBC5407B9C4C2700D570635BDEDDA7D03C3E1DDC0DC359
                          Malicious:false
                          Reputation:low
                          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"f9266ae0e5f917aa0f8aebc2c3f5a9e5","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1704796946000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"2cbb2cf7ca057b670416fc62fc11fe4e","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1704796859000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1fc58db5583afd8bfc6bf19030c41dcf","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1368,"ts":1704796859000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"ab13cb56f687690011d9147630e42559","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1230,"ts":1704796859000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"eec659fcea0a28c3ebc4597b8896eeb9","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1704796859000},{"id":"DC_Reader_Upsell_Cards","info":{"dg":"e43519b625b221d82f459d70d3c880bc","sid":"DC_Reader_Upsell_Cards"},"mimeType":"file","size":482

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):0.9884396920636938
                          Encrypted:false
                          SSDEEP:24:TLHRx/XYKQvGJF7urs67Y9QmQ6Qe+e0IcLESiAieWe0F:TVl2GL7ms67YXtrBcI8m
                          MD5:1BD8EA31A98BE2CA3D19F61CB7C0BA0E
                          SHA1:F40ADA62E8D21222A8E027E2A85C33D83BDDDD13
                          SHA-256:8F392416CAFEF5B2C4E904862476A70165F1E24E6DFD18165BA0594C9C014293
                          SHA-512:A7A58BC9EB9C35B9370CC85DFFE40C5994C911F1FA2D3588549FCDAFDF124EC8C5B8F29F8319BD4A4C5CE701F697EC9D6A6A1707CB486C8AF7827E69B0FA3F54
                          Malicious:false
                          Reputation:low
                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):1.3454593150839023
                          Encrypted:false
                          SSDEEP:24:7+tYASY9QmQ6Qe+e07cLESiAi0mY9Q+qLBx/XYKQvGJF7ursh:7MYlYXtrmcI8KYTqll2GL7msh
                          MD5:4AE2E37A55F326805DE1DA34A4E6A090
                          SHA1:3295A15EA5D22CC737D125BF90FB4A3B3BD5CB83
                          SHA-256:EEDF04E776B60A977B72C5388317904E923B37F036D2F2866640B217A92201E9
                          SHA-512:17610298957868295D7963BE3708C5393864239059B982560BFF106490B15A52636A24E18676B7CD7B329C7F2BA30B0F8A7ADF6B8D48BEA3FBAA64B6C1910EFB
                          Malicious:false
                          Reputation:low
                          Preview:.... .c......Q.l......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):66726
                          Entropy (8bit):5.392739213842091
                          Encrypted:false
                          SSDEEP:768:RNOpblrU6TBH44ADKZEgWMNMEdjlojQzuChSgvZIB8RYyu:6a6TZ44ADExNXdjGQz/DRK
                          MD5:0D227ACC7C11815382D2BFCE828046BE
                          SHA1:EC4772794965C11707BDBE6AF80CAD33F19B19A2
                          SHA-256:12506E1E38CDA51D5F680F1AA79ECC590391B745A0EBFA92C7F51942C2763DDF
                          SHA-512:615FD8149B5F0BF52A2E367129FE7CB1C8878F433AFD22BF93A7637497DB1611D271BA083404E9909B62149BFEACAE09AC0B8C27B2BBDF36F27A8DABDF3F4215
                          Malicious:false
                          Reputation:low
                          Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                          C:\Users\user\AppData\Local\Temp\MSI8252d.LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):246
                          Entropy (8bit):3.4953527754662135
                          Encrypted:false
                          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88RQaxH:Qw946cPbiOxDlbYnuRKLQ8H
                          MD5:65DFEDE4E09B4D2CBC802E5F51E3855D
                          SHA1:C58FAFF700CC9C8D530C16BBFAA25DF0945217FF
                          SHA-256:4ED86304AD9335B3861E3B40692D910E15B43427B4F52558AC0C687935C81F39
                          SHA-512:7A49229B643661DB31DC3EEEA3E8A73DFD962A3C5D6A7BB48A9F3A39DCCCB854D0C640B735EEA712B1601E9487537C22E8B56B1DE58BB5744E325BC1875EEABF
                          Malicious:false
                          Reputation:low
                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.9./.0.1./.2.0.2.4. . .1.1.:.4.1.:.0.2. .=.=.=.....

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-01-09 11-40-57-248.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393)
                          Category:dropped
                          Size (bytes):16525
                          Entropy (8bit):5.353642815103214
                          Encrypted:false
                          SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
                          MD5:91F06491552FC977E9E8AF47786EE7C1
                          SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                          SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                          SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                          Malicious:false
                          Reputation:low
                          Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393), with CRLF line terminators
                          Category:dropped
                          Size (bytes):15114
                          Entropy (8bit):5.3565184869993825
                          Encrypted:false
                          SSDEEP:384:Az12NfkvsKA313MrV09hHuzfcJLDIXZhlMwvKEOa0xAtgE11mJ4bYbO3z9vj8cAF:+Q3
                          MD5:94D35E52281DEAB19090B6013D8AB484
                          SHA1:5E2034243CA35A482A700F9ACFBFE9BB7975C96A
                          SHA-256:5AE9DBA8EB87EDBBC47235D28594131883F4038DEF6506ADDC349FC1B9B28287
                          SHA-512:70D7717BD908AA570B81D01DBB97D9ADCB2472A7E468CFD93A0672B9600ED9F3E7E2A04C2E41EBC955E726E866CC346E81376A4DE7EFA0188B02D47EA22195E9
                          Malicious:false
                          Reputation:low
                          Preview:SessionID=3a97b8c4-9570-423c-9e52-e99065497454.1704796857261 Timestamp=2024-01-09T11:40:57:261+0100 ThreadID=5292 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=3a97b8c4-9570-423c-9e52-e99065497454.1704796857261 Timestamp=2024-01-09T11:40:57:263+0100 ThreadID=5292 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=3a97b8c4-9570-423c-9e52-e99065497454.1704796857261 Timestamp=2024-01-09T11:40:57:263+0100 ThreadID=5292 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=3a97b8c4-9570-423c-9e52-e99065497454.1704796857261 Timestamp=2024-01-09T11:40:57:263+0100 ThreadID=5292 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=3a97b8c4-9570-423c-9e52-e99065497454.1704796857261 Timestamp=2024-01-09T11:40:57:263+0100 ThreadID=5292 Component=ngl-lib_NglAppLib Description="SetConf

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):29752
                          Entropy (8bit):5.420835612911775
                          Encrypted:false
                          SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcb7cbCISgcbJ:fhWlA/TVVS/
                          MD5:60C1F4B7386F05622A0FB03966B75C5B
                          SHA1:B1E79CC28D98A14C91FECAB8040562CFE781B439
                          SHA-256:E585290883F0D600CB60A4D239E11E71EF9D5E9A9075D331420087CFAE94A1B4
                          SHA-512:32F65B33B398E325A889EF3E41EAAC94B0087B036EB497580CD15E6D3F188E5160489F869B07F396D450835E8C7F022D2ABAB19CCA5492FCEB5C67C3C5B08066
                          Malicious:false
                          Reputation:low
                          Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                          C:\Users\user\AppData\Local\Temp\acrocef_low\60e44fe5-5a6e-49a2-9255-d67ca8cc7977.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                          Category:dropped
                          Size (bytes):1419751
                          Entropy (8bit):7.976496077007677
                          Encrypted:false
                          SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                          MD5:18E3D04537AF72FDBEB3760B2D10C80E
                          SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                          SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                          SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                          Malicious:false
                          Reputation:low
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\8142fac2-f069-4f33-9c72-cd43b33a9a3a.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                          Category:dropped
                          Size (bytes):386528
                          Entropy (8bit):7.9736851559892425
                          Encrypted:false
                          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                          Malicious:false
                          Reputation:low
                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                          C:\Users\user\AppData\Local\Temp\acrocef_low\87de453b-179b-413b-8d8f-c8c860514e0b.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                          Category:dropped
                          Size (bytes):1407294
                          Entropy (8bit):7.97605879016224
                          Encrypted:false
                          SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
                          MD5:716C2C392DCD15C95BBD760EEBABFCD0
                          SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
                          SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
                          SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
                          Malicious:false
                          Reputation:low
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\dc5c94cc-d6ef-4c5b-9059-1cb2d5fa0efd.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                          Category:dropped
                          Size (bytes):758601
                          Entropy (8bit):7.98639316555857
                          Encrypted:false
                          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                          MD5:3A49135134665364308390AC398006F1
                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                          Malicious:false
                          Reputation:low
                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 9 09:40:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2673
                          Entropy (8bit):3.983275984920897
                          Encrypted:false
                          SSDEEP:48:8WdUTYYDHxidAKZdA1FehwiZUklqehGy+3:8d3Hdy
                          MD5:8D391739DFFB1217C1E54FD5B90E78E4
                          SHA1:2EA39B1FAF931E34725D56BD66930A56C2D8097C
                          SHA-256:BE3929647D90D0723BA93D4613752BFC894F57D5DFB2E207077DAC58B8524E22
                          SHA-512:2409AEE8F5A2DAF075F1A84D0848609F8F1FCCC15B823FF0334D9B214FB61639D33719617508F2987C916394D9E600E3D3B34E17F2F72AC0BF5B57ED0F06021E
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,.....D.D.B..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)X.U....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)X.U....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)X.U....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)X.U..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)X.U...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............:.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 9 09:40:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2675
                          Entropy (8bit):4.000795433511884
                          Encrypted:false
                          SSDEEP:48:8YZdUTYYDHxidAKZdA1seh/iZUkAQkqehNy+2:8/3x9QQy
                          MD5:06440510A97D41E1EFFE0533F9FED0AB
                          SHA1:7DB07FDFB216B203509716B49702F3FE37B1CA7E
                          SHA-256:CE0A382C449830BD53CF5D04BC739BD9A4EE58B82B864F6F0D29AB10CAAA98F0
                          SHA-512:86555C6608C603A580343AFEB8B400254FCE3D5B7FB1F5EA49C5E46714227733AD1B7C529962DA926124E3AD462B3FE9D9CBB04387681A55BD5A1C6CAC5F31F1
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,....;j.D.B..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)X.U....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)X.U....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)X.U....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)X.U..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)X.U...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............:.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2689
                          Entropy (8bit):4.009491532904762
                          Encrypted:false
                          SSDEEP:48:81dUTYYAHxidAKZdA14meh7sFiZUkmgqeh7sHy+BX:8c34nxy
                          MD5:F6993E31FEC56864035DCD44359D6B07
                          SHA1:41EAA7432B8E6DDEA6EDAF24ACBA4523B52CE9EA
                          SHA-256:51EC34D33E62AD52C5E2C26D610D3C763C558D324BC7559E8F4994B2ABDC18A0
                          SHA-512:46710BE85B6191171DB2780CB42BBD03332F24D6A462ABA51DB77FE89704B869B05E04A24B9BE399428EA67DD98F47B03F2987B3C62C3ADE51A23B3E99E315D1
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)X.U....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)X.U....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)X.U....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)X.U..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............:.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 9 09:40:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.999753238265524
                          Encrypted:false
                          SSDEEP:48:8zdUTYYDHxidAKZdA1TehDiZUkwqehJy+R:8u3Cfy
                          MD5:2DB455EFC9339549CCDB9291C8AC2835
                          SHA1:969AC6F6F24EE18537E865D40F1D3F31FB5A4258
                          SHA-256:4475B4C81C98DA5654616D9DF745AD7923B9BA22C36DA7CC241E986FC6A38CA2
                          SHA-512:55B1045F64FF3F7EE09BCA8B1604272F55AFE3B3443A500DAA49DC9D664AF33B07392AFD86A184614356DF442AB0A7688F839B98ACCB38794FE589F56C009D66
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,....t..D.B..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)X.U....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)X.U....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)X.U....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)X.U..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)X.U...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............:.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 9 09:40:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.9895960492674973
                          Encrypted:false
                          SSDEEP:48:8GmdUTYYDHxidAKZdA1dehBiZUk1W1qehLy+C:8A3S9ry
                          MD5:A735C68AF584B3DDB59A712C5B1AFCD9
                          SHA1:E7755A882C78B75C34086BEC3427A9537EA84DFE
                          SHA-256:7EEACE273F0DF3D548EEA8253C8728D4AAEE6BEDAE43D82DF75EA8DD499EFEA4
                          SHA-512:F786C049F4206CA6B58070F125C558D30CB21559C24E3CE410327B07511154DACB90E199293A26C77A84670A87E2B0A6D927858833193D7D34B409CD9F98B881
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,.......D.B..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)X.U....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)X.U....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)X.U....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)X.U..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)X.U...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............:.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 9 09:40:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2679
                          Entropy (8bit):3.9980381895629526
                          Encrypted:false
                          SSDEEP:48:8YdUTYYDHxidAKZdA1duTeehOuTbbiZUk5OjqehOuTbxy+yT+:8L3ITfTbxWOvTbxy7T
                          MD5:EB6C249CF484F3EF1907E7D552EFE3A7
                          SHA1:01DCDCD5DD3C0228F278EF399C6C44A5492FDE4D
                          SHA-256:D9C3665A0472E0B05924F4181D2AB0775738ED2CD0693901BEA8D8ED3C7A5025
                          SHA-512:921D13CAF51FC1CF4F71568F7C2ED770F610AB080FE06C2431482B0893457F561588B37D43FD3DD6BC19CA6405274FC4F01BFEB0900F4D715449175DFF2BC596
                          Malicious:false
                          Reputation:low
                          Preview:L..................F.@.. ...$+.,......D.B..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)X.U....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)X.U....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)X.U....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)X.U..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)X.U...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............:.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\Downloads\pdf.zip (copy)

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                          Category:dropped
                          Size (bytes):82413091
                          Entropy (8bit):7.999998161112773
                          Encrypted:true
                          SSDEEP:1572864:eltJdeUS9vgfkpfWpAj5eXkymEl5S12pOx7Z7Cy4xM84lTkI8Pv2F:ellj8vSkEuNeX1mEfAZP72684lv8X2F
                          MD5:C9E9024B0FA2708BB3CCC8181F44DEAC
                          SHA1:73871F81C09A5AB7ED8C77BD3A2C8D0306064C60
                          SHA-256:09D3747A3E2B2EC442CAAF89B9240E1C552418D3045F9082F5648D039910A1B0
                          SHA-512:84CC58860F2C73BA9A5525238910533A736DB6C13B27C45B81386346C562AB69C27DF623C218A920605F785EA7A784ABBCDBBD1CDC9EF4C9D6B0F9F1256D0EF2
                          Malicious:true
                          Reputation:low
                          Preview:PK........3b(X.../.r..}.......PHL01-GT01.pdf.2.'.Hb.a.W.$.7.gz..>j.U......[8..,.lp.@E.... Q...P.j.)A....h....1 ..g.a,. A...k......%..0.iK...o*+t.$u...#....QpdpE...\...G.....[*@%T..J.....5.u.....U..luC.-.....E..Nh..}.(.Y.*.c:JF... ..y...'.f..z..485I-oR..g.i........./..`q5....p..KP;.1"+.s..N.u4.....g.7.vZ_...%..+P.l....z|,..6.+....}....S....~.mAAb^.]y...37...8...4.C....<..pz..H.9.D.........._.m.F.m@=...o@N..._.Zt..n.....i......B,.L.W.Q.P......9b....f^......... ....3,0...|[..9*.v......H...BtI.M...E.&.I#J../.Z........>...)...x.J.J...l.#.1..OF..;..x.e7....]..{.....~..I...d....<..w..b... .....E.....-..,..._.......bv.=.2v.2%..).....XY.Dc...A....$.+t.3..G..j..u..(.....4L(h.|.[F..yf ..3L....E.E[.E.x.dNCk..J./&@0~......4\.y..e{..2...j2DP.%|+...5.t3...rb.|...\3//....,...9U....Y......F^./J..$}.K.....M;.|...v...q.1J......q.*.6..&...Na...@^J...]..{....gB5.Y=..Y2.....s....%|T...%..+S8..Z..B.X.R...6....Y:m.....Z..xP;...=........z...3i....p....M.H`y....

                          C:\Users\user\Downloads\pdf.zip.crdownload

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                          Category:dropped
                          Size (bytes):82413091
                          Entropy (8bit):7.999998161112773
                          Encrypted:true
                          SSDEEP:1572864:eltJdeUS9vgfkpfWpAj5eXkymEl5S12pOx7Z7Cy4xM84lTkI8Pv2F:ellj8vSkEuNeX1mEfAZP72684lv8X2F
                          MD5:C9E9024B0FA2708BB3CCC8181F44DEAC
                          SHA1:73871F81C09A5AB7ED8C77BD3A2C8D0306064C60
                          SHA-256:09D3747A3E2B2EC442CAAF89B9240E1C552418D3045F9082F5648D039910A1B0
                          SHA-512:84CC58860F2C73BA9A5525238910533A736DB6C13B27C45B81386346C562AB69C27DF623C218A920605F785EA7A784ABBCDBBD1CDC9EF4C9D6B0F9F1256D0EF2
                          Malicious:false
                          Reputation:low
                          Preview:PK........3b(X.../.r..}.......PHL01-GT01.pdf.2.'.Hb.a.W.$.7.gz..>j.U......[8..,.lp.@E.... Q...P.j.)A....h....1 ..g.a,. A...k......%..0.iK...o*+t.$u...#....QpdpE...\...G.....[*@%T..J.....5.u.....U..luC.-.....E..Nh..}.(.Y.*.c:JF... ..y...'.f..z..485I-oR..g.i........./..`q5....p..KP;.1"+.s..N.u4.....g.7.vZ_...%..+P.l....z|,..6.+....}....S....~.mAAb^.]y...37...8...4.C....<..pz..H.9.D.........._.m.F.m@=...o@N..._.Zt..n.....i......B,.L.W.Q.P......9b....f^......... ....3,0...|[..9*.v......H...BtI.M...E.&.I#J../.Z........>...)...x.J.J...l.#.1..OF..;..x.e7....]..{.....~..I...d....<..w..b... .....E.....-..,..._.......bv.=.2v.2%..).....XY.Dc...A....$.+t.3..G..j..u..(.....4L(h.|.[F..yf ..3L....E.E[.E.x.dNCk..J./&@0~......4\.y..e{..2...j2DP.%|+...5.t3...rb.|...\3//....,...9U....Y......F^./J..$}.K.....M;.|...v...q.1J......q.*.6..&...Na...@^J...]..{....gB5.Y=..Y2.....s....%|T...%..+S8..Z..B.X.R...6....Y:m.....Z..xP;...=........z...3i....p....M.H`y....

                          Static File Info

                          No static file info

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Jan 9, 2024 11:40:30.650748014 CET49722443192.168.2.16162.125.3.18
                          Jan 9, 2024 11:40:30.650824070 CET44349722162.125.3.18192.168.2.16
                          Jan 9, 2024 11:40:30.650921106 CET49722443192.168.2.16162.125.3.18
                          Jan 9, 2024 11:40:30.652537107 CET49722443192.168.2.16162.125.3.18
                          Jan 9, 2024 11:40:30.652575016 CET44349722162.125.3.18192.168.2.16
                          Jan 9, 2024 11:40:30.663069963 CET49724443192.168.2.16142.250.111.84
                          Jan 9, 2024 11:40:30.663145065 CET44349724142.250.111.84192.168.2.16
                          Jan 9, 2024 11:40:30.663207054 CET49725443192.168.2.16142.250.190.142
                          Jan 9, 2024 11:40:30.663242102 CET49724443192.168.2.16142.250.111.84
                          Jan 9, 2024 11:40:30.663284063 CET44349725142.250.190.142192.168.2.16
                          Jan 9, 2024 11:40:30.663383007 CET49725443192.168.2.16142.250.190.142
                          Jan 9, 2024 11:40:30.663402081 CET49724443192.168.2.16142.250.111.84
                          Jan 9, 2024 11:40:30.663424015 CET44349724142.250.111.84192.168.2.16
                          Jan 9, 2024 11:40:30.663531065 CET49725443192.168.2.16142.250.190.142
                          Jan 9, 2024 11:40:30.663556099 CET44349725142.250.190.142192.168.2.16
                          Jan 9, 2024 11:40:30.914350986 CET44349725142.250.190.142192.168.2.16
                          Jan 9, 2024 11:40:30.915301085 CET49725443192.168.2.16142.250.190.142
                          Jan 9, 2024 11:40:30.915355921 CET44349725142.250.190.142192.168.2.16
                          Jan 9, 2024 11:40:30.915890932 CET44349725142.250.190.142192.168.2.16
                          Jan 9, 2024 11:40:30.915996075 CET49725443192.168.2.16142.250.190.142
                          Jan 9, 2024 11:40:30.917303085 CET44349725142.250.190.142192.168.2.16
                          Jan 9, 2024 11:40:30.917362928 CET49725443192.168.2.16142.250.190.142
                          Jan 9, 2024 11:40:30.918667078 CET49725443192.168.2.16142.250.190.142
                          Jan 9, 2024 11:40:30.918754101 CET44349725142.250.190.142192.168.2.16
                          Jan 9, 2024 11:40:30.918797016 CET49725443192.168.2.16142.250.190.142
                          Jan 9, 2024 11:40:30.936808109 CET44349724142.250.111.84192.168.2.16
                          Jan 9, 2024 11:40:30.937094927 CET49724443192.168.2.16142.250.111.84
                          Jan 9, 2024 11:40:30.937153101 CET44349724142.250.111.84192.168.2.16
                          Jan 9, 2024 11:40:30.938153982 CET44349724142.250.111.84192.168.2.16
                          Jan 9, 2024 11:40:30.938235998 CET49724443192.168.2.16142.250.111.84
                          Jan 9, 2024 11:40:30.939217091 CET49724443192.168.2.16142.250.111.84
                          Jan 9, 2024 11:40:30.939291000 CET44349724142.250.111.84192.168.2.16
                          Jan 9, 2024 11:40:30.939476967 CET49724443192.168.2.16142.250.111.84
                          Jan 9, 2024 11:40:30.939511061 CET44349724142.250.111.84192.168.2.16
                          Jan 9, 2024 11:40:30.959058046 CET49725443192.168.2.16142.250.190.142
                          Jan 9, 2024 11:40:30.959076881 CET44349725142.250.190.142192.168.2.16
                          Jan 9, 2024 11:40:30.991153955 CET49724443192.168.2.16142.250.111.84
                          Jan 9, 2024 11:40:30.998217106 CET44349722162.125.3.18192.168.2.16
                          Jan 9, 2024 11:40:30.998519897 CET49722443192.168.2.16162.125.3.18
                          Jan 9, 2024 11:40:30.998552084 CET44349722162.125.3.18192.168.2.16
                          Jan 9, 2024 11:40:31.000195026 CET44349722162.125.3.18192.168.2.16
                          Jan 9, 2024 11:40:31.000289917 CET49722443192.168.2.16162.125.3.18
                          Jan 9, 2024 11:40:31.001163006 CET49722443192.168.2.16162.125.3.18
                          Jan 9, 2024 11:40:31.001255989 CET44349722162.125.3.18192.168.2.16
                          Jan 9, 2024 11:40:31.001298904 CET49722443192.168.2.16162.125.3.18
                          Jan 9, 2024 11:40:31.007000923 CET49725443192.168.2.16142.250.190.142
                          Jan 9, 2024 11:40:31.045902967 CET44349722162.125.3.18192.168.2.16
                          Jan 9, 2024 11:40:31.053128958 CET49722443192.168.2.16162.125.3.18
                          Jan 9, 2024 11:40:31.053143024 CET44349722162.125.3.18192.168.2.16
                          Jan 9, 2024 11:40:31.101058960 CET49722443192.168.2.16162.125.3.18
                          Jan 9, 2024 11:40:31.140738010 CET44349725142.250.190.142192.168.2.16
                          Jan 9, 2024 11:40:31.141100883 CET44349725142.250.190.142192.168.2.16
                          Jan 9, 2024 11:40:31.141187906 CET49725443192.168.2.16142.250.190.142
                          Jan 9, 2024 11:40:31.141323090 CET49725443192.168.2.16142.250.190.142
                          Jan 9, 2024 11:40:31.141341925 CET44349725142.250.190.142192.168.2.16
                          Jan 9, 2024 11:40:31.164192915 CET49674443192.168.2.1623.1.237.25
                          Jan 9, 2024 11:40:31.164263964 CET49673443192.168.2.1623.1.237.25
                          Jan 9, 2024 11:40:31.234194040 CET44349724142.250.111.84192.168.2.16
                          Jan 9, 2024 11:40:31.234321117 CET44349724142.250.111.84192.168.2.16
                          Jan 9, 2024 11:40:31.234494925 CET49724443192.168.2.16142.250.111.84
                          Jan 9, 2024 11:40:31.235340118 CET49724443192.168.2.16142.250.111.84
                          Jan 9, 2024 11:40:31.235375881 CET44349724142.250.111.84192.168.2.16
                          Jan 9, 2024 11:40:31.558162928 CET49672443192.168.2.1623.1.237.25
                          Jan 9, 2024 11:40:31.908646107 CET44349722162.125.3.18192.168.2.16
                          Jan 9, 2024 11:40:31.908842087 CET44349722162.125.3.18192.168.2.16
                          Jan 9, 2024 11:40:31.909028053 CET49722443192.168.2.16162.125.3.18
                          Jan 9, 2024 11:40:31.910751104 CET49722443192.168.2.16162.125.3.18
                          Jan 9, 2024 11:40:31.910811901 CET44349722162.125.3.18192.168.2.16
                          Jan 9, 2024 11:40:32.027271032 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:32.027350903 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.027437925 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:32.027734995 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:32.027757883 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.366106033 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.366396904 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:32.366452932 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.368158102 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.368238926 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:32.368257046 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.368318081 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:32.369124889 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:32.369216919 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.369306087 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:32.369321108 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.417102098 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:32.925497055 CET4434970423.1.237.25192.168.2.16
                          Jan 9, 2024 11:40:32.925671101 CET49704443192.168.2.1623.1.237.25
                          Jan 9, 2024 11:40:32.937455893 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.937530041 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.937551975 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.937597036 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.937628984 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:32.937650919 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.937712908 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:32.937757969 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:32.937757969 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:32.937788963 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.046494007 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.046560049 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.046597958 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.046611071 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.046662092 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.088037968 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.088104010 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.088193893 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.088205099 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.088241100 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.088241100 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.135184050 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.135256052 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.135291100 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.135301113 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.135335922 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.135356903 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.170078039 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.170156956 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.170330048 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.170330048 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.170389891 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.170459986 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.199441910 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.199503899 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.199636936 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.199636936 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.199696064 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.199759007 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.226052999 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.226119995 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.226283073 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.226283073 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.226341963 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.226414919 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.248914957 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.248991013 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.249044895 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.249109030 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.249152899 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.249177933 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.249191999 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.260863066 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.260935068 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.261111021 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.261111021 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.261172056 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.274744034 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.274801970 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.274952888 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.274952888 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.275043964 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.289206982 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.289273977 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.289438963 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.289500952 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.304001093 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.304059982 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.304107904 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.304145098 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.304162025 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.317153931 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.317219019 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.317279100 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.317342997 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.317405939 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.328622103 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.328660965 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.328716993 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.328742027 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.328793049 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.339660883 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.339709044 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.339863062 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.339864016 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.339925051 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.351419926 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.351459026 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.351532936 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.351533890 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.351596117 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.361224890 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.361272097 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.361299038 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.361314058 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.361398935 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.369435072 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.369473934 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.369513988 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.369525909 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.369554043 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.378246069 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.378289938 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.378330946 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.378393888 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.378431082 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.385375977 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.385412931 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.385571003 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.385571003 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.385632038 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.392970085 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.393040895 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.393182993 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.393182993 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.393243074 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.399327993 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.399383068 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.399594069 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.399594069 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.399655104 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.406474113 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.406521082 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.406646967 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.406646967 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.406709909 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.412308931 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.412348986 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.412415028 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.412508011 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.412558079 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.418406963 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.418452024 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.418484926 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.418519974 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.418560028 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.424741030 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.424782038 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.424833059 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.424846888 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.424879074 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.429944992 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.429991961 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.430017948 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.430031061 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.430067062 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.435789108 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.435830116 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.435863018 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.435873985 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.435906887 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.441037893 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.441097021 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.441142082 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.441153049 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.441181898 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.445822001 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.445862055 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.445918083 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.445930958 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.445966005 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.450490952 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.450539112 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.450570107 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.450581074 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.450613022 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.455670118 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.455708027 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.455862999 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.455863953 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.455924988 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.460386038 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.460432053 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.460474014 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.460537910 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.460577965 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.464663982 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.464704037 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.464853048 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.464853048 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.464914083 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.469602108 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.469647884 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.469883919 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.469883919 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.469971895 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.473658085 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.473695993 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.473762989 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.473858118 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.473942041 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.477979898 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.478039980 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.478187084 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.478187084 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.478249073 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.481616020 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.481654882 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.481853008 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.481853008 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.481935978 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.486346960 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.486392021 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.486581087 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.486582041 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.486641884 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.490034103 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.490073919 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.490134001 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.490196943 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.490235090 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.494231939 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.494277954 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.494457960 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.494457960 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.494518995 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.497723103 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.497761011 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.497941017 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.497941971 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.498004913 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.499465942 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.501194954 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.501235962 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.501302004 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.501337051 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.501373053 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.505305052 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.505352020 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.505506992 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.505506992 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.505568027 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.508570910 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.508610010 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.508650064 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.508668900 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.508702993 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.511714935 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.511760950 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.511792898 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.511805058 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.511840105 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.514921904 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.514961004 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.515013933 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.515028000 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.515055895 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.518651009 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.518696070 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.518868923 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.518868923 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.518929958 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.521631956 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.521667957 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.521837950 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.521837950 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.521929026 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.525882006 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.525943995 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.526108980 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.526109934 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.526170969 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.527892113 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.527930021 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.527971029 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.528037071 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.528084993 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.530711889 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.530769110 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.530901909 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.530901909 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.530963898 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.533796072 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.533837080 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.533879995 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.533921003 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.533953905 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.536461115 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.536506891 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.536547899 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.536561012 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.536592007 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.539108992 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.539146900 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.539380074 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.539380074 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.539442062 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.541589022 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.541634083 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.541673899 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.541738987 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.541778088 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.544692039 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.544730902 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.544773102 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.544836998 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.544878960 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.547138929 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.547187090 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.547326088 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.547326088 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.547386885 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.549546957 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.549585104 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.549633980 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.549698114 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.549738884 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.552053928 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.552098036 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.552133083 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.552145958 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.552176952 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.554932117 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.554970980 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.555159092 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.555159092 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.555219889 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.556885958 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.556931019 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.556962967 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.556979895 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.557012081 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.559669018 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.559706926 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.559741974 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.559755087 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.559786081 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.561490059 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.561534882 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.561559916 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.561572075 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.561614037 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.564281940 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.564320087 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.564368963 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.564402103 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.564435005 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.566143990 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.566188097 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.566231012 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.566294909 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.566334963 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.568661928 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.568712950 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.568769932 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.568783998 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.568814993 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.571166039 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.571211100 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.571358919 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.571358919 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.571420908 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.573030949 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.573069096 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.573117971 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.573184967 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.573245049 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.574784994 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.574830055 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.574857950 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.574872017 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.574906111 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.577223063 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.577260017 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.577291012 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.577302933 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.577332020 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.579159021 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.579205036 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.579246044 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.579309940 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.579349041 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.581491947 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.581531048 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.581569910 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.581588030 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.581614971 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.583484888 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.583529949 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.583578110 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.583642006 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.583681107 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.585314989 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.585352898 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.585393906 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.585412025 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.585438967 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.587213039 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.587256908 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.587282896 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.587295055 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.587326050 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.589340925 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.589379072 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.589413881 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.589426041 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.589456081 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.591253042 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.591298103 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.591344118 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.591355085 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.591382980 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.593014002 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.593055964 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.593087912 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.593097925 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.593125105 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.594842911 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.594887972 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.594916105 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.594926119 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.594978094 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.596868038 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.596905947 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.596941948 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.596952915 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.596980095 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.598665953 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.598723888 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.598764896 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.598777056 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.598803997 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.600411892 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.600450039 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.600488901 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.600500107 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.600528002 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.602148056 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.602193117 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.602216959 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.602227926 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.602268934 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.604295015 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.604334116 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.604356050 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.604367018 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.604397058 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.606147051 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.606194973 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.606215954 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.606228113 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.606276035 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.607260942 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.607300043 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.607325077 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.607335091 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.607364893 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.609075069 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.609121084 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.609148979 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.609158993 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.609194040 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.611115932 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.611155033 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.611195087 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.611221075 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.611257076 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.612909079 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.612952948 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.612993002 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.613003969 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.613034010 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.614712954 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.614753008 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.614773989 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.614784956 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.614814043 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.614836931 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.615756035 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.615803003 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.615827084 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.615868092 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.615892887 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.619915009 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.619954109 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.620006084 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.620018005 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.620045900 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.620753050 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.620804071 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.620837927 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.620848894 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.620876074 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.621726036 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.621764898 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.621793985 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.621803999 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.621833086 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.623013973 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.623060942 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.623089075 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.623100042 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.623126984 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.624003887 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.624056101 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.624090910 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.624102116 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.624125957 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.624993086 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.625040054 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.625072002 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.625082970 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.625108957 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.626914978 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.626959085 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.627001047 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.627012014 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.627042055 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.628664970 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.628719091 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.628740072 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.628750086 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.628779888 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.631423950 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.631463051 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.631496906 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.631508112 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.631536961 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.632745028 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.632791042 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.632812977 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.632823944 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.632854939 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.633644104 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.633682966 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.633714914 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.633724928 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.633752108 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.635391951 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.635437012 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.635461092 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.635472059 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.635516882 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.636861086 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.636900902 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.636933088 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.636943102 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.636991024 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.638513088 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.638557911 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.638586998 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.638597965 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.638628960 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.639467955 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.639506102 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.639544964 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.639555931 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.639581919 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.641168118 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.641215086 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.641247034 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.641258001 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.641287088 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.642631054 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.642668962 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.642702103 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.642712116 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.642739058 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.643717051 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.643760920 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.643786907 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.643796921 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.643824100 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.645447016 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.645486116 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.645514965 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.645524979 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.645554066 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.646404982 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.646465063 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.646492958 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.646502972 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.646529913 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.648051023 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.648092031 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.648118019 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.648128986 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.648154974 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.649066925 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.649112940 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.649123907 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.649144888 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.649193048 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.650758028 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.650796890 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.650825977 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.650836945 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.650865078 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.652122974 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.652168036 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.652204990 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.652215004 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.652241945 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.653276920 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.653315067 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.653346062 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.653357029 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.653414011 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.654253006 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.654297113 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.654320955 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.654331923 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.654361010 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.655831099 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.655869961 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.655905008 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.655915976 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.655942917 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.657315016 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.657357931 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.657382011 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.657392979 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.657424927 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.658415079 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.658452988 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.658483982 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.658493996 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.658524990 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.659431934 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.659476042 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.659497023 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.659507990 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.659549952 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.660417080 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.660454988 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.660476923 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.660487890 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.660515070 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.662267923 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.662318945 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.662344933 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.662354946 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.662380934 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.663217068 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.663255930 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.663291931 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.663302898 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.663326979 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.664156914 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.664201975 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.664233923 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.664243937 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.664275885 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.665277958 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.665327072 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.665360928 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.665370941 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.665400028 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.666861057 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.666908979 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.666928053 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.666938066 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.666985035 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.668009043 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.668056011 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.668085098 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.668096066 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.668122053 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.668952942 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.668999910 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.669032097 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.669043064 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.669076920 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.670593977 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.670634031 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.670658112 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.670667887 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.670697927 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.671644926 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.671689987 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.671710014 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.671720982 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.671763897 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.672519922 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.672558069 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.672585964 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.672596931 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.672621965 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.673635960 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.673681974 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.673702955 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.673712969 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.673738956 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.674629927 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.674669027 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.674690008 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.674700975 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.674731016 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.676042080 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.676090002 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.676192045 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.676192045 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.676222086 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.676914930 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.676951885 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.677000999 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.677011967 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.677038908 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.678056955 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.678102970 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.678119898 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.678133011 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.678174973 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.678946018 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.678986073 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.679012060 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.679022074 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.679048061 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.680351973 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.680397034 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.680428982 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.680439949 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.680464983 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.681381941 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.681421041 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.681449890 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.681459904 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.681488991 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.682279110 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.682342052 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.682408094 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.682408094 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.682421923 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.683198929 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.683238029 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.683263063 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.683274984 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.683300972 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.684495926 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.684542894 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.684573889 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.684583902 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.684612036 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.685539961 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.685578108 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.685626030 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.685626030 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.685640097 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.686542034 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.686587095 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.686606884 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.686619997 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.686650038 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.687494040 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.687532902 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.687567949 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.687578917 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.687604904 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.688620090 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.688666105 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.688690901 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.688702106 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.688729048 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.689596891 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.689634085 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.689661980 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.689672947 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.689702988 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.690560102 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.690606117 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.690635920 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.690646887 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.690677881 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.691566944 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.691605091 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.691638947 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.691653967 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.691677094 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.692598104 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.692643881 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.692663908 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.692675114 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.692711115 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.693547964 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.693583965 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.693615913 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.693627119 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.693654060 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.694483042 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.694529057 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.694564104 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.694574118 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.694601059 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.695509911 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.695547104 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.695591927 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.695602894 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.695628881 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.696480989 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.696527004 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.696552992 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.696563959 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.696599007 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.697418928 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.697468042 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.697498083 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.697510004 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.697537899 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.698390961 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.698436975 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.698457956 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.698468924 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.698494911 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.699332952 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.699369907 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.699403048 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.699414015 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.699440002 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.700212002 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.700258017 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.700278044 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.700289011 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.700331926 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.701154947 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.701193094 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.701226950 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.701236963 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.701263905 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.702092886 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.702136993 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.702161074 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.702172041 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.702205896 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.703000069 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.703038931 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.703069925 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.703079939 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.703107119 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.703933001 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.703979015 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.703999043 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.704010010 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.704051018 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.704791069 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.704828978 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.704860926 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.704870939 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.704900980 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.705764055 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.705811024 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.705836058 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.705846071 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.705905914 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.706649065 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.706686974 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.706717014 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.706727982 CET44349726162.125.3.15192.168.2.16
                          Jan 9, 2024 11:40:33.706754923 CET49726443192.168.2.16162.125.3.15
                          Jan 9, 2024 11:40:33.707478046 CET44349726162.125.3.15192.168.2.16

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Jan 9, 2024 11:40:30.540297031 CET192.168.2.161.1.1.10xa190Standard query (0)www.dropbox.comA (IP address)IN (0x0001)false
                          Jan 9, 2024 11:40:30.540482998 CET192.168.2.161.1.1.10x7e2aStandard query (0)www.dropbox.com65IN (0x0001)false
                          Jan 9, 2024 11:40:30.555864096 CET192.168.2.161.1.1.10x91e1Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                          Jan 9, 2024 11:40:30.556427002 CET192.168.2.161.1.1.10xb392Standard query (0)clients2.google.com65IN (0x0001)false
                          Jan 9, 2024 11:40:30.556807995 CET192.168.2.161.1.1.10x67c9Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                          Jan 9, 2024 11:40:30.557005882 CET192.168.2.161.1.1.10x6851Standard query (0)accounts.google.com65IN (0x0001)false
                          Jan 9, 2024 11:40:31.915237904 CET192.168.2.161.1.1.10xa27cStandard query (0)ucb0687e8dafcb77571d024410af.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                          Jan 9, 2024 11:40:31.915389061 CET192.168.2.161.1.1.10xfbefStandard query (0)ucb0687e8dafcb77571d024410af.dl.dropboxusercontent.com65IN (0x0001)false
                          Jan 9, 2024 11:40:34.936285019 CET192.168.2.161.1.1.10x7706Standard query (0)www.google.comA (IP address)IN (0x0001)false
                          Jan 9, 2024 11:40:34.936395884 CET192.168.2.161.1.1.10xd9b5Standard query (0)www.google.com65IN (0x0001)false
                          Jan 9, 2024 11:41:59.938687086 CET192.168.2.161.1.1.10xb9d1Standard query (0)clients1.google.comA (IP address)IN (0x0001)false
                          Jan 9, 2024 11:41:59.938944101 CET192.168.2.161.1.1.10xd3fbStandard query (0)clients1.google.com65IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Jan 9, 2024 11:40:30.646645069 CET1.1.1.1192.168.2.160x7e2aNo error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                          Jan 9, 2024 11:40:30.646903038 CET1.1.1.1192.168.2.160xa190No error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                          Jan 9, 2024 11:40:30.646903038 CET1.1.1.1192.168.2.160xa190No error (0)www-env.dropbox-dns.com162.125.3.18A (IP address)IN (0x0001)false
                          Jan 9, 2024 11:40:30.662291050 CET1.1.1.1192.168.2.160x67c9No error (0)accounts.google.com142.250.111.84A (IP address)IN (0x0001)false
                          Jan 9, 2024 11:40:30.662636042 CET1.1.1.1192.168.2.160x91e1No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                          Jan 9, 2024 11:40:30.662636042 CET1.1.1.1192.168.2.160x91e1No error (0)clients.l.google.com142.250.190.142A (IP address)IN (0x0001)false
                          Jan 9, 2024 11:40:30.662759066 CET1.1.1.1192.168.2.160xb392No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                          Jan 9, 2024 11:40:32.024338007 CET1.1.1.1192.168.2.160xa27cNo error (0)ucb0687e8dafcb77571d024410af.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                          Jan 9, 2024 11:40:32.024338007 CET1.1.1.1192.168.2.160xa27cNo error (0)edge-block-www-env.dropbox-dns.com162.125.3.15A (IP address)IN (0x0001)false
                          Jan 9, 2024 11:40:32.026732922 CET1.1.1.1192.168.2.160xfbefNo error (0)ucb0687e8dafcb77571d024410af.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                          Jan 9, 2024 11:40:35.042418957 CET1.1.1.1192.168.2.160x7706No error (0)www.google.com142.250.191.228A (IP address)IN (0x0001)false
                          Jan 9, 2024 11:40:35.043114901 CET1.1.1.1192.168.2.160xd9b5No error (0)www.google.com65IN (0x0001)false
                          Jan 9, 2024 11:42:00.044610023 CET1.1.1.1192.168.2.160xb9d1No error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                          Jan 9, 2024 11:42:00.044610023 CET1.1.1.1192.168.2.160xb9d1No error (0)clients.l.google.com142.250.191.206A (IP address)IN (0x0001)false
                          Jan 9, 2024 11:42:00.045063972 CET1.1.1.1192.168.2.160xd3fbNo error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.1649725142.250.190.1424434356C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-01-09 10:40:30 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                          Host: clients2.google.com
                          Connection: keep-alive
                          X-Goog-Update-Interactivity: fg
                          X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                          X-Goog-Update-Updater: chromecrx-117.0.5938.132
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2024-01-09 10:40:31 UTC731INHTTP/1.1 200 OK
                          Content-Security-Policy: script-src 'report-sample' 'nonce-dsayA3TiphpmqybOIRan1g' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                          Pragma: no-cache
                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                          Date: Tue, 09 Jan 2024 10:40:31 GMT
                          Content-Type: text/xml; charset=UTF-8
                          X-Daynum: 6217
                          X-Daystart: 9631
                          X-Content-Type-Options: nosniff
                          X-Frame-Options: SAMEORIGIN
                          X-XSS-Protection: 1; mode=block
                          Server: GSE
                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                          Accept-Ranges: none
                          Vary: Accept-Encoding
                          Connection: close
                          Transfer-Encoding: chunked
                          2024-01-09 10:40:31 UTC521INData Raw: 32 63 38 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 31 37 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 39 36 33 31 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 20
                          Data Ascii: 2c8<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6217" elapsed_seconds="9631"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                          2024-01-09 10:40:31 UTC198INData Raw: 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                          Data Ascii: 3f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                          2024-01-09 10:40:31 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.1649724142.250.111.844434356C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-01-09 10:40:30 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                          Host: accounts.google.com
                          Connection: keep-alive
                          Content-Length: 1
                          Origin: https://www.google.com
                          Content-Type: application/x-www-form-urlencoded
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
                          2024-01-09 10:40:30 UTC1OUTData Raw: 20
                          Data Ascii:
                          2024-01-09 10:40:31 UTC1627INHTTP/1.1 200 OK
                          Content-Type: application/json; charset=utf-8
                          Access-Control-Allow-Origin: https://www.google.com
                          Access-Control-Allow-Credentials: true
                          X-Content-Type-Options: nosniff
                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                          Pragma: no-cache
                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                          Date: Tue, 09 Jan 2024 10:40:31 GMT
                          Strict-Transport-Security: max-age=31536000; includeSubDomains
                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                          Content-Security-Policy: script-src 'report-sample' 'nonce-FOvNNhDYVcSoEVqhbRJ4IA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                          Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                          Cross-Origin-Opener-Policy: same-origin
                          Server: ESF
                          X-XSS-Protection: 0
                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                          Accept-Ranges: none
                          Vary: Accept-Encoding
                          Connection: close
                          Transfer-Encoding: chunked
                          2024-01-09 10:40:31 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                          Data Ascii: 11["gaia.l.a.r",[]]
                          2024-01-09 10:40:31 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.1649722162.125.3.184434356C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-01-09 10:40:30 UTC731OUTGET /scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1 HTTP/1.1
                          Host: www.dropbox.com
                          Connection: keep-alive
                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                          sec-ch-ua-mobile: ?0
                          sec-ch-ua-platform: "Windows"
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-User: ?1
                          Sec-Fetch-Dest: document
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2024-01-09 10:40:31 UTC1466INHTTP/1.1 302 Found
                          Content-Type: text/html; charset=utf-8
                          Location: https://ucb0687e8dafcb77571d024410af.dl.dropboxusercontent.com/cd/0/get/CLBlPdvk3rCTP3Qaxrgc8WaL9H3Ok4DPhUGotR8_HvdXXjoXQtQ3OWSRobF-cj52m1UFsNXeIWG9lmUuwjA9n7Kpt8xtV1LN8FzkR6b_jlKUpUkRy7pbkFetYCZxTCNx4k3OX15YtWN70N3VhtwWmp2b/file?dl=1#
                          Pragma: no-cache
                          Referrer-Policy: strict-origin-when-cross-origin
                          Set-Cookie: gvc=ODI5MDk1ODQ0MDExODg2OTQ5MjA1MTE3MzAzNTMwOTE1NDMxMDY=; Path=/; Expires=Sun, 07 Jan 2029 10:40:31 GMT; HttpOnly; Secure; SameSite=None
                          Set-Cookie: t=71kVcQziUnZUIXQdTRalVYcn; Path=/; Domain=dropbox.com; Expires=Fri, 08 Jan 2027 10:40:31 GMT; HttpOnly; Secure; SameSite=None
                          Set-Cookie: __Host-js_csrf=71kVcQziUnZUIXQdTRalVYcn; Path=/; Expires=Fri, 08 Jan 2027 10:40:31 GMT; Secure; SameSite=None
                          Set-Cookie: __Host-ss=4EWthSmbOE; Path=/; Expires=Fri, 08 Jan 2027 10:40:31 GMT; HttpOnly; Secure; SameSite=Strict
                          Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 07 Jan 2029 10:40:31 GMT
                          X-Content-Type-Options: nosniff
                          X-Permitted-Cross-Domain-Policies: none
                          X-Robots-Tag: noindex, nofollow, noimageindex
                          X-Xss-Protection: 1; mode=block
                          Date: Tue, 09 Jan 2024 10:40:31 GMT
                          Strict-Transport-Security: max-age=31536000; includeSubDomains
                          Server: envoy
                          Cache-Control: no-cache, no-store
                          Vary: Accept-Encoding
                          X-Dropbox-Response-Origin: far_remote
                          X-Dropbox-Request-Id: 9b0eb539824342fdbd603585b82656c6
                          Connection: close
                          Transfer-Encoding: chunked
                          2024-01-09 10:40:31 UTC270INData Raw: 31 30 32 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 63 62 30 36 38 37 65 38 64 61 66 63 62 37 37 35 37 31 64 30 32 34 34 31 30 61 66 2e 64 6c 2e 64 72 6f 70 62 6f 78 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 63 64 2f 30 2f 67 65 74 2f 43 4c 42 6c 50 64 76 6b 33 72 43 54 50 33 51 61 78 72 67 63 38 57 61 4c 39 48 33 4f 6b 34 44 50 68 55 47 6f 74 52 38 5f 48 76 64 58 58 6a 6f 58 51 74 51 33 4f 57 53 52 6f 62 46 2d 63 6a 35 32 6d 31 55 46 73 4e 58 65 49 57 47 39 6c 6d 55 75 77 6a 41 39 6e 37 4b 70 74 38 78 74 56 31 4c 4e 38 46 7a 6b 52 36 62 5f 6a 6c 4b 55 70 55 6b 52 79 37 70 62 6b 46 65 74 59 43 5a 78 54 43 4e 78 34 6b 33 4f 58 31 35 59 74 57 4e 37 30 4e 33 56 68 74 77 57 6d 70 32 62 2f 66 69 6c 65 3f 64 6c 3d 31 23 22 3e 46 6f 75 6e
                          Data Ascii: 102<a href="https://ucb0687e8dafcb77571d024410af.dl.dropboxusercontent.com/cd/0/get/CLBlPdvk3rCTP3Qaxrgc8WaL9H3Ok4DPhUGotR8_HvdXXjoXQtQ3OWSRobF-cj52m1UFsNXeIWG9lmUuwjA9n7Kpt8xtV1LN8FzkR6b_jlKUpUkRy7pbkFetYCZxTCNx4k3OX15YtWN70N3VhtwWmp2b/file?dl=1#">Foun


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          3192.168.2.1649726162.125.3.154434356C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-01-09 10:40:32 UTC868OUTGET /cd/0/get/CLBlPdvk3rCTP3Qaxrgc8WaL9H3Ok4DPhUGotR8_HvdXXjoXQtQ3OWSRobF-cj52m1UFsNXeIWG9lmUuwjA9n7Kpt8xtV1LN8FzkR6b_jlKUpUkRy7pbkFetYCZxTCNx4k3OX15YtWN70N3VhtwWmp2b/file?dl=1 HTTP/1.1
                          Host: ucb0687e8dafcb77571d024410af.dl.dropboxusercontent.com
                          Connection: keep-alive
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-User: ?1
                          Sec-Fetch-Dest: document
                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                          sec-ch-ua-mobile: ?0
                          sec-ch-ua-platform: "Windows"
                          Accept-Encoding: gzip, deflate, br
                          Accept-Language: en-US,en;q=0.9
                          2024-01-09 10:40:32 UTC765INHTTP/1.1 200 OK
                          Accept-Ranges: bytes
                          Cache-Control: max-age=60
                          Content-Disposition: attachment; filename="pdf.zip"; filename*=UTF-8''pdf.zip
                          Content-Security-Policy: sandbox
                          Etag: 1704735711801983d
                          Pragma: public
                          Referrer-Policy: no-referrer
                          Vary: Origin
                          X-Content-Security-Policy: sandbox
                          X-Content-Type-Options: nosniff
                          X-Robots-Tag: noindex, nofollow, noimageindex
                          X-Server-Response-Time: 392
                          X-Webkit-Csp: sandbox
                          Content-Type: application/binary
                          Accept-Encoding: identity,gzip
                          Date: Tue, 09 Jan 2024 10:40:32 GMT
                          Server: envoy
                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                          Content-Length: 82413091
                          X-Dropbox-Response-Origin: far_remote
                          X-Dropbox-Request-Id: 7f6e9ef8400548ce97e405554c0ea8e3
                          Connection: close
                          2024-01-09 10:40:32 UTC15619INData Raw: 50 4b 03 04 14 00 03 00 08 00 33 62 28 58 c3 f1 f2 2f be 72 03 00 7d ab 03 00 0e 00 00 00 50 48 4c 30 31 2d 47 54 30 31 2e 70 64 66 a8 32 e6 27 d9 48 62 ca 61 d1 57 0a 24 cb 37 c6 67 7a c3 91 b4 3e 6a a3 55 f2 b7 fc a5 fd c5 07 5b 38 86 cf 2c c9 6c 70 a0 40 45 92 9b c0 94 20 51 fc 8a ed 50 b0 6a eb b4 90 29 41 99 8a cd 84 b6 68 18 a1 c0 94 31 20 b5 e1 b9 67 b9 61 2c f8 20 41 fc 82 fc 6b 93 8d b0 ff 8c 9e 25 e2 e6 30 9d 69 4b da 03 dd 6f 2a 2b 74 02 24 75 8c e2 db 23 1d 92 12 ca 9e 51 70 64 70 45 8f f6 df 5c 16 89 c8 47 f6 c1 01 fa c4 5b 2a 40 25 54 b8 f1 4a 9f fa fc f2 c4 35 dd 75 a6 15 bf c4 d6 55 0c fe 6c 75 43 05 2d e6 95 f0 dc f4 a2 45 a0 f7 4e 68 99 a0 7d e4 28 0c 59 ec 2a e4 63 3a 4a 46 a0 8a 02 20 ac a6 79 d1 fd a3 27 d5 66 0d ef 7a ae 10 34 38 35
                          Data Ascii: PK3b(X/r}PHL01-GT01.pdf2'HbaW$7gz>jU[8,lp@E QPj)Ah1 ga, Ak%0iKo*+t$u#QpdpE\G[*@%TJ5uUluC-ENh}(Y*c:JF y'fz485
                          2024-01-09 10:40:33 UTC16384INData Raw: f5 21 04 fb e9 30 82 0a 1c d0 bc b3 92 bb c9 fb a3 2d 25 3a e5 cd 74 64 c3 08 24 96 fa 93 da 14 dc a3 36 31 03 da 19 e8 c7 89 ca 3e 9e e3 45 b1 18 fd b8 5d dc 18 41 7b 63 d8 38 d2 39 9e 92 eb 32 0b 36 fa 64 98 6a 75 77 44 af 09 28 5b 82 27 88 87 97 91 04 49 12 02 55 da b3 a3 d6 2d 9b 4e 27 fd 11 a3 0c 2a 71 91 e7 70 89 34 09 3f 30 a7 2c b3 c9 f8 fc 7d ff dc 72 cc 6e b7 88 4c f4 ae 82 0a 79 3d 0a 8d d1 db c1 67 a9 10 30 e7 6f e0 f6 c4 49 2f 12 23 3b ee 51 cd 2b 1d 13 dd 7d 90 d1 6d fc 86 5c e3 4c 64 b1 80 53 6b a4 1a b9 8e d6 fa 3a 65 24 d4 75 a6 5f 80 46 67 56 33 3f 3d 73 93 26 74 eb bb 81 3a 5d a5 7a 65 38 7b 7d e1 6a 5c 7c d9 62 9c 31 05 17 6c 5f 85 29 2d 2d 40 e5 b1 d3 af 18 50 b7 77 7b ca 4b 05 17 8e 7d 66 d9 f0 02 00 21 81 fa c7 f2 3b e4 8b 9e ac 9b
                          Data Ascii: !0-%:td$61>E]A{c8926djuwD(['IU-N'*qp4?0,}rnLy=g0oI/#;Q+}m\LdSk:e$u_FgV3?=s&t:]ze8{}j\|b1l_)--@Pw{K}f!;
                          2024-01-09 10:40:33 UTC16384INData Raw: 9d 04 e1 fd ee ac 3a aa fc 40 0d e7 b2 87 71 57 78 a1 b0 4d 71 75 96 27 9b 71 fc 37 3b a8 bd 57 af 84 d5 9c 65 23 3e 9b c6 9d 0a 95 0b fc 99 7f 18 ad 57 ff a6 41 50 a2 6e b7 71 89 77 da 91 b1 61 86 6b 5f 2b b4 21 a6 32 92 09 0c 59 72 e0 ca 53 5b 5c 16 05 6a 9d 4f 0f 48 07 08 2b 74 6b 84 be 10 f9 05 4f 66 91 53 4b df c9 ae 8c f6 68 24 5c f6 95 e6 c1 b8 cd ed 37 e9 15 7e 9f 09 b5 d0 62 cd 81 d6 6e 3f 4d 20 3d 05 8a 19 46 c8 a0 20 70 3f a4 6d 8d 3e 21 8e 73 ef ac a4 f0 da 98 b7 87 0c c3 bf 8a 31 bb 6e 66 77 80 a8 73 93 a2 fd c8 24 12 67 2d b3 f8 39 b1 34 45 e6 69 14 a3 c3 85 fe 30 3a 9d a0 e0 f1 4a 37 81 2a d5 b3 6f 90 d7 f3 e1 a0 5d 7e 20 89 82 12 78 a6 0d 07 48 e6 bd e1 19 e2 fd 4b f4 ae 40 89 b8 cb ec af 61 be 30 de ba 05 d0 0a 8d 47 63 ef 5c c1 ae 1c 24
                          Data Ascii: :@qWxMqu'q7;We#>WAPnqwak_+!2YrS[\jOH+tkOfSKh$\7~bn?M =F p?m>!s1nfws$g-94Ei0:J7*o]~ xHK@a0Gc\$
                          2024-01-09 10:40:33 UTC16384INData Raw: 66 bf e8 77 1f 87 cc 24 08 d7 27 9f 08 61 8d e7 83 2f ae 70 d9 9f c0 a0 fd 4a 69 76 07 78 78 fa e4 8b 37 c5 fe b7 1e d5 1d 9f 2e 41 17 47 53 7d 92 04 d9 75 04 6b 69 7e a2 86 51 9a a8 bb 1c 62 6e 9d 8d ed 5f b0 cc 1d d9 6a 65 94 64 85 57 79 99 67 30 17 b8 ef 82 41 bf 2a da 61 55 70 55 d5 fd c5 a9 3b db 76 53 56 76 d5 9e 67 22 36 1a 1e ed 26 65 f8 7c 8f 1d 0a c6 25 43 a9 e9 ce 1b 05 93 78 6f 8a ba d8 15 dc 18 5b 2a 9f 5c ec 30 50 7e 77 85 28 21 3f 52 1f 8a 49 ac f7 ec 04 c5 52 ef 76 f1 70 4e 12 92 92 21 95 98 3a b0 20 3a b5 eb 70 8b 3b 2d 21 5c ae 36 e8 88 43 24 d6 51 ce bd e3 7a 75 19 58 57 3b b3 98 46 f1 29 ce df 34 c7 29 b9 03 eb 3b 04 c2 59 ad df bd 2e 58 6e ce 49 a8 2e 18 18 32 5e 95 a8 41 44 38 d0 bd fb d7 ba c1 81 f1 c9 ff c4 34 12 d4 7d 41 88 98 f2
                          Data Ascii: fw$'a/pJivxx7.AGS}uki~Qbn_jedWyg0A*aUpU;vSVvg"6&e|%Cxo[*\0P~w(!?RIRvpN!: :p;-!\6C$QzuXW;F)4);Y.XnI.2^AD84}A
                          2024-01-09 10:40:33 UTC16384INData Raw: fa 68 0d 8c ad 03 1f 99 11 09 4a 76 af 29 c3 8d fd ac 09 18 b6 49 eb c6 09 91 2d 8a 04 33 f3 bb e1 68 d1 7b 50 c3 fb 0a 14 46 7b 99 3d c4 06 03 da 44 dc 21 f5 bd 88 53 69 e4 f7 89 e8 75 93 fa 20 e6 cb 53 c3 2d 62 8c 26 62 e3 72 b3 40 cd a6 3a d1 f9 fb 04 82 dd a8 dd db b1 88 91 ad 48 bd ae ca a2 a3 0a 19 53 4c 83 8e 02 2d ec a9 8b 5b bd 6a e8 e8 9b a6 8c aa 45 5b ef 69 6d d6 b1 2b 5d f0 48 08 73 3b 1f 9c 62 e7 52 7b b1 70 cb 2d 25 2d b9 49 b8 09 7c 7f eb 50 44 70 9a c4 32 e4 0a 5e d8 09 cf 78 37 3d c6 37 b0 13 c6 22 a1 cf 36 f2 e6 34 44 75 7e 81 6c d8 db 70 aa 69 cf 5e a3 f3 17 f4 e0 0d a9 4e 2b 9a 57 fd 67 f0 81 4c 73 aa c0 d1 9a 75 95 a2 13 6c a4 b3 9e c3 ba c7 c7 8e 4a 46 a1 8a bc 4d 95 02 5e b8 5b 18 65 ff 32 cd cc 33 82 bb 3a e8 c3 0d 99 fd c9 6b c7
                          Data Ascii: hJv)I-3h{PF{=D!Siu S-b&br@:HSL-[jE[im+]Hs;bR{p-%-I|PDp2^x7=7"64Du~lpi^N+WgLsulJFM^[e23:k
                          2024-01-09 10:40:33 UTC16384INData Raw: 00 5a b4 c5 76 b4 9c 2d 2b 5a 1c 2f 5d 90 f3 c0 66 cd 5f 7c 18 aa 19 96 9e 4f de ed 02 f1 f5 09 62 44 6a 99 2c 32 f6 66 cb 51 1b 41 87 38 ef 88 5e e6 d9 49 18 3d 68 f7 90 97 ad cc 08 60 cb 33 32 30 09 b7 cb 53 c6 c9 a6 32 89 38 6c 36 43 e4 39 bd 1b 0c 32 86 eb ca ba cf 2b 95 6c 5c f5 f3 1b 75 9a 64 b3 f6 02 29 31 f5 a9 f0 40 2f 38 e0 63 2c 8c b8 44 0e fd bf d7 88 06 01 e2 8b d9 c7 82 b2 a5 ce 00 58 6a cc 9f 42 a0 16 1e 6b 75 16 97 c4 68 06 d1 b4 fc e2 80 26 f6 f3 41 f6 a1 42 e7 f7 95 e3 92 17 f5 a1 52 21 5f ed f5 ea 41 91 ac 35 ee 3a a8 c2 d1 92 bc 5b cb 55 c2 68 09 4b e6 c8 7a 00 09 c3 42 9f 4b ce a5 7b cb 2c 8b f5 20 af fa 37 b2 9c 0f 81 1e 35 d5 83 6d 45 9e 30 a3 70 4d 2b 24 db 62 8f 4c fa d3 49 a0 0c f8 b3 4d 7a f2 a8 30 a9 bd 46 99 6d 36 38 b0 c0 57
                          Data Ascii: Zv-+Z/]f_|ObDj,2fQA8^I=h`320S28l6C92+l\ud)1@/8c,DXjBkuh&ABR!_A5:[UhKzBK{, 75mE0pM+$bLIMz0Fm68W
                          2024-01-09 10:40:33 UTC16384INData Raw: b7 e5 85 f2 99 1a 25 1d bf 9f 77 4c da 59 3e b2 19 4c 59 15 60 ea ea 6d 15 f3 f6 1b 8d 8e 3e c0 f1 ef c4 9a da bd 67 2b 15 d3 da d2 09 4c ca 02 86 37 11 19 1c 25 6d 54 93 c6 c6 b8 aa 09 56 55 3d 53 a7 ce 65 1a 91 0d 10 f3 38 75 f9 8c f7 a2 72 b6 d6 b4 60 73 69 d2 40 cd a9 c8 8d 66 9e ab 68 00 f9 6f 93 ec 79 54 58 32 a4 87 34 7d 2d 2f c9 c0 2f ab 06 71 69 a8 16 61 45 7a f6 12 5c 50 6a 89 58 8f 87 6a 42 a4 15 c7 bd cd 73 08 e7 a1 70 fa 23 0a 52 0d 0b 78 2a 5c bd 55 41 00 5c 43 eb 18 81 d7 d3 3b 15 d7 ee de 19 90 6e ae b5 63 d0 b0 59 22 0d a8 3f d3 57 f1 30 27 67 16 9b a9 78 0b 41 76 75 4d 57 b9 6d fb 70 28 8d 90 0c 4d e6 05 48 49 73 88 0b 86 f4 0a 44 e5 2e 45 2e 44 f8 65 f6 05 59 e2 c5 2b 34 ed 65 f2 d1 f8 86 51 d2 7d ed ad b1 fe 7a e7 7e 7c 8e 73 f9 c1 06
                          Data Ascii: %wLY>LY`m>g+L7%mTVU=Se8ur`si@fhoyTX24}-//qiaEz\PjXjBsp#Rx*\UA\C;ncY"?W0'gxAvuMWmp(MHIsD.E.DeY+4eQ}z~|s
                          2024-01-09 10:40:33 UTC16384INData Raw: a0 b0 c8 ae a0 a0 23 3d a4 70 ad 27 d0 c4 93 54 30 8a 69 64 4d 4c 10 c1 b5 3d 25 54 32 33 19 c1 b1 22 ee 11 22 5c aa 7b e0 54 64 47 39 03 33 d9 07 98 c9 a5 99 c8 22 0a 9a 68 cd b8 f4 4b 1f 3c fd 3c b5 7b 99 b6 a9 17 94 ab ce 3d dc c5 1e 41 95 92 d6 e8 ff fb cb 2e 20 1c 67 66 c6 ea 2b 40 95 e1 f5 77 d0 9d 12 4e c8 5c 71 5d 99 fa 0b 5e 94 4e c8 14 1a 31 97 e5 ca 8e ab 45 8f a2 06 a5 bf 0f eb a3 1a 51 d8 bb 93 4e a8 18 ec 6c 6f 61 70 33 37 2b 28 be 6f 30 65 aa 78 af d0 b6 0b 5b 22 3f 9e 5b 1f 5c 45 59 e7 80 35 a5 6b 0e a3 cf 7f b9 11 5b 53 14 2a ff 97 f0 8f bf 9a fe 51 5c 9b 19 40 24 78 fb 31 95 64 6e db 10 d5 70 e2 77 b8 3d 29 2c d1 94 9d 8b 4e b8 5d 73 d9 d7 fe be 70 90 d3 d3 7c 2e d4 84 1f e3 5f 47 ec 50 33 b3 ab ce 5a 8a 7e 38 b8 93 4f 6b 12 ed 5c 61 e9
                          Data Ascii: #=p'T0idML=%T23""\{TdG93"hK<<{=A. gf+@wN\q]^N1EQNloap37+(o0ex["?[\EY5k[S*Q\@$x1dnpw=),N]sp|._GP3Z~8Ok\a
                          2024-01-09 10:40:33 UTC765INData Raw: 80 59 33 fe 3b 41 71 22 bf 44 4a 68 12 bc f9 14 99 c7 3d a7 54 d8 12 39 b2 12 ca 47 88 4b ba 3a de 1c 2e ca ce 84 5d 6c ff cd 60 54 03 df 81 9b a8 59 a5 cd 0b 01 d8 0b 92 dd 66 2c 20 ec ed e3 95 ac 36 f5 92 1b 9d 16 59 9e 61 8b f6 ea 88 8e 99 a0 4d 27 b7 ee 59 32 ed 20 f6 1d 9e 98 3b b6 4f 30 af 43 e8 68 fd 28 50 db 5c 07 5f 22 28 58 a4 52 9e e6 dd c6 5e 6c cc 86 1d 36 2c 23 aa cb 5f 84 21 4a 7f e8 d7 92 f7 c2 a0 6e fd 4c ed 06 90 70 87 26 e9 bc a1 ec 2d 10 71 9e 66 a7 7f ae 3d 6d a0 bd 86 b3 e7 3d e1 c8 bc fb 24 0f ce bf 4e 80 4f c2 5b 5a b3 59 6b 3c cd 46 e3 23 75 42 07 c0 ff ce 51 2c 2c c6 b6 1f 06 9e 89 82 87 0c ad 9a b0 36 0f ff f2 62 88 cd 0f c8 cf 00 15 d0 01 31 b0 d9 c9 f5 aa 2a db c8 dc f6 a3 5a 45 7a 4d 8d 7a 19 8a 91 45 1b 93 45 17 fe a6 e8 5e
                          Data Ascii: Y3;Aq"DJh=T9GK:.]l`TYf, 6YaM'Y2 ;O0Ch(P\_"(XR^l6,#_!JnLp&-qf=m=$NO[ZYk<F#uBQ,,6b1*ZEzMzEE^
                          2024-01-09 10:40:33 UTC16384INData Raw: 1e a5 cf 57 90 d3 1c 36 6d 3d c8 14 de 67 82 ab 1f 40 31 a2 32 77 5d b2 8a e1 c9 d8 47 d6 6a 89 5b 39 28 99 31 89 41 52 ca b0 fe 8d 9d 10 75 d1 d6 e0 01 61 48 79 9c e0 64 60 af 01 50 88 81 49 05 14 1e 4e b0 fa ee f4 29 3e 6c 38 92 3e 0e 1c b3 70 10 c8 0f 5f 00 8a 35 f1 1f ff 26 5e 7f 62 c5 52 69 f8 14 e9 df 0f 65 e9 7b e3 b2 41 9d 41 7b c3 5e 32 f7 ba a7 54 40 79 be 49 11 a2 ef 11 d4 ef d7 cd 60 1e 5c 25 15 34 b1 19 2a bf d5 7b 81 dc 13 9f 8e 41 b9 02 e7 5c cd 25 0a d4 ac 2a cf dd 2c 05 8f bf 74 d8 54 9b 50 89 21 40 3b 73 13 af 0b 26 9a a8 5c 12 99 41 28 10 44 15 0d 29 20 95 85 bc af c3 78 f1 2a 6d 81 df 04 17 70 b6 3b 70 1a f2 fd 98 16 8c cd 45 62 76 0b c5 9a 3d 3c fd 3c c1 25 64 09 ca 92 18 32 16 d8 2e 16 2f d2 e2 37 a3 73 79 9f e9 e9 d2 7f 22 6a 94 0b
                          Data Ascii: W6m=g@12w]Gj[9(1ARuaHyd`PIN)>l8>p_5&^bRie{AA{^2T@yI`\%4*{A\%*,tTP!@;s&\A(D) x*mp;pEbv=<<%d2./7sy"j


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          4192.168.2.164972913.85.23.86443
                          TimestampBytes transferredDirectionData
                          2024-01-09 10:40:42 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ebBg3u3Dh2rt9tK&MD=S2d5C+Zw HTTP/1.1
                          Connection: Keep-Alive
                          Accept: */*
                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                          Host: slscr.update.microsoft.com
                          2024-01-09 10:40:42 UTC560INHTTP/1.1 200 OK
                          Cache-Control: no-cache
                          Pragma: no-cache
                          Content-Type: application/octet-stream
                          Expires: -1
                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                          ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                          MS-CorrelationId: 8a37611c-25bc-4879-a26b-19c77de25301
                          MS-RequestId: 3d3d1801-cba9-4069-8eaa-6b80214b8240
                          MS-CV: yC7+PYvuF0+AHZHT.0
                          X-Microsoft-SLSClientCache: 2880
                          Content-Disposition: attachment; filename=environment.cab
                          X-Content-Type-Options: nosniff
                          Date: Tue, 09 Jan 2024 10:40:41 GMT
                          Connection: close
                          Content-Length: 24490
                          2024-01-09 10:40:42 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                          Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                          2024-01-09 10:40:42 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                          Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                          Session IDSource IPSource PortDestination IPDestination Port
                          5192.168.2.164973123.1.237.25443
                          TimestampBytes transferredDirectionData
                          2024-01-09 10:40:43 UTC2273OUTPOST /threshold/xls.aspx HTTP/1.1
                          Origin: https://www.bing.com
                          Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                          Accept: */*
                          Accept-Language: en-CH
                          Content-type: text/xml
                          X-Agent-DeviceId: 01000A4109009A83
                          X-BM-CBT: 1696585056
                          X-BM-DateFormat: dd/MM/yyyy
                          X-BM-DeviceDimensions: 784x984
                          X-BM-DeviceDimensionsLogical: 784x984
                          X-BM-DeviceScale: 100
                          X-BM-DTZ: 120
                          X-BM-Market: CH
                          X-BM-Theme: 000000;0078d7
                          X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:2C89765
                          X-Device-ClientSession: 8B0BADD9680C444587B50653454AB647
                          X-Device-isOptin: false
                          X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                          X-Device-OSSKU: 48
                          X-Device-Touch: false
                          X-DeviceID: 01000A4109009A83
                          X-MSEdge-ExternalExp: bfbscope1003t3,bfbwsbpphmemqcf,bfbwsbrs0830cf,d-thshld78,d-thshldspcl40,disfbcthas2_1,fliptrat6,spofglclicksh-c2,wsbqfasmsall_c,wsbref-c
                          X-MSEdge-ExternalExpType: JointCoord
                          X-PositionerType: Desktop
                          X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                          X-Search-CortanaAvailableCapabilities: None
                          X-Search-SafeSearch: Moderate
                          X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                          X-UserAgeClass: Unknown
                          Accept-Encoding: gzip, deflate, br
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                          Host: www.bing.com
                          Content-Length: 608
                          Connection: Keep-Alive
                          Cache-Control: no-cache
                          Cookie: SRCHUID=V=2&GUID=1365D4FE3DA84D19A46408EFC15FC823&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231006; SRCHHPGUSR=SRCHLANG=en&HV=1696584863&IPMH=5e4190f4&IPMID=1696585056345&LUT=1696585056224; CortanaAppUID=646BA1FF24F806DFED4199E1E0EFF63E; MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=1F9344FA7B5C6D050D8557587A606C51&CPID=1696585056799&AC=1&CPH=074c06b2&CBV=39996767; _EDGE_S=SID=1F9344FA7B5C6D050D8557587A606C51; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                          2024-01-09 10:40:43 UTC1OUTData Raw: 3c
                          Data Ascii: <
                          2024-01-09 10:40:43 UTC607OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 35 30 34 37 45 35 39 34 32 42 42 32 34 36 30 45 41 33 35 42 35 33 43 43 46 37 38 44 44 42 33 44 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 36 34 38 31 41 46 33 32 31 31 46 30 34 33 44 41 39 30 30 39 46 46 31 30 39 32 45 43 36 45 36 46 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                          Data Ascii: ClientInstRequest><CID>5047E5942BB2460EA35B53CCF78DDB3D</CID><Events><E><T>Event.ClientInst</T><IG>6481AF3211F043DA9009FF1092EC6E6F</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                          2024-01-09 10:40:43 UTC476INHTTP/1.1 204 No Content
                          Access-Control-Allow-Origin: *
                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                          X-MSEdge-Ref: Ref A: 62C07A795CDE4FA6A59EB3C5DAA4F5CE Ref B: PAOEDGE0512 Ref C: 2024-01-09T10:40:43Z
                          Date: Tue, 09 Jan 2024 10:40:43 GMT
                          Connection: close
                          Alt-Svc: h3=":443"; ma=93600
                          X-CDN-TraceID: 0.15ed0117.1704796843.35d0df3d


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          6192.168.2.164973723.78.8.1454433996C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          TimestampBytes transferredDirectionData
                          2024-01-09 10:41:10 UTC390OUTGET /onboarding/smskillreader.txt HTTP/1.1
                          Host: armmf.adobe.com
                          Connection: keep-alive
                          Accept-Language: en-US,en;q=0.9
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          Accept-Encoding: gzip, deflate, br
                          2024-01-09 10:41:10 UTC247INHTTP/1.1 200 OK
                          Server: Apache
                          Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                          ETag: "78-5faa31cce96da"
                          Accept-Ranges: bytes
                          Content-Length: 120
                          Content-Type: text/plain; charset=UTF-8
                          Date: Tue, 09 Jan 2024 10:41:10 GMT
                          Connection: close
                          2024-01-09 10:41:10 UTC120INData Raw: 46 69 6c 65 20 74 68 61 74 20 61 63 74 73 20 6c 69 6b 65 20 61 20 4b 69 6c 6c 20 73 77 69 74 63 68 20 66 6f 72 20 53 4d 53 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 69 6e 20 52 65 61 64 65 72 2e 20 44 65 6c 65 74 65 20 74 68 69 73 20 66 69 6c 65 20 74 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 6b 69 6c 6c 20 73 77 69 74 63 68 20 69 6e 20 52 65 61 64 65 72 2e
                          Data Ascii: File that acts like a Kill switch for SMS functionality in Reader. Delete this file to enable the kill switch in Reader.


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          7192.168.2.164973813.85.23.86443
                          TimestampBytes transferredDirectionData
                          2024-01-09 10:41:19 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ebBg3u3Dh2rt9tK&MD=S2d5C+Zw HTTP/1.1
                          Connection: Keep-Alive
                          Accept: */*
                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                          Host: slscr.update.microsoft.com
                          2024-01-09 10:41:19 UTC560INHTTP/1.1 200 OK
                          Cache-Control: no-cache
                          Pragma: no-cache
                          Content-Type: application/octet-stream
                          Expires: -1
                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                          ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                          MS-CorrelationId: cda26a55-2e36-4d67-874a-bb3c82626fc5
                          MS-RequestId: 6f4f8ed7-efca-4bf0-9648-5eff1a8e383b
                          MS-CV: oHyfogE35E+9NzbI.0
                          X-Microsoft-SLSClientCache: 2160
                          Content-Disposition: attachment; filename=environment.cab
                          X-Content-Type-Options: nosniff
                          Date: Tue, 09 Jan 2024 10:41:19 GMT
                          Connection: close
                          Content-Length: 25457
                          2024-01-09 10:41:19 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                          Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                          2024-01-09 10:41:19 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                          Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          8192.168.2.1649740142.250.191.2064434356C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2024-01-09 10:42:00 UTC449OUTGET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000003AEE04D6FA HTTP/1.1
                          Host: clients1.google.com
                          Connection: keep-alive
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br
                          2024-01-09 10:42:00 UTC817INHTTP/1.1 200 OK
                          Content-Security-Policy: script-src 'report-sample' 'nonce-kyLol5CKrA74iYmNd9IX0A' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                          Content-Security-Policy: script-src 'report-sample' 'nonce-Hqay73C6lH9stK9icGBAfA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                          Content-Type: text/plain; charset=utf-8
                          Content-Length: 220
                          Date: Tue, 09 Jan 2024 10:42:00 GMT
                          Expires: Tue, 09 Jan 2024 10:42:00 GMT
                          Cache-Control: private, max-age=0
                          X-Content-Type-Options: nosniff
                          X-Frame-Options: SAMEORIGIN
                          X-XSS-Protection: 1; mode=block
                          Server: GSE
                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                          Connection: close
                          2024-01-09 10:42:00 UTC220INData Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 32 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 32 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 32 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 32 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 32 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 32 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 36 38 31 65 63 37 30 36 0a
                          Data Ascii: rlzC1: 1C1ONGR_enUS1092rlzC2: 1C2ONGR_enUS1092rlzC7: 1C7ONGR_enUS1092dcc: set_dcc: C1:1C1ONGR_enUS1092,C2:1C2ONGR_enUS1092,C7:1C7ONGR_enUS1092events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: 681ec706


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:11:40:28
                          Start date:09/01/2024
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.dropbox.com/scl/fi/5r8uxa49x6mxtzyj6eule/pdf.zip?rlkey=bgar34hwvlq9j03y0pskhparp&dl=1
                          Imagebase:0x7ff71e7f0000
                          File size:3'242'272 bytes
                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          General

                          Target ID:1
                          Start time:11:40:28
                          Start date:09/01/2024
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1940,i,10882735660332102158,10561879026730868476,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                          Imagebase:0x7ff71e7f0000
                          File size:3'242'272 bytes
                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          General

                          Target ID:2
                          Start time:11:40:37
                          Start date:09/01/2024
                          Path:C:\Windows\System32\rundll32.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                          Imagebase:0x7ff621530000
                          File size:71'680 bytes
                          MD5 hash:EF3179D498793BF4234F708D3BE28633
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:7
                          Start time:11:40:54
                          Start date:09/01/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL01-GT01.pdf
                          Imagebase:0x7ff6b3ca0000
                          File size:5'641'176 bytes
                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          General

                          Target ID:8
                          Start time:11:40:54
                          Start date:09/01/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                          Imagebase:0x7ff774080000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          General

                          Target ID:9
                          Start time:11:40:55
                          Start date:09/01/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1684,i,4537548306538501435,3931959967124930142,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                          Imagebase:0x7ff774080000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          General

                          Target ID:13
                          Start time:11:41:44
                          Start date:09/01/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL03-CR02.pdf
                          Imagebase:0x7ff6b3ca0000
                          File size:5'641'176 bytes
                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:14
                          Start time:11:42:03
                          Start date:09/01/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL20-SC01.pdf
                          Imagebase:0x7ff6b3ca0000
                          File size:5'641'176 bytes
                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:15
                          Start time:11:42:25
                          Start date:09/01/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_pdf.zip\PHL11-GT09.pdf
                          Imagebase:0x7ff6b3ca0000
                          File size:5'641'176 bytes
                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          Disassembly

                          No disassembly