Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
#Employee-Letter.pdf

Overview

General Information

Sample name:#Employee-Letter.pdf
Analysis ID:1584765
MD5:4811040a4ddb1711667f61a65701039c
SHA1:9069510bb6259222e129025615b7b16f3353ad72
SHA256:0f8362a4f6c378d623654597e824bfa1228299c55e63fc5deb8e4fbc4c69157e
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
AI detected landing page (webpage, office document or email)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
Drops PE files
Drops PE files to the windows directory (C:\Windows)
IP address seen in connection with other malware
PE file contains more sections than normal
PE file contains sections with non-standard names

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6796 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\#Employee-Letter.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6236 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7228 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1652,i,7011366841695752933,3711778577316867285,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 7880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://lnk.bio/go?d=https%3A%2F%2Fwww.google.com.et%2Furl%3Fq%3D%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D%26rct%3D%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D%26sa%3Dt%26url%3Damp%2Fs%2Fcanseguros.com.br%2Fplayground%2F999%2Findex&hash=fc90f23943ebebdf3c4a72e3e4413c1c&id=8943128&ext=-2119320&timezone=America%2FNew_York&type=1#c3Zhc3F1ZXpAd2VzLm9yZw== MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2536,i,18129073867454263915,16286679423052581061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://www.google.com.et/url?q=https://canseguros.com.br/playground/999/index#c3Zhc3F1ZXpAd2VzLm9yZw==SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://canseguros.com.br/playground/999/indexAvira URL Cloud: Label: phishing

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentJoe Sandbox AI: PDF document contains QR code
Source: https://www.google.com.et/url?q=https://canseguros.com.br/playground/999/index#c3Zhc3F1ZXpAd2VzLm9yZw==HTTP Parser: No favicon
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\LICENSE.txtJump to behavior
Source: Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.4.dr
Source: global trafficTCP traffic: 192.168.2.4:52685 -> 1.1.1.1:53
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: lnk.bio to https://www.google.com.et/url?q={random_number10}_{random_number10}_{random_number10}&rct={random_number10}_{random_number10}_{random_number10}&sa=t&url=amp/s/canseguros.com.br/playground/999/index
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /go?d=https%3A%2F%2Fwww.google.com.et%2Furl%3Fq%3D%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D%26rct%3D%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D%26sa%3Dt%26url%3Damp%2Fs%2Fcanseguros.com.br%2Fplayground%2F999%2Findex&hash=fc90f23943ebebdf3c4a72e3e4413c1c&id=8943128&ext=-2119320&timezone=America%2FNew_York&type=1 HTTP/1.1Host: lnk.bioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /url?q={RANDOM_NUMBER10}_{RANDOM_NUMBER10}_{RANDOM_NUMBER10}&rct={RANDOM_NUMBER10}_{RANDOM_NUMBER10}_{RANDOM_NUMBER10}&sa=t&url=amp/s/canseguros.com.br/playground/999/index HTTP/1.1Host: www.google.com.etConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /amp/s/canseguros.com.br/playground/999/index HTTP/1.1Host: www.google.com.etConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=520=aK_Aufj3AQ28i1rH0i5T-iDo9LuRU5Ax300cI82nFEh3UrK5I8wGMfWdcxzFHn-v-chyKO0KXLqY8k5AHBBm5-2RcYHSCGigtCO_Xn3sSKIz2VatCUZ-IuJT9CMAPL_DS59BaH3qoo0vT9eUdOL_0sgyPnLErSNDk0_ZJJ_oDcgq8c1HiHx-m8pMza6LVwCdY9_LBQ
Source: global trafficHTTP traffic detected: GET /url?q=https://canseguros.com.br/playground/999/index HTTP/1.1Host: www.google.com.etConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=520=aK_Aufj3AQ28i1rH0i5T-iDo9LuRU5Ax300cI82nFEh3UrK5I8wGMfWdcxzFHn-v-chyKO0KXLqY8k5AHBBm5-2RcYHSCGigtCO_Xn3sSKIz2VatCUZ-IuJT9CMAPL_DS59BaH3qoo0vT9eUdOL_0sgyPnLErSNDk0_ZJJ_oDcgq8c1HiHx-m8pMza6LVwCdY9_LBQ
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.com.etConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com.et/url?q=https://canseguros.com.br/playground/999/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=520=aK_Aufj3AQ28i1rH0i5T-iDo9LuRU5Ax300cI82nFEh3UrK5I8wGMfWdcxzFHn-v-chyKO0KXLqY8k5AHBBm5-2RcYHSCGigtCO_Xn3sSKIz2VatCUZ-IuJT9CMAPL_DS59BaH3qoo0vT9eUdOL_0sgyPnLErSNDk0_ZJJ_oDcgq8c1HiHx-m8pMza6LVwCdY9_LBQ
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.com.etConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=520=aK_Aufj3AQ28i1rH0i5T-iDo9LuRU5Ax300cI82nFEh3UrK5I8wGMfWdcxzFHn-v-chyKO0KXLqY8k5AHBBm5-2RcYHSCGigtCO_Xn3sSKIz2VatCUZ-IuJT9CMAPL_DS59BaH3qoo0vT9eUdOL_0sgyPnLErSNDk0_ZJJ_oDcgq8c1HiHx-m8pMza6LVwCdY9_LBQ
Source: global trafficHTTP traffic detected: GET /url?sa=T&url=&oi=unauthorizedredirect&ct=originlink HTTP/1.1Host: www.google.com.etConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com.et/url?q=https://canseguros.com.br/playground/999/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=520=aK_Aufj3AQ28i1rH0i5T-iDo9LuRU5Ax300cI82nFEh3UrK5I8wGMfWdcxzFHn-v-chyKO0KXLqY8k5AHBBm5-2RcYHSCGigtCO_Xn3sSKIz2VatCUZ-IuJT9CMAPL_DS59BaH3qoo0vT9eUdOL_0sgyPnLErSNDk0_ZJJ_oDcgq8c1HiHx-m8pMza6LVwCdY9_LBQ
Source: global trafficDNS traffic detected: DNS query: lnk.bio
Source: global trafficDNS traffic detected: DNS query: www.google.com.et
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://ocsp.digicert.com0
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://ocsp.digicert.com0A
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://ocsp.digicert.com0C
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://ocsp.digicert.com0X
Source: Google.Widevine.CDM.dll.4.drString found in binary or memory: http://www.digicert.com/CPS0
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: sets.json.4.drString found in binary or memory: https://07c225f3.online
Source: sets.json.4.drString found in binary or memory: https://24.hu
Source: sets.json.4.drString found in binary or memory: https://aajtak.in
Source: sets.json.4.drString found in binary or memory: https://abczdrowie.pl
Source: sets.json.4.drString found in binary or memory: https://alice.tw
Source: sets.json.4.drString found in binary or memory: https://ambitionbox.com
Source: sets.json.4.drString found in binary or memory: https://autobild.de
Source: sets.json.4.drString found in binary or memory: https://baomoi.com
Source: sets.json.4.drString found in binary or memory: https://bild.de
Source: sets.json.4.drString found in binary or memory: https://blackrock.com
Source: sets.json.4.drString found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.4.drString found in binary or memory: https://bluradio.com
Source: sets.json.4.drString found in binary or memory: https://bolasport.com
Source: sets.json.4.drString found in binary or memory: https://bonvivir.com
Source: sets.json.4.drString found in binary or memory: https://bumbox.com
Source: sets.json.4.drString found in binary or memory: https://businessinsider.com.pl
Source: sets.json.4.drString found in binary or memory: https://businesstoday.in
Source: sets.json.4.drString found in binary or memory: https://cachematrix.com
Source: sets.json.4.drString found in binary or memory: https://cafemedia.com
Source: chromecache_215.5.drString found in binary or memory: https://canseguros.com.br/playground/999/index
Source: sets.json.4.drString found in binary or memory: https://caracoltv.com
Source: sets.json.4.drString found in binary or memory: https://carcostadvisor.be
Source: sets.json.4.drString found in binary or memory: https://carcostadvisor.com
Source: sets.json.4.drString found in binary or memory: https://carcostadvisor.fr
Source: sets.json.4.drString found in binary or memory: https://cardsayings.net
Source: sets.json.4.drString found in binary or memory: https://chatbot.com
Source: sets.json.4.drString found in binary or memory: https://chennien.com
Source: sets.json.4.drString found in binary or memory: https://citybibleforum.org
Source: sets.json.4.drString found in binary or memory: https://clarosports.com
Source: manifest.json1.4.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: sets.json.4.drString found in binary or memory: https://clmbtech.com
Source: sets.json.4.drString found in binary or memory: https://closeronline.co.uk
Source: sets.json.4.drString found in binary or memory: https://clubelpais.com.uy
Source: sets.json.4.drString found in binary or memory: https://cmxd.com.mx
Source: sets.json.4.drString found in binary or memory: https://cognitive-ai.ru
Source: sets.json.4.drString found in binary or memory: https://cognitiveai.ru
Source: sets.json.4.drString found in binary or memory: https://commentcamarche.com
Source: sets.json.4.drString found in binary or memory: https://commentcamarche.net
Source: sets.json.4.drString found in binary or memory: https://computerbild.de
Source: sets.json.4.drString found in binary or memory: https://content-loader.com
Source: sets.json.4.drString found in binary or memory: https://cookreactor.com
Source: LICENSE.txt.4.drString found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.4.drString found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: sets.json.4.drString found in binary or memory: https://cricbuzz.com
Source: sets.json.4.drString found in binary or memory: https://css-load.com
Source: sets.json.4.drString found in binary or memory: https://deccoria.pl
Source: sets.json.4.drString found in binary or memory: https://deere.com
Source: sets.json.4.drString found in binary or memory: https://desimartini.com
Source: sets.json.4.drString found in binary or memory: https://dewarmsteweek.be
Source: sets.json.4.drString found in binary or memory: https://drimer.io
Source: sets.json.4.drString found in binary or memory: https://drimer.travel
Source: LICENSE.txt.4.drString found in binary or memory: https://easylist.to/)
Source: sets.json.4.drString found in binary or memory: https://economictimes.com
Source: sets.json.4.drString found in binary or memory: https://een.be
Source: sets.json.4.drString found in binary or memory: https://efront.com
Source: sets.json.4.drString found in binary or memory: https://eleconomista.net
Source: sets.json.4.drString found in binary or memory: https://elfinancierocr.com
Source: sets.json.4.drString found in binary or memory: https://elgrafico.com
Source: sets.json.4.drString found in binary or memory: https://ella.sv
Source: sets.json.4.drString found in binary or memory: https://elpais.com.uy
Source: sets.json.4.drString found in binary or memory: https://elpais.uy
Source: sets.json.4.drString found in binary or memory: https://etfacademy.it
Source: sets.json.4.drString found in binary or memory: https://eworkbookcloud.com
Source: sets.json.4.drString found in binary or memory: https://eworkbookrequest.com
Source: sets.json.4.drString found in binary or memory: https://fakt.pl
Source: sets.json.4.drString found in binary or memory: https://finn.no
Source: sets.json.4.drString found in binary or memory: https://firstlook.biz
Source: sets.json.4.drString found in binary or memory: https://gallito.com.uy
Source: sets.json.4.drString found in binary or memory: https://geforcenow.com
Source: sets.json.4.drString found in binary or memory: https://gettalkdesk.com
Source: LICENSE.txt.4.drString found in binary or memory: https://github.com/easylist)
Source: sets.json.4.drString found in binary or memory: https://gliadomain.com
Source: sets.json.4.drString found in binary or memory: https://gnttv.com
Source: sets.json.4.drString found in binary or memory: https://graziadaily.co.uk
Source: sets.json.4.drString found in binary or memory: https://grid.id
Source: sets.json.4.drString found in binary or memory: https://gridgames.app
Source: sets.json.4.drString found in binary or memory: https://growthrx.in
Source: sets.json.4.drString found in binary or memory: https://grupolpg.sv
Source: sets.json.4.drString found in binary or memory: https://gujaratijagran.com
Source: sets.json.4.drString found in binary or memory: https://hapara.com
Source: sets.json.4.drString found in binary or memory: https://hazipatika.com
Source: sets.json.4.drString found in binary or memory: https://hc1.com
Source: sets.json.4.drString found in binary or memory: https://hc1.global
Source: sets.json.4.drString found in binary or memory: https://hc1cas.com
Source: sets.json.4.drString found in binary or memory: https://hc1cas.global
Source: sets.json.4.drString found in binary or memory: https://healthshots.com
Source: sets.json.4.drString found in binary or memory: https://hearty.app
Source: sets.json.4.drString found in binary or memory: https://hearty.gift
Source: sets.json.4.drString found in binary or memory: https://hearty.me
Source: sets.json.4.drString found in binary or memory: https://heartymail.com
Source: sets.json.4.drString found in binary or memory: https://heatworld.com
Source: sets.json.4.drString found in binary or memory: https://helpdesk.com
Source: sets.json.4.drString found in binary or memory: https://hindustantimes.com
Source: sets.json.4.drString found in binary or memory: https://hj.rs
Source: sets.json.4.drString found in binary or memory: https://hjck.com
Source: sets.json.4.drString found in binary or memory: https://html-load.cc
Source: sets.json.4.drString found in binary or memory: https://html-load.com
Source: sets.json.4.drString found in binary or memory: https://human-talk.org
Source: sets.json.4.drString found in binary or memory: https://idbs-cloud.com
Source: sets.json.4.drString found in binary or memory: https://idbs-dev.com
Source: sets.json.4.drString found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.4.drString found in binary or memory: https://idbs-staging.com
Source: sets.json.4.drString found in binary or memory: https://img-load.com
Source: sets.json.4.drString found in binary or memory: https://indiatimes.com
Source: sets.json.4.drString found in binary or memory: https://indiatoday.in
Source: sets.json.4.drString found in binary or memory: https://indiatodayne.in
Source: sets.json.4.drString found in binary or memory: https://infoedgeindia.com
Source: sets.json.4.drString found in binary or memory: https://interia.pl
Source: sets.json.4.drString found in binary or memory: https://intoday.in
Source: sets.json.4.drString found in binary or memory: https://iolam.it
Source: sets.json.4.drString found in binary or memory: https://ishares.com
Source: sets.json.4.drString found in binary or memory: https://jagran.com
Source: sets.json.4.drString found in binary or memory: https://johndeere.com
Source: sets.json.4.drString found in binary or memory: https://journaldesfemmes.com
Source: sets.json.4.drString found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.4.drString found in binary or memory: https://journaldunet.com
Source: sets.json.4.drString found in binary or memory: https://journaldunet.fr
Source: sets.json.4.drString found in binary or memory: https://joyreactor.cc
Source: sets.json.4.drString found in binary or memory: https://joyreactor.com
Source: sets.json.4.drString found in binary or memory: https://kaksya.in
Source: sets.json.4.drString found in binary or memory: https://knowledgebase.com
Source: sets.json.4.drString found in binary or memory: https://kompas.com
Source: sets.json.4.drString found in binary or memory: https://kompas.tv
Source: sets.json.4.drString found in binary or memory: https://kompasiana.com
Source: sets.json.4.drString found in binary or memory: https://lanacion.com.ar
Source: sets.json.4.drString found in binary or memory: https://landyrev.com
Source: sets.json.4.drString found in binary or memory: https://landyrev.ru
Source: sets.json.4.drString found in binary or memory: https://laprensagrafica.com
Source: sets.json.4.drString found in binary or memory: https://lateja.cr
Source: sets.json.4.drString found in binary or memory: https://libero.it
Source: sets.json.4.drString found in binary or memory: https://linternaute.com
Source: sets.json.4.drString found in binary or memory: https://linternaute.fr
Source: sets.json.4.drString found in binary or memory: https://livechat.com
Source: sets.json.4.drString found in binary or memory: https://livechatinc.com
Source: sets.json.4.drString found in binary or memory: https://livehindustan.com
Source: sets.json.4.drString found in binary or memory: https://livemint.com
Source: sets.json.4.drString found in binary or memory: https://max.auto
Source: sets.json.4.drString found in binary or memory: https://medonet.pl
Source: sets.json.4.drString found in binary or memory: https://meo.pt
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.cl
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.co
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.do
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.py
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.4.drString found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.4.drString found in binary or memory: https://mercadolivre.com
Source: sets.json.4.drString found in binary or memory: https://mercadolivre.com.br
Source: sets.json.4.drString found in binary or memory: https://mercadopago.cl
Source: sets.json.4.drString found in binary or memory: https://mercadopago.com
Source: sets.json.4.drString found in binary or memory: https://mercadopago.com.ar
Source: sets.json.4.drString found in binary or memory: https://mercadopago.com.br
Source: sets.json.4.drString found in binary or memory: https://mercadopago.com.co
Source: sets.json.4.drString found in binary or memory: https://mercadopago.com.ec
Source: sets.json.4.drString found in binary or memory: https://mercadopago.com.mx
Source: sets.json.4.drString found in binary or memory: https://mercadopago.com.pe
Source: sets.json.4.drString found in binary or memory: https://mercadopago.com.uy
Source: sets.json.4.drString found in binary or memory: https://mercadopago.com.ve
Source: sets.json.4.drString found in binary or memory: https://mercadoshops.cl
Source: sets.json.4.drString found in binary or memory: https://mercadoshops.com
Source: sets.json.4.drString found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.4.drString found in binary or memory: https://mercadoshops.com.br
Source: sets.json.4.drString found in binary or memory: https://mercadoshops.com.co
Source: sets.json.4.drString found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.4.drString found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.4.drString found in binary or memory: https://mightytext.net
Source: sets.json.4.drString found in binary or memory: https://mittanbud.no
Source: sets.json.4.drString found in binary or memory: https://money.pl
Source: sets.json.4.drString found in binary or memory: https://motherandbaby.com
Source: sets.json.4.drString found in binary or memory: https://mystudentdashboard.com
Source: sets.json.4.drString found in binary or memory: https://nacion.com
Source: sets.json.4.drString found in binary or memory: https://naukri.com
Source: sets.json.4.drString found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.4.drString found in binary or memory: https://nien.co
Source: sets.json.4.drString found in binary or memory: https://nien.com
Source: sets.json.4.drString found in binary or memory: https://nien.org
Source: sets.json.4.drString found in binary or memory: https://nlc.hu
Source: sets.json.4.drString found in binary or memory: https://nosalty.hu
Source: sets.json.4.drString found in binary or memory: https://noticiascaracol.com
Source: sets.json.4.drString found in binary or memory: https://nourishingpursuits.com
Source: sets.json.4.drString found in binary or memory: https://nvidia.com
Source: sets.json.4.drString found in binary or memory: https://o2.pl
Source: sets.json.4.drString found in binary or memory: https://ocdn.eu
Source: sets.json.4.drString found in binary or memory: https://onet.pl
Source: sets.json.4.drString found in binary or memory: https://ottplay.com
Source: sets.json.4.drString found in binary or memory: https://p106.net
Source: sets.json.4.drString found in binary or memory: https://p24.hu
Source: sets.json.4.drString found in binary or memory: https://paula.com.uy
Source: sets.json.4.drString found in binary or memory: https://pdmp-apis.no
Source: sets.json.4.drString found in binary or memory: https://phonandroid.com
Source: sets.json.4.drString found in binary or memory: https://player.pl
Source: sets.json.4.drString found in binary or memory: https://plejada.pl
Source: sets.json.4.drString found in binary or memory: https://poalim.site
Source: sets.json.4.drString found in binary or memory: https://poalim.xyz
Source: sets.json.4.drString found in binary or memory: https://pomponik.pl
Source: sets.json.4.drString found in binary or memory: https://portalinmobiliario.com
Source: sets.json.4.drString found in binary or memory: https://prisjakt.no
Source: sets.json.4.drString found in binary or memory: https://pudelek.pl
Source: sets.json.4.drString found in binary or memory: https://punjabijagran.com
Source: sets.json.4.drString found in binary or memory: https://radio1.be
Source: sets.json.4.drString found in binary or memory: https://radio2.be
Source: sets.json.4.drString found in binary or memory: https://reactor.cc
Source: sets.json.4.drString found in binary or memory: https://repid.org
Source: sets.json.4.drString found in binary or memory: https://reshim.org
Source: sets.json.4.drString found in binary or memory: https://rws1nvtvt.com
Source: sets.json.4.drString found in binary or memory: https://rws2nvtvt.com
Source: sets.json.4.drString found in binary or memory: https://rws3nvtvt.com
Source: sets.json.4.drString found in binary or memory: https://sackrace.ai
Source: sets.json.4.drString found in binary or memory: https://salemoveadvisor.com
Source: sets.json.4.drString found in binary or memory: https://salemovefinancial.com
Source: sets.json.4.drString found in binary or memory: https://salemovetravel.com
Source: sets.json.4.drString found in binary or memory: https://samayam.com
Source: sets.json.4.drString found in binary or memory: https://sapo.io
Source: sets.json.4.drString found in binary or memory: https://sapo.pt
Source: sets.json.4.drString found in binary or memory: https://shock.co
Source: sets.json.4.drString found in binary or memory: https://smaker.pl
Source: sets.json.4.drString found in binary or memory: https://smoney.vn
Source: sets.json.4.drString found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.4.drString found in binary or memory: https://socket-to-me.vip
Source: sets.json.4.drString found in binary or memory: https://songshare.com
Source: sets.json.4.drString found in binary or memory: https://songstats.com
Source: sets.json.4.drString found in binary or memory: https://sporza.be
Source: sets.json.4.drString found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.4.drString found in binary or memory: https://startlap.hu
Source: sets.json.4.drString found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.4.drString found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.4.drString found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.4.drString found in binary or memory: https://stripe.com
Source: sets.json.4.drString found in binary or memory: https://stripe.network
Source: sets.json.4.drString found in binary or memory: https://stripecdn.com
Source: sets.json.4.drString found in binary or memory: https://supereva.it
Source: sets.json.4.drString found in binary or memory: https://takeabreak.co.uk
Source: sets.json.4.drString found in binary or memory: https://talkdeskqaid.com
Source: sets.json.4.drString found in binary or memory: https://talkdeskstgid.com
Source: sets.json.4.drString found in binary or memory: https://teacherdashboard.com
Source: sets.json.4.drString found in binary or memory: https://technology-revealed.com
Source: sets.json.4.drString found in binary or memory: https://terazgotuje.pl
Source: sets.json.4.drString found in binary or memory: https://text.com
Source: sets.json.4.drString found in binary or memory: https://textyserver.appspot.com
Source: sets.json.4.drString found in binary or memory: https://the42.ie
Source: sets.json.4.drString found in binary or memory: https://thejournal.ie
Source: sets.json.4.drString found in binary or memory: https://thirdspace.org.au
Source: sets.json.4.drString found in binary or memory: https://timesinternet.in
Source: sets.json.4.drString found in binary or memory: https://timesofindia.com
Source: sets.json.4.drString found in binary or memory: https://tolteck.app
Source: sets.json.4.drString found in binary or memory: https://tolteck.com
Source: sets.json.4.drString found in binary or memory: https://top.pl
Source: sets.json.4.drString found in binary or memory: https://tribunnews.com
Source: sets.json.4.drString found in binary or memory: https://trytalkdesk.com
Source: sets.json.4.drString found in binary or memory: https://tucarro.com
Source: sets.json.4.drString found in binary or memory: https://tucarro.com.co
Source: sets.json.4.drString found in binary or memory: https://tucarro.com.ve
Source: sets.json.4.drString found in binary or memory: https://tvid.in
Source: sets.json.4.drString found in binary or memory: https://tvn.pl
Source: sets.json.4.drString found in binary or memory: https://tvn24.pl
Source: sets.json.4.drString found in binary or memory: https://unotv.com
Source: sets.json.4.drString found in binary or memory: https://victorymedium.com
Source: sets.json.4.drString found in binary or memory: https://vrt.be
Source: sets.json.4.drString found in binary or memory: https://vwo.com
Source: sets.json.4.drString found in binary or memory: https://welt.de
Source: sets.json.4.drString found in binary or memory: https://wieistmeineip.de
Source: sets.json.4.drString found in binary or memory: https://wildix.com
Source: sets.json.4.drString found in binary or memory: https://wildixin.com
Source: sets.json.4.drString found in binary or memory: https://wingify.com
Source: sets.json.4.drString found in binary or memory: https://wordle.at
Source: sets.json.4.drString found in binary or memory: https://wp.pl
Source: sets.json.4.drString found in binary or memory: https://wpext.pl
Source: sets.json.4.drString found in binary or memory: https://www.asadcdn.com
Source: sets.json.4.drString found in binary or memory: https://ya.ru
Source: sets.json.4.drString found in binary or memory: https://yours.co.uk
Source: sets.json.4.drString found in binary or memory: https://zalo.me
Source: sets.json.4.drString found in binary or memory: https://zdrowietvn.pl
Source: sets.json.4.drString found in binary or memory: https://zingmp3.vn
Source: sets.json.4.drString found in binary or memory: https://zoom.com
Source: sets.json.4.drString found in binary or memory: https://zoom.us
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 52903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 52697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52906
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52903
Source: unknownNetwork traffic detected: HTTP traffic on port 52906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52697
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_79028869Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_79028869\sets.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_79028869\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_79028869\LICENSEJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_79028869\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_79028869\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_79028869\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103\Google.Widevine.CDM.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_platform_specific\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_platform_specific\win_x64\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_platform_specific\win_x64\widevinecdm.dll.sigJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_platform_specific\win_x64\widevinecdm.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\LICENSEJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\LICENSE.txtJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\Filtering RulesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1243412476Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1243412476\cr_en-us_500000_index.binJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1243412476\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1243412476\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1243412476\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1243412476\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1347052324Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1347052324\keys.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1347052324\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1347052324\LICENSEJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1347052324\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1347052324\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1347052324\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\chrome_BITS_7880_1499653041Jump to behavior
Source: widevinecdm.dll.4.drStatic PE information: Number of sections : 13 > 10
Source: Google.Widevine.CDM.dll.4.drStatic PE information: Number of sections : 12 > 10
Source: classification engineClassification label: mal52.winPDF@35/85@11/7
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-06 07-11-46-116.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\#Employee-Letter.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1652,i,7011366841695752933,3711778577316867285,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://lnk.bio/go?d=https%3A%2F%2Fwww.google.com.et%2Furl%3Fq%3D%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D%26rct%3D%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D%26sa%3Dt%26url%3Damp%2Fs%2Fcanseguros.com.br%2Fplayground%2F999%2Findex&hash=fc90f23943ebebdf3c4a72e3e4413c1c&id=8943128&ext=-2119320&timezone=America%2FNew_York&type=1#c3Zhc3F1ZXpAd2VzLm9yZw==
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2536,i,18129073867454263915,16286679423052581061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1652,i,7011366841695752933,3711778577316867285,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2536,i,18129073867454263915,16286679423052581061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.4.dr
Source: #Employee-Letter.pdfInitial sample: PDF keyword /JS count = 0
Source: #Employee-Letter.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: #Employee-Letter.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Google.Widevine.CDM.dll.4.drStatic PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.4.drStatic PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.4.drStatic PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.4.drStatic PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.4.drStatic PE information: section name: _RDATA
Source: widevinecdm.dll.4.drStatic PE information: section name: .00cfg
Source: widevinecdm.dll.4.drStatic PE information: section name: .gxfg
Source: widevinecdm.dll.4.drStatic PE information: section name: .retplne
Source: widevinecdm.dll.4.drStatic PE information: section name: .rodata
Source: widevinecdm.dll.4.drStatic PE information: section name: _RDATA
Source: widevinecdm.dll.4.drStatic PE information: section name: malloc_h
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_platform_specific\win_x64\widevinecdm.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103\Google.Widevine.CDM.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_platform_specific\win_x64\widevinecdm.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103\Google.Widevine.CDM.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\LICENSE.txtJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		21
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_platform_specific\win_x64\widevinecdm.dll0%ReversingLabs
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103\Google.Widevine.CDM.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.google.com.et/url?q=https://canseguros.com.br/playground/999/index#c3Zhc3F1ZXpAd2VzLm9yZw==100%SlashNextCredential Stealing type: Phishing & Social Engineering
https://canseguros.com.br/playground/999/index100%Avira URL Cloudphishing

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    lnk.bio
    		100.22.0.215
    		truefalse
      		high
      www.google.com.et
      		142.250.186.99
      		truefalse
        		high
        www.google.com
        		142.250.185.100
        		truefalse
          		high
          x1.i.lencr.org
          		unknown
          		unknownfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://wieistmeineip.desets.json.4.drfalse
              		high
              https://mercadoshops.com.cosets.json.4.drfalse
                		high
                https://gliadomain.comsets.json.4.drfalse
                  		high
                  https://poalim.xyzsets.json.4.drfalse
                    		high
                    https://mercadolivre.comsets.json.4.drfalse
                      		high
                      https://easylist.to/)LICENSE.txt.4.drfalse
                        		high
                        https://reshim.orgsets.json.4.drfalse
                          		high
                          https://nourishingpursuits.comsets.json.4.drfalse
                            		high
                            https://medonet.plsets.json.4.drfalse
                              		high
                              https://unotv.comsets.json.4.drfalse
                                		high
                                https://mercadoshops.com.brsets.json.4.drfalse
                                  		high
                                  https://joyreactor.ccsets.json.4.drfalse
                                    		high
                                    https://zdrowietvn.plsets.json.4.drfalse
                                      		high
                                      https://johndeere.comsets.json.4.drfalse
                                        		high
                                        https://songstats.comsets.json.4.drfalse
                                          		high
                                          https://baomoi.comsets.json.4.drfalse
                                            		high
                                            https://supereva.itsets.json.4.drfalse
                                              		high
                                              https://elfinancierocr.comsets.json.4.drfalse
                                                		high
                                                https://bolasport.comsets.json.4.drfalse
                                                  		high
                                                  https://rws1nvtvt.comsets.json.4.drfalse
                                                    		high
                                                    https://desimartini.comsets.json.4.drfalse
                                                      		high
                                                      https://hearty.appsets.json.4.drfalse
                                                        		high
                                                        https://hearty.giftsets.json.4.drfalse
                                                          		high
                                                          https://mercadoshops.comsets.json.4.drfalse
                                                            		high
                                                            https://heartymail.comsets.json.4.drfalse
                                                              		high
                                                              https://nlc.husets.json.4.drfalse
                                                                		high
                                                                https://p106.netsets.json.4.drfalse
                                                                  		high
                                                                  https://radio2.besets.json.4.drfalse
                                                                    		high
                                                                    https://finn.nosets.json.4.drfalse
                                                                      		high
                                                                      https://hc1.comsets.json.4.drfalse
                                                                        		high
                                                                        https://kompas.tvsets.json.4.drfalse
                                                                          		high
                                                                          https://mystudentdashboard.comsets.json.4.drfalse
                                                                            		high
                                                                            https://songshare.comsets.json.4.drfalse
                                                                              		high
                                                                              https://smaker.plsets.json.4.drfalse
                                                                                		high
                                                                                https://mercadopago.com.mxsets.json.4.drfalse
                                                                                  		high
                                                                                  https://p24.husets.json.4.drfalse
                                                                                    		high
                                                                                    https://talkdeskqaid.comsets.json.4.drfalse
                                                                                      		high
                                                                                      https://24.husets.json.4.drfalse
                                                                                        		high
                                                                                        https://mercadopago.com.pesets.json.4.drfalse
                                                                                          		high
                                                                                          https://cardsayings.netsets.json.4.drfalse
                                                                                            		high
                                                                                            https://text.comsets.json.4.drfalse
                                                                                              		high
                                                                                              https://mightytext.netsets.json.4.drfalse
                                                                                                		high
                                                                                                https://pudelek.plsets.json.4.drfalse
                                                                                                  		high
                                                                                                  https://hazipatika.comsets.json.4.drfalse
                                                                                                    		high
                                                                                                    https://joyreactor.comsets.json.4.drfalse
                                                                                                      		high
                                                                                                      https://cookreactor.comsets.json.4.drfalse
                                                                                                        		high
                                                                                                        https://wildixin.comsets.json.4.drfalse
                                                                                                          		high
                                                                                                          https://eworkbookcloud.comsets.json.4.drfalse
                                                                                                            		high
                                                                                                            https://cognitiveai.rusets.json.4.drfalse
                                                                                                              		high
                                                                                                              https://nacion.comsets.json.4.drfalse
                                                                                                                		high
                                                                                                                https://chennien.comsets.json.4.drfalse
                                                                                                                  		high
                                                                                                                  https://drimer.travelsets.json.4.drfalse
                                                                                                                    		high
                                                                                                                    https://canseguros.com.br/playground/999/indexchromecache_215.5.drfalse
                                                                                                                    • Avira URL Cloud: phishing
                                                                                                                    		unknown
                                                                                                                    https://deccoria.plsets.json.4.drfalse
                                                                                                                      		high
                                                                                                                      https://mercadopago.clsets.json.4.drfalse
                                                                                                                        		high
                                                                                                                        https://talkdeskstgid.comsets.json.4.drfalse
                                                                                                                          		high
                                                                                                                          https://naukri.comsets.json.4.drfalse
                                                                                                                            		high
                                                                                                                            https://interia.plsets.json.4.drfalse
                                                                                                                              		high
                                                                                                                              https://bonvivir.comsets.json.4.drfalse
                                                                                                                                		high
                                                                                                                                https://carcostadvisor.besets.json.4.drfalse
                                                                                                                                  		high
                                                                                                                                  https://salemovetravel.comsets.json.4.drfalse
                                                                                                                                    		high
                                                                                                                                    https://sapo.iosets.json.4.drfalse
                                                                                                                                      		high
                                                                                                                                      https://wpext.plsets.json.4.drfalse
                                                                                                                                        		high
                                                                                                                                        https://welt.desets.json.4.drfalse
                                                                                                                                          		high
                                                                                                                                          https://poalim.sitesets.json.4.drfalse
                                                                                                                                            		high
                                                                                                                                            https://drimer.iosets.json.4.drfalse
                                                                                                                                              		high
                                                                                                                                              https://infoedgeindia.comsets.json.4.drfalse
                                                                                                                                                		high
                                                                                                                                                https://blackrockadvisorelite.itsets.json.4.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://cognitive-ai.rusets.json.4.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://cafemedia.comsets.json.4.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://graziadaily.co.uksets.json.4.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://thirdspace.org.ausets.json.4.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://mercadoshops.com.arsets.json.4.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://smpn106jkt.sch.idsets.json.4.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://elpais.uysets.json.4.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://landyrev.comsets.json.4.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://the42.iesets.json.4.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://commentcamarche.comsets.json.4.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://tucarro.com.vesets.json.4.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://rws3nvtvt.comsets.json.4.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://eleconomista.netsets.json.4.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://helpdesk.comsets.json.4.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://mercadolivre.com.brsets.json.4.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://clmbtech.comsets.json.4.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://standardsandpraiserepurpose.comsets.json.4.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://07c225f3.onlinesets.json.4.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://salemovefinancial.comsets.json.4.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://mercadopago.com.brsets.json.4.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://zoom.ussets.json.4.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://commentcamarche.netsets.json.4.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://etfacademy.itsets.json.4.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://mighty-app.appspot.comsets.json.4.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://hj.rssets.json.4.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://hearty.mesets.json.4.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://mercadolibre.com.gtsets.json.4.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://timesinternet.insets.json.4.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://indiatodayne.insets.json.4.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://idbs-staging.comsets.json.4.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://blackrock.comsets.json.4.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://idbs-eworkbook.comsets.json.4.drfalse
                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                  142.250.185.228
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                  142.250.185.100
                                                                                                                                                                                                                  		www.google.comUnited States
                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                  239.255.255.250
                                                                                                                                                                                                                  		unknownReserved
                                                                                                                                                                                                                  		unknownunknownfalse
                                                                                                                                                                                                                  100.22.0.215
                                                                                                                                                                                                                  		lnk.bioUnited States
                                                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                                                  172.217.16.195
                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                  142.250.186.99
                                                                                                                                                                                                                  		www.google.com.etUnited States
                                                                                                                                                                                                                  		15169GOOGLEUSfalse

                                                                                                                                                                                                                  Private

                                                                                                                                                                                                                  IP
                                                                                                                                                                                                                  192.168.2.4

                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                  Analysis ID:1584765
                                                                                                                                                                                                                  Start date and time:2025-01-06 13:10:54 +01:00
                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                  Overall analysis duration:0h 5m 25s
                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                  Cookbook file name:defaultwindowspdfcookbook.jbs
                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                  Number of analysed new started processes analysed:13
                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                  Sample name:#Employee-Letter.pdf
                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                  Classification:mal52.winPDF@35/85@11/7
                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                  • Found application associated with file extension: .pdf
                                                                                                                                                                                                                  • Found PDF document
                                                                                                                                                                                                                  • Close Viewer

                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 184.28.88.176, 162.159.61.3, 172.64.41.3, 2.16.168.107, 2.16.168.105, 142.250.185.195, 142.250.185.174, 74.125.133.84, 142.250.181.238, 23.209.209.135, 199.232.210.172, 216.58.206.78, 142.250.186.142, 192.229.221.95, 142.250.185.142, 142.250.185.78, 216.58.212.174, 142.250.186.110, 142.250.185.163, 142.250.185.238, 34.104.35.123, 142.250.186.46, 142.250.184.227, 142.250.184.206, 172.217.18.14, 3.219.243.226, 23.56.254.164, 23.47.168.24, 20.12.23.50, 13.107.246.45
                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, clients1.google.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.

                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                  07:11:51API Interceptor2x Sleep call for process: AcroCEF.exe modified

                                                                                                                                                                                                                  QR Codes

                                                                                                                                                                                                                  SourceURL
                                                                                                                                                                                                                  Screenshothttps://lnk.bio/go?d=https%3A%2F%2Fwww.google.com.et%2Furl%3Fq%3D%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D%26rct%3D%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D%26sa%3Dt%26url%3Damp%2Fs%2Fcanseguros.com.br%2Fplayground%2F999%2Findex&hash=fc90f23943ebebdf3c4a72e3e4413c1c&id=8943128&ext=-2119320&timezone=America%2FNew_York&type=1#c3Zhc3F1ZXpAd2VzLm9yZw==

                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  239.255.255.250https://pwv95gp5r-xn--r3h9jdud-xn----c1a2cj-xn----p1ai.translate.goog/sIQKSvTC/b8KvU/uoTt6?ZFhObGNpNXBiblp2YkhabGJXVnVkRUJ6YjNWMGFHVnliblJ5ZFhOMExtaHpZMjVwTG01bGRBPT06c1JsOUE+&_x_tr_sch=http&_x_tr_sl=hrLWHGLm&_x_tr_tl=bTtllyqlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    HACK-GAMER.exeGet hashmaliciousMetasploit, MeterpreterBrowse
                                                                                                                                                                                                                      https://o365info.com/get-unlicensed-onedrive-accounts/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        AZfDGVWF68.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          https://czfc104.na1.hubspotlinks.com/Ctc/RI+113/cZFc104/VVpBhY3Y-LTWW3Cvl9B8hKRPtVVm64t5qdmRWN1f4_WP7mt9FW50l5tj6lZ3lNW8SvDYK4v65T-W5VNxKh8dLcmKW1GlXcL834zD3W5w7v_71CDbKVV4Dsjr5FnQ2PVSHlbR3pc5MwW72kzKm6WrbY7W6NJh0_7GRxDMW2K2WDT2ZPr4xW3b_gtn2bnp5xW7Hn0F58SN9mqN4_D9_QrtgD8VBy-hV2j1qrbW3N54fh8gXkqCW6JcyP11p5DmRW6d2nj72MkQXgW6hgqJx7Gc_ycW5DT-Pm451FQhW4Tph0s8GNtc-W58sq8G9dpW27W5S3wzf7rNLv_Vn6h606T2B8YN4yb6VRDg_G5W36Gvt_2lnk9qW2LykX37R4KRSW1F2tHT3jrLyjW7hSkG572MN4TW75KrBz5T-zFkVLJYW27hKs9nW3h3Pmh907wxLW2Zzdnn98hQC7W2Qnk7D31ZBJjW83tNvQ2nNht5W1HJvHm95P722W55gfDx9lT1vDW1ykGr_219m_RW5ff63S7MhCcQW4_QfK_5TQdprVlF4dm2DH-ctW6mF-BW36YwwNW99r61n6mmMhVW2v1J7Q5mVXz2W53lcRT6L4fsVN8gyZcXY0MfLW2kLwLd1TYk1wW7MzDQt4QNh6nW1bMMpS84VG-SW6F_Tym5bK06Qf6rQzB604Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                              https://www.boulderpeptide.org/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                P3A946MOFP.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  https://u46509964.ct.sendgrid.net/ls/click?upn=u001.yzEgCXNOtR0g3VDqrfESrp2R1cF5ldZEX7V8PkOFzM7ruCjjHr3jp5RGL8GduYU-2BjhHflFlXWDZcLxMTl-2BOf3Q-3D-3Dypty_wgMyjr7kuwn9YAatYj1Mf4g8ovXgJAxpM0PlHYE9e6HZUYNSU5hkcVbHbQ0q5E6I3Vn1iKBKWI4PPg-2BCiKeQ2OE0mP0AQHbDintLIvkOVimerxUzun3ony9NL1yVRuA4WQuNzjMCPVhNshNaKMXqQsMtvsckMLkqRAU-2FNXREyY4h03-2BUaA2tGQGT4QuateFiuKuJahSkLVnvCQKkIZcpO3aNqWzyxlmipL9FIlHPuq9M09y6kh5iIlWeVT6v9HaNCeK7mNRfTM-2FaE-2FYlUjqPiHlgW1bQDf4vc-2B8bTW2XnnwQ3OD-2BHpj1pVnq8E-2B5KWyk-2BdpGzJAivJFYRAm0bkM-2FBffGjfgcs9NuM6kyERGkXLWY0YDwCJHP0W3vRM98XO8M2QRiYbYEh4a80qwygvsII8yUtWb452P35A7kazo2Bsi9HmjZL32fVK2Kj1rsDSpFE2-2FPz5MkH0YdERZv2D9LaOR2CGCCtOzFgtqISzhm5DNl8sQN1HGl9yl3sxCQ2TXG-2B2-2FQIL0ayfUBJHiJurB3Y0z5HdmkhdTnyWYqM9SpbJkxNnfJXP5NAUZTA0q1B3cuqIcfJ8Gdtm1IuXC9fLcGQFLP2A1GLVH6tFOcbPu-2F-2FO5Evswi23nrB2CFvf3EAjbRLMMYTn-2FzVKiL-2FLRKqLChrdjv6iJ364jG39-2BR-2BRXc7k2MN4PqhyBkuDYVO6KJhJtr7VWQ1JkGgezZvQKBz4Vi6Gq0ytsGLOZnihpIPww05MHzIdOzD94b48OUKOeaeHavlRK5pXSjQ7zOPyDnUSjdCJ-2FLEEq4EOGwcWXvvFjweg-2BQEsFRU1KoSIvsY-2FcQgpMyEYXStCMiKHT4WQ7TMDjBOR3rhCh2QliVs-2FI1-2BSi-2FjGbWAd30KPG-2F7b4L3CtlRajP3-2BEOcqU3Jvnbxu8AdSEg-2F0bY3U9Rsq-2FRYamf2McJIE0i0zbXhYCXRm3cXwuZg-2Fn9ed9-2FBCSIqPn-2B7Kqqgzm-2FKg-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      bg.microsoft.map.fastly.netAgent381.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                                                                                      build.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                      • 199.232.214.172
                                                                                                                                                                                                                                      AZfDGVWF68.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                                                                                      CKi4EZWZsC.ps1Get hashmaliciousDcRat, KeyLogger, StormKitty, Strela Stealer, VenomRATBrowse
                                                                                                                                                                                                                                      • 199.232.214.172
                                                                                                                                                                                                                                      LZUCldA1ro.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                                                                                      4HbZBsYZ48.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                                                                                      DUD6CqQ1Uj.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                                                                                      ny9LDJr6pA.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                      • 199.232.214.172
                                                                                                                                                                                                                                      JP1KbvjWcM.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                                                                      • 199.232.210.172
                                                                                                                                                                                                                                      cZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 199.232.214.172

                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      AMAZON-02USAPLICATIVO-WINDOWS-NOTA-FISCAL.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                      • 13.35.58.104
                                                                                                                                                                                                                                      https://pwv95gp5r-xn--r3h9jdud-xn----c1a2cj-xn----p1ai.translate.goog/sIQKSvTC/b8KvU/uoTt6?ZFhObGNpNXBiblp2YkhabGJXVnVkRUJ6YjNWMGFHVnliblJ5ZFhOMExtaHpZMjVwTG01bGRBPT06c1JsOUE+&_x_tr_sch=http&_x_tr_sl=hrLWHGLm&_x_tr_tl=bTtllyqlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                      • 143.204.215.82
                                                                                                                                                                                                                                      hidakibest.mpsl.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                                      • 34.249.145.219
                                                                                                                                                                                                                                      https://o365info.com/get-unlicensed-onedrive-accounts/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 3.160.150.86
                                                                                                                                                                                                                                      https://czfc104.na1.hubspotlinks.com/Ctc/RI+113/cZFc104/VVpBhY3Y-LTWW3Cvl9B8hKRPtVVm64t5qdmRWN1f4_WP7mt9FW50l5tj6lZ3lNW8SvDYK4v65T-W5VNxKh8dLcmKW1GlXcL834zD3W5w7v_71CDbKVV4Dsjr5FnQ2PVSHlbR3pc5MwW72kzKm6WrbY7W6NJh0_7GRxDMW2K2WDT2ZPr4xW3b_gtn2bnp5xW7Hn0F58SN9mqN4_D9_QrtgD8VBy-hV2j1qrbW3N54fh8gXkqCW6JcyP11p5DmRW6d2nj72MkQXgW6hgqJx7Gc_ycW5DT-Pm451FQhW4Tph0s8GNtc-W58sq8G9dpW27W5S3wzf7rNLv_Vn6h606T2B8YN4yb6VRDg_G5W36Gvt_2lnk9qW2LykX37R4KRSW1F2tHT3jrLyjW7hSkG572MN4TW75KrBz5T-zFkVLJYW27hKs9nW3h3Pmh907wxLW2Zzdnn98hQC7W2Qnk7D31ZBJjW83tNvQ2nNht5W1HJvHm95P722W55gfDx9lT1vDW1ykGr_219m_RW5ff63S7MhCcQW4_QfK_5TQdprVlF4dm2DH-ctW6mF-BW36YwwNW99r61n6mmMhVW2v1J7Q5mVXz2W53lcRT6L4fsVN8gyZcXY0MfLW2kLwLd1TYk1wW7MzDQt4QNh6nW1bMMpS84VG-SW6F_Tym5bK06Qf6rQzB604Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 18.245.46.25
                                                                                                                                                                                                                                      NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                      • 52.222.214.68
                                                                                                                                                                                                                                      https://www.boulderpeptide.org/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                      • 54.76.53.164
                                                                                                                                                                                                                                      https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 13.32.121.106
                                                                                                                                                                                                                                      wind.arm6.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                      • 54.171.230.55
                                                                                                                                                                                                                                      wind.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                      • 54.171.230.55

                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_platform_specific\win_x64\widevinecdm.dllSmartEasyPDF.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        pdfguruhub.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          allpdfpro.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            Complete_with_DocuSign_49584.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                              https://averellharriman.sharefile.com/public/share/web-sab7e0a816d3e4e0ca3a0899254901a6dGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                DRL-272112.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  View alert details #20GBQ4J.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                    shelbycountytn.gov.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      EPAYMENT_Receipt.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        Capelleaandenijssel.nl_reff_9918205228_HelNc2Zf7n.htmlGet hashmaliciousHTMLPhisherBrowse

                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):292
                                                                                                                                                                                                                                                          Entropy (8bit):5.2539289409371905
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:iO7+q2Pwkn2nKuAl9OmbnIFUt/ZmwxVkwOwkn2nKuAl9OmbjLJ:7ivYfHAahFUt//f5JfHAaSJ
                                                                                                                                                                                                                                                          MD5:29D0EEE02EDC3E69F59BA0AB7C3ED0EE
                                                                                                                                                                                                                                                          SHA1:1DEACA9E1212E8E3D20A98BA92D040AD1CF1849C
                                                                                                                                                                                                                                                          SHA-256:FE58AD0C8F40A63801CBE31F8DB563C30E096548334FA5DAFA5E4B05E8CAFB77
                                                                                                                                                                                                                                                          SHA-512:ECFF55151670ECA6160788667FFAC6DD9B96B8BE053FD78FBCBB8AB6887F446F988B15B9D61C6B50D97F50958E325DEA64808B0F31163D5F9E43B862300FA605
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:2025/01/06-07:11:43.694 1c28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/06-07:11:43.696 1c28 Recovering log #3.2025/01/06-07:11:43.696 1c28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):292
                                                                                                                                                                                                                                                          Entropy (8bit):5.2539289409371905
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:iO7+q2Pwkn2nKuAl9OmbnIFUt/ZmwxVkwOwkn2nKuAl9OmbjLJ:7ivYfHAahFUt//f5JfHAaSJ
                                                                                                                                                                                                                                                          MD5:29D0EEE02EDC3E69F59BA0AB7C3ED0EE
                                                                                                                                                                                                                                                          SHA1:1DEACA9E1212E8E3D20A98BA92D040AD1CF1849C
                                                                                                                                                                                                                                                          SHA-256:FE58AD0C8F40A63801CBE31F8DB563C30E096548334FA5DAFA5E4B05E8CAFB77
                                                                                                                                                                                                                                                          SHA-512:ECFF55151670ECA6160788667FFAC6DD9B96B8BE053FD78FBCBB8AB6887F446F988B15B9D61C6B50D97F50958E325DEA64808B0F31163D5F9E43B862300FA605
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:2025/01/06-07:11:43.694 1c28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/06-07:11:43.696 1c28 Recovering log #3.2025/01/06-07:11:43.696 1c28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                                                                          Entropy (8bit):5.209800553141999
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:iOYnN+q2Pwkn2nKuAl9Ombzo2jMGIFUtmlkZmwE+I3VkwOwkn2nKuAl9Ombzo2jz:7YIvYfHAa8uFUtX//IF5JfHAa8RJ
                                                                                                                                                                                                                                                          MD5:B8A1E348825A04C2B50E614520AA8A2C
                                                                                                                                                                                                                                                          SHA1:848D441B75656D4E79F1EB6F78A56599152E2408
                                                                                                                                                                                                                                                          SHA-256:294EB2F7995A49858B3D89B211E91588A0E2E1EF370828794831D5744A12F82E
                                                                                                                                                                                                                                                          SHA-512:D95198C0EE39CBCA5366656D48BF9761BCC8FFEDE864BB722CD32CEF9FE17217252D515B16D49BFF0ECAB737199EE8C45D78FAB915CAE04E816F7912FD2F9F07
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:2025/01/06-07:11:43.819 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/06-07:11:43.821 1cb8 Recovering log #3.2025/01/06-07:11:43.822 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                                                                                                          Entropy (8bit):5.209800553141999
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:iOYnN+q2Pwkn2nKuAl9Ombzo2jMGIFUtmlkZmwE+I3VkwOwkn2nKuAl9Ombzo2jz:7YIvYfHAa8uFUtX//IF5JfHAa8RJ
                                                                                                                                                                                                                                                          MD5:B8A1E348825A04C2B50E614520AA8A2C
                                                                                                                                                                                                                                                          SHA1:848D441B75656D4E79F1EB6F78A56599152E2408
                                                                                                                                                                                                                                                          SHA-256:294EB2F7995A49858B3D89B211E91588A0E2E1EF370828794831D5744A12F82E
                                                                                                                                                                                                                                                          SHA-512:D95198C0EE39CBCA5366656D48BF9761BCC8FFEDE864BB722CD32CEF9FE17217252D515B16D49BFF0ECAB737199EE8C45D78FAB915CAE04E816F7912FD2F9F07
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:2025/01/06-07:11:43.819 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/06-07:11:43.821 1cb8 Recovering log #3.2025/01/06-07:11:43.822 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):475
                                                                                                                                                                                                                                                          Entropy (8bit):4.972783134858621
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12:YH/um3RA8sqUM2sBdOg2HMAcaq3QYiubInP7E4T3y:Y2sRdsNCdMHMr3QYhbG7nby
                                                                                                                                                                                                                                                          MD5:A98E0EEFFD2EDF41DB708B136531153F
                                                                                                                                                                                                                                                          SHA1:925070B77D883951567BF0778D7F261F6A7A7C69
                                                                                                                                                                                                                                                          SHA-256:73125357D3F7C37347DA0265DF2D204FEFA9801A9CE54921963A478CA5F6BA3E
                                                                                                                                                                                                                                                          SHA-512:24F8F1C8B91C278D333A387622166ACC9EF4440C6331510F412C380A400869FE1DDA6E0C11FE96E3EC35110A551D19DC54045B35D785D082B25872B38E585309
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380725515510260","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":178403},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\df00e6fa-7f25-47a7-a304-8753d4f4de52.tmp

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                          Size (bytes):475
                                                                                                                                                                                                                                                          Entropy (8bit):4.972783134858621
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12:YH/um3RA8sqUM2sBdOg2HMAcaq3QYiubInP7E4T3y:Y2sRdsNCdMHMr3QYhbG7nby
                                                                                                                                                                                                                                                          MD5:A98E0EEFFD2EDF41DB708B136531153F
                                                                                                                                                                                                                                                          SHA1:925070B77D883951567BF0778D7F261F6A7A7C69
                                                                                                                                                                                                                                                          SHA-256:73125357D3F7C37347DA0265DF2D204FEFA9801A9CE54921963A478CA5F6BA3E
                                                                                                                                                                                                                                                          SHA-512:24F8F1C8B91C278D333A387622166ACC9EF4440C6331510F412C380A400869FE1DDA6E0C11FE96E3EC35110A551D19DC54045B35D785D082B25872B38E585309
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380725515510260","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":178403},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):4730
                                                                                                                                                                                                                                                          Entropy (8bit):5.2621921129123095
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7swQAKucwQYfuZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goi
                                                                                                                                                                                                                                                          MD5:E2D1333693319A623897C1434271DA66
                                                                                                                                                                                                                                                          SHA1:9CC3FC82B33E8EB1833663FA70C46481E94FF307
                                                                                                                                                                                                                                                          SHA-256:1BF65579EE3F5387B6878FAB1EDA97AD05596BBC6BC4300D727BCAC272E3C0CC
                                                                                                                                                                                                                                                          SHA-512:C740ACB2C6798DC4CBD9EE7D71E253ED299F15B7021A1F3CD71246456F34B4554E0D56526A87359D08A3375AC33B5216E46B6832D23C0CA5519FCB6C9C570FDB
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                          Entropy (8bit):5.201076267869308
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:iOLt+q2Pwkn2nKuAl9OmbzNMxIFUtSZmwxVkwOwkn2nKuAl9OmbzNMFLJ:7LovYfHAa8jFUtS/f5JfHAa84J
                                                                                                                                                                                                                                                          MD5:2D4257E07C3AC89E5E4ED22D44475081
                                                                                                                                                                                                                                                          SHA1:F52999AE709B66A96BD4D6CEDB3E168131792555
                                                                                                                                                                                                                                                          SHA-256:3EEA906EAEE65E3294B89BAF465D44D9CB798FC6BE0B07FE2E213C256F63E91C
                                                                                                                                                                                                                                                          SHA-512:955FD5C747FDA0278E363D61639DD3531392A8C67D0AFF6268B9EDB64B389AA6C99993A43C81AAF7E6979C6779892519BA6DA558B89A12039AA53A13DEF3E6DE
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:2025/01/06-07:11:44.062 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/06-07:11:44.115 1cb8 Recovering log #3.2025/01/06-07:11:44.138 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):324
                                                                                                                                                                                                                                                          Entropy (8bit):5.201076267869308
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:iOLt+q2Pwkn2nKuAl9OmbzNMxIFUtSZmwxVkwOwkn2nKuAl9OmbzNMFLJ:7LovYfHAa8jFUtS/f5JfHAa84J
                                                                                                                                                                                                                                                          MD5:2D4257E07C3AC89E5E4ED22D44475081
                                                                                                                                                                                                                                                          SHA1:F52999AE709B66A96BD4D6CEDB3E168131792555
                                                                                                                                                                                                                                                          SHA-256:3EEA906EAEE65E3294B89BAF465D44D9CB798FC6BE0B07FE2E213C256F63E91C
                                                                                                                                                                                                                                                          SHA-512:955FD5C747FDA0278E363D61639DD3531392A8C67D0AFF6268B9EDB64B389AA6C99993A43C81AAF7E6979C6779892519BA6DA558B89A12039AA53A13DEF3E6DE
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:2025/01/06-07:11:44.062 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/06-07:11:44.115 1cb8 Recovering log #3.2025/01/06-07:11:44.138 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250106121150Z-221.bmp

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):65110
                                                                                                                                                                                                                                                          Entropy (8bit):1.147139321120863
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:64kRT+lilN/eDePlCBl4c+EoTIbq7BsAIrsWQtp8wiwqFYLlTTOfaXU7A1oGKvSB:NhEOb04QttiZil/ObltKbP9AK
                                                                                                                                                                                                                                                          MD5:CD811270330928E36C977A26E8F30229
                                                                                                                                                                                                                                                          SHA1:3CF7F9C7A644A510814ACE8221EEE627E3981B1F
                                                                                                                                                                                                                                                          SHA-256:7B38525A3F339BA53046EFFE8CD6CA4EB6023D7E412290BBB9A99B263B3B0B19
                                                                                                                                                                                                                                                          SHA-512:B558FE74FB5225F6D51AFB961F39C4C2F5BA81901B480437DD1E5AE376BEDDA94596D2B43F380399A638D4B862341052C48EB456FCD31966ED975C8C7091E11A
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):86016
                                                                                                                                                                                                                                                          Entropy (8bit):4.444854056783309
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:384:yezci5tAiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rXs3OazzU89UTTgUL
                                                                                                                                                                                                                                                          MD5:60565BB70CFDD09993794D9EAF9AA988
                                                                                                                                                                                                                                                          SHA1:E2EC22A1CC3DC14A76D690148DDFB0559A0F48A1
                                                                                                                                                                                                                                                          SHA-256:2A920EA979B515CDC521F8A04BBEF10289B8E95550BCF8E7F8CFA749480576B5
                                                                                                                                                                                                                                                          SHA-512:078F3A7553BB2BBB5BD093C1B0D439CA74385DCEC298252FD9571AC6B7D3E4E359BBF11645F6936C1D94CACB8D89FE3C0924E05DE6194515DAFFDE34684454ED
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:SQLite Rollback Journal
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):8720
                                                                                                                                                                                                                                                          Entropy (8bit):3.7749438638836192
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:7Map/E2ioyViioy9oWoy1Cwoy16KOioy1noy1AYoy1Wioy1hioybioygoy1noy11:7hpjuiFxXKQdtb9IVXEBodRBkP
                                                                                                                                                                                                                                                          MD5:F2AB6E73274C3C69D3011FEAE77A0EDD
                                                                                                                                                                                                                                                          SHA1:F171EC940FE19C3613E91BF927BF9447224E9EE0
                                                                                                                                                                                                                                                          SHA-256:72E0A80B4DAB88010D84DC51C439813EF154C3FB07B652FE7B51496826F3C327
                                                                                                                                                                                                                                                          SHA-512:648F66593C0B484676A9BF43C2BF825D15EF1CB8DED3307D844423BFFD9ED11A229C9106A91EB5AA73C5375B10AF670A27515D6B4A6C6E45D8A4BC9ECEDED10D
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:.... .c.......7................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:Certificate, Version=3
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1391
                                                                                                                                                                                                                                                          Entropy (8bit):7.705940075877404
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                                                                                                                                                                                                          MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                                                                                                                                                                                                          SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                                                                                                                                                                                                          SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                                                                                                                                                                                                          SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):71954
                                                                                                                                                                                                                                                          Entropy (8bit):7.996617769952133
                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                          SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                                                                                                          MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                                                                                                          SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                                                                                                          SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                                                                                                          SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):192
                                                                                                                                                                                                                                                          Entropy (8bit):2.7608141181749795
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:kkFklsy6hfllXlE/HT8k7XNNX8RolJuRdxLlGB9lQRYwpDdt:kK1y7T8mdNMa8RdWBwRd
                                                                                                                                                                                                                                                          MD5:4BF85B0AB098B7280B7FE1A84055CE95
                                                                                                                                                                                                                                                          SHA1:76CF88B5D7EDBE8543CEA1C268B10DA7020E23C5
                                                                                                                                                                                                                                                          SHA-256:A64DBF4EA27D29ED3979EF4B219BF7B84BE25160D96747F5769DCA02F1682DE4
                                                                                                                                                                                                                                                          SHA-512:4B45F5C813825D55A63843E0A67CB27D5E39D72143D9A3999738709FED3679460F13FB2762523395A2718A342A052B34789778EE94DD2C1D4BE2E3D163074647
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:p...... ..........!+4`..(....................................................... ..........W....r)..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                                                                                                                                                                                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                          Size (bytes):328
                                                                                                                                                                                                                                                          Entropy (8bit):3.233401259015598
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:kK7SD9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:zSaDImsLNkPlE99SNxAhUe/3
                                                                                                                                                                                                                                                          MD5:3741FDFCAB6851E44778FBAEA87CE624
                                                                                                                                                                                                                                                          SHA1:0E0D33A062D2F01097904DF1924BEE85C7FBD23F
                                                                                                                                                                                                                                                          SHA-256:ABDB8E48CFF3CE6A803F78880E4E44834B6A5E96E0F3E075ABC0D10A5895C7D2
                                                                                                                                                                                                                                                          SHA-512:11559CFEE63AC2F5AF7067343DC47CFBE2BE4E090F72081DCE4A336E3613013E026CCEC7C98656D9BB80FDFC4B5ED8BD4B3367C168BE6D3E755FB68EDEB7539E
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:p...... .........h`=4`..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:PostScript document text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1233
                                                                                                                                                                                                                                                          Entropy (8bit):5.233980037532449
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                                                                                                                                                                                          MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                                                                                                                                                                                          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                                                                                                                                                                                          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                                                                                                                                                                                          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5856

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:PostScript document text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1233
                                                                                                                                                                                                                                                          Entropy (8bit):5.233980037532449
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                                                                                                                                                                                          MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                                                                                                                                                                                          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                                                                                                                                                                                          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                                                                                                                                                                                          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:PostScript document text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1233
                                                                                                                                                                                                                                                          Entropy (8bit):5.233980037532449
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                                                                                                                                                                                                          MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                                                                                                                                                                                                          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                                                                                                                                                                                                          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                                                                                                                                                                                                          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:PostScript document text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):10880
                                                                                                                                                                                                                                                          Entropy (8bit):5.214360287289079
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                                                                                                                                                                                                          MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                                                                                                                                                                                                          SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                                                                                                                                                                                                          SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                                                                                                                                                                                                          SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.5856

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:PostScript document text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):10880
                                                                                                                                                                                                                                                          Entropy (8bit):5.214360287289079
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                                                                                                                                                                                                          MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                                                                                                                                                                                                          SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                                                                                                                                                                                                          SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                                                                                                                                                                                                          SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):243196
                                                                                                                                                                                                                                                          Entropy (8bit):3.3450692389394283
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                                                                                                                                                                                                                                                          MD5:F5567C4FF4AB049B696D3BE0DD72A793
                                                                                                                                                                                                                                                          SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                                                                                                                                                                                                                                                          SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                                                                                                                                                                                                                                                          SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):295
                                                                                                                                                                                                                                                          Entropy (8bit):5.385892307389168
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJM3g98kUwPeUkwRe9:YvXKX0NA5lZc0vLGMbLUkee9
                                                                                                                                                                                                                                                          MD5:272F13C5B425F7B57CC1A4C202EB188C
                                                                                                                                                                                                                                                          SHA1:9810A3F581D2B55D4342AAB97043BA45390A1F7E
                                                                                                                                                                                                                                                          SHA-256:BB492FDADB250F162A5D488CD2D59999290FBD7E74AF44451EA7455F2D62514F
                                                                                                                                                                                                                                                          SHA-512:9430E9D944F34B1A47C58711CF990B88AA425AE366D7E3F559398BC55C9EE014ED95E8E4007E639902C49F90144BC122B7832D1B332EFDF4B0C74DA1F35668C1
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):294
                                                                                                                                                                                                                                                          Entropy (8bit):5.336741821473169
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJfBoTfXpnrPeUkwRe9:YvXKX0NA5lZc0vLGWTfXcUkee9
                                                                                                                                                                                                                                                          MD5:349796B6644D85DDA02F028EB8265DEC
                                                                                                                                                                                                                                                          SHA1:F0797565B1622CD293F9C99E61A4D660F9C071EE
                                                                                                                                                                                                                                                          SHA-256:8DAB1A3E615EC55512D82A22E4B9F19C4FB4400C037FDC5F073E5E148BEA9007
                                                                                                                                                                                                                                                          SHA-512:B91A19E2083F0CCFB60B2A74313C8F24A4FD2A6BB3F9F4B7B0672DF0DDFDA21CF6DD4F03E87C33B0F57C6266CBCE3A7D225D86E1FAC608BA667DEC18ECDDD581
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):294
                                                                                                                                                                                                                                                          Entropy (8bit):5.315448035700046
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJfBD2G6UpnrPeUkwRe9:YvXKX0NA5lZc0vLGR22cUkee9
                                                                                                                                                                                                                                                          MD5:B81090B5A0DF89911A24E020EBFD219C
                                                                                                                                                                                                                                                          SHA1:68D58ACC3FD9B9637048F145C76F6FFC310CD83F
                                                                                                                                                                                                                                                          SHA-256:00E9D4F7FE8DF22796276A3B9785686C7285D9B13A2683049E31D4C5D42B4F9B
                                                                                                                                                                                                                                                          SHA-512:7B40F1C7F20621463E8147FD249F176DE7E7A8FA5C56E7730E8544984D94F70B5099D5CB8A9CDC65ADC2D9F9D852F365F63628A845EFCDA5879598CD01190675
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):285
                                                                                                                                                                                                                                                          Entropy (8bit):5.373693302042992
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJfPmwrPeUkwRe9:YvXKX0NA5lZc0vLGH56Ukee9
                                                                                                                                                                                                                                                          MD5:501978A2F97A574545A39C2AE2F31E5E
                                                                                                                                                                                                                                                          SHA1:31CB7BE0BE69FB2F6834F3C001BBB1BA8C9CCA64
                                                                                                                                                                                                                                                          SHA-256:9AAE36F139DE3BE0DAE106D7CC6A9DD24EBA834B1BF165AA2CFE5CDF488B0DAE
                                                                                                                                                                                                                                                          SHA-512:3A4607D6408622CC7A4F1FA56A9B9F756CEF007CCE8A5BEB6E765EC6904D8F7BACBA0491FD7ED07291F7C953F4029EF7DEA74A53F9F4CACAF44EE00F6487EE88
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1123
                                                                                                                                                                                                                                                          Entropy (8bit):5.684517567353107
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:Yv6X0+5lzvApLgE9cQx8LennAvzBvkn0RCmK8czOCCSLA:Yvf+LIhgy6SAFv5Ah8cv/U
                                                                                                                                                                                                                                                          MD5:BCFE07A054AA18B90CBDEBF048513694
                                                                                                                                                                                                                                                          SHA1:281E39D1505780B496090DB48C951EF853887A12
                                                                                                                                                                                                                                                          SHA-256:46782AC38662DBA824C4899575C9FEA0630E5D9A7C4F0346403E5CEC87B86053
                                                                                                                                                                                                                                                          SHA-512:D7A33A9A37CFCC13C008E89CF9998D99E9496F70CA54E3C58CA86828FC66593054FB7C765E053D23A820B0EC531943A3A00A9693178A732282D0A9DB9DD9937D
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):289
                                                                                                                                                                                                                                                          Entropy (8bit):5.320260168104545
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJf8dPeUkwRe9:YvXKX0NA5lZc0vLGU8Ukee9
                                                                                                                                                                                                                                                          MD5:33D667B7FAB8B4599E9216C2F07AFB58
                                                                                                                                                                                                                                                          SHA1:8800A74446ADB3F251FFA18DB1A18B8477BBA3B8
                                                                                                                                                                                                                                                          SHA-256:BAAC4B0EBBFF9CC8C61DEA2DC258AA88C6F18CB4AA1123B98D7F22575881EB38
                                                                                                                                                                                                                                                          SHA-512:075D8882F4719B9F2A3B54D4AA09809DF0FB2ADEBB1B2A9D4A3262C8A73B2479256AD3B590BD07B3F51CF0889965CD150A2200377CCA6CE9AFE5F6EA35324219
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):292
                                                                                                                                                                                                                                                          Entropy (8bit):5.3239344533307715
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJfQ1rPeUkwRe9:YvXKX0NA5lZc0vLGY16Ukee9
                                                                                                                                                                                                                                                          MD5:763416702ADE9152E98D8086BDB1B166
                                                                                                                                                                                                                                                          SHA1:84D314AB025EEC64033BC76A00B84B467ABE4DAA
                                                                                                                                                                                                                                                          SHA-256:DAA1F7A0D2D4F86E78D67A442170C0DA6A34B2346EB420810A08D17F71D5BC5F
                                                                                                                                                                                                                                                          SHA-512:7C43C98CD22AD730FF5C247D1D3EC668F5DC999B8878ADBF230195D8AC982EA5E9A139676D7D9F7D076F38C06AC315B0B21E38BFD52276C940C23C853C2F9FF2
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):289
                                                                                                                                                                                                                                                          Entropy (8bit):5.328227314997837
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJfFldPeUkwRe9:YvXKX0NA5lZc0vLGz8Ukee9
                                                                                                                                                                                                                                                          MD5:143307CC48BDBA14E814F4154C96833E
                                                                                                                                                                                                                                                          SHA1:91CA6C699FF3D6535372943870B682A7B57A121B
                                                                                                                                                                                                                                                          SHA-256:7D891F880061F703FAF5332AC5BF0AED25EC4606942812D82438DB5058A222E1
                                                                                                                                                                                                                                                          SHA-512:A47F96419B5163B678BB8A006B63458C6A4C322B3B45C744B2606E17EA491C7FDF8B8A9DC73A5AAD244913D8F3EF2578448074D403D6369558343D2586303116
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):295
                                                                                                                                                                                                                                                          Entropy (8bit):5.345453055407909
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJfzdPeUkwRe9:YvXKX0NA5lZc0vLGb8Ukee9
                                                                                                                                                                                                                                                          MD5:0FD62C7FD0EDFFCB67A8388D55EC72C5
                                                                                                                                                                                                                                                          SHA1:09AAA9DE8D0913B262885F6414018A4BDB2B433F
                                                                                                                                                                                                                                                          SHA-256:E2662C8AFF3CAF4A76A1A50CF79F83519DD00EF2E4A87BF2F64FAEBFBA764ADE
                                                                                                                                                                                                                                                          SHA-512:F43D9CEE6C60B5E368EA8E7A44EAA68DFBEDCDC56A55D068AAA08B49745DB2D0F43AE39A9119B73A4435DE896794D574F348993CEDB6E3B57DA3E5C514D8EDD2
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):289
                                                                                                                                                                                                                                                          Entropy (8bit):5.326344629266325
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJfYdPeUkwRe9:YvXKX0NA5lZc0vLGg8Ukee9
                                                                                                                                                                                                                                                          MD5:027807741F9A7EF1FD8E6D933456F6FC
                                                                                                                                                                                                                                                          SHA1:2597E2DF781421DE0DB0A2E420DAA93B18418F48
                                                                                                                                                                                                                                                          SHA-256:A75DA68D19D0C528E8E7772876FFD04C745E12C7F76ECD9CA399376C332BA15C
                                                                                                                                                                                                                                                          SHA-512:AB797CD2E03F5978B4B4A648CB2E1B04F4EC24D3E22ADBAAC887D8C07B9E936429E620574462634076DDE6B0EC75B2BC305081983AAFEE22F440B8471D86465F
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):284
                                                                                                                                                                                                                                                          Entropy (8bit):5.31285881598473
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJf+dPeUkwRe9:YvXKX0NA5lZc0vLG28Ukee9
                                                                                                                                                                                                                                                          MD5:C6686567FDF1826D45C16ECE3A5FFA4B
                                                                                                                                                                                                                                                          SHA1:D5ADA42DE44B5A6936E08ECD1C6247BAD2A4F400
                                                                                                                                                                                                                                                          SHA-256:6EB33510AFD609969FA05EFB3628DF2652ABECEBD05CBAAEA520D58E6E8651C2
                                                                                                                                                                                                                                                          SHA-512:1BD3FF22AC99816DCEC2FCC506C3E54321F46C6C545A068DF290E81EBF4B13231F2D89A5A44993D773C2A53443E5C9DBAD3CD3B4D2904F4EC460F7459A8C44C4
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):291
                                                                                                                                                                                                                                                          Entropy (8bit):5.309710664196089
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJfbPtdPeUkwRe9:YvXKX0NA5lZc0vLGDV8Ukee9
                                                                                                                                                                                                                                                          MD5:0CC8AEDEB71386ADBDBF7E1F103F585A
                                                                                                                                                                                                                                                          SHA1:2B42D3B1EDCF7260E958B0FE0168AD56A6D95DEF
                                                                                                                                                                                                                                                          SHA-256:983D5D430A9E5D55FDE5C58E4783FF9A73CE3288DD213EDF027D415B79E1B28D
                                                                                                                                                                                                                                                          SHA-512:8E20935BAD8BBDC3745D9B56F4424D7387738003216E8D1195970D688CC78AE74DA8A71FF7BDFD022C10F74F16DA695E50F9639F930902C1809F83E63F84E4D1
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):287
                                                                                                                                                                                                                                                          Entropy (8bit):5.314412385231984
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJf21rPeUkwRe9:YvXKX0NA5lZc0vLG+16Ukee9
                                                                                                                                                                                                                                                          MD5:12BB5106064948FAD29EA11D41062F22
                                                                                                                                                                                                                                                          SHA1:CC78B2FE578B7D674CE05B90892534C1B4A91FC6
                                                                                                                                                                                                                                                          SHA-256:343F95F14F78AD7B299FDAA78B923F626DBF996C19861E4E0997A744AC1D51EF
                                                                                                                                                                                                                                                          SHA-512:F3D35DDD22ACDA9D4F310AFBF47BA8E9018EB8F99991AC9CACBE0CA74FB8926123E11DC160A6CB2AFD3D3A768BA2204DA2B510FE67297903E9E28B6FFA5EF18E
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1090
                                                                                                                                                                                                                                                          Entropy (8bit):5.662417289381841
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:Yv6X0+5lzvkamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSLx:Yvf+LaBgkDMUJUAh8cvMF
                                                                                                                                                                                                                                                          MD5:9B9C8EE6860C8E1DC4B5F5F3C6FCDAB3
                                                                                                                                                                                                                                                          SHA1:6E6B51D75FB82040C85D2E881F07515845B0C22B
                                                                                                                                                                                                                                                          SHA-256:496BD3DF36D491570D31C152B6AECF4EAFBA32AF24162134484550A82DADC3F6
                                                                                                                                                                                                                                                          SHA-512:5EB0C707CC88B32FD05507E253FC24B44FDF031F731C782FFB3DB34CA72089B574C7994B03E5B2DF80C6549A2A7026EB93B85C96920BE4B1E8C27C80FA6CB186
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):286
                                                                                                                                                                                                                                                          Entropy (8bit):5.289319300186877
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJfshHHrPeUkwRe9:YvXKX0NA5lZc0vLGUUUkee9
                                                                                                                                                                                                                                                          MD5:7DAA3C659557778AAEE26F44E6FCB875
                                                                                                                                                                                                                                                          SHA1:3D17EF7D0575EDD34A225EA04B97D05A1179AD31
                                                                                                                                                                                                                                                          SHA-256:428564A6D4058F04E0B2073C93C9B5764CE945C9FE9A0A0D8F76E47B2024195E
                                                                                                                                                                                                                                                          SHA-512:A571032CA123160D53C6B7817D3F9F425401EECEF5B33B19F816C5B54FC3E27990C7B507ADFD688F81ABB408BB76A7A58B147E132B8D23C686D50E9123D068A0
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):282
                                                                                                                                                                                                                                                          Entropy (8bit):5.298076403273631
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:YEQXJ2HX0NDE/hkVoZcg1vRcR0YBhoAvJTqgFCrPeUkwRe9:YvXKX0NA5lZc0vLGTq16Ukee9
                                                                                                                                                                                                                                                          MD5:3E6E8C79EBBB8CC5C56001B07D4274A5
                                                                                                                                                                                                                                                          SHA1:45758EB67C7E86B7A0A808C42706C0F261DBF929
                                                                                                                                                                                                                                                          SHA-256:2ABA19094B02BA085C7B20B552C552BA6DE971E5B998035AE34BFB3053E690E2
                                                                                                                                                                                                                                                          SHA-512:D5BDAD53755DEC5FB455AD4D8F8C382D2DCD8A813B767EFC8D02D9AE8149B1600072534FD128730DD14001A3EB3A65CBAE00D9BA7A2B2FD054450F63EDD4CCEA
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"analyticsData":{"responseGUID":"f3b0a5db-5281-42f3-b5ec-938b92d33d83","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1736342633299,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                                                                                          Entropy (8bit):0.8112781244591328
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:e:e
                                                                                                                                                                                                                                                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                                                                                                                                                                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                                                                                                                                                                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                                                                                                                                                                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:....

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):2814
                                                                                                                                                                                                                                                          Entropy (8bit):5.137181748277348
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:YTJWaymayYxHQJ1eW2wZenc+04JzwJRy0fj/9xrj0SePsc/9S2o12LSehCq7BJIb:YS1wRen+3/zHvRDQv7jIhOn9A
                                                                                                                                                                                                                                                          MD5:30E62F53930F29D65B5DF0F798A59E07
                                                                                                                                                                                                                                                          SHA1:C9272FB0D1C465DBD646015542197766A72A83AB
                                                                                                                                                                                                                                                          SHA-256:9C4C2E328F655E8302903F0951C04468E53CF8D7FE3B178E582F42C585359299
                                                                                                                                                                                                                                                          SHA-512:E6A34699EFF37440A5895604A8907BE44994C37013983AC0FFFB60D7CB575767FC21879F24A1F0125E79D317582B99C00BB93C93EFBC2ACFC7827F31186E52C8
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"06d5c058d03f2e935be9b79fddae5d62","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1736165512000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"a1852b64f5a8f00092931d7274aad3b6","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1736165512000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"8f6f875de8c31be484d58d5a83447225","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1736165512000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"e96299595150223938e21a3b624bee3d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1736165512000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"7e308772b86cd5740d5bb6a96d83e46a","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1736165512000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"1872059bc60bf9114882fc331c573003","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                                                                                          Entropy (8bit):1.189051465494866
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:TGufl2GL7msEHUUUUUUUUOJSvR9H9vxFGiDIAEkGVvpyt:lNVmswUUUUUUUUOJ+FGSItOt
                                                                                                                                                                                                                                                          MD5:296D363A8F1FC8DB8667E6659045C1F8
                                                                                                                                                                                                                                                          SHA1:EAC24E9788DEA3153DC1468B804056AA637F2AAB
                                                                                                                                                                                                                                                          SHA-256:DB75A9DF3106692A603249F54748CCFC01FC3CEF58D9B58537E5E9E5BD79BAD3
                                                                                                                                                                                                                                                          SHA-512:B3C9542CD68B90CA948DE00B90AFBAA5C0F5C4DA7F4DEF5F61F242D9B784DA7D2C5D471D060B65AA799BB3F9D39F1BB1FC80D96A11B83689FD7535BA8F1374A9
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:SQLite Rollback Journal
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):8720
                                                                                                                                                                                                                                                          Entropy (8bit):1.6061292536155996
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:7MxfKUUUUUUUUUUOhvR9H9vxFGiDIAEkGVvqqFl2GL7msd:7ciUUUUUUUUUUOFFGSItIKVmsd
                                                                                                                                                                                                                                                          MD5:7DE574D8116B38415AE0059EEE8C6989
                                                                                                                                                                                                                                                          SHA1:700C909D353C0F405F8CC5869BAD9473251D7072
                                                                                                                                                                                                                                                          SHA-256:0138F843ED60D4D469079D04C7C72D6A057E4F3D7005A6F3E96F3B46EA4CAC14
                                                                                                                                                                                                                                                          SHA-512:6F03FC0AFE80A5AC0C4995346221D3A7CD502A6B3CD1450018DCE8E39314E90B6820B3D19D380A3A9757A8AD8F02A96E7287F81AD12A0B497C0B88657CE2E445
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:.... .c.....6.DT......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):66726
                                                                                                                                                                                                                                                          Entropy (8bit):5.392739213842091
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:768:RNOpblrU6TBH44ADKZEgQbD/i8OeRuJ+Cct/AWRnOcn+vYyu:6a6TZ44ADEQP/i8OeRuzlrvK
                                                                                                                                                                                                                                                          MD5:01FA10FFD3B99E9DCA3F6F2A27DA37F2
                                                                                                                                                                                                                                                          SHA1:4064E081B6C04D41D1373B46056FED7A4A8F47F1
                                                                                                                                                                                                                                                          SHA-256:E773462E3891C4FA23B8C09E0A875DCFCFB9593F37649533F293E439D11B58CE
                                                                                                                                                                                                                                                          SHA-512:C02BD6AFA4B9F80CBFC9C49ACB105CF6FFCB675B8681B299E43AC33584E63FDE0CA84059AF3AC7529D51DB3A9EA715A4217BA15473F1D5AA0D15383834475EFF
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\MSIc1964.LOG

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):246
                                                                                                                                                                                                                                                          Entropy (8bit):3.5030768995714583
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88bCl6t3CH:Qw946cPbiOxDlbYnuRKTlNCH
                                                                                                                                                                                                                                                          MD5:58F43D20654A6F15354BFAA3DB49DBB2
                                                                                                                                                                                                                                                          SHA1:62C994AF1D00D336D534CB085ECBDDBC5F5ECB94
                                                                                                                                                                                                                                                          SHA-256:A19E7B85D7B447A653D9A89EE1063E949A243BB1FE5A7DCE2E429B11DACE7497
                                                                                                                                                                                                                                                          SHA-512:17B3A783E6B9E3ED7EA9988FEEBB1BB367DCE2DE1EC597EF1D1B5981C9B2F5F794D3C0E630A5604FA315FE25CB3ACC53D920CE96965542582C4F70F50B70B7FF
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.6./.0.1./.2.0.2.5. . .0.7.:.1.1.:.5.2. .=.=.=.....

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-06 07-11-46-116.log

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (393)
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):16525
                                                                                                                                                                                                                                                          Entropy (8bit):5.345946398610936
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                                                                                                                                                                                                                                          MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                                                                                                                                                                                                                                          SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                                                                                                                                                                                                                                          SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                                                                                                                                                                                                                                          SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):16603
                                                                                                                                                                                                                                                          Entropy (8bit):5.359829899093709
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:384:pfRSJHQFRopcL1gtm8JA07hJt9QbrvzB1GMOgc+mCBrcdPKr9YmiG3GXejpYRS6E:jqsH
                                                                                                                                                                                                                                                          MD5:697D89B489E42C2DD45139159F315309
                                                                                                                                                                                                                                                          SHA1:94B704EAD16AA62CF9AF6CF4D4D558D1E50DFCA3
                                                                                                                                                                                                                                                          SHA-256:7CF8F9F4DA19A7979C0C57EDA49D019EBCCDAD8E3803F0727312BB1E0D77F9AB
                                                                                                                                                                                                                                                          SHA-512:1BF2AA941E836E276021D79F5D736C69BF29EA9042EFA0137DE9BC88CEA148C457A58384150F5B98DEFD8435D90793CB275502C6FFC881B7FF75730346D86064
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:SessionID=4b5931da-f8b0-4b73-9549-69353c9133fe.1736165506136 Timestamp=2025-01-06T07:11:46:136-0500 ThreadID=7744 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=4b5931da-f8b0-4b73-9549-69353c9133fe.1736165506136 Timestamp=2025-01-06T07:11:46:137-0500 ThreadID=7744 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=4b5931da-f8b0-4b73-9549-69353c9133fe.1736165506136 Timestamp=2025-01-06T07:11:46:137-0500 ThreadID=7744 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=4b5931da-f8b0-4b73-9549-69353c9133fe.1736165506136 Timestamp=2025-01-06T07:11:46:137-0500 ThreadID=7744 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=4b5931da-f8b0-4b73-9549-69353c9133fe.1736165506136 Timestamp=2025-01-06T07:11:46:137-0500 ThreadID=7744 Component=ngl-lib_NglAppLib Description="SetConf

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):29752
                                                                                                                                                                                                                                                          Entropy (8bit):5.396714890311371
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rS:e
                                                                                                                                                                                                                                                          MD5:B54E4EFDF3780D4558E23E749197CF96
                                                                                                                                                                                                                                                          SHA1:14FBC29C22A65163694C7FAEDEB877CE8D9EA621
                                                                                                                                                                                                                                                          SHA-256:15D7AFED61F967A0DB410AACD4ABCA2A2C71988C17A143AF5856E41BB8CB4244
                                                                                                                                                                                                                                                          SHA-512:B5DD1E937E662B4C8DCC91A17ADC709024C066E5B1D5952069C3DA33330D437F06C2F8F9FBAE2892D8F483AB40DFFE8D404D8D57689F7E0FC8E2D784F77C822E
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\acrocef_low\af40d21e-69fd-4d2d-8545-7c4b4c5a292b.tmp

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):386528
                                                                                                                                                                                                                                                          Entropy (8bit):7.9736851559892425
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                                                                                                                                                                                                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                                                                                                                                                                                                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                                                                                                                                                                                                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                                                                                                                                                                                                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\acrocef_low\e4638fe3-e70b-478e-8f93-5bc5f23b0d05.tmp

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):758601
                                                                                                                                                                                                                                                          Entropy (8bit):7.98639316555857
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                                                                                                                                                                                                          MD5:3A49135134665364308390AC398006F1
                                                                                                                                                                                                                                                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                                                                                                                                                                                                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                                                                                                                                                                                                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\acrocef_low\e86e3560-239c-4125-bcef-6f55acded43f.tmp

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1419751
                                                                                                                                                                                                                                                          Entropy (8bit):7.976496077007677
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24576:/VRaWL07oXGZ4YIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:tRaWLxXGZ4ZGh3mlind9i4ufFXpAXkru
                                                                                                                                                                                                                                                          MD5:41034A6B023B6BB9C723DA146E190954
                                                                                                                                                                                                                                                          SHA1:22C95166FF8A1C4D2AAC25B75D804CEBAAA6ACF2
                                                                                                                                                                                                                                                          SHA-256:52BB8B0CA62248721986D650004C11ACCB0C988B6FBA645D9B4E3557CA87A15D
                                                                                                                                                                                                                                                          SHA-512:6F8CD54BBB750E32FEBD78895F433CCF0C553C56E6B7DDEA03E3EA36ED283084CF6EA6FA8999162999D184B0F04B6E6DAB7F6FC27648EE517F744D7E8DBC8AAD
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\acrocef_low\ead7f319-065e-4015-9c2d-d4584aa82bb7.tmp

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1407294
                                                                                                                                                                                                                                                          Entropy (8bit):7.97605879016224
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                                                                                                                                                                                                                                          MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                                                                                                                                                                                                                                          SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                                                                                                                                                                                                                                          SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                                                                                                                                                                                                                                          SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1243412476\_metadata\verified_contents.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1796
                                                                                                                                                                                                                                                          Entropy (8bit):6.00842379256538
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:p/hX3I18pFNR7akrIxXj3RTxnJWFZHrkaaEqSoX:RJA8v7a5Xjxx8/LTaEPA
                                                                                                                                                                                                                                                          MD5:AA9C6E289C6498C8321BB8AFF2B5A7E4
                                                                                                                                                                                                                                                          SHA1:CB00232FB0FCD26D585DA90C8567D821167E63FF
                                                                                                                                                                                                                                                          SHA-256:D42447BD162330EC7E5B1AF26F01C8AD6FB202844DA1A64AA17CE1EDD5C487E7
                                                                                                                                                                                                                                                          SHA-512:5D78422DAB695F44941923B5A5A9D2D13A08BAFF297E1370D08BF0BCD61E61C3ED99EDE3446E441EB65FF9C400F267B7E8829542E527D8EA22D89C3FC48322B7
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJjcl9lbi11c181MDAwMDBfaW5kZXguYmluIiwicm9vdF9oYXNoIjoiM1F6aE42RHJsUmtCYzlJM3N0VG9GSmJDeHN4ZW1weGJUMUtSbzA5clBJRSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiI4V2RBNGREUUxTa2g5M2RZblIyQi1oaERyMld6aFUtMUtHNUFuT25TZTY4In1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoib2JlZGJiaGJwbW9qbmthbmljaW9nZ25tZWxtb29tb2MiLCJpdGVtX3ZlcnNpb24iOiIyMDI0MTIyOC43MDY4NzQ5MDcuMTQiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"bIzeFiBiRtXikfXmmboVR5Xz39CmCyZIt42r1OjY4lkRidkPCv07Fpg-Z61WRgQQRySwG_tge9jm8QhLExzsz3Y0eD5P3KxA7dCi3X_11_uZzpmBvp3D_lMj0jE8OZeR_TPB_1Q55mXe_0DtOSVuQRNRv16P_plWPS2PK3NuN_LJ4hMhoV_QYwvP3NBafQibVDX4S0k4YHVBp3cmC8gqJ63vR1YRpmZjgUQpbUM0jgRaqu7cnjvWofE46fUguRhNrBZuXeKASnemm5WrYzbymtTcaNOrUcvn-MnIzPlgxNcdfT8jN3UB4bPpUzm

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1243412476\cr_en-us_500000_index.bin

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):7972202
                                                                                                                                                                                                                                                          Entropy (8bit):6.5690411403027955
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:98304:seagmSFhZTmAatWXVLZfqJ+gQkdTKeiOjmcE/OjdDapihaeMdpCmZ0nE:55SAa0X51q8hkduijG/uWDeKCg0nE
                                                                                                                                                                                                                                                          MD5:AAC5CB5F034BFE04AA65579F99CA6D50
                                                                                                                                                                                                                                                          SHA1:BD04E568425C1DB40099E0474C05567D810CCF7E
                                                                                                                                                                                                                                                          SHA-256:4B03ECD34F305651A96A794622A546CA1E50369C6CB898B3E15C9E40CF7D90BA
                                                                                                                                                                                                                                                          SHA-512:1F54A786DC7FB6AAD7C7ABDF45972571535EED53F64C939EA3F05ADBB978A397674E90A2B003C19F7050504518A47F77089CEB0A7AFC6BFA11282ED091E5A583
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:......wM....a.....t_%!..hw./..f.@..y;.H..g.BJ..r+>R..cY.Z..n}.o..lO.w..e.....b.....d.....u.....m....oc....p/O...sK1...i....z....vM....k.....j.d...x.....1A....4....5{....q.Y...2.....9.....3/....7.x...69....8m.....M....0.#...*67]-.....-....;.........1.....1...&O2.....3....G4....%7.....7....... .._9....... .9...$S:.....B.../.D............... meaning....._E.... to usd@.....E...-MF.....sF.....F....'G....rsula corber...... meaning....(GG.....G............+.lafur darri .lafsson movies and tv shows....@.H..... meaning.l...]H...).H.....I..... meaning.!....r eldon....#.I..... meaning....... ..... ...m..... -J....sad.ra bjarkard.ttir barney2C..... ................ . ................... meaning..... meaningJ..... meaning.v...eviri. .... meaning...... meaning...... meaning... . .... ................ meaning.....eJ..... meaning.R....... 2024.P....J....

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1243412476\manifest.fingerprint

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                          Entropy (8bit):3.9062211575590027
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:SaXQkGkdSGsm5WYDE6+n:STkfsmIYY6+n
                                                                                                                                                                                                                                                          MD5:055665527FB23F07A9253177765D26AC
                                                                                                                                                                                                                                                          SHA1:C708F2BD7F1E119D57DF0C94FD5A7B02D0059BB5
                                                                                                                                                                                                                                                          SHA-256:1B518E233B3DCA5DAB4ACEDEF4C15F569EC2E764EA8F36258319C72547C3031B
                                                                                                                                                                                                                                                          SHA-512:847A89F997E899BADA89C64F85100E58E5CC1BD1B890C2813E4184BC1387FD7353C97C88188B922F38F33316494A93A62B45A2F9844FFA49E6B8F1B7BF63F587
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:1.fa5d70ce715434cda9953be8a723c89384b00cf99e931dd43be46fa909f83371

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1243412476\manifest.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):108
                                                                                                                                                                                                                                                          Entropy (8bit):4.896162276038048
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:rR6TAulhFphifF0AAGAR3CKG/w/VpKS1cmVT6LUhAn:F6VlMT2C7Y/VUS1ciuLUGn
                                                                                                                                                                                                                                                          MD5:54FE5B510967A920D1EA789BE84FEDA6
                                                                                                                                                                                                                                                          SHA1:35C9A6F3CCABEE0E1E79248E740D0124A81AE5D5
                                                                                                                                                                                                                                                          SHA-256:F16740E1D0D02D2921F777589D1D81FA1843AF65B3854FB5286E409CE9D27BAF
                                                                                                                                                                                                                                                          SHA-512:F4D1A9EBC785CF9B27612C03347B0A0240412CA460ED078581000544F6AC607F4B46A4B3C34E134242FAB37E5959522553C60F42B656D36844F7FC285D09A003
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{. "manifest_version": 2,. "name": "OnDeviceHeadSuggestENUS500000",. "version": "20241228.706874907.14".}

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1347052324\LICENSE

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1558
                                                                                                                                                                                                                                                          Entropy (8bit):5.11458514637545
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
                                                                                                                                                                                                                                                          MD5:EE002CB9E51BB8DFA89640A406A1090A
                                                                                                                                                                                                                                                          SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
                                                                                                                                                                                                                                                          SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
                                                                                                                                                                                                                                                          SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1347052324\_metadata\verified_contents.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1865
                                                                                                                                                                                                                                                          Entropy (8bit):6.0109403942089115
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:p/hU+PQDAdtzakOyigpPPQO6D+REkMYcxxIokcF:RFPEQtzap/cwO6N8cnF
                                                                                                                                                                                                                                                          MD5:ACEE7C14C716B46EFD59EC6545E8F426
                                                                                                                                                                                                                                                          SHA1:431E29F8DD798D0B923B4A55782B50A6CECDA392
                                                                                                                                                                                                                                                          SHA-256:A482A3897B1A410A02632B1A3058FD1EDAFC035691580862DA5066DCDEB85767
                                                                                                                                                                                                                                                          SHA-512:384CDB4C2515D68671DD37204E92D43467FEEF54634FA2F072DF76E23594C94B770D2B68C25B9C84DAB2049DBBD5737BB6BC78F2E1C1019564E26A0DD286D9A1
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6ImtleXMuanNvbiIsInJvb3RfaGFzaCI6IlE0aS1ZZnM1ZHJaMDE3TmVGaVBKSGlzSDNIYWNhdnFtZ0VleGg1SEdXalkifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiY3JxMGs4VllOU2RaSGRaWm16eVFLNjNpRkRtVENiRFdFSkItTXlkYmpjSSJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImtpYWJoYWJqZGJramRwamJwaWdmb2RiZGptYmdsY29vIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMi4xNC4xIiwicHJvdG9jb2xfdmVyc2lvbiI6MX0","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"TtW-oeACb_UU2xuWWkL_6ro5U8G3QfG4oAqoU9dPwE_snn5EHDg4d8CynPCMfVyx-DVvlwN-WCT4NCkVZjxbtczN_mSy-_ohFCH1m8ZusxVlzs0jfZ7TiYTEnlrH9H4XhgR5yECIcvmzzFKV2CcIYyzCDjROnS7TT_7VC057oIzqIieKDvhzDXEZGq-X9d_qK3PysmtPEbT7alozTDxTmeEwoedCR6ZvWDHC5PoTXV2IKM0cZep-WN

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1347052324\keys.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):6361
                                                                                                                                                                                                                                                          Entropy (8bit):5.9791886723901255
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:UXq6pG2GE+m0plhYvPuW+wkpTm+ozdswsDm4+uTagSfC3AQj+y:uNtGbm4lOvMwkoR9PuGs3gy
                                                                                                                                                                                                                                                          MD5:B4434830C4BD318DBA6BD8CC29C9F023
                                                                                                                                                                                                                                                          SHA1:A0F238822610C70CDF22FE08C8C4BC185CBEC61E
                                                                                                                                                                                                                                                          SHA-256:272E290D97184D1AC0F4E4799893CB503FBA8ED6C8C503767E70458CBDA32070
                                                                                                                                                                                                                                                          SHA-512:F2549945965757488ECD07E46249E426525C8FE771F9939F009819183AB909D1E79CBB3AECA4F937E799556B83E891BBB0858B60F31EC7E8D2D8FBB4CB00B335
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"https://issuer.captchafox.com":{"PrivateStateTokenV1VOPRF":{"batchsize":1,"id":1,"keys":{"0":{"Y":"AAAAAQQiyE+SESbq7GU5rTx6tZO4tBOxljp+Oya2mU28O+YoALIyXlLLqnl/h5h95ExYSsOlmMIb8EdsJBTrCaDl/KIZSskrfMbZpjhShG0jwnbXojEHI9WaAxKLkX/A/DkyMEg=","expiry":"1734807628115000"},"1":{"Y":"AAAAAQRNtld+5LLBquS4bEJKJwlLw61tzIyqTNkvMVnUTu+YiphbdGrRCjeDTN9D3p1Tgpfmq0N/OKMBYWzDMEN8Km9p9s49c6N2ph4B1MV1m7Ogdj969MOsTw54Kc849oqDl8s=","expiry":"1734807628115000"},"2":{"Y":"AAAAAQSBWW003A3ORFURCZrWNnbEIH15yzk184DaLSebbGzRdyCYtAM1qhhVmXZyBtWTzh6Bfkk5rLPyE1xdQilofPBizF/QJsdaMU0GYhPW1sOU4xoKbmgd/XrnOoFqA2ETOuc=","expiry":"1734807628115000"},"3":{"Y":"AAAAAQSG/ftGdm5B6iwAmVsHt6s43xx3nRf/Vpx9GdeEt3jSTM8hHvyLE9FAEkinGjt4Fp5EjnkCdE96Cxz10nZJRrMApIrGhG5kAoDu4T8PjJPiFQFyHAOdTG7OJWi2NS/rl1A=","expiry":"1734807628115000"},"4":{"Y":"AAAAAQT36tqe550UP5A+4Eokt8iuPZEuWQc9cGJXd7zUCZzrsqtGu3PMcVbOj5DjC4W+yoyF3HqKOqdtiBWgcMsZOcyln/6jUKqf5tS9AoIHa9CC3kQB8ISQd3lhR5j+qWVY8ms=","expiry":"1734807628115000"},"5":{"Y":"AAAAAQQMjaLNCR

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1347052324\manifest.fingerprint

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                          Entropy (8bit):3.9691231055595435
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:SC3TnfRWahk1C5SoCL3:SGTnfR7wXog
                                                                                                                                                                                                                                                          MD5:00BB0BF4C9FE9AA9CDDAE91770EDCD28
                                                                                                                                                                                                                                                          SHA1:F350A88149D03E4D0BA1B60A9EEAB9F3EABA259E
                                                                                                                                                                                                                                                          SHA-256:434025617B33B3E7CBBE3FB173CF35668B61EB5D3386E07B929F820980B2C183
                                                                                                                                                                                                                                                          SHA-512:4D67D60F745A66AE1607BF4D2BA5D9957E41D30E351FD501B4F95CFDFF0C9934873DE77B22AEEBEF9F8EB8EC7CD373D5E6CEA6C41542D7A94FD6AB8380A7EA47
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:1.c0108c669f27b1c45f3895e1a2e7c9adf36da2707f23270611eb58c3be0f25ba

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1347052324\manifest.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):80
                                                                                                                                                                                                                                                          Entropy (8bit):4.418776852063957
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:rR6TAulhFphifFIPgS1kXng:F6VlMyPgS1kXg
                                                                                                                                                                                                                                                          MD5:9E72659142381870C3C7DFE447D0E58E
                                                                                                                                                                                                                                                          SHA1:BA27ED169D5AF065DABDE081179476BEB7E11DE2
                                                                                                                                                                                                                                                          SHA-256:72BAB493C5583527591DD6599B3C902BADE214399309B0D610907E33275B8DC2
                                                                                                                                                                                                                                                          SHA-512:B887EB30C09FA3C87945B83D8DBDDCEEE286011A1582C10B5B3CC7A4731B7FA7CB3689CB61BFEAD385C95902CAB397D0AA26BC26086D17CE414A4F40F0E16A01
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{. "manifest_version": 2,. "name": "trustToken",. "version": "2024.12.14.1".}

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\LICENSE

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):473
                                                                                                                                                                                                                                                          Entropy (8bit):4.388167319950301
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:LOT6w+DmsDZrkrDxBYRgELGNB+cIMLohXOl0t1iKR/UFioWd9+iAt4jZMeLhJoUs:iwDtVEDsCDLeelyigqBjt4eK2f55
                                                                                                                                                                                                                                                          MD5:F6719687BED7403612EAED0B191EB4A9
                                                                                                                                                                                                                                                          SHA1:DD03919750E45507743BD089A659E8EFCEFA7AF1
                                                                                                                                                                                                                                                          SHA-256:AFB514E4269594234B32C873BA2CD3CC8892E836861137B531A40A1232820C59
                                                                                                                                                                                                                                                          SHA-512:DD14A7EAE05D90F35A055A5098D09CD2233D784F6AC228B5927925241689BFF828E573B7A90A5196BFDD7AAEECF00F5C94486AD9E3910CFB07475FCFBB7F0D56
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:Google LLC and its affiliates ("Google") own all legal right, title and.interest in and to the content decryption module software ("Software") and.related documentation, including any intellectual property rights in the.Software. You may not use, modify, sell, or otherwise distribute the Software.without a separate license agreement with Google. The Software is not open.source software...If you are interested in licensing the Software, please contact.www.widevine.com.

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_metadata\verified_contents.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1550
                                                                                                                                                                                                                                                          Entropy (8bit):5.9461543350675905
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:p/hFkmoyMTI1jglp6NjkakKwk+R2VJAz5s:RhMka5adwTYQz5s
                                                                                                                                                                                                                                                          MD5:98B310FC33843D771DA0089FA155EDB2
                                                                                                                                                                                                                                                          SHA1:5690A43F43673B947EB4C433CB4F5488A287E29C
                                                                                                                                                                                                                                                          SHA-256:28F09A4AF935D2894689CC00658D597257422CAFF20A01055EFD8E78AD5E829F
                                                                                                                                                                                                                                                          SHA-512:E76830974EA54C94E857179CA0DA893E088034367CA5C33E71C1016B788E737D65AB49AD9A9E6FEB85385B963AF5C13DB0A91E3F3072AC91600E91A1CEA0AB6F
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoicjdVVTVDYVZsQ05MTXNoenVpelR6SWlTNkRhR0VUZTFNYVFLRWpLQ0RGayJ9LHsicGF0aCI6Il9wbGF0Zm9ybV9zcGVjaWZpYy93aW5feDY0L3dpZGV2aW5lY2RtLmRsbCIsInJvb3RfaGFzaCI6IjIyaDRkdGc4WEx5b2pnb3h3STdVUWppQTRXZ1ZMSFg1YV9oWVZaTFpBNUEifSx7InBhdGgiOiJfcGxhdGZvcm1fc3BlY2lmaWMvd2luX3g2NC93aWRldmluZWNkbS5kbGwuc2lnIiwicm9vdF9oYXNoIjoiMDJOMUd3N2toUmZhRzFiQmZfelhqZFZfSmJDU3NKaDVabjJ4QXpnSGRpRSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKYWNDM1ZPSnpIc0hmR3RPQnNINjJiM3FkS25EZEZNNGlZYlFrOEozMkNjIn1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoib2ltb21wZWNhZ25hamRlamdubmppam9iZWJhZWlnZWsiLCJpdGVtX3ZlcnNpb24iOiI0LjEwLjI4MzAuMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"KnESAO6ts6E14P0aoVwC_yghkUn7_i9PCMh0NvK44eLJL04dv

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_platform_specific\win_x64\widevinecdm.dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):19236784
                                                                                                                                                                                                                                                          Entropy (8bit):7.70214269860876
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:393216:FPRzXYeXFyjsrZuvpYl5SJIhw7PJeP9TZHZMaMq0Vrq8P:DFyjs0pYl1hwDJeVT7erq8P
                                                                                                                                                                                                                                                          MD5:9D76604A452D6FDAD3CDAD64DBDD68A1
                                                                                                                                                                                                                                                          SHA1:DC7E98AD3CF8D7BE84F6B3074158B7196356675B
                                                                                                                                                                                                                                                          SHA-256:EB98FA2CFE142976B33FC3E15CF38A391F079E01CF61A82577B15107A98DEA02
                                                                                                                                                                                                                                                          SHA-512:EDD0C26C0B1323344EB89F315876E9DEB460817FC7C52FAEDADAD34732797DAD0D73906F63F832E7C877A37DB4B2907C071748EDFAD81EA4009685385E9E9137
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                          • Filename: SmartEasyPDF.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: pdfguruhub.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: allpdfpro.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: Complete_with_DocuSign_49584.pdf, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: DRL-272112.htm, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: View alert details #20GBQ4J.html, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: shelbycountytn.gov.pdf, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: EPAYMENT_Receipt.html, Detection: malicious, Browse
                                                                                                                                                                                                                                                          • Filename: Capelleaandenijssel.nl_reff_9918205228_HelNc2Zf7n.html, Detection: malicious, Browse
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Gf.........." ......o.........P.l......................................p].....c.%...`A..........................................!.......!...... ]......`[..$...f%..!...0].0:....!.8.....................!.(...`cp.@...........p.!..............................text.....o.......o................. ..`.rdata..x.....o.......o.............@..@.data...pv8...".......".............@....pdata...$...`[..&....#.............@..@.00cfg..0.....\.......$.............@..@.gxfg... (....\..*....$.............@..@.retplne......\.......%..................rodata.......\.......%............. ..`.tls..........\.......%.............@..._RDATA..\.....]...... %.............@..@malloc_h......]......"%............. ..`.rsrc........ ]......$%.............@..@.reloc..0:...0]..<...*%.............@..B................................................................................................

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\_platform_specific\win_x64\widevinecdm.dll.sig

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1427
                                                                                                                                                                                                                                                          Entropy (8bit):7.572464059652219
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:38H/VZn47VBRxgCUQuODHBJeriJ8yojUdnkLvXWgl0oHLrUXAokYH/o8j/bmspTh:38HdurRxHSOlAiqYoXWVDXJ/o8zbmsFh
                                                                                                                                                                                                                                                          MD5:A19EC48B4B28F3AA9C32150DCA8C0E39
                                                                                                                                                                                                                                                          SHA1:02981E40B643C2A987D47BF58F42B7F3CA5AAF07
                                                                                                                                                                                                                                                          SHA-256:D363751B0EE48517DA1B56C17FFCD78DD57F25B092B09879667DB10338077621
                                                                                                                                                                                                                                                          SHA-512:718A24E1FB45AB0FD3DB5A5C45B0E0061D9061D8615E2A8D6DB2150BF72267E96774094A6FC07A250D5BBBC5133A1CB635D8F7ADC5B1751FA99327FCE9555941
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:....0...0...........6cd/+J.v{..B...0...*.H........0}1.0...U....US1.0...U....Washington1.0...U....Kirkland1.0...U....Google1.0...U....Widevine1"0 ..U....widevine-codesign-root-ca0...171013173909Z..271011173909Z0y1.0...U....US1.0...U....Washington1.0...U....Kirkland1.0...U....Google1.0...U....Widevine1.0...U....widevine-vmp-codesign0.."0...*.H.............0.........2F..8.e..-....$r...{^........0.%.HA...sA"D.q.=6...#.J.N.......&..k;.+...<xF.......B8.)S....o..|Ci.F.A6....J.......Y..4..{.5u.9N...=...#.M..s.F!j.f%&ld.R...?!Ot@......#.f..O..[.V.p0y....+...S.].....M.=.9...>.. ........>.:....1tl.....`D/c..j..........0..0...U......L...cC.E..R.n...$.0...U.#..0....=..tW....!.B.#U).0...U....0.0...U........0...U.%..0...+.......0...+.....y........0...*.H.............g.."..[..t{.4~.,.G....4K.....(x$...} .*...N..b|d......h..u6?.L.(&.Oup...$!...4R. 5.-...s...K/..U[..[.+.sAX*.~...^0..ba>;.#....x...b.-1...E..l....S.n.a....)U .q..C>d:...<[..F5...7...[.-.l}.T Lc.X..Qf...z..:.Q..e.m

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\manifest.fingerprint

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                          Entropy (8bit):3.9232676497295262
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:SQTWAEVtGbSHaqHGDTzoARPkBDF:SQyANeayyTzTP6
                                                                                                                                                                                                                                                          MD5:5BFBCC6E7AA3E9C1570C5C73F38FA8EA
                                                                                                                                                                                                                                                          SHA1:497BAFA5658C6CE8C8010D12F104EEBEC7A1BAE2
                                                                                                                                                                                                                                                          SHA-256:84470096167EA43C0880B39FE44B42F552014E4F85B66805C2935C542BA3CB8E
                                                                                                                                                                                                                                                          SHA-512:41BBED6CC317FF190189D63D6D5910D30E23A5160E5FF5F635FF408AAB13452DA8174556D7120DB176701435A3329A93A7450583404D56C34A37B67F1A332EDC
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:1.567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1382966679\manifest.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1001
                                                                                                                                                                                                                                                          Entropy (8bit):4.774546324439748
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:ulaihI11X1TRuRckckH3WoA0UNqLQxUNqmTxyNq+TA:C1hYl1uRfckHkseDA
                                                                                                                                                                                                                                                          MD5:2FF237ADBC218A4934A8B361BCD3428E
                                                                                                                                                                                                                                                          SHA1:EFAD279269D9372DCF9C65B8527792E2E9E6CA7D
                                                                                                                                                                                                                                                          SHA-256:25A702DD5389CC7B077C6B4E06C1FAD9BDEA74A9C37453388986D093C277D827
                                                                                                                                                                                                                                                          SHA-512:BAFD91699019AB756ADF13633B825D9D9BAE374CA146E8C05ABC70C931D491D421268A6E6549A8D284782898BC6EB99E3017FBE3A98E09CD3DFECAD19F95E542
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{. "manifest_version": 2,. "update_url": "https://clients2.google.com/service/update2/crx",. "name": "WidevineCdm",. "description": "Widevine Content Decryption Module",. "version": "4.10.2830.0",. "minimum_chrome_version": "68.0.3430.0",. "x-cdm-module-versions": "4",. "x-cdm-interface-versions": "10",. "x-cdm-host-versions": "10",. "x-cdm-codecs": "vp8,vp09,avc1,av01",. "x-cdm-persistent-license-support": true,. "x-cdm-supported-encryption-schemes": [. "cenc",. "cbcs". ],. "icons": {. "16": "imgs/icon-128x128.png",. "128": "imgs/icon-128x128.png". },. "platforms": [. {. "os": "win",. "arch": "x64",. "sub_package_path": "_platform_specific/win_x64/". },. {. "os": "win",. "arch": "x86",. "sub_package_path": "_platform_specific/win_x86/". },. {. "os": "win",. "arch": "arm64",. "sub_package_path": "_platform_specific/win_arm64/". }. ],. "accept_arch": [. "x64",. "x86_64",. "x86_64h". ].

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\Filtering Rules

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:SysEx File - GreyMatter
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):75076
                                                                                                                                                                                                                                                          Entropy (8bit):5.536878116224829
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:1536:BFJkJ9UJ9Gor+SRTpV7rSEc2xgmmD6I7knvvTsnlPUBkVxC7M0x5vPrwz:7uiJcoi0TptOEcSg1D6IovvTsnlPFVxf
                                                                                                                                                                                                                                                          MD5:EABBA602AD039867B52E30E3E59EDC38
                                                                                                                                                                                                                                                          SHA1:FAC94381CB8BD64D6EE5247060A3A3103FCD6D56
                                                                                                                                                                                                                                                          SHA-256:68EF948A4727C058ED027C201EED5F749A508AE2732518188043AF70E6E41E75
                                                                                                                                                                                                                                                          SHA-512:6C3FB4155FB43A544A4847794511A903A2E2B0DEE2FAC6C6378C735D8194FF0D7B095DC28EFF96F01E42B97E3BAC6C68B88FE25D6520DFAB131ACFDCF88ADFAC
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:............0.8.@.R.-728x90...........0.8.@.R.adtdp.com^..........0.8.@.R.just-news.pro^..........0.8.@.R.yomeno.xyz^..........0.8.@.R.yellowblue.io^..........0.8.@.R.thubanoa.com^..........0.8.@.R.abh.jp^..........0.8.@.R.ad999.biz^..........0.8.@.R._468_60...........0.8.@.R.adrecover.com^..........0.8.@.R.pemsrv.com^..........0.8.@.R.mnaspm.com^.,........0.8.@.R.mysmth.net/nForum/*/ADAgent_.>........*...worldstar.com0.8.@.R.js.assemblyexchange.com/wana..(........0.8.@.R.ogads-pa.googleapis.com^..........0.8.@.R.indoleads.com^.%......0.8.@.R.discordapp.com/banners/.(........0.8.@.R.looker.com/api/internal/.#........0.8.@.R.broadstreetads.com^.(........0.8.@.R.shikoku-np.co.jp/img/ad/..........0.8.@.R./banner.cgi?..........0.8.@.R./in/track?data=.!......0.8.@.R.linkbucks.com/tmpl/..........0.8.@.R.clicktripz.com^..........0.8.@.R.-ad-manager/........0.8.@.R.files.slack.com^.$........0.8.@.R.admitad-connect.com^.2........0.8.@.R"cloudfront.net/js/common/invoke.js..........0.8.@.R./300-2

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\LICENSE.txt

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):24623
                                                                                                                                                                                                                                                          Entropy (8bit):4.588307081140814
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:384:mva5sf5dXrCN7tnBxpxkepTqzazijFgZk231Py9zD6WApYbm0:mvagXreRnTqzazWgj0v6XqD
                                                                                                                                                                                                                                                          MD5:D33AAA5246E1CE0A94FA15BA0C407AE2
                                                                                                                                                                                                                                                          SHA1:11D197ACB61361657D638154A9416DC3249EC9FB
                                                                                                                                                                                                                                                          SHA-256:1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
                                                                                                                                                                                                                                                          SHA-512:98B1B12FF0991FD7A5612141F83F69B86BC5A89DD62FC472EE5971817B7BBB612A034C746C2D81AE58FDF6873129256A89AA8BB7456022246DC4515BAAE2454B
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:EasyList Repository Licences.... Unless otherwise noted, the contents of the EasyList repository.. (https://github.com/easylist) is dual licensed under the GNU General.. Public License version 3 of the License, or (at your option) any later.. version, and Creative Commons Attribution-ShareAlike 3.0 Unported, or.. (at your option) any later version. You may use and/or modify the files.. as permitted by either licence; if required, "The EasyList authors.. (https://easylist.to/)" should be attributed as the source of the.. material. All relevant licence files are included in the repository..... Please be aware that files hosted externally and referenced in the.. repository, including but not limited to subscriptions other than.. EasyList, EasyPrivacy, EasyList Germany and EasyList Italy, may be.. available under other conditions; permission must be granted by the.. respective copyright holders to authorise the use of their material.......Creative Commons Attribut

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\_metadata\verified_contents.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1529
                                                                                                                                                                                                                                                          Entropy (8bit):5.970215376335647
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:pZRj/flTHY+tCJVkYbKaR8uemFjeT3tzkaoX6pdKijihWUoXOgYhTYhXsvtYu0/T:p/h4oCHbKaiuqTtkak6SHkKh8Cix/NN
                                                                                                                                                                                                                                                          MD5:4056E612209F7E171E97A4BAAD33E9D9
                                                                                                                                                                                                                                                          SHA1:65552882A5046F8C4590114164527BB4E06A88C8
                                                                                                                                                                                                                                                          SHA-256:3790644377239FA0ED31695DD6CA298E691D8A722079A120E3B95888CD02A59A
                                                                                                                                                                                                                                                          SHA-512:9F319BF1F3FA801380BDA50C978068B9836C92FA3116DC0C161342819122C7C9B37F9D93286E6A47339728FD921287DD4CBBF49F42D25DBDFFD5492C8F704D92
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJGaWx0ZXJpbmcgUnVsZXMiLCJyb290X2hhc2giOiJucWhncWw5V1VKS1dsckxsMWcydDk3ZWZZV3pXSXFyS0ZEdUlBRzVYQ0NVIn0seyJwYXRoIjoiTElDRU5TRS50eHQiLCJyb290X2hhc2giOiIyaWswNmk0TFlCdVNHNWphRGFIS253NE9pdnVSRzZsQ0JKMVk0TGtzRFJJIn0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6Im94R3FoUXZuYXpkX25QakRtdGNHNVpldzVTNl9KX1dnWGF0Q1VuSDJaUzgifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJnY21qa21nZGxnbmtrY29jbW9laW1pbmFpam1tam5paSIsIml0ZW1fdmVyc2lvbiI6IjkuNTMuMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"Aa9-IcWVFN0nZzRG-ALMAKq2-fXGbhYztlRiSxmkhnBtElMC1RGaLdE0fMq1d__FFc_2B0F3Lvo9_dPvqA5AntqZjbw7tZ5BDcmFZyPZUM4U_A7esIYs4F1_GWgF_GmZY5ue0QDdHLMf9QMFcrJKe7niWPPfZSno5bpUqHdwrmvuUnB_J8hk3JzN8Ybca2UY4cFhrpjlkg2kj5-intqNsPGHi4mrvZ7ctaffAkfMwzP3Xtcdw

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\manifest.fingerprint

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                          Entropy (8bit):3.9784136821063196
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:SMOGHtdUbb5UNGHMfn4yxqt:SM/HtdUPSGHsnFxqt
                                                                                                                                                                                                                                                          MD5:20C72149A48962D86FFEAACF14CF63FC
                                                                                                                                                                                                                                                          SHA1:EF8244AE418794FFCB01D09C9B577C942C9A8218
                                                                                                                                                                                                                                                          SHA-256:9ABD021173116878060E97B8C1B034AA9535215F54CEEE82B4DF09F5B5A44E48
                                                                                                                                                                                                                                                          SHA-512:F0B185B688913DF3F38308EB30207902CCB93C116EADB2668B3414ADD6944587C365CBA98F68C7BD1E15CA328934F61972785D61804BD3EF3287C7893BDBAD16
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:1.fa0d6d9c4b0b82afb2f2a5905ee915fcbee32c741304885b1399da5747eced4e

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_1645626153\manifest.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                                                                          Entropy (8bit):4.56489413033116
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:rR6TAulhFphifFHXG7LGMdv5HcDKhtUJKS1B:F6VlMZWuMt5SKPS1B
                                                                                                                                                                                                                                                          MD5:C5CADAB1F82F9B71621C1E776CAB86CF
                                                                                                                                                                                                                                                          SHA1:C98F0A50560D2D6C60105426A0435F95023A7237
                                                                                                                                                                                                                                                          SHA-256:A311AA850BE76B377F9CF8C39AD706E597B0E52EBF27F5A05DAB425271F6652F
                                                                                                                                                                                                                                                          SHA-512:04DFBEA8D35FF5FB2B9926AE095A5243FCAFB8BD2AC269BF09CAE2DAFF03D67E777F157649A25ECD388566C54219AA85EB4F6DB213C8B1FA001526C5397CCE80
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{. "manifest_version": 2,. "name": "Subresource Filtering Rules",. "ruleset_format": 1,. "version": "9.53.0".}

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103\Google.Widevine.CDM.dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):2877728
                                                                                                                                                                                                                                                          Entropy (8bit):6.868480682648069
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:GB6BoH5sOI2CHusbKOdskuoHHVjcY94RNETO2WYA4oPToqnQ3dK5zuqvGKGxofFo:M67hlnVjcYGRNETO2WYA4oLoqnJuZI5
                                                                                                                                                                                                                                                          MD5:477C17B6448695110B4D227664AA3C48
                                                                                                                                                                                                                                                          SHA1:949FF1136E0971A0176F6ADEA8ADCC0DD6030F22
                                                                                                                                                                                                                                                          SHA-256:CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E
                                                                                                                                                                                                                                                          SHA-512:1E267B01A78BE40E7A02612B331B1D9291DA8E4330DEA10BF786ACBC69F25E0BAECE45FB3BAFE1F4389F420EBAA62373E4F035A45E34EADA6F72C7C61D2302ED
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....fd.........." ......(..........A&.......................................,.......,...`A.........................................V*......V*......`,......`+..p....+. )...p,......D*.8....................C*.(.....(.8...........p\*..............................text.....(.......(................. ..`.rdata..h.....(.......(.............@..@.data....l....*..&....*.............@....pdata...p...`+..r....*.............@..@.00cfg..(.....+......p+.............@..@.gxfg....$....+..&...r+.............@..@.retplnel.... ,.......+..................tls.........0,.......+.............@....voltbl.D....@,.......+................._RDATA.......P,.......+.............@..@.rsrc........`,.......+.............@..@.reloc.......p,.......+.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103\_metadata\verified_contents.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1778
                                                                                                                                                                                                                                                          Entropy (8bit):6.02086725086136
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:p/hCdQAdJjRkakCi0LXjX9mqjW6JmfQkNWQzXXf2gTs:RtQ1aaxXrjW6JuQEWQKas
                                                                                                                                                                                                                                                          MD5:3E839BA4DA1FFCE29A543C5756A19BDF
                                                                                                                                                                                                                                                          SHA1:D8D84AC06C3BA27CCEF221C6F188042B741D2B91
                                                                                                                                                                                                                                                          SHA-256:43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729
                                                                                                                                                                                                                                                          SHA-512:19B085A9CFEC4D6F1B87CC6BBEEB6578F9CBA014704D05C9114CFB0A33B2E7729AC67499048CB33823C884517CBBDC24AA0748A9BB65E9C67714E6116365F1AB
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJHb29nbGUuV2lkZXZpbmUuQ0RNLmRsbCIsInJvb3RfaGFzaCI6Im9ZZjVLQ2Z1ai1MYmdLYkQyWFdBS1E5Nkp1bTR1Q2dCZTRVeEpGSExSNWMifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiYk01YTJOU1d2RkY1LW9Tdml2eFdqdXVwZ05pblVGakdPQXRrLTBJcGpDZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6Im5laWZhb2luZGdnZmNqaWNmZmtncG1ubHBwZWZmYWJkIiwiaXRlbV92ZXJzaW9uIjoiMS4wLjI3MzguMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"KTPeHzS0ybFaz3_br3ASYWHjb6Ctul92067u2JMwtNYYm-4KxLiSkJZNBIzhm6hNSEW2p5kUEvHD0TjhhFGCZnWm9titj2bqJayCOAGxZb5BO74JJCRfy5Kwr1KSS4nvocsZepnHBmCiG2OV3by-Lyf1h1uU3X3bDfD92O0vJzrA8rwL2LrwIk-BolLo5nlM0I_MZwg8DhZ8SFBu9GGRVB2XrailDrv4SgupFE9gqA1HY6kjRjoyoAHbRRxZdBNNt9IKNdxNyaF9NcNRY8dAedNQ9Tw3YNp5jB7R9lcjO4knn58RdH2h_GiJ4l96StcXA4e7cqbJ77P-c

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103\manifest.fingerprint

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                          Entropy (8bit):3.974403644129192
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:SLVV8T+WSq2ykFDJp9qBn:SLVqZS5p0B
                                                                                                                                                                                                                                                          MD5:D30A5BBC00F7334EEDE0795D147B2E80
                                                                                                                                                                                                                                                          SHA1:78F3A6995856854CAD0C524884F74E182F9C3C57
                                                                                                                                                                                                                                                          SHA-256:A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642
                                                                                                                                                                                                                                                          SHA-512:DACF60E959C10A3499D55DC594454858343BF6A309F22D73BDEE86B676D8D0CED10E86AC95ECD78E745E8805237121A25830301680BD12BFC7122A82A885FF4B
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_633878103\manifest.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):145
                                                                                                                                                                                                                                                          Entropy (8bit):4.595307058143632
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:rR6TAulhFphifFooG+HhFFKS18CWjhXLXGPQ3TRpvF/FHddTcplFHddTcVYA:F6VlM5PpKS18hRIA
                                                                                                                                                                                                                                                          MD5:BBC03E9C7C5944E62EFC9C660B7BD2B6
                                                                                                                                                                                                                                                          SHA1:83F161E3F49B64553709994B048D9F597CDE3DC6
                                                                                                                                                                                                                                                          SHA-256:6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28
                                                                                                                                                                                                                                                          SHA-512:FB80F091468A299B5209ACC30EDAF2001D081C22C3B30AAD422CBE6FEA7E5FE36A67A8E000D5DD03A30C60C30391C85FA31F3931E804C351AB0A71E9A978CC0F
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{. "manifest_version": 2,. "name": "windows-mf-cdm",. "version": "1.0.2738.0",. "accept_arch": [. "x64",. "x86_64",. "x86_64h". ].}

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_79028869\LICENSE

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1558
                                                                                                                                                                                                                                                          Entropy (8bit):5.11458514637545
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
                                                                                                                                                                                                                                                          MD5:EE002CB9E51BB8DFA89640A406A1090A
                                                                                                                                                                                                                                                          SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
                                                                                                                                                                                                                                                          SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
                                                                                                                                                                                                                                                          SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_79028869\_metadata\verified_contents.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1864
                                                                                                                                                                                                                                                          Entropy (8bit):6.018989605004616
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:p/hUI1OwEU3AdIq7ak68O40E2szOxxUJ8BPFkf31U4PrHfqY3J5D:RnOwtQIq7aZ40E2sYUJAYRr/qYZ5D
                                                                                                                                                                                                                                                          MD5:C4709C1D483C9233A3A66A7E157624EA
                                                                                                                                                                                                                                                          SHA1:99A000EB5FE5CC1E94E3155EE075CD6E43DC7582
                                                                                                                                                                                                                                                          SHA-256:225243DC75352D63B0B9B2F48C8AAA09D55F3FB9E385741B12A1956A941880D9
                                                                                                                                                                                                                                                          SHA-512:B45E1FD999D1340CC5EB5A49A4CD967DC736EA3F4EC8B02227577CC3D1E903341BE3217FBB0B74765C72085AC51C63EEF6DCB169D137BBAF3CC49E21EA6468D7
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJVczFpOUt3Zm5uMThTVVR1RVItRXBDTTMwVzFkNTc0cGJwUlJSdGJYM0JVIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiM0hiWThLc3poeEF6UDVSUU9fZEpvZGNwbEtpRXR0RWh2UmZMZEtjSTdjZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMS44LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"lGxZ1-AH7F8MftKSBdZiFULmC8hZkIHy1_2XIoU81Z5mK0wHVwNV7-55CBTcuuvKjTje-AnKLDoG4S0A_Jeg4lSQK5V_Q4f6JVqp5Vj_ge86YkRZEv4m1bjKRY4N17SHobwuH8Hc_kAugFIlG1LIDHnrm1N7ZWIqo3fVlnVqgSstmvFXAhBazgs1UYRi3hPjPM6e1q1i2N1mIUbxLvG41frGo2QJ8W5J3buUjzs-0y250k-YkadKAR0

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_79028869\manifest.fingerprint

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                          Entropy (8bit):3.820000180714897
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:SVzHL3phUmWRDNKydvgHVz:SBHLLUmWRbCp
                                                                                                                                                                                                                                                          MD5:BBEC7670A2519FEB0627F17D0C0B5276
                                                                                                                                                                                                                                                          SHA1:9C30B996F1B069F86EF7C0136DFAF7E614674DEA
                                                                                                                                                                                                                                                          SHA-256:670A6F6BBADAB2C2BE63898525FCAF72E7454739E77C04D120BC1A46B6694CAC
                                                                                                                                                                                                                                                          SHA-512:1ED4ED6AE2A2CBE86F9E8C6C7A2672EBB2F37DBE83D2BF09D875DB435ED63BF5F5CF60CA846865166F9A498095F6D61BD51B0A092E097430439E8A5A3A14CB15
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:1.03cccbb22b17080279ea1707c9ab093c59f4f4dd09580c841cfa794cb372228d

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_79028869\manifest.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):85
                                                                                                                                                                                                                                                          Entropy (8bit):4.462192586591686
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:rR6TAulhFphifFCmMARWHJqS1kULJVPY:F6VlM8aRWpqS1kSJVg
                                                                                                                                                                                                                                                          MD5:084E339C0C9FE898102815EAC9A7CDEA
                                                                                                                                                                                                                                                          SHA1:6ABF7EAAA407D2EAB8706361E5A2E5F776D6C644
                                                                                                                                                                                                                                                          SHA-256:52CD62F4AC1F9E7D7C4944EE111F84A42337D16D5DE7BE296E945146D6D7DC15
                                                                                                                                                                                                                                                          SHA-512:0B67A89F3EBFF6FEC3796F481EC2AFBAC233CF64FDC618EC6BA1C12AE125F28B27EE09E8CD0FADB8F6C8785C83929EA6F751E0DDF592DD072AB2CF439BD28534
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.11.8.0".}

                                                                                                                                                                                                                                                          C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7880_79028869\sets.json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):9817
                                                                                                                                                                                                                                                          Entropy (8bit):4.629347296880043
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJl:v5C4ql7BkIVmtRTGXvcxBsl
                                                                                                                                                                                                                                                          MD5:8C702C686B703020BC0290BAFC90D7A0
                                                                                                                                                                                                                                                          SHA1:EB08FF7885B4C1DE3EF3D61E40697C0C71903E27
                                                                                                                                                                                                                                                          SHA-256:97D9E39021512305820F27B9662F0351E45639124F5BD29F0466E9072A9D0C62
                                                                                                                                                                                                                                                          SHA-512:6137D0ED10E6A27924ED3AB6A0C5F9B21EB0E16A876447DADABD88338198F31BB9D89EF8F0630F4573EA34A24FB3FD3365D7EA78A97BA10028A0758E0A550739
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

                                                                                                                                                                                                                                                          Chrome Cache Entry: 213

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):5430
                                                                                                                                                                                                                                                          Entropy (8bit):3.6534652184263736
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                                                                                                                                                                                                                          MD5:F3418A443E7D841097C714D69EC4BCB8
                                                                                                                                                                                                                                                          SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                                                                                                                                                                                                                          SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                                                                                                                                                                                                                          SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                                                                                                                                                                                                                          Chrome Cache Entry: 214

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                          Size (bytes):5430
                                                                                                                                                                                                                                                          Entropy (8bit):3.6534652184263736
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                                                                                                                                                                                                                          MD5:F3418A443E7D841097C714D69EC4BCB8
                                                                                                                                                                                                                                                          SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                                                                                                                                                                                                                          SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                                                                                                                                                                                                                          SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          URL:https://www.google.com.et/favicon.ico
                                                                                                                                                                                                                                                          Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                                                                                                                                                                                                                          Chrome Cache Entry: 215

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (1566), with no line terminators
                                                                                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                                                                                          Size (bytes):1566
                                                                                                                                                                                                                                                          Entropy (8bit):5.539287139459924
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:n0ksbJhWZ4qmVtmhkVzGuxZbnEgz8NoR1dcGRRV4BdHWssMGRRctYiRsOEfv11a:ncVohc/zEI8No5hO/HWsGtFfvi
                                                                                                                                                                                                                                                          MD5:96F3520CBAF0A6A11344AE278B2AB9E6
                                                                                                                                                                                                                                                          SHA1:6CF739C3264C6A0F2CB212FBA717A1881C5A44DB
                                                                                                                                                                                                                                                          SHA-256:4B41FB8E0B27BEFE7FE41F1CAD83F990C4DDC6A0B5A7A1932F079D2B174B9AF3
                                                                                                                                                                                                                                                          SHA-512:01C725A66DEED3ECB57B76AD91828B087EFEC90CDEF70DDF3A924124142036F314C65E2A5CCCFBB37091E9945C2148DC7C7BF1038A4C927D0270FBFE00FE7CE0
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          URL:https://www.google.com.et/url?q=https://canseguros.com.br/playground/999/index
                                                                                                                                                                                                                                                          Preview:<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Redirect Notice</title><style>body,div,a{font-family:Roboto,Arial,sans-serif}body{background-color:#fff;margin-top:3px}div{color:#000}a:link{color:#681da8}a:visited{color:#681da8}a:active{color:#ea4335}div.mymGo{border-top:1px solid var(--gS5jXb);border-bottom:1px solid var(--gS5jXb);background:#f8f9fa;margin-top:1em;width:100%}div.aXgaGb{padding:0.5em 0;margin-left:10px}div.fTk7vd{margin-left:35px;margin-top:35px}</style></head><body><div class="mymGo"><div class="aXgaGb"><font style="font-size:larger"><b>Redirect Notice</b></font></div></div><div class="fTk7vd">&nbsp;The previous page is sending you to <a href="https://canseguros.com.br/playground/999/index">https://canseguros.com.br/playground/999/index</a>.<br><br>&nbsp;If you do not want to visit that page, you can <a href="#" id="tsuid_ish7Z_fbIOfv7_UP14nq6QI_1">return to the previous page</a>.<script nonce="SAkKfVIpjZHO1fmMuFdzNw">(fu

                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          File type:PDF document, version 1.6
                                                                                                                                                                                                                                                          Entropy (8bit):6.964278555729962
                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                          • Adobe Portable Document Format (5005/1) 100.00%
                                                                                                                                                                                                                                                          File name:#Employee-Letter.pdf
                                                                                                                                                                                                                                                          File size:321'585 bytes
                                                                                                                                                                                                                                                          MD5:4811040a4ddb1711667f61a65701039c
                                                                                                                                                                                                                                                          SHA1:9069510bb6259222e129025615b7b16f3353ad72
                                                                                                                                                                                                                                                          SHA256:0f8362a4f6c378d623654597e824bfa1228299c55e63fc5deb8e4fbc4c69157e
                                                                                                                                                                                                                                                          SHA512:7710a280675378adff69a54a2dd1392b841e496bf449817126f9a2df20f93e4f7858807b181c9ad762ec43d18caec7dd89f37444b428d42bbcbefd3f3307d7e1
                                                                                                                                                                                                                                                          SSDEEP:6144:cqvTKePm8Q/rkvlf07pXqPTzEB0vkb7fY:cCOQQ/ruMVXqM3bzY
                                                                                                                                                                                                                                                          TLSH:6C6467038D09CB43A46483E8BE075EA82F1B571CA9D67AEE05230DDF2E647311DDE46E
                                                                                                                                                                                                                                                          File Content Preview:%PDF-1.6.%.....1 0 obj.<<./Type /Catalog./Version /1.6./Pages 2 0 R.>>.endobj.6 0 obj.<<./Length 320639./Type /XObject./Subtype /Image./Filter /DCTDecode./BitsPerComponent 8./Width 2479./Height 3508./ColorSpace /DeviceRGB.>>.stream........JFIF............

                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                          Icon Hash:62cc8caeb29e8ae0

                                                                                                                                                                                                                                                          Static PDF Info

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Header:%PDF-1.6
                                                                                                                                                                                                                                                          Total Entropy:6.964279
                                                                                                                                                                                                                                                          Total Bytes:321585
                                                                                                                                                                                                                                                          Stream Entropy:6.961106
                                                                                                                                                                                                                                                          Stream Bytes:320926
                                                                                                                                                                                                                                                          Entropy outside Streams:5.301649
                                                                                                                                                                                                                                                          Bytes outside Streams:659
                                                                                                                                                                                                                                                          Number of EOF found:1
                                                                                                                                                                                                                                                          Bytes after EOF:

                                                                                                                                                                                                                                                          Keywords Statistics

                                                                                                                                                                                                                                                          NameCount
                                                                                                                                                                                                                                                          obj5
                                                                                                                                                                                                                                                          endobj5
                                                                                                                                                                                                                                                          stream4
                                                                                                                                                                                                                                                          endstream4
                                                                                                                                                                                                                                                          xref0
                                                                                                                                                                                                                                                          trailer0
                                                                                                                                                                                                                                                          startxref1
                                                                                                                                                                                                                                                          /Page0
                                                                                                                                                                                                                                                          /Encrypt0
                                                                                                                                                                                                                                                          /ObjStm1
                                                                                                                                                                                                                                                          /URI0
                                                                                                                                                                                                                                                          /JS0
                                                                                                                                                                                                                                                          /JavaScript0
                                                                                                                                                                                                                                                          /AA0
                                                                                                                                                                                                                                                          /OpenAction0
                                                                                                                                                                                                                                                          /AcroForm0
                                                                                                                                                                                                                                                          /JBIG2Decode0
                                                                                                                                                                                                                                                          /RichMedia0
                                                                                                                                                                                                                                                          /Launch0
                                                                                                                                                                                                                                                          /EmbeddedFile0

                                                                                                                                                                                                                                                          Image Streams

                                                                                                                                                                                                                                                          IDDHASHMD5Preview
                                                                                                                                                                                                                                                          60c0f370d0f300c00a6e783a1e6e6c5ab3df880e9fad06200

                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.636904001 CET49738443192.168.2.4100.22.0.215
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.636918068 CET44349738100.22.0.215192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.636986017 CET49738443192.168.2.4100.22.0.215
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.639158964 CET49738443192.168.2.4100.22.0.215
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.639170885 CET44349738100.22.0.215192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.258034945 CET44349738100.22.0.215192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.260957956 CET49738443192.168.2.4100.22.0.215
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.260972023 CET44349738100.22.0.215192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.261912107 CET44349738100.22.0.215192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.261979103 CET49738443192.168.2.4100.22.0.215
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.266773939 CET49738443192.168.2.4100.22.0.215
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.266839027 CET44349738100.22.0.215192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.267148018 CET49738443192.168.2.4100.22.0.215
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.267159939 CET44349738100.22.0.215192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.437407970 CET49738443192.168.2.4100.22.0.215
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.658489943 CET44349738100.22.0.215192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.658647060 CET44349738100.22.0.215192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.658695936 CET49738443192.168.2.4100.22.0.215
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.747093916 CET49738443192.168.2.4100.22.0.215
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.747112989 CET44349738100.22.0.215192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.783454895 CET49742443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.783508062 CET44349742142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.783572912 CET49742443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.783807993 CET49742443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.783826113 CET44349742142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.439894915 CET44349742142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.440241098 CET49742443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.440265894 CET44349742142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.441176891 CET44349742142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.441242933 CET49742443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.442714930 CET49742443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.442764997 CET44349742142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.443300962 CET49742443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.443309069 CET44349742142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.554342031 CET49742443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.732398033 CET44349742142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.732749939 CET44349742142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.732806921 CET49742443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.736038923 CET49742443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.736062050 CET44349742142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.765752077 CET49748443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.765799999 CET44349748142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.766000986 CET49748443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.766344070 CET49748443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.766356945 CET44349748142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.393860102 CET44349748142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.394500971 CET49748443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.394525051 CET44349748142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.394810915 CET44349748142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.397512913 CET49748443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.397567987 CET44349748142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.398031950 CET49748443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.439332008 CET44349748142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.594122887 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.594157934 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.594465971 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.594655991 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.594671011 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.718744040 CET44349748142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.718866110 CET44349748142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.718919992 CET49748443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.719244957 CET49748443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.719259977 CET44349748142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.719269991 CET49748443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.719310999 CET49748443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.721658945 CET49751443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.721704006 CET44349751142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.721829891 CET49751443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.722054005 CET49751443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.722070932 CET44349751142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.245923042 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.246179104 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.246195078 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.247225046 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.247292042 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.251369953 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.251429081 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.323436975 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.323457003 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.349318981 CET44349751142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.349574089 CET49751443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.349600077 CET44349751142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.349929094 CET44349751142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.350286007 CET49751443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.350349903 CET44349751142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.350462914 CET49751443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.395335913 CET44349751142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.431106091 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.655198097 CET44349751142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.655247927 CET44349751142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.655307055 CET49751443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.655339003 CET44349751142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.655395985 CET44349751142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.655492067 CET49751443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.668323994 CET49751443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.668348074 CET44349751142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.777945995 CET49752443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.778013945 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.778186083 CET49752443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.778377056 CET49752443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:54.778398991 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.427018881 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.456578970 CET49752443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.456629992 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.457007885 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.458384991 CET49752443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.458456993 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.459005117 CET49752443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.503339052 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.717932940 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.717983007 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.718015909 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.718048096 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.718049049 CET49752443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.718086958 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.718107939 CET49752443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.718291044 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.718341112 CET49752443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.719639063 CET49752443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.719660044 CET44349752142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.734451056 CET49754443192.168.2.4172.217.16.195
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.734477997 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.734580040 CET49754443192.168.2.4172.217.16.195
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.734781027 CET49754443192.168.2.4172.217.16.195
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.734797001 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.364263058 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.364542007 CET49754443192.168.2.4172.217.16.195
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.364572048 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.365634918 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.365699053 CET49754443192.168.2.4172.217.16.195
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.366034031 CET49754443192.168.2.4172.217.16.195
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.366097927 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.366188049 CET49754443192.168.2.4172.217.16.195
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.366200924 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.414165974 CET49754443192.168.2.4172.217.16.195
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.642821074 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.642865896 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.642916918 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.642944098 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.642961979 CET49754443192.168.2.4172.217.16.195
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.642977953 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.643001080 CET49754443192.168.2.4172.217.16.195
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.643397093 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.643449068 CET49754443192.168.2.4172.217.16.195
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.644511938 CET49754443192.168.2.4172.217.16.195
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:56.644524097 CET44349754172.217.16.195192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:04.151362896 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:04.151424885 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:04.151508093 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:05.245850086 CET49750443192.168.2.4142.250.185.100
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:05.245882034 CET44349750142.250.185.100192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:52.092747927 CET5268553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:52.097624063 CET53526851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:52.097698927 CET5268553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:52.102509975 CET53526851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:52.545474052 CET5268553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:52.550462008 CET53526851.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:52.550534964 CET5268553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.657135010 CET52697443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.657155037 CET44352697142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.657224894 CET52697443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.657540083 CET52697443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.657552004 CET44352697142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:54.285394907 CET44352697142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:54.285701036 CET52697443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:54.285722017 CET44352697142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:54.286030054 CET44352697142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:54.286338091 CET52697443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:54.286397934 CET44352697142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:54.335728884 CET52697443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:04.212845087 CET44352697142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:04.212887049 CET44352697142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:04.212953091 CET52697443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:05.243690968 CET52697443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:05.243711948 CET44352697142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:53.712177038 CET52903443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:53.712228060 CET44352903142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:53.712295055 CET52903443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:53.712534904 CET52903443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:53.712551117 CET44352903142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:54.355493069 CET44352903142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:54.355932951 CET52903443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:54.355959892 CET44352903142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:54.356250048 CET44352903142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:54.356559038 CET52903443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:54.356623888 CET44352903142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:54.398415089 CET52903443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:04.259054899 CET44352903142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:04.259110928 CET44352903142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:04.259277105 CET52903443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:05.244012117 CET52903443192.168.2.4142.250.185.228
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:05.244040966 CET44352903142.250.185.228192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:18.988385916 CET52906443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:18.988419056 CET44352906142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:18.988498926 CET52906443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:18.989545107 CET52906443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:18.989557981 CET44352906142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.618325949 CET44352906142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.618597031 CET52906443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.618608952 CET44352906142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.618900061 CET44352906142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.619155884 CET52906443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.619208097 CET44352906142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.619307041 CET52906443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.659339905 CET44352906142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.920464993 CET44352906142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.920768976 CET44352906142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.920917988 CET52906443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.921236992 CET52906443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.921252966 CET44352906142.250.186.99192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.921262026 CET52906443192.168.2.4142.250.186.99
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:19.921314955 CET52906443192.168.2.4142.250.186.99

                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.237276077 CET5756353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.237442970 CET4915253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.243746042 CET53569231.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.244690895 CET53575631.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.246323109 CET53491521.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.249320984 CET53524501.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.767122984 CET4998853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.767600060 CET6435253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.773909092 CET53499881.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.784822941 CET53559001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.842231035 CET6486353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.971808910 CET53643521.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.586426973 CET6127253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.586838961 CET5546853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.593152046 CET53612721.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.593425989 CET53554681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.724140882 CET6190853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.724286079 CET6122553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.731132030 CET53619081.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.734050989 CET53612251.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:06.655507088 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:09.573436022 CET53558831.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:28.426459074 CET53608791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:49.158051014 CET53542901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:50.770503998 CET53613241.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:52.092355013 CET53502351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.649481058 CET5122653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.649763107 CET5867053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.656059980 CET53512261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.656404018 CET53586701.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:13:20.533174992 CET53592671.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:05.994240046 CET53538941.1.1.1192.168.2.4
                                                                                                                                                                                                                                                          Jan 6, 2025 13:14:06.047091007 CET53520331.1.1.1192.168.2.4

                                                                                                                                                                                                                                                          ICMP Packets

                                                                                                                                                                                                                                                          TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.971884012 CET192.168.2.41.1.1.1c223(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.237276077 CET192.168.2.41.1.1.10x36bbStandard query (0)lnk.bioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.237442970 CET192.168.2.41.1.1.10x4eeStandard query (0)lnk.bio65IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.767122984 CET192.168.2.41.1.1.10xfbc9Standard query (0)www.google.com.etA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.767600060 CET192.168.2.41.1.1.10x8425Standard query (0)www.google.com.et65IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.842231035 CET192.168.2.41.1.1.10x32c0Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.586426973 CET192.168.2.41.1.1.10x4d6cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.586838961 CET192.168.2.41.1.1.10x2c5cStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.724140882 CET192.168.2.41.1.1.10x3e2aStandard query (0)www.google.com.etA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.724286079 CET192.168.2.41.1.1.10x7bf7Standard query (0)www.google.com.et65IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.649481058 CET192.168.2.41.1.1.10x20c1Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.649763107 CET192.168.2.41.1.1.10x3acbStandard query (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:50.244690895 CET1.1.1.1192.168.2.40x36bbNo error (0)lnk.bio100.22.0.215A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.773909092 CET1.1.1.1192.168.2.40xfbc9No error (0)www.google.com.et142.250.186.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:51.849726915 CET1.1.1.1192.168.2.40x32c0No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.536782980 CET1.1.1.1192.168.2.40xde6eNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:52.536782980 CET1.1.1.1192.168.2.40xde6eNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.593152046 CET1.1.1.1192.168.2.40x4d6cNo error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:53.593425989 CET1.1.1.1192.168.2.40x2c5cNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:11:55.731132030 CET1.1.1.1192.168.2.40x3e2aNo error (0)www.google.com.et172.217.16.195A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.656059980 CET1.1.1.1192.168.2.40x20c1No error (0)www.google.com142.250.185.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Jan 6, 2025 13:12:53.656404018 CET1.1.1.1192.168.2.40x3acbNo error (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                          • lnk.bio
                                                                                                                                                                                                                                                          • www.google.com.et
                                                                                                                                                                                                                                                          • https:

                                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          0192.168.2.449738100.22.0.2154437304C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-06 12:11:51 UTC1007OUTGET /go?d=https%3A%2F%2Fwww.google.com.et%2Furl%3Fq%3D%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D%26rct%3D%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D%26sa%3Dt%26url%3Damp%2Fs%2Fcanseguros.com.br%2Fplayground%2F999%2Findex&hash=fc90f23943ebebdf3c4a72e3e4413c1c&id=8943128&ext=-2119320&timezone=America%2FNew_York&type=1 HTTP/1.1
                                                                                                                                                                                                                                                          Host: lnk.bio
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                          Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                          Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          2025-01-06 12:11:51 UTC729INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                          Date: Mon, 06 Jan 2025 12:11:51 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                          Location: https://www.google.com.et/url?q={RANDOM_NUMBER10}_{RANDOM_NUMBER10}_{RANDOM_NUMBER10}&rct={RANDOM_NUMBER10}_{RANDOM_NUMBER10}_{RANDOM_NUMBER10}&sa=t&url=amp/s/canseguros.com.br/playground/999/index
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                                                          X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                          Cross-Origin-Embedder-Policy: unsafe-none
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups
                                                                                                                                                                                                                                                          Cross-Origin-Resource-Policy: same-site
                                                                                                                                                                                                                                                          2025-01-06 12:11:51 UTC217INData Raw: 63 65 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: ce 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          1192.168.2.449742142.250.186.994437304C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-06 12:11:52 UTC831OUTGET /url?q={RANDOM_NUMBER10}_{RANDOM_NUMBER10}_{RANDOM_NUMBER10}&rct={RANDOM_NUMBER10}_{RANDOM_NUMBER10}_{RANDOM_NUMBER10}&sa=t&url=amp/s/canseguros.com.br/playground/999/index HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com.et
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                          Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          2025-01-06 12:11:52 UTC1034INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                          Location: https://www.google.com.et/amp/s/canseguros.com.br/playground/999/index
                                                                                                                                                                                                                                                          Cache-Control: private
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-4yf4LirdZok5nN9HPb73gg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                          Date: Mon, 06 Jan 2025 12:11:52 GMT
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          Content-Length: 267
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          Set-Cookie: NID=520=aK_Aufj3AQ28i1rH0i5T-iDo9LuRU5Ax300cI82nFEh3UrK5I8wGMfWdcxzFHn-v-chyKO0KXLqY8k5AHBBm5-2RcYHSCGigtCO_Xn3sSKIz2VatCUZ-IuJT9CMAPL_DS59BaH3qoo0vT9eUdOL_0sgyPnLErSNDk0_ZJJ_oDcgq8c1HiHx-m8pMza6LVwCdY9_LBQ; expires=Tue, 08-Jul-2025 12:11:52 GMT; path=/; domain=.google.com.et; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-06 12:11:52 UTC267INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2e 65 74 2f 61 6d 70 2f 73 2f 63 61 6e 73 65 67 75 72 6f 73 2e 63 6f 6d 2e 62 72 2f 70 6c 61 79 67 72 6f 75 6e 64 2f 39 39 39 2f 69 6e 64 65 78 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f
                                                                                                                                                                                                                                                          Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com.et/amp/s/canseguros.com.br/playground/999/index">here</A>.</BO


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          2192.168.2.449748142.250.186.994437304C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-06 12:11:53 UTC920OUTGET /amp/s/canseguros.com.br/playground/999/index HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com.et
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                          Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          Cookie: NID=520=aK_Aufj3AQ28i1rH0i5T-iDo9LuRU5Ax300cI82nFEh3UrK5I8wGMfWdcxzFHn-v-chyKO0KXLqY8k5AHBBm5-2RcYHSCGigtCO_Xn3sSKIz2VatCUZ-IuJT9CMAPL_DS59BaH3qoo0vT9eUdOL_0sgyPnLErSNDk0_ZJJ_oDcgq8c1HiHx-m8pMza6LVwCdY9_LBQ
                                                                                                                                                                                                                                                          2025-01-06 12:11:53 UTC847INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                          Location: https://www.google.com.et/url?q=https://canseguros.com.br/playground/999/index
                                                                                                                                                                                                                                                          Cache-Control: private
                                                                                                                                                                                                                                                          X-Robots-Tag: noindex
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-X0niW0MjSpdJo0-T7sZ3tw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          Date: Mon, 06 Jan 2025 12:11:53 GMT
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          Content-Length: 275
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-06 12:11:53 UTC275INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2e 65 74 2f 75 72 6c 3f 71 3d 68 74 74 70 73 3a 2f 2f 63 61 6e 73 65 67 75 72 6f 73 2e 63 6f 6d 2e 62 72 2f 70 6c 61 79 67 72 6f 75 6e 64 2f 39 39 39 2f 69 6e 64 65 78 22 3e 68 65 72 65 3c 2f 41
                                                                                                                                                                                                                                                          Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com.et/url?q=https://canseguros.com.br/playground/999/index">here</A


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          3192.168.2.449751142.250.186.994437304C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-06 12:11:54 UTC928OUTGET /url?q=https://canseguros.com.br/playground/999/index HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com.et
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                          Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          Cookie: NID=520=aK_Aufj3AQ28i1rH0i5T-iDo9LuRU5Ax300cI82nFEh3UrK5I8wGMfWdcxzFHn-v-chyKO0KXLqY8k5AHBBm5-2RcYHSCGigtCO_Xn3sSKIz2VatCUZ-IuJT9CMAPL_DS59BaH3qoo0vT9eUdOL_0sgyPnLErSNDk0_ZJJ_oDcgq8c1HiHx-m8pMza6LVwCdY9_LBQ
                                                                                                                                                                                                                                                          2025-01-06 12:11:54 UTC1017INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Mon, 06 Jan 2025 12:11:54 GMT
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-SAkKfVIpjZHO1fmMuFdzNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          2025-01-06 12:11:54 UTC373INData Raw: 36 31 65 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 20 4e 6f 74 69 63 65 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 2c 64 69 76 2c 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 70 78 7d 64 69 76 7b 63 6f 6c 6f 72 3a 23 30 30 30 7d 61 3a 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 36 38 31 64 61 38
                                                                                                                                                                                                                                                          Data Ascii: 61e<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Redirect Notice</title><style>body,div,a{font-family:Roboto,Arial,sans-serif}body{background-color:#fff;margin-top:3px}div{color:#000}a:link{color:#681da8
                                                                                                                                                                                                                                                          2025-01-06 12:11:54 UTC1200INData Raw: 61 72 28 2d 2d 67 53 35 6a 58 62 29 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 38 66 39 66 61 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 65 6d 3b 77 69 64 74 68 3a 31 30 30 25 7d 64 69 76 2e 61 58 67 61 47 62 7b 70 61 64 64 69 6e 67 3a 30 2e 35 65 6d 20 30 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 70 78 7d 64 69 76 2e 66 54 6b 37 76 64 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 35 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 79 6d 47 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 58 67 61 47 62 22 3e 3c 66 6f 6e 74 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 22 3e 3c 62 3e 52 65 64 69 72 65 63 74 20 4e 6f 74 69 63 65
                                                                                                                                                                                                                                                          Data Ascii: ar(--gS5jXb);background:#f8f9fa;margin-top:1em;width:100%}div.aXgaGb{padding:0.5em 0;margin-left:10px}div.fTk7vd{margin-left:35px;margin-top:35px}</style></head><body><div class="mymGo"><div class="aXgaGb"><font style="font-size:larger"><b>Redirect Notice
                                                                                                                                                                                                                                                          2025-01-06 12:11:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          4192.168.2.449752142.250.186.994437304C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-06 12:11:55 UTC1324OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com.et
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          sec-ch-ua-arch: "x86"
                                                                                                                                                                                                                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                                                                                                                                                                                                                          sec-ch-ua-platform-version: "10.0.0"
                                                                                                                                                                                                                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                                                                                                                                                                                                                          sec-ch-ua-bitness: "64"
                                                                                                                                                                                                                                                          sec-ch-ua-model: ""
                                                                                                                                                                                                                                                          sec-ch-prefers-color-scheme: light
                                                                                                                                                                                                                                                          sec-ch-ua-wow64: ?0
                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                          Referer: https://www.google.com.et/url?q=https://canseguros.com.br/playground/999/index
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          Cookie: NID=520=aK_Aufj3AQ28i1rH0i5T-iDo9LuRU5Ax300cI82nFEh3UrK5I8wGMfWdcxzFHn-v-chyKO0KXLqY8k5AHBBm5-2RcYHSCGigtCO_Xn3sSKIz2VatCUZ-IuJT9CMAPL_DS59BaH3qoo0vT9eUdOL_0sgyPnLErSNDk0_ZJJ_oDcgq8c1HiHx-m8pMza6LVwCdY9_LBQ
                                                                                                                                                                                                                                                          2025-01-06 12:11:55 UTC694INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Content-Type: image/x-icon
                                                                                                                                                                                                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                                                                                                                                                                                                          Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                                                                                                                                                                                                          Content-Length: 5430
                                                                                                                                                                                                                                                          Date: Mon, 06 Jan 2025 12:11:55 GMT
                                                                                                                                                                                                                                                          Expires: Tue, 14 Jan 2025 12:11:55 GMT
                                                                                                                                                                                                                                                          Cache-Control: public, max-age=691200
                                                                                                                                                                                                                                                          Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          Server: sffe
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-06 12:11:55 UTC696INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                                                                                                                                                                                                          Data Ascii: h& ( 0.v]X:X:rY
                                                                                                                                                                                                                                                          2025-01-06 12:11:55 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb ff 3a 47 ea ff 5a 66 ee ff a2
                                                                                                                                                                                                                                                          Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J:GZf
                                                                                                                                                                                                                                                          2025-01-06 12:11:55 UTC1390INData Raw: fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc d8 c3 ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                          Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                                                                                                                                                                                                          2025-01-06 12:11:55 UTC1390INData Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                          Data Ascii: BBBBF!4I
                                                                                                                                                                                                                                                          2025-01-06 12:11:55 UTC564INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                          Data Ascii: $'


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          5192.168.2.449754172.217.16.1954437304C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-06 12:11:56 UTC665OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com.et
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          Cookie: NID=520=aK_Aufj3AQ28i1rH0i5T-iDo9LuRU5Ax300cI82nFEh3UrK5I8wGMfWdcxzFHn-v-chyKO0KXLqY8k5AHBBm5-2RcYHSCGigtCO_Xn3sSKIz2VatCUZ-IuJT9CMAPL_DS59BaH3qoo0vT9eUdOL_0sgyPnLErSNDk0_ZJJ_oDcgq8c1HiHx-m8pMza6LVwCdY9_LBQ
                                                                                                                                                                                                                                                          2025-01-06 12:11:56 UTC694INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Content-Type: image/x-icon
                                                                                                                                                                                                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                                                                                                                                                                                                          Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                                                                                                                                                                                                          Content-Length: 5430
                                                                                                                                                                                                                                                          Date: Mon, 06 Jan 2025 12:11:56 GMT
                                                                                                                                                                                                                                                          Expires: Tue, 14 Jan 2025 12:11:56 GMT
                                                                                                                                                                                                                                                          Cache-Control: public, max-age=691200
                                                                                                                                                                                                                                                          Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          Server: sffe
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          2025-01-06 12:11:56 UTC696INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                                                                                                                                                                                                          Data Ascii: h& ( 0.v]X:X:rY
                                                                                                                                                                                                                                                          2025-01-06 12:11:56 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb ff 3a 47 ea ff 5a 66 ee ff a2
                                                                                                                                                                                                                                                          Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J:GZf
                                                                                                                                                                                                                                                          2025-01-06 12:11:56 UTC1390INData Raw: fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc d8 c3 ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                          Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                                                                                                                                                                                                          2025-01-06 12:11:56 UTC1390INData Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                          Data Ascii: BBBBF!4I
                                                                                                                                                                                                                                                          2025-01-06 12:11:56 UTC564INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                                                          Data Ascii: $'


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          6192.168.2.452906142.250.186.994437304C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2025-01-06 12:14:19 UTC1364OUTGET /url?sa=T&url=&oi=unauthorizedredirect&ct=originlink HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com.et
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                          sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          sec-ch-ua-arch: "x86"
                                                                                                                                                                                                                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                                                                                                                                                                                                                          sec-ch-ua-platform-version: "10.0.0"
                                                                                                                                                                                                                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                                                                                                                                                                                                                          sec-ch-ua-bitness: "64"
                                                                                                                                                                                                                                                          sec-ch-ua-model: ""
                                                                                                                                                                                                                                                          sec-ch-prefers-color-scheme: light
                                                                                                                                                                                                                                                          sec-ch-ua-wow64: ?0
                                                                                                                                                                                                                                                          sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                          Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                          Referer: https://www.google.com.et/url?q=https://canseguros.com.br/playground/999/index
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          Cookie: NID=520=aK_Aufj3AQ28i1rH0i5T-iDo9LuRU5Ax300cI82nFEh3UrK5I8wGMfWdcxzFHn-v-chyKO0KXLqY8k5AHBBm5-2RcYHSCGigtCO_Xn3sSKIz2VatCUZ-IuJT9CMAPL_DS59BaH3qoo0vT9eUdOL_0sgyPnLErSNDk0_ZJJ_oDcgq8c1HiHx-m8pMza6LVwCdY9_LBQ
                                                                                                                                                                                                                                                          2025-01-06 12:14:19 UTC639INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                          Date: Mon, 06 Jan 2025 12:14:19 GMT
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-TZc6CNu8tbctNZK-Hbputg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Connection: close


                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                          Start time:07:11:42
                                                                                                                                                                                                                                                          Start date:06/01/2025
                                                                                                                                                                                                                                                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\#Employee-Letter.pdf"
                                                                                                                                                                                                                                                          Imagebase:0x7ff6bc1b0000
                                                                                                                                                                                                                                                          File size:5'641'176 bytes
                                                                                                                                                                                                                                                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                                          Start time:07:11:43
                                                                                                                                                                                                                                                          Start date:06/01/2025
                                                                                                                                                                                                                                                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                                                                                                                                                                                                          Imagebase:0x7ff74bb60000
                                                                                                                                                                                                                                                          File size:3'581'912 bytes
                                                                                                                                                                                                                                                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                          Start time:07:11:43
                                                                                                                                                                                                                                                          Start date:06/01/2025
                                                                                                                                                                                                                                                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1652,i,7011366841695752933,3711778577316867285,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                                                                                                                                                                                          Imagebase:0x7ff74bb60000
                                                                                                                                                                                                                                                          File size:3'581'912 bytes
                                                                                                                                                                                                                                                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                          Start time:07:11:46
                                                                                                                                                                                                                                                          Start date:06/01/2025
                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://lnk.bio/go?d=https%3A%2F%2Fwww.google.com.et%2Furl%3Fq%3D%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D%26rct%3D%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D_%7BRANDOM_NUMBER10%7D%26sa%3Dt%26url%3Damp%2Fs%2Fcanseguros.com.br%2Fplayground%2F999%2Findex&hash=fc90f23943ebebdf3c4a72e3e4413c1c&id=8943128&ext=-2119320&timezone=America%2FNew_York&type=1#c3Zhc3F1ZXpAd2VzLm9yZw==
                                                                                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                          Start time:07:11:48
                                                                                                                                                                                                                                                          Start date:06/01/2025
                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=2536,i,18129073867454263915,16286679423052581061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                          No disassembly