Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Magicleap-bonus disbursment.pdf

Overview

General Information

Sample name:Magicleap-bonus disbursment.pdf
Analysis ID:1586098
MD5:49cb857e6649a11af5b802ceb8ad6edb
SHA1:63b071d9fbad45a2cf947f2e08e6eb96aa7c6c3e
SHA256:1d97e2e2c0a18d9d8c0a7443a9f865fb84dc6c6320393a942640a50844b4cf2e
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
AI detected landing page (webpage, office document or email)
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
IP address seen in connection with other malware
Internet Provider seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7656 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Magicleap-bonus disbursment.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7904 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 8092 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1564,i,8862215800978117416,16348351130941415892,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 5360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://advitya-heights.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9Ya3piRFU9JnVpZD1VU0VSMDYwMTIwMjVVMjUwMTA2NTA=N0123N#jmillermcgrath@magicleap.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 8428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1836,i,4765830214496362550,14973404584205648395,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-08T17:59:47.979120+010020573331Successful Credential Theft Detected192.168.2.749724188.114.97.3443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentJoe Sandbox AI: PDF document contains QR code
Source: https://google.com/404/#jmillermcgrath@magicleap.comHTTP Parser: No favicon

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2057333 - Severity 1 - ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08 : 192.168.2.7:49724 -> 188.114.97.3:443
Source: global trafficTCP traffic: 192.168.2.7:49979 -> 1.1.1.1:53
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: advitya-heights.com to https://google.com/404/
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownUDP traffic detected without corresponding DNS query: 104.40.149.189
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9Ya3piRFU9JnVpZD1VU0VSMDYwMTIwMjVVMjUwMTA2NTA=N0123N HTTP/1.1Host: advitya-heights.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /404/ HTTP/1.1Host: google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: advitya-heights.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1565Date: Wed, 08 Jan 2025 16:59:49 GMTAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.3.drString found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.1.drString found in binary or memory: https://www.adobe.co
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: classification engineClassification label: mal52.winPDF@29/57@9/9
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-08 11-59-43-506.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Magicleap-bonus disbursment.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1564,i,8862215800978117416,16348351130941415892,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://advitya-heights.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9Ya3piRFU9JnVpZD1VU0VSMDYwMTIwMjVVMjUwMTA2NTA=N0123N#jmillermcgrath@magicleap.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1836,i,4765830214496362550,14973404584205648395,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1564,i,8862215800978117416,16348351130941415892,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1836,i,4765830214496362550,14973404584205648395,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Magicleap-bonus disbursment.pdfInitial sample: PDF keyword /JS count = 0
Source: Magicleap-bonus disbursment.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A91wt86ey_10ihb8y_5yg.tmp.1.drInitial sample: PDF keyword /JS count = 0
Source: A91wt86ey_10ihb8y_5yg.tmp.1.drInitial sample: PDF keyword /JavaScript count = 0
Source: Magicleap-bonus disbursment.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://advitya-heights.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9Ya3piRFU9JnVpZD1VU0VSMDYwMTIwMjVVMjUwMTA2NTA=N0123N0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    google.com
    		172.217.23.110
    		truefalse
      		high
      advitya-heights.com
      		188.114.97.3
      		truetrue
        		unknown
        www.google.com
        		142.250.184.228
        		truefalse
          		high
          x1.i.lencr.org
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://www.google.com/images/errors/robot.pngfalse
              		high
              https://google.com/404/false
                		high
                https://google.com/404/#jmillermcgrath@magicleap.comfalse
                  		high
                  https://advitya-heights.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9Ya3piRFU9JnVpZD1VU0VSMDYwMTIwMjVVMjUwMTA2NTA=N0123Ntrue
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.pngfalse
                    		high
                    https://google.com/favicon.icofalse
                      		high
                      https://www.google.com/favicon.icofalse
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.3.drfalse
                          		high
                          https://www.adobe.coReaderMessages.1.drfalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            172.217.23.110
                            		google.comUnited States
                            		15169GOOGLEUSfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            188.114.97.3
                            		advitya-heights.comEuropean Union
                            		13335CLOUDFLARENETUStrue
                            142.250.185.196
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            142.250.184.228
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse

                            Private

                            IP
                            192.168.2.17
                            192.168.2.7
                            192.168.2.13
                            192.168.2.23

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1586098
                            Start date and time:2025-01-08 17:58:36 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 5m 21s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowspdfcookbook.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:17
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:Magicleap-bonus disbursment.pdf
                            Detection:MAL
                            Classification:mal52.winPDF@29/57@9/9
                            EGA Information:Failed
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 0
                            • Number of non-executed functions: 0
                            Cookbook Comments:
                            • Found application associated with file extension: .pdf
                            • Found PDF document
                            • Close Viewer

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 23.56.252.213, 142.250.186.131, 142.250.185.174, 108.177.15.84, 52.22.41.97, 52.6.155.20, 3.219.243.226, 3.233.129.217, 172.64.41.3, 162.159.61.3, 142.250.186.174, 142.250.184.206, 23.209.209.135, 199.232.210.172, 142.250.185.238, 2.16.168.107, 2.16.168.105, 142.250.184.238, 172.217.18.14, 142.251.40.174, 74.125.0.102, 142.250.185.99, 216.58.206.78, 13.107.246.45, 23.56.254.164, 23.217.172.185, 20.109.210.53
                            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, time.windows.com, acroipm2.adobe.com, clients2.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, r1---sn-t0aekn7e.gvt1.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, clients1.google.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, r1.sn-t0aekn7e.gvt1.com, clients.l.google.com, geo2.adobe.com
                            • Not all processes where analyzed, report is missing behavior information
                            • VT rate limit hit for: Magicleap-bonus disbursment.pdf

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            11:59:48API Interceptor2x Sleep call for process: AcroCEF.exe modified

                            QR Codes

                            SourceURL
                            Screenshothttps://advitya-heights.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9Ya3piRFU9JnVpZD1VU0VSMDYwMTIwMjVVMjUwMTA2NTA=N0123N#jmillermcgrath@magicleap.com

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            239.255.255.250Play_VM-NowAccountingAudiowav011.htmlGet hashmaliciousUnknownBrowse
                              https://AAYUSHRELOCATEPACKERSANDMOVERS.COMGet hashmaliciousUnknownBrowse
                                phish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
                                  https://vq6btbhdpo.nutignaera.shop/?email=YWxlamFuZHJvLmdhcnJpZG9Ac2VhYm9hcmRtYXJpbmUuY29tGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                    https://tintin.klipdesak.shop/rinko.pngGet hashmaliciousUnknownBrowse
                                      https://my.remarkable.com/Get hashmaliciousUnknownBrowse
                                        eqRHH2whJu.exeGet hashmaliciousUnknownBrowse
                                          https://www.google.at/url?sa==60Pms7JnShWaY3TYp1tJfM6oLKC&rct=0GbqKUbKEUOA0yP6gBhAVbg0AlI6i1vFvwuOapuWmP7TbqjETP71sUvBq6eZihhNTt&sa=t&url=amp/growingf8th.org/t2dolalrwe/yNRMR4AUS6ZyXKIlbmuYFZ8PYol/cGF0ZS5yb3dlbGxAY2hlcm9rZWVicmljay5jb20=Get hashmaliciousUnknownBrowse
                                            https://u18282959.ct.sendgrid.net/ls/click?upn=u001.rEMfFlpAoJgeimh0eSdetqZJOaDEFgZEM86yJv-2FFqn4BDVcYSBJ7qe3MiIpMf7EHr39f_olH575WPuDKQ6-2BlwfkTb3bEPQyZlspfhjzLUkESeUKdz-2BSLVmhS-2BiNhtE4sjBDlEtszfbsE5c6igxavK3muY3tYeP6QkmX-2BJi-2BaLU6j8Wsp6hQUS9QOYhOuxeiGpmu9xPXTXniG-2FhK47xPzbY2a7dAVr4WH1EaPd9qfgngR-2BS0-2BE0l9vGYKsxljCm-2F3LXvjLQIge-2FSmK3YEyKDG8HCxUjDZIuKEbjKZRrfVUUqiw37aYZrphVQ5WvB0QOlR-2Be2shKtaVihd3RfTtBEd0NyHk9A-3D-3DGet hashmaliciousUnknownBrowse
                                              XL-1-6-25-(EXCEL LATEST 2025).htmlGet hashmaliciousHTMLPhisherBrowse
                                                188.114.97.3KSts9xW7qy.exeGet hashmaliciousFormBookBrowse
                                                • www.beylikduzu616161.xyz/2nga/?xP7x=Q2EbwnYhq4vEVEYxQpNjsu4gFlGHCs4lBliPtc8X0AIyDwowOCFGn/661E09vvaaF3LvgpjgW8Wvr6GWd63ULodNNE679jqiZ5mYQ2jjCrjO82Z0/3agI7E=&F4=Q0yHy
                                                GTA5-elamigos.exeGet hashmaliciousEsquele StealerBrowse
                                                • /api/get/dll
                                                DHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                                • www.uzshou.world/ricr/
                                                Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                • www.cifasnc.info/8rr3/
                                                Gg6wivFINd.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                • unasnetds.ru/eternalPython_RequestUpdateprocessAuthSqlTrafficTemporary.php
                                                Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                • www.cifasnc.info/8rr3/
                                                dGhlYXB0Z3JvdXA=-free.exeGet hashmaliciousUnknownBrowse
                                                • /api/get/free
                                                dGhlYXB0Z3JvdXA=-free.exeGet hashmaliciousUnknownBrowse
                                                • /api/get/free
                                                RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                • www.rgenerousrs.store/o362/
                                                A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                • www.beylikduzu616161.xyz/2nga/

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                bg.microsoft.map.fastly.neteqRHH2whJu.exeGet hashmaliciousUnknownBrowse
                                                • 199.232.210.172
                                                Selvi Payroll Benefits & Bonus Agreementfdp.pdfGet hashmaliciousUnknownBrowse
                                                • 199.232.214.172
                                                atomxml.ps1Get hashmaliciousPureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                • 199.232.210.172
                                                proforma invoice pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                • 199.232.214.172
                                                Payment-Order #24560274 for 8,380 USD.exeGet hashmaliciousXWormBrowse
                                                • 199.232.214.172
                                                PEDIDO DE COMPRAS OC 1203 CRI234.xlsx.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                • 199.232.210.172
                                                invoice-1623385214.pdf.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                • 199.232.214.172
                                                PO#3311-20250108003.xlsGet hashmaliciousUnknownBrowse
                                                • 199.232.210.172
                                                PO#3311-20250108003.xlsGet hashmaliciousUnknownBrowse
                                                • 199.232.214.172
                                                e-SPT Masa PPh.exeGet hashmaliciousBlackMoonBrowse
                                                • 199.232.210.172

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                CLOUDFLARENETUSQuote for new order 2025.exeGet hashmaliciousUnknownBrowse
                                                • 162.159.36.2
                                                wxl1r0lntg.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                • 104.21.112.1
                                                Play_VM-NowAccountingAudiowav011.htmlGet hashmaliciousUnknownBrowse
                                                • 104.17.25.14
                                                https://vq6btbhdpo.nutignaera.shop/?email=YWxlamFuZHJvLmdhcnJpZG9Ac2VhYm9hcmRtYXJpbmUuY29tGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                • 104.26.12.205
                                                EZZGTmJj4O.exeGet hashmaliciousAgentTeslaBrowse
                                                • 104.26.13.205
                                                BgroUcYHpy.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.96.3
                                                https://tintin.klipdesak.shop/rinko.pngGet hashmaliciousUnknownBrowse
                                                • 104.21.112.1
                                                https://my.remarkable.com/Get hashmaliciousUnknownBrowse
                                                • 104.19.153.19
                                                pbCN4g6sN5.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                • 188.114.97.3
                                                HVSU7GbA5N.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 188.114.97.3

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):300
                                                Entropy (8bit):5.198565217253667
                                                Encrypted:false
                                                SSDEEP:6:iOcRBVq2PcNwi2nKuAl9OmbnIFUtCreRSgZmwQX0IkwOcNwi2nKuAl9OmbjLJ:7EBVvLZHAahFUtog/XI54ZHAaSJ
                                                MD5:278BF1C6190BA0A136D903D477B37EBB
                                                SHA1:264FD766E80346AEBD108250E8F792CC3CBA7613
                                                SHA-256:78630E0BC86ACF5B0A55BFBB0DFCD12069D607AE073F9E28C8105D219467E4A9
                                                SHA-512:FA0215B0AD62FCA3D47DD17B941D06C229BC8B4A6BB228EA3AC538293A3BE09ED039C54DC4BAC94982D45F527F5624635968EDF539C1C33BF4DBB488BF89D1A8
                                                Malicious:false
                                                Reputation:low
                                                Preview:2025/01/08-11:59:40.550 1f04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/08-11:59:40.552 1f04 Recovering log #3.2025/01/08-11:59:40.553 1f04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):300
                                                Entropy (8bit):5.198565217253667
                                                Encrypted:false
                                                SSDEEP:6:iOcRBVq2PcNwi2nKuAl9OmbnIFUtCreRSgZmwQX0IkwOcNwi2nKuAl9OmbjLJ:7EBVvLZHAahFUtog/XI54ZHAaSJ
                                                MD5:278BF1C6190BA0A136D903D477B37EBB
                                                SHA1:264FD766E80346AEBD108250E8F792CC3CBA7613
                                                SHA-256:78630E0BC86ACF5B0A55BFBB0DFCD12069D607AE073F9E28C8105D219467E4A9
                                                SHA-512:FA0215B0AD62FCA3D47DD17B941D06C229BC8B4A6BB228EA3AC538293A3BE09ED039C54DC4BAC94982D45F527F5624635968EDF539C1C33BF4DBB488BF89D1A8
                                                Malicious:false
                                                Reputation:low
                                                Preview:2025/01/08-11:59:40.550 1f04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/08-11:59:40.552 1f04 Recovering log #3.2025/01/08-11:59:40.553 1f04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):344
                                                Entropy (8bit):5.216599566628677
                                                Encrypted:false
                                                SSDEEP:6:iOc+Uw+q2PcNwi2nKuAl9Ombzo2jMGIFUtCVASZZmwQU3VkwOcNwi2nKuAl9OmbX:7fUw+vLZHAa8uFUto5Z/F3V54ZHAa8RJ
                                                MD5:47D6F70E09B46DE2B3A8A37C4B9C8257
                                                SHA1:82F42D464E73EF8A7C4F07F074C0BAAFC354C32D
                                                SHA-256:10BB0ADA6E010D4A233D5CE2FFA053951F508566B05C810B7374F3C6BAAEDF5E
                                                SHA-512:134D2B38186B9751B185E7BB6BC953AEDDC380EB0329F0677CCCCD8F48C94BA2B6D9618AC1C761574CC42C6B8FBD63076CE2CF957E69C9C5394C2E414CBD58D7
                                                Malicious:false
                                                Reputation:low
                                                Preview:2025/01/08-11:59:40.748 1fdc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/08-11:59:40.750 1fdc Recovering log #3.2025/01/08-11:59:40.753 1fdc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):344
                                                Entropy (8bit):5.216599566628677
                                                Encrypted:false
                                                SSDEEP:6:iOc+Uw+q2PcNwi2nKuAl9Ombzo2jMGIFUtCVASZZmwQU3VkwOcNwi2nKuAl9OmbX:7fUw+vLZHAa8uFUto5Z/F3V54ZHAa8RJ
                                                MD5:47D6F70E09B46DE2B3A8A37C4B9C8257
                                                SHA1:82F42D464E73EF8A7C4F07F074C0BAAFC354C32D
                                                SHA-256:10BB0ADA6E010D4A233D5CE2FFA053951F508566B05C810B7374F3C6BAAEDF5E
                                                SHA-512:134D2B38186B9751B185E7BB6BC953AEDDC380EB0329F0677CCCCD8F48C94BA2B6D9618AC1C761574CC42C6B8FBD63076CE2CF957E69C9C5394C2E414CBD58D7
                                                Malicious:false
                                                Reputation:low
                                                Preview:2025/01/08-11:59:40.748 1fdc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/08-11:59:40.750 1fdc Recovering log #3.2025/01/08-11:59:40.753 1fdc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\37eef3ab-c61c-4238-bece-dd59831811ba.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:modified
                                                Size (bytes):475
                                                Entropy (8bit):4.972959667572527
                                                Encrypted:false
                                                SSDEEP:12:YH/um3RA8sqWg+OxsBdOg2HJ+Zcaq3QYiubSpDyP7E4TX:Y2sRdsZgBidMHB3QYhbSpDa7n7
                                                MD5:C9C24A2442273ED845B5218200456987
                                                SHA1:CF17DF58A576AFD5DF0AB514816927C68D9C877F
                                                SHA-256:C39F62D662CBA8ED31C823C93F064217F179130197820925D7092C969CAA9DB9
                                                SHA-512:17C9080C52E752791709450971767A40ACA9F77F322E0823D4FB0B2D1402C0DC986ED13B90C77B3ADDE885E48501512CC232DC46489E7EFC59D9DD415D74C84B
                                                Malicious:false
                                                Reputation:low
                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380915592378308","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":401272},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):475
                                                Entropy (8bit):4.972959667572527
                                                Encrypted:false
                                                SSDEEP:12:YH/um3RA8sqWg+OxsBdOg2HJ+Zcaq3QYiubSpDyP7E4TX:Y2sRdsZgBidMHB3QYhbSpDa7n7
                                                MD5:C9C24A2442273ED845B5218200456987
                                                SHA1:CF17DF58A576AFD5DF0AB514816927C68D9C877F
                                                SHA-256:C39F62D662CBA8ED31C823C93F064217F179130197820925D7092C969CAA9DB9
                                                SHA-512:17C9080C52E752791709450971767A40ACA9F77F322E0823D4FB0B2D1402C0DC986ED13B90C77B3ADDE885E48501512CC232DC46489E7EFC59D9DD415D74C84B
                                                Malicious:false
                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380915592378308","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":401272},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):4509
                                                Entropy (8bit):5.232187290520525
                                                Encrypted:false
                                                SSDEEP:96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPSZmmLcZQZ:CwNw1GHqPySfkcigoO3h28ytPSZmmYZK
                                                MD5:9D819DCA3FB922F9F41E0EFCF728BE20
                                                SHA1:C25F33E3196552B57FDD3B68D8B5239B5D52DFE0
                                                SHA-256:340D7DF120305496EF4269E751C2E7C4C0D56D200E67E3FBA7902B85C7C167DB
                                                SHA-512:C79533C73E16E9DB69C1ED1D207E3B2B8AD6EF2BBA2BDD2B29D1C5917F68CC259633ABC5DE2351A8DF0790A35768A996E26F0A1AE7C495B9CDBC1C27D32AD1F2
                                                Malicious:false
                                                Preview:*...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3*.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):332
                                                Entropy (8bit):5.219148009432556
                                                Encrypted:false
                                                SSDEEP:6:iOfN+q2PcNwi2nKuAl9OmbzNMxIFUtJXZmwb3VkwOcNwi2nKuAl9OmbzNMFLJ:7l+vLZHAa8jFUtF/bV54ZHAa84J
                                                MD5:6B79035A1C68D5C4A6E4DC14835AC0DA
                                                SHA1:10954545BB7BC8B319172411C6AA17A58E539DEC
                                                SHA-256:F0CD6B9BB3AAECE105C3D9B7CA8F8D90897BE87194EACA55479FDA20A159C7B5
                                                SHA-512:6E3C528E2D1D9B8D13DDFAFECF69FB1D1E9D520398D695528C8589EB8A2B2211FD8051C22D4820186BE63436FE187F7621E120F84A6F3258E61113ABA1D9920C
                                                Malicious:false
                                                Preview:2025/01/08-11:59:41.077 1fdc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/08-11:59:41.079 1fdc Recovering log #3.2025/01/08-11:59:41.079 1fdc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):332
                                                Entropy (8bit):5.219148009432556
                                                Encrypted:false
                                                SSDEEP:6:iOfN+q2PcNwi2nKuAl9OmbzNMxIFUtJXZmwb3VkwOcNwi2nKuAl9OmbzNMFLJ:7l+vLZHAa8jFUtF/bV54ZHAa84J
                                                MD5:6B79035A1C68D5C4A6E4DC14835AC0DA
                                                SHA1:10954545BB7BC8B319172411C6AA17A58E539DEC
                                                SHA-256:F0CD6B9BB3AAECE105C3D9B7CA8F8D90897BE87194EACA55479FDA20A159C7B5
                                                SHA-512:6E3C528E2D1D9B8D13DDFAFECF69FB1D1E9D520398D695528C8589EB8A2B2211FD8051C22D4820186BE63436FE187F7621E120F84A6F3258E61113ABA1D9920C
                                                Malicious:false
                                                Preview:2025/01/08-11:59:41.077 1fdc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/08-11:59:41.079 1fdc Recovering log #3.2025/01/08-11:59:41.079 1fdc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250108165946Z-206.bmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                Category:dropped
                                                Size (bytes):65110
                                                Entropy (8bit):1.4509397446412802
                                                Encrypted:false
                                                SSDEEP:192:9p0e6e9ceDx9tt1aPQIK0e9wtVZcc1jxGSixG1DbDfo2tS:/0e7ueHtt1aPS0xVZcc1NGdxGRpS
                                                MD5:DFEFA0EF92A1DDE335855E97A57DC533
                                                SHA1:685BFC7576AA49C69CBFCF4BDC9D77ECFB396596
                                                SHA-256:C6FBD04C05D8E2E4439177EA3DFB77E37A5D5B1A0EEF160D1C6B960D1496A8AC
                                                SHA-512:E56DB9ED318066D49DF6E09FBBC2548CB5CFD22B81F5968217EEA5B43DB659E374115E53FB8854EF851B4220A0BC05A97F6F35AF562C4E9856CA635D6753A392
                                                Malicious:false
                                                Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                Category:dropped
                                                Size (bytes):86016
                                                Entropy (8bit):4.438932738547394
                                                Encrypted:false
                                                SSDEEP:384:yeaci5GWiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1eurVgazUpUTTGt
                                                MD5:A55A2ED0FE45992B39401BB12BA88E5A
                                                SHA1:589EF669711A5D903323F2380299739BDC476458
                                                SHA-256:20B90DCAB954814F9479E53ACA1DF58D193FCA5772DC5559D1CAF5B013367E35
                                                SHA-512:B766836116040790E5586853A37930B5DAD002932E0ECC080CDD008C5079883AF29CE23D92426CC251D26536F99A123420674919EBEBC962DC1AF21939047643
                                                Malicious:false
                                                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite Rollback Journal
                                                Category:dropped
                                                Size (bytes):8720
                                                Entropy (8bit):3.7739137195718837
                                                Encrypted:false
                                                SSDEEP:48:7Mop/E2ioyViioy3DoWoy1CABoy1eKOioy1noy1AYoy1Wioy1hioybioyYoy1noC:7fpjui0iAyXKQNWb9IVXEBodRBke
                                                MD5:B2315721D6A47FB2B27C1C9F7676202B
                                                SHA1:9A8094BD286577882AE3FEEB6F1868CAA9D04134
                                                SHA-256:A634C2BA8C3C1031072DD4692FB89C9A8646DAE1B9D3461986620D56794599B4
                                                SHA-512:D28ADA19BC0C64D16C3BD071B5F4C37CDBC2EB8D4F0F4CF779DCB653B582FF70C4E6FEFA9A0EC16A4352035C8DBDD719D38E80D8975964C754BD548B69B34137
                                                Malicious:false
                                                Preview:.... .c.....1.,................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:Certificate, Version=3
                                                Category:dropped
                                                Size (bytes):1391
                                                Entropy (8bit):7.705940075877404
                                                Encrypted:false
                                                SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                Malicious:false
                                                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                Category:dropped
                                                Size (bytes):71954
                                                Entropy (8bit):7.996617769952133
                                                Encrypted:true
                                                SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                Malicious:false
                                                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):192
                                                Entropy (8bit):2.746484906506307
                                                Encrypted:false
                                                SSDEEP:3:kkFklPEE+EvfllXlE/HT8knFZNNX8RolJuRdxLlGB9lQRYwpDdt:kKGQT8uJNMa8RdWBwRd
                                                MD5:B6712D2A93E27CB08098872B847F96EB
                                                SHA1:EDFFA89E4DE0E1E29A583D6400F245EE16ED10AB
                                                SHA-256:1D4FB69CECE39578AEBF09E814225643CD370E358B52926040B98DF0C349051E
                                                SHA-512:BB60EB19C4C4CC77F0162D1C9CFE37A67AA0A0C57A8B2B146D072960A8455044B605C01B7C78FE99FF5F93A6D8523A2C143FF154F136AFEDD534CF5B9B910AD8
                                                Malicious:false
                                                Preview:p...... .............a..(....................................................... ..........W.....b..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:data
                                                Category:modified
                                                Size (bytes):328
                                                Entropy (8bit):3.2279913885557896
                                                Encrypted:false
                                                SSDEEP:6:kK5wpF9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:RYsDImsLNkPlE99SNxAhUe/3
                                                MD5:3D1927FB8245FFEBDE3086475FDE5037
                                                SHA1:ED56778A63E1CEFBD780B153EFBE02F8860AC788
                                                SHA-256:F30EB64AD1D927F019793D5FD4C72613E94B668F4548E5EEDCC85DF8262EEEDB
                                                SHA-512:65858DA15515A7696495266F82B0BA255650D903DEA3345E3DEC384B55A988D2C2965D65167A768720BFAA28EF950B7ADF9AC570E4940BC7A98A27776FF75C7E
                                                Malicious:false
                                                Preview:p...... ........8....a..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):295
                                                Entropy (8bit):5.397883125374068
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJM3g98kUwPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5GMbLUkee9
                                                MD5:0AB62A5B04CDE0477C9CF11FCD54EE78
                                                SHA1:95B801C43ACB50B3614072BC6913F53AD65576B9
                                                SHA-256:388112E441E89B274B968297B8FD5DD2EC0098581E7F78729E01723A563BBC87
                                                SHA-512:42E7F06C5FBDD03CC5AC16FD0E9D8EDCA1D23AC27756373787B80A3FF7F944F625E8CA29E58E4E4F5236ACC58D7E23EF0E71C8E757E6999201EBBBDC1C650DAC
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):294
                                                Entropy (8bit):5.33692505678179
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJfBoTfXpnrPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5GWTfXcUkee9
                                                MD5:5DA8355D895FC9CE89FBF3E4BDCFF812
                                                SHA1:D94A114E3320F033B5BFC720BF60A9DEF82F6F02
                                                SHA-256:DC6A4F989C5E17A1CC4F2D796AEC999AFCFAA2B75CCF765980E9B6A216E0CBB5
                                                SHA-512:5EE2EECE2C976616F993616F438B581197F75B99B51257FDE8F9CC8B7CA038BDBE453C3B103AAC5F0984E6136417AD79A187067FB81DD6814B56B1605360D10D
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):294
                                                Entropy (8bit):5.315815909392547
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJfBD2G6UpnrPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5GR22cUkee9
                                                MD5:ED7EB03266D826EAA8C148AD7AF5A7BA
                                                SHA1:DEF5C4D194B92250D28AA9CF700395E0604A5AD5
                                                SHA-256:127FA91152180DCC53BDA21017CE79659FB38194C2A279C94DB7DAFC815B05FE
                                                SHA-512:CA7CA77714A7FA6519907D9C5924DF9B685F0179DAC64B848B62738FBBB1FF02C9214CDD2FE55A1980FE27EC5A2ADC22503E9DE7191E5DA21373B415720B490B
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):285
                                                Entropy (8bit):5.38597264744316
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJfPmwrPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5GH56Ukee9
                                                MD5:AB984C5A0B122DBA4CD9C6B923DF86EA
                                                SHA1:87BF12FFD47BD04E4CB2A513066D02B9F9E30CB8
                                                SHA-256:E8C1CD47DF35CB4B8D0E8C128EB7CAEFE96D5B772FDC63C708AB31BF4749323C
                                                SHA-512:26D83BF699963850D356BA3ABB20BF91D3716D71F7459FA50B5FA9B7106CA7B5C1ED505AFF77C7AB1E7F42725DA860497BF08AD6AB253BACE194BA3F366FB833
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):1123
                                                Entropy (8bit):5.687351051979164
                                                Encrypted:false
                                                SSDEEP:24:Yv6Xd7jUmeO2epLgE9cQx8LennAvzBvkn0RCmK8czOCCSv:YvCreOhgy6SAFv5Ah8cv/v
                                                MD5:21BEF66A0374B78794ADBD679945C7BE
                                                SHA1:18DE8AF863F2ADA09B0776787D69060F2D42F355
                                                SHA-256:7DDA42D7AAF6C0E1174BDD3D75159EFDB91DB381159A75CA04EC43EA8793201F
                                                SHA-512:2E7AF3161EFD4648385C1381054AF3F1D93232783FC087E552EA60651A7F0A5EC9E8105F6445705EEF5451673EE230B5AFFEC3306464499A950160DDA5728D30
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.320584094227577
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJf8dPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5GU8Ukee9
                                                MD5:14447532FF87D64FB23F22445795316F
                                                SHA1:E37B8775586D6CEB734120519534995B69D62F2C
                                                SHA-256:FCFFDFA03AD81C4E56DFC36F7215E41DAC31361AD683A44C1D15F74B63331E6F
                                                SHA-512:5A69F2BE0FFFFE61A8332ED26261115AD6164E3ABA6543066D29AECE7AD199D47DB5D478BC49C163344F285817726373D76F7B2DEA6DB80CEA6B51758AFD961E
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):292
                                                Entropy (8bit):5.324564048827144
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJfQ1rPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5GY16Ukee9
                                                MD5:1A6CE67042FB94C166114B0A8DDF5BB1
                                                SHA1:C9544E1A1D921537CF8706589654B5CFB712CCA5
                                                SHA-256:7BD502534AE2D28A2656C09A1418C5D5AD4E618D7150F5837FE62A0DEBB48FD0
                                                SHA-512:2062673F3656EE6AB413B1D512CF1EF6CA8F72EDE8B24BAB78CA2EBA6B8C44F7D2C0C9CDABEBD6C00FA592A0F10F1F28575A8F67938A936D1A918E8A568CA1B9
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.335302013761244
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJfFldPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5Gz8Ukee9
                                                MD5:501CDBBA0559FF3D3904AAF291036A3F
                                                SHA1:B799727BADCBB4D2CCE50DD6AA9C5EC725919D3D
                                                SHA-256:DFCFBFD57DBA2EC92345E6D3BB1BE0F0C8865ABBA78716E9EA8952117D233517
                                                SHA-512:702545C7B6A140A9FC70CC864C94492C672177356E174E67BD418403192383AA90D7952B00DBF0718AE22FCA7B90F45ECF368CE362C7F5472DA8972E33490BAC
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):295
                                                Entropy (8bit):5.346144650083883
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJfzdPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5Gb8Ukee9
                                                MD5:E3A233AF1785996804140EB6A96B1677
                                                SHA1:B52D71E95289575A9E53419B208540C615BCB6D9
                                                SHA-256:E8A13A8BCA0C42707024A908659186EA7656A4E8219BBED17101C1311D04F2B5
                                                SHA-512:906E7B6E6201B4B50F5EB51C759BA13FE3C42C9927AC0DF8606C4A6FAD3B29D0F6E67D30BA18D78DE8259C12DF98361087D6352FE996F45703D0E032E1B849B5
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.3270505823092735
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJfYdPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5Gg8Ukee9
                                                MD5:C5065472CBEB44003ECE4D8C3FFA2329
                                                SHA1:D4DE2B2BAAFA8F7D676B075DC7ACDC777575A065
                                                SHA-256:75D5486AD71E956E1AB41D9A8A4A48BF269A3386E109B448705E5D85520AE92E
                                                SHA-512:3E31EE6A9A26B3CC06E84A4B292919434F9979F96D78B771DAA28354BB33EBCB04BBCE646A4E17D56407FF2DF9F93B83D302EEE7000DD8B3D8F0431BFA09FC28
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):284
                                                Entropy (8bit):5.313259496245395
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJf+dPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5G28Ukee9
                                                MD5:26564D6D52F601ED40FD29262BAD490F
                                                SHA1:6B178B235429CF2AA7EC3F957CCFF8C54CE330FC
                                                SHA-256:E5905D987CCC183C9C9BA4605609262E77E615509B77058E2D0E03B93229EBEC
                                                SHA-512:62DF70CA5153F30D283BF76E492D84E2937B2AF56C2EF226738E4D86422CC324DEF4A8D2D078F795402128D9A0BFDCCB61536A77E2047B2EE9E2FA1E4717D0E7
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):291
                                                Entropy (8bit):5.310411765328091
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJfbPtdPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5GDV8Ukee9
                                                MD5:24CF244F11BBC1FD3C169FBD4707F73C
                                                SHA1:DE75862DCBFC1DC832E86AB7786ED5E5473ACE21
                                                SHA-256:E0CFA4F78506844A8A89B0BBC80709D5F7D48C6F75302F41F7F9DC0D03895478
                                                SHA-512:10B8CA77DC7597232E5E32FAF29F98FC46099252DD462FA7F0BFFDDE4997D2CE661B7AA92E2811ABB559F0F5B3044B65CB90DD78BFFDD312023A216A3D6D8399
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):287
                                                Entropy (8bit):5.3151232578083345
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJf21rPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5G+16Ukee9
                                                MD5:9AA4E861A527700D49CC89C3DC799198
                                                SHA1:B2A5C2B0289CD13C925A7F32F8C462A6DB7A0388
                                                SHA-256:CC8C514479C03B65EA6E775BAC18B3EDDC0840DF040FA734EBE9F33824E0E160
                                                SHA-512:CFD67CC2EF091813B1C86543F652EB766D9B30EDCDE5687F079999863209AEEED6173C9D4360D90AEDBED534D0123CD63691DC5E57E6F329A54145E4B7D43569
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):1090
                                                Entropy (8bit):5.662322509781773
                                                Encrypted:false
                                                SSDEEP:24:Yv6Xd7jUmeO2CamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSv:YvCresBgkDMUJUAh8cvMv
                                                MD5:5EE5D0DD9CA1D1B60B6A51937DBDBCB6
                                                SHA1:2A33EDAF31189B1BA8B0681A7EB683B984524BE0
                                                SHA-256:3F9132FA00A94EBB989326F6B89DFC78F23D2D42069C1698FD865FBAEE7A0AF4
                                                SHA-512:05CF6B05C61ACD8D2A892204E48CD6B94C1FFB02F80A1B6F0D325F8FC48CACBB708EEF30B3E50B8ACEFE9B32B2CA676DBF6042C1192A0A9C7B1C5FECE9279002
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):286
                                                Entropy (8bit):5.286835735293388
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJfshHHrPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5GUUUkee9
                                                MD5:A36715DC7DE3FF639E7CC5289A8FB6BD
                                                SHA1:4F924E5F325AA4045D38CFB532E857086585E303
                                                SHA-256:0F6EB05CDCC142CBCA9C4023BA297910CA13EB72C3E2C5427098719F634CE3CF
                                                SHA-512:E91DE21088D79A60DF797F50497D2647DA34909B2AE954C78D7D9561E69FE4EB86A2FD9D13AA4B096217AA22545A3EA1B2AC314E28EC10955280B9BB326E9AC3
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):282
                                                Entropy (8bit):5.305046391246087
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXHUeX73TsGZ0GWsGiIPEeOF0YwJKoAvJTqgFCrPeUkwRe9:YvXKXd74GZ0BsdTeOQJ5GTq16Ukee9
                                                MD5:A856A7D9B20956189ABFF18DB014BC59
                                                SHA1:C81A770532F5E526690193A71F60C8328360F32A
                                                SHA-256:B64A5D515120644EC5F740D208B28A1BB6199A1F8676AC9EE1E26CFB20029060
                                                SHA-512:B94A22E6E6DD5FC4BA88EEA1A025FCD917C8AA971D73A44DBA5987B8E0B116DC07A2E67F70307B4743948DC871E69C8CE6F03BDF9763BC1DDB0BCFAB007B615A
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"011bdd23-fdd6-4742-ad0d-f8d85d8b4582","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1736534569407,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):4
                                                Entropy (8bit):0.8112781244591328
                                                Encrypted:false
                                                SSDEEP:3:e:e
                                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                Malicious:false
                                                Preview:....

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):2814
                                                Entropy (8bit):5.139172198253909
                                                Encrypted:false
                                                SSDEEP:48:YhwKZiWTB6fSOBmI51wLc/9DeSXPRx91i:SDd6fSOBmI8O9DJ51i
                                                MD5:A8A20ED3DB6329048CB714B1C84FD684
                                                SHA1:E195EE9DF1862701D1DE4A1162E10B7284E04C18
                                                SHA-256:67D2AA01471FF2602BA10B03C764307647EB99AF9E938A024B0ECFEFF4476999
                                                SHA-512:165213B2C66D401CEE50D6261891985A45C4BEBB8C52F84EC127BE92F887B608B3A0D581296A96B2F15B35FBC10ABA3C397552711776F7AD8AB2A3904108414D
                                                Malicious:false
                                                Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"63f11280c03282ac5c25a68b2367ec04","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1736355588000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"e9073fd752a646eed848c2615553841b","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1736355588000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"6bdcee9c7f4164bbb570bdee347e7fc4","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1736355588000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"d118ed157b85f67c99c1cf1ae0b661f8","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1736355588000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"3dbddde818cce00c911f7b553fae02ce","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1736355588000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"03ae26eca70c52c32189060a99a03295","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                Category:dropped
                                                Size (bytes):12288
                                                Entropy (8bit):1.4544844159061188
                                                Encrypted:false
                                                SSDEEP:48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsbWol5WK:lNVmsw3SHtbDbPe0K3+fDZdcJJ
                                                MD5:A86EED249D933939A3E635C7D72E111F
                                                SHA1:CDA2D87EC253CDC331D248FC960621A306388F40
                                                SHA-256:3C4BF5D8E5209B8B959B8BD93B06E61FFD03CD3E6EE7557CE9DEF8A05A766117
                                                SHA-512:5703D22431CC481543B51C927B2AC61E9A315F85B7A07E7CCE15FCD0C989CFCAE2B269239FED3D9B158CC98E446A564E9C5C9E0151CF8CC169ADAE2B89067992
                                                Malicious:false
                                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite Rollback Journal
                                                Category:dropped
                                                Size (bytes):8720
                                                Entropy (8bit):1.9569314504233655
                                                Encrypted:false
                                                SSDEEP:48:7MiSrvrBd6dHtbGIbPe0K3+fDy2dsbWdRqFl2GL7ms6:7s3SHtbDbPe0K3+fDZdc+KVms6
                                                MD5:8C325C034779F44B390655C20959B54F
                                                SHA1:D67B8AEC0C3CFEF36E8B0EF8660AD91F6A1D9E39
                                                SHA-256:5A4BB4C2DB850B643C5B77ED993BF528CC691CEE8839C5C14F638B8FC2C35B32
                                                SHA-512:AC5C4ACA0EE625E12C1FCA749D49B181542BC2730F1274F76B3722BA702B6C39FDFA65C3811A07D7C9C6F795D55E6616B61CABC2FB6675AAEF761B4523B7D600
                                                Malicious:false
                                                Preview:.... .c......e........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):66726
                                                Entropy (8bit):5.392739213842091
                                                Encrypted:false
                                                SSDEEP:768:RNOpblrU6TBH44ADKZEgphRTkhNuj12++EH4IWRYf7ZAoYyu:6a6TZ44ADE7RTmMR2+ZWoK
                                                MD5:3708793B955B0BBCB4589881050C08A4
                                                SHA1:95AF6D6E0B7A2B5C401A2763FE74BCC718D32B66
                                                SHA-256:EA87CC77CC8123D85491C6CCE3ECB1FCCDB43408DA6DB1657C47AD516D3088D7
                                                SHA-512:9BD658D66B70E36010696E7302DF0CC602C130293C99C48A82AD2827049C55EA2D2B4089B836A89572294F1158A0033366EAF78AA81820892F78E84E6F55898B
                                                Malicious:false
                                                Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                C:\Users\user\AppData\Local\Temp\MSI58d0f.LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):246
                                                Entropy (8bit):3.529459928009153
                                                Encrypted:false
                                                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8esQClEd9:Qw946cPbiOxDlbYnuRK9D3
                                                MD5:726F5F59C448B4EED26E309B982A9F0B
                                                SHA1:63AE2BD85632A33158AB56D8749EE170EB59FD9C
                                                SHA-256:251C0FE76D25EB44677C8332B922EAA15F6AF6F5559D2735CF31A61CF12ADAB9
                                                SHA-512:AC3A8DAB7A83DC9BC47FACFDE82383F69E71DAE46B983A573988CD77BBCAD2E93667DB37A2CD85CCBFFEC4F0132B6077F40322D7D667898B8E3FD0FC8C0A1638
                                                Malicious:false
                                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.8./.0.1./.2.0.2.5. . .1.1.:.5.9.:.4.9. .=.=.=.....

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91wt86ey_10ihb8y_5yg.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PDF document, version 1.6, 0 pages
                                                Category:dropped
                                                Size (bytes):358
                                                Entropy (8bit):5.023229032259087
                                                Encrypted:false
                                                SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOjkHGidqHGidZyLCSyAAO:IngVMre9T0HQIDmy9g06JXP+1+IlX
                                                MD5:CA826F5CFE89CD7F4E7676175539EA28
                                                SHA1:4A23F19E1B7246868CC8D954B3A65E9857960236
                                                SHA-256:3A7C8FFEE0CF0D1A3311EB94B0191AC5458BC6A292187E3005835BA216A61288
                                                SHA-512:4D5F5BED69A0B832E3BA9EBD4CBD165775C232F83ECD4AD44B3665C6E257FDF116D83712460615618A8A2834299C26D94612D83367B76DA7A3F375DCC6196C05
                                                Malicious:false
                                                Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<30A33D9931039D429534AA781344C7E8><30A33D9931039D429534AA781344C7E8>]>>..startxref..127..%%EOF..

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-08 11-59-43-506.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with very long lines (393)
                                                Category:dropped
                                                Size (bytes):16525
                                                Entropy (8bit):5.386483451061953
                                                Encrypted:false
                                                SSDEEP:384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
                                                MD5:F49CA270724D610D1589E217EA78D6D1
                                                SHA1:22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
                                                SHA-256:D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
                                                SHA-512:181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
                                                Malicious:false
                                                Preview:SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):15114
                                                Entropy (8bit):5.383944303660453
                                                Encrypted:false
                                                SSDEEP:384:nrPmffr813MM9KsxNnp/Ff/ensnMnmKWrIi0eSEGnUlKA2ZE6j4UrGryHKM9OFFX:pT1
                                                MD5:E8A7F1443E99AA8C15BB9705A7FAD7DB
                                                SHA1:92EC9E8A5B6AA6D5A301FCF6D466630ED1C20616
                                                SHA-256:8F9B935E9F6615DAFA1F51CA85EE002AE7186D223F76D3AA5003EA04127181FC
                                                SHA-512:891162CDC492E9D89C35B52EA24D957B20CAB427EB39C1D423E95591850FD887815D9332E37DBC038F71AB52D940418080ECA951E357CBA554902A3361F2C535
                                                Malicious:false
                                                Preview:SessionID=754d0259-fcca-4181-b6d9-b6d9441227ba.1736355583532 Timestamp=2025-01-08T11:59:43:532-0500 ThreadID=7860 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=754d0259-fcca-4181-b6d9-b6d9441227ba.1736355583532 Timestamp=2025-01-08T11:59:43:538-0500 ThreadID=7860 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=754d0259-fcca-4181-b6d9-b6d9441227ba.1736355583532 Timestamp=2025-01-08T11:59:43:538-0500 ThreadID=7860 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=754d0259-fcca-4181-b6d9-b6d9441227ba.1736355583532 Timestamp=2025-01-08T11:59:43:538-0500 ThreadID=7860 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=754d0259-fcca-4181-b6d9-b6d9441227ba.1736355583532 Timestamp=2025-01-08T11:59:43:538-0500 ThreadID=7860 Component=ngl-lib_NglAppLib Description="SetConf

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):35721
                                                Entropy (8bit):5.415617172944231
                                                Encrypted:false
                                                SSDEEP:768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRM0dE:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRo
                                                MD5:27946837CCDD497BD395D87CD3738FD0
                                                SHA1:271E3692070DA9ECE9695A36F6FB6893EE222D00
                                                SHA-256:08A0EA838E0551DD62B0B5DFE546059FE8FB132F3430CE262EBB721901AAADA4
                                                SHA-512:376BB19B3DB97FF0D2BA3E86E1A823EFB269C98A74E23BD014CFDFC922994F33504CE6C2EE024030311BCAADFC1256A67A70DE505809A9228D8E85B125425FB8
                                                Malicious:false
                                                Preview:05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\2daffc4f-b41d-4fa8-b0d7-4b878bc79fa6.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
                                                Category:dropped
                                                Size (bytes):1407294
                                                Entropy (8bit):7.97605879016224
                                                Encrypted:false
                                                SSDEEP:24576:6Dbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WL07oXGZGwYIGNPJF:cb3mlind9i4ufFXpAXkrfUs0jWLxXGZY
                                                MD5:279B811F8FB7ED83618C0B37825CCF25
                                                SHA1:5718DA0EF8F5A938CB88800665F18C9B805208B2
                                                SHA-256:2AF4D3CE45FACE3A6DF83A17E90912767BE01A6F2C96AD8B3F270FDB13F77E46
                                                SHA-512:74A736359646F91F28AC496DFFF249D0E5B005AA6BB34DAFDDE3C2A29B70D52E6F865239579AC94540AAB0D20BFC03AE6501814358D2122FCB60A4591213A9B9
                                                Malicious:false
                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\9a9a387a-731e-4eac-b707-35c43ed0c883.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                Category:dropped
                                                Size (bytes):386528
                                                Entropy (8bit):7.9736851559892425
                                                Encrypted:false
                                                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                Malicious:false
                                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\cdab71f4-ec58-4d4f-9d58-1d5d086352ca.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                Category:dropped
                                                Size (bytes):1419751
                                                Entropy (8bit):7.976496077007677
                                                Encrypted:false
                                                SSDEEP:24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru
                                                MD5:95F182500FC92778102336D2D5AADCC8
                                                SHA1:BEC510B6B3D595833AF46B04C5843B95D2A0A6C9
                                                SHA-256:9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9
                                                SHA-512:D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA
                                                Malicious:false
                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\d1fadf7b-6b3e-4f35-a37f-2fb3c699ec6a.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                Category:dropped
                                                Size (bytes):758601
                                                Entropy (8bit):7.98639316555857
                                                Encrypted:false
                                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                MD5:3A49135134665364308390AC398006F1
                                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                Malicious:false
                                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                Chrome Cache Entry: 170

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
                                                Category:downloaded
                                                Size (bytes):3170
                                                Entropy (8bit):7.934630496764965
                                                Encrypted:false
                                                SSDEEP:96:c2ZEPhMXQnPkVrTEnGD9c4vnrmBYBaSfS18:c2/XQnPGroGD9vvnXVaq
                                                MD5:9D73B3AA30BCE9D8F166DE5178AE4338
                                                SHA1:D0CBC46850D8ED54625A3B2B01A2C31F37977E75
                                                SHA-256:DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
                                                SHA-512:8E55D1677CDBFE9DB6700840041C815329A57DF69E303ADC1F994757C64100FE4A3A17E86EF4613F4243E29014517234DEBFBCEE58DAB9FC56C81DD147FDC058
                                                Malicious:false
                                                URL:https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
                                                Preview:.PNG........IHDR.......6.....%.`....)IDATx..].pT..>.l......b..(Hv7 D7.n.8....V..H_.R;S.hY`w.(..*.N_R."0`.-.A..|.*N..`....n..{.&..l.o..;.....a....d..$.................J.1.*.....7+.c...o..T/.~V.r.....D..G.Ic.....E_.FUR.&..U%...X.4!!Q.H";......e(Ic...$..."1..jR[.L..../Ek.}AH...W.L.V....Y..S..q...!._r.D....G,%...Hu.$q..\.j.x...G.....]....B.i.I.+B.....Hu.....Q...K;...J.q..._......_.x....A:......j....:c...^.....k=GIj..Y]B.V..m...Y.\....$..!....+.R%..U/;p.....R4.g.R...XH.3%..JHHby.eqOZdnS..$.. ....dn...$.w....E.o.8...b@.z.)5.L4|.F...9......pP.8.|....-.M..:..ux...7.]...'..(q..~.....KQ.W..,b..L<.Y.].V+....t4.$.V.O.....D.5..v.j...Hd.M....z.......V..q.p.......;:.J.%2.G.;./.E...!.H. ..../Dk.8.T....+..%Vs4..DC.R.`..Z..........0.[)N!.....%.>&.b.$.M....P.!...!....'Kv..Nd...mvR.:.L....w..y%.i..H..u....s.Se1.[.)."..)%.I.....(.#M..4.@....#.....X..P<...k..g....O..I..>-...'._.Q..T.y.=Z.GR{]..&t}*......>J..!,..X6.HC..$.:.}..z...._b.b.4.E.....;.Ha.?s.

                                                Chrome Cache Entry: 171

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                Category:downloaded
                                                Size (bytes):5430
                                                Entropy (8bit):3.6534652184263736
                                                Encrypted:false
                                                SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                MD5:F3418A443E7D841097C714D69EC4BCB8
                                                SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                Malicious:false
                                                URL:https://www.google.com/favicon.ico
                                                Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                Chrome Cache Entry: 172

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 171 x 213, 8-bit colormap, non-interlaced
                                                Category:dropped
                                                Size (bytes):6327
                                                Entropy (8bit):7.917392761938663
                                                Encrypted:false
                                                SSDEEP:192:fqjwqVtaVHyEy9BWc2AwJ+3qg1f6WUBIT8mIKPNc93Y8Nm:Yk3WBkAkg1CWUCwmIKS93O
                                                MD5:4C9ACF280B47CEF7DEF3FC91A34C7FFE
                                                SHA1:C32BB847DAF52117AB93B723D7C57D8B1E75D36B
                                                SHA-256:5F9FC5B3FBDDF0E72C5C56CDCFC81C6E10C617D70B1B93FBE1E4679A8797BFF7
                                                SHA-512:369D5888E0D19B46CB998EA166D421F98703AEC7D82A02DC7AE10409AEC253A7CE099D208500B4E39779526219301C66C2FD59FE92170B324E70CF63CE2B429C
                                                Malicious:false
                                                Preview:.PNG........IHDR...................WPLTE...z..z........2........W..{..V........z.....2..3.....V..2..................W.....>`......tRNS.............................Y..j....IDATx....BcI.@A.s..HX....k.0c...T.?n./.~....b....GM.Gu.c...?.{5.5...4.'.o<...i.O.n<.f..?).g.&..8.E4..tl.4.G.o4.....'.....\......._ ...../.~..<......../.~^.}...?...~...Z../.~.]._ ...I. .Q.Y....YQu..i..4.._ |S...A.-.-h...9...o...k.....9o..?N.U,../+...Z.y...nbMu....4O.7>..Y.-L=J..q..`.B^{4~.p...bR.j.....Gq=..]&..7Y)G6.....A.h`i]...Pd.'.7....9.2...2x.........&..a0N..By.Y.C.*.S......nR.-..A[5.....|.p...+v...d\e..]Yq;.&q0..F.c.....p3.&.`..!q..}...k.g5n#........NG-.9...C..[.7.n.v..u......{o.C&n!.(.G7.JA.'6..{(<....p....:..!=..1.f.."..n.8....~o..N.3l..p.[....*......r..6..z...(.g1qA.[....q.v+..&...B{.I.\..-.....S.y&.......J.Wn!|D.....+...y.....9.......> .j......{.....K\X.n!..e.I.+'...j...-pA.[..2...8g.DO.#.?p.. ....-.w5.d......4....n..!q..=..Gu.X..O.........sN.h.q..n!..qP

                                                Chrome Cache Entry: 173

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                Category:dropped
                                                Size (bytes):5430
                                                Entropy (8bit):3.6534652184263736
                                                Encrypted:false
                                                SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                MD5:F3418A443E7D841097C714D69EC4BCB8
                                                SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                Malicious:false
                                                Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                Chrome Cache Entry: 174

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 171 x 213, 8-bit colormap, non-interlaced
                                                Category:downloaded
                                                Size (bytes):6327
                                                Entropy (8bit):7.917392761938663
                                                Encrypted:false
                                                SSDEEP:192:fqjwqVtaVHyEy9BWc2AwJ+3qg1f6WUBIT8mIKPNc93Y8Nm:Yk3WBkAkg1CWUCwmIKS93O
                                                MD5:4C9ACF280B47CEF7DEF3FC91A34C7FFE
                                                SHA1:C32BB847DAF52117AB93B723D7C57D8B1E75D36B
                                                SHA-256:5F9FC5B3FBDDF0E72C5C56CDCFC81C6E10C617D70B1B93FBE1E4679A8797BFF7
                                                SHA-512:369D5888E0D19B46CB998EA166D421F98703AEC7D82A02DC7AE10409AEC253A7CE099D208500B4E39779526219301C66C2FD59FE92170B324E70CF63CE2B429C
                                                Malicious:false
                                                URL:https://www.google.com/images/errors/robot.png
                                                Preview:.PNG........IHDR...................WPLTE...z..z........2........W..{..V........z.....2..3.....V..2..................W.....>`......tRNS.............................Y..j....IDATx....BcI.@A.s..HX....k.0c...T.?n./.~....b....GM.Gu.c...?.{5.5...4.'.o<...i.O.n<.f..?).g.&..8.E4..tl.4.G.o4.....'.....\......._ ...../.~..<......../.~^.}...?...~...Z../.~.]._ ...I. .Q.Y....YQu..i..4.._ |S...A.-.-h...9...o...k.....9o..?N.U,../+...Z.y...nbMu....4O.7>..Y.-L=J..q..`.B^{4~.p...bR.j.....Gq=..]&..7Y)G6.....A.h`i]...Pd.'.7....9.2...2x.........&..a0N..By.Y.C.*.S......nR.-..A[5.....|.p...+v...d\e..]Yq;.&q0..F.c.....p3.&.`..!q..}...k.g5n#........NG-.9...C..[.7.n.v..u......{o.C&n!.(.G7.JA.'6..{(<....p....:..!=..1.f.."..n.8....~o..N.3l..p.[....*......r..6..z...(.g1qA.[....q.v+..&...B{.I.\..-.....S.y&.......J.Wn!|D.....+...y.....9.......> .j......{.....K\X.n!..e.I.+'...j...-pA.[..2...8g.DO.#.?p.. ....-.w5.d......4....n..!q..=..Gu.X..O.........sN.h.q..n!..qP

                                                Chrome Cache Entry: 175

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
                                                Category:dropped
                                                Size (bytes):3170
                                                Entropy (8bit):7.934630496764965
                                                Encrypted:false
                                                SSDEEP:96:c2ZEPhMXQnPkVrTEnGD9c4vnrmBYBaSfS18:c2/XQnPGroGD9vvnXVaq
                                                MD5:9D73B3AA30BCE9D8F166DE5178AE4338
                                                SHA1:D0CBC46850D8ED54625A3B2B01A2C31F37977E75
                                                SHA-256:DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
                                                SHA-512:8E55D1677CDBFE9DB6700840041C815329A57DF69E303ADC1F994757C64100FE4A3A17E86EF4613F4243E29014517234DEBFBCEE58DAB9FC56C81DD147FDC058
                                                Malicious:false
                                                Preview:.PNG........IHDR.......6.....%.`....)IDATx..].pT..>.l......b..(Hv7 D7.n.8....V..H_.R;S.hY`w.(..*.N_R."0`.-.A..|.*N..`....n..{.&..l.o..;.....a....d..$.................J.1.*.....7+.c...o..T/.~V.r.....D..G.Ic.....E_.FUR.&..U%...X.4!!Q.H";......e(Ic...$..."1..jR[.L..../Ek.}AH...W.L.V....Y..S..q...!._r.D....G,%...Hu.$q..\.j.x...G.....]....B.i.I.+B.....Hu.....Q...K;...J.q..._......_.x....A:......j....:c...^.....k=GIj..Y]B.V..m...Y.\....$..!....+.R%..U/;p.....R4.g.R...XH.3%..JHHby.eqOZdnS..$.. ....dn...$.w....E.o.8...b@.z.)5.L4|.F...9......pP.8.|....-.M..:..ux...7.]...'..(q..~.....KQ.W..,b..L<.Y.].V+....t4.$.V.O.....D.5..v.j...Hd.M....z.......V..q.p.......;:.J.%2.G.;./.E...!.H. ..../Dk.8.T....+..%Vs4..DC.R.`..Z..........0.[)N!.....%.>&.b.$.M....P.!...!....'Kv..Nd...mvR.:.L....w..y%.i..H..u....s.Se1.[.)."..)%.I.....(.#M..4.@....#.....X..P<...k..g....O..I..>-...'._.Q..T.y.=Z.GR{]..&t}*......>J..!,..X6.HC..$.:.}..z...._b.b.4.E.....;.Ha.?s.

                                                Chrome Cache Entry: 176

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1136)
                                                Category:downloaded
                                                Size (bytes):1565
                                                Entropy (8bit):5.2675078899224985
                                                Encrypted:false
                                                SSDEEP:24:hY6svD+6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z8xKdS8f:3qD+2+pUAew85zsKQA
                                                MD5:BC0AD2DB3272298238C3933EA0D944D1
                                                SHA1:CCB1767CAF616C73513DC921CD3F5DA072582A77
                                                SHA-256:0A6AD5109827EFF80F61F2106F29D9FB38CE486FA397551E506BF5B6ED861F36
                                                SHA-512:064388FD474E86ECB2D17082C79F6C9232DB605F62979598D9EA525600B8F9786716B758220D7C3ECC116E8E84AF8BB6AB6297C4005BCEF26E69DD64F4D61A72
                                                Malicious:false
                                                URL:https://google.com/404/
                                                Preview:<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.

                                                Static File Info

                                                General

                                                File type:PDF document, version 1.4, 1 pages
                                                Entropy (8bit):7.861209353459902
                                                TrID:
                                                • Adobe Portable Document Format (5005/1) 100.00%
                                                File name:Magicleap-bonus disbursment.pdf
                                                File size:37'511 bytes
                                                MD5:49cb857e6649a11af5b802ceb8ad6edb
                                                SHA1:63b071d9fbad45a2cf947f2e08e6eb96aa7c6c3e
                                                SHA256:1d97e2e2c0a18d9d8c0a7443a9f865fb84dc6c6320393a942640a50844b4cf2e
                                                SHA512:2cb1bc1b5653c4c0d38da36f52b65965367352631fff06586e46b06fcc8c9a157464b1b6d56c68aefe111672939fa8cd63cf73bc7a85ba5bc56b5d627f49c325
                                                SSDEEP:768:70yvISk9suCDboCFOdRDeaaWhMQvqYc79zYP9Z15c3aED:70PfsVDcbdRiaaaS1RzYP9Z1OKED
                                                TLSH:64F2E03BAF414C5DFDC7437A9639BA0E9A6CF12327D4311230344A5ABC9A2147A306EF
                                                File Content Preview:%PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20250107122926-08'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endo

                                                File Icon

                                                Icon Hash:62cc8caeb29e8ae0

                                                Static PDF Info

                                                General

                                                Header:%PDF-1.4
                                                Total Entropy:7.861209
                                                Total Bytes:37511
                                                Stream Entropy:7.968101
                                                Stream Bytes:32874
                                                Entropy outside Streams:5.164672
                                                Bytes outside Streams:4637
                                                Number of EOF found:1
                                                Bytes after EOF:

                                                Keywords Statistics

                                                NameCount
                                                obj32
                                                endobj32
                                                stream9
                                                endstream9
                                                xref1
                                                trailer1
                                                startxref1
                                                /Page1
                                                /Encrypt0
                                                /ObjStm0
                                                /URI0
                                                /JS0
                                                /JavaScript0
                                                /AA0
                                                /OpenAction0
                                                /AcroForm0
                                                /JBIG2Decode0
                                                /RichMedia0
                                                /Launch0
                                                /EmbeddedFile0

                                                Image Streams

                                                IDDHASHMD5Preview
                                                651b29471987633349476322a08486e02f3a8328fa9a1730d
                                                11a86e5cda2847ba92e5d091c82c9c19b1411418c861cd7dd3

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2025-01-08T17:59:47.979120+01002057333ET PHISHING MAMBA Credential Phish Landing Page 2024-11-081192.168.2.749724188.114.97.3443TCP

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 8, 2025 17:59:35.493762970 CET49677443192.168.2.720.50.201.200
                                                Jan 8, 2025 17:59:35.868330956 CET49677443192.168.2.720.50.201.200
                                                Jan 8, 2025 17:59:36.290205002 CET49671443192.168.2.7204.79.197.203
                                                Jan 8, 2025 17:59:36.618319035 CET49677443192.168.2.720.50.201.200
                                                Jan 8, 2025 17:59:38.118334055 CET49677443192.168.2.720.50.201.200
                                                Jan 8, 2025 17:59:41.102751970 CET49677443192.168.2.720.50.201.200
                                                Jan 8, 2025 17:59:43.874347925 CET49674443192.168.2.7104.98.116.138
                                                Jan 8, 2025 17:59:43.874365091 CET49675443192.168.2.7104.98.116.138
                                                Jan 8, 2025 17:59:43.954447985 CET49672443192.168.2.7104.98.116.138
                                                Jan 8, 2025 17:59:45.968884945 CET49671443192.168.2.7204.79.197.203
                                                Jan 8, 2025 17:59:46.213196993 CET49715443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.213243008 CET44349715188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:46.213409901 CET49715443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.215157986 CET49715443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.215173960 CET44349715188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:46.579204082 CET44349704104.98.116.138192.168.2.7
                                                Jan 8, 2025 17:59:46.579349995 CET49704443192.168.2.7104.98.116.138
                                                Jan 8, 2025 17:59:46.697474003 CET44349715188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:46.722346067 CET49715443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.722384930 CET44349715188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:46.723589897 CET44349715188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:46.723721027 CET49715443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.733237982 CET49715443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.733355999 CET44349715188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:46.733441114 CET49715443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.733449936 CET44349715188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:46.733589888 CET49715443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.733638048 CET44349715188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:46.733668089 CET49715443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.733745098 CET49715443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.734113932 CET49724443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.734225035 CET44349724188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:46.734353065 CET49724443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.734551907 CET49724443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:46.734570026 CET44349724188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:47.106162071 CET49677443192.168.2.720.50.201.200
                                                Jan 8, 2025 17:59:47.217912912 CET44349724188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:47.218127012 CET49724443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:47.218153000 CET44349724188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:47.219280958 CET44349724188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:47.219348907 CET49724443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:47.220266104 CET49724443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:47.220345974 CET44349724188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:47.220633984 CET49724443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:47.220642090 CET44349724188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:47.309406996 CET49724443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:47.979132891 CET44349724188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:47.979245901 CET44349724188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:47.979300976 CET49724443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:48.302506924 CET49724443192.168.2.7188.114.97.3
                                                Jan 8, 2025 17:59:48.302537918 CET44349724188.114.97.3192.168.2.7
                                                Jan 8, 2025 17:59:48.383131981 CET49736443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:48.383156061 CET44349736172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:48.383215904 CET49736443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:48.383451939 CET49736443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:48.383462906 CET44349736172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:49.240864038 CET44349736172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:49.241991043 CET49736443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:49.242017031 CET44349736172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:49.242404938 CET44349736172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:49.242480040 CET49736443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:49.243096113 CET44349736172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:49.243141890 CET49736443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:49.254143000 CET49736443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:49.254209995 CET44349736172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:49.254477978 CET49736443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:49.254489899 CET44349736172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:49.314213991 CET49736443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:49.614135981 CET44349736172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:49.614200115 CET44349736172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:49.614262104 CET44349736172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:49.614278078 CET49736443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:49.614301920 CET49736443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:49.676640034 CET49736443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:49.676665068 CET44349736172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:49.730442047 CET49751443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:49.730479956 CET44349751142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:49.730539083 CET49751443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:49.730813980 CET49751443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:49.730823040 CET44349751142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.026297092 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.026338100 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.026525974 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.026700974 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.026715994 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.363501072 CET44349751142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.363889933 CET49751443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.363904953 CET44349751142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.364903927 CET44349751142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.364958048 CET49751443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.366240025 CET49751443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.366292953 CET44349751142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.366516113 CET49751443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.366523027 CET44349751142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.511945009 CET49751443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.637876987 CET44349751142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.637917042 CET44349751142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.637983084 CET49751443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.637995958 CET44349751142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.638072968 CET44349751142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.638115883 CET49751443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.682779074 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.716392994 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.716403008 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.717499018 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.717592001 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.718674898 CET49751443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.718691111 CET44349751142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.721304893 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.721401930 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.729865074 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.729876041 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.760169983 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:50.760205984 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:50.760276079 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:50.760458946 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:50.760464907 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:50.918731928 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.966257095 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.966295958 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.966325045 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.966351986 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.966366053 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.966372967 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.966396093 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.966413021 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.966463089 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.966466904 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.968837023 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.968910933 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.971348047 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.971348047 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.971355915 CET44349752142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:50.971529007 CET49752443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:50.977148056 CET49762443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:50.977180004 CET44349762172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:50.977241039 CET49762443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:50.977449894 CET49762443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:50.977466106 CET44349762172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:50.983525038 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:50.983540058 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:50.983714104 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:50.983859062 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:50.983865023 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.408114910 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.408448935 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.408464909 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.409502029 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.409559965 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.409996033 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.410048008 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.410211086 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.410218000 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.601413012 CET44349762172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:51.601797104 CET49762443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:51.601808071 CET44349762172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:51.602221012 CET44349762172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:51.602683067 CET49762443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:51.602768898 CET44349762172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:51.602978945 CET49762443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:51.617762089 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.627265930 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.627538919 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.627546072 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.628638029 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.628711939 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.629101992 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.629160881 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.629354954 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.629360914 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.647325039 CET44349762172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:51.692636967 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.692677021 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.692703009 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.692751884 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.692769051 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.692810059 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.694648981 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.694695950 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.694763899 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.706474066 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.706490040 CET44349758142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.706607103 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.706630945 CET49758443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.805273056 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.887244940 CET44349762172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:51.887720108 CET49762443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:51.887748957 CET44349762172.217.23.110192.168.2.7
                                                Jan 8, 2025 17:59:51.887809038 CET49762443192.168.2.7172.217.23.110
                                                Jan 8, 2025 17:59:51.889342070 CET49771443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:51.889394999 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:51.889544964 CET49771443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:51.889810085 CET49771443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:51.889826059 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:51.900861979 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.900898933 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.900949001 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.901006937 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.901015997 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.901071072 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.901087046 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.901103973 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.901185989 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.901195049 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.901942968 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.901967049 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.902112961 CET44349763142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:51.902192116 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:51.902192116 CET49763443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:52.516923904 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:52.517190933 CET49771443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:52.517205000 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:52.517538071 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:52.517946959 CET49771443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:52.518009901 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:52.518094063 CET49771443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:52.563332081 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:52.788285971 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:52.788330078 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:52.788360119 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:52.788387060 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:52.788403988 CET49771443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:52.788428068 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:52.788439989 CET49771443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:52.789026976 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:52.789067984 CET49771443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:52.802828074 CET49771443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:52.802841902 CET44349771142.250.184.228192.168.2.7
                                                Jan 8, 2025 17:59:52.802850962 CET49771443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:52.802891016 CET49771443192.168.2.7142.250.184.228
                                                Jan 8, 2025 17:59:52.826570034 CET49777443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:52.826603889 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:52.826669931 CET49777443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:52.826869965 CET49777443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:52.826889992 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:53.464658022 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:53.469707012 CET49777443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:53.469721079 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:53.470779896 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:53.470860958 CET49777443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:53.471255064 CET49777443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:53.471327066 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:53.471390009 CET49777443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:53.471399069 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:53.515866995 CET49777443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:53.735872030 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:53.735915899 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:53.735945940 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:53.735972881 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:53.735992908 CET49777443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:53.736012936 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:53.736026049 CET49777443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:53.736079931 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:53.736129045 CET49777443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:53.736742973 CET49777443192.168.2.7142.250.185.196
                                                Jan 8, 2025 17:59:53.736757040 CET44349777142.250.185.196192.168.2.7
                                                Jan 8, 2025 17:59:54.889712095 CET49704443192.168.2.7104.98.116.138
                                                Jan 8, 2025 17:59:54.893618107 CET49794443192.168.2.7104.98.116.138
                                                Jan 8, 2025 17:59:54.893656969 CET44349794104.98.116.138192.168.2.7
                                                Jan 8, 2025 17:59:54.893723965 CET49794443192.168.2.7104.98.116.138
                                                Jan 8, 2025 17:59:54.894155979 CET49794443192.168.2.7104.98.116.138
                                                Jan 8, 2025 17:59:54.894166946 CET44349794104.98.116.138192.168.2.7
                                                Jan 8, 2025 17:59:54.894536972 CET44349704104.98.116.138192.168.2.7
                                                Jan 8, 2025 17:59:59.022869110 CET49677443192.168.2.720.50.201.200
                                                Jan 8, 2025 18:00:24.079730988 CET4997953192.168.2.71.1.1.1
                                                Jan 8, 2025 18:00:24.084609032 CET53499791.1.1.1192.168.2.7
                                                Jan 8, 2025 18:00:24.084676981 CET4997953192.168.2.71.1.1.1
                                                Jan 8, 2025 18:00:24.084738970 CET4997953192.168.2.71.1.1.1
                                                Jan 8, 2025 18:00:24.084753990 CET4997953192.168.2.71.1.1.1
                                                Jan 8, 2025 18:00:24.089582920 CET53499791.1.1.1192.168.2.7
                                                Jan 8, 2025 18:00:24.089592934 CET53499791.1.1.1192.168.2.7
                                                Jan 8, 2025 18:00:24.561811924 CET53499791.1.1.1192.168.2.7
                                                Jan 8, 2025 18:00:24.562334061 CET4997953192.168.2.71.1.1.1
                                                Jan 8, 2025 18:00:24.567308903 CET53499791.1.1.1192.168.2.7
                                                Jan 8, 2025 18:00:24.567359924 CET4997953192.168.2.71.1.1.1
                                                Jan 8, 2025 18:00:37.633270025 CET44349794104.98.116.138192.168.2.7
                                                Jan 8, 2025 18:00:37.633363962 CET49794443192.168.2.7104.98.116.138
                                                Jan 8, 2025 18:00:50.150922060 CET50010443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:00:50.150971889 CET44350010142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:00:50.151046991 CET50010443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:00:50.151257038 CET50010443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:00:50.151271105 CET44350010142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:00:50.799473047 CET44350010142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:00:50.799741983 CET50010443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:00:50.799756050 CET44350010142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:00:50.800082922 CET44350010142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:00:50.800364017 CET50010443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:00:50.800424099 CET44350010142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:00:50.852888107 CET50010443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:01:00.701647043 CET44350010142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:01:00.701723099 CET44350010142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:01:00.701776028 CET50010443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:01:01.621331930 CET50010443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:01:01.621371984 CET44350010142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:01:50.213422060 CET50012443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:01:50.213474035 CET44350012142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:01:50.213579893 CET50012443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:01:50.213864088 CET50012443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:01:50.213876963 CET44350012142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:01:50.863574028 CET44350012142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:01:50.864272118 CET50012443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:01:50.864308119 CET44350012142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:01:50.864655018 CET44350012142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:01:50.865485907 CET50012443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:01:50.865556002 CET44350012142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:01:50.915436983 CET50012443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:02:00.765618086 CET44350012142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:02:00.765693903 CET44350012142.250.184.228192.168.2.7
                                                Jan 8, 2025 18:02:00.765755892 CET50012443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:02:01.621378899 CET50012443192.168.2.7142.250.184.228
                                                Jan 8, 2025 18:02:01.621408939 CET44350012142.250.184.228192.168.2.7

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 8, 2025 17:59:41.864360094 CET123123192.168.2.7104.40.149.189
                                                Jan 8, 2025 17:59:43.440491915 CET123123104.40.149.189192.168.2.7
                                                Jan 8, 2025 17:59:46.085517883 CET5621953192.168.2.71.1.1.1
                                                Jan 8, 2025 17:59:46.086741924 CET6514753192.168.2.71.1.1.1
                                                Jan 8, 2025 17:59:46.096815109 CET53609741.1.1.1192.168.2.7
                                                Jan 8, 2025 17:59:46.098016024 CET53562191.1.1.1192.168.2.7
                                                Jan 8, 2025 17:59:46.146810055 CET53651471.1.1.1192.168.2.7
                                                Jan 8, 2025 17:59:46.266980886 CET53651551.1.1.1192.168.2.7
                                                Jan 8, 2025 17:59:47.273562908 CET53582841.1.1.1192.168.2.7
                                                Jan 8, 2025 17:59:48.375855923 CET5846853192.168.2.71.1.1.1
                                                Jan 8, 2025 17:59:48.376055956 CET6213453192.168.2.71.1.1.1
                                                Jan 8, 2025 17:59:48.382455111 CET53584681.1.1.1192.168.2.7
                                                Jan 8, 2025 17:59:48.382589102 CET53621341.1.1.1192.168.2.7
                                                Jan 8, 2025 17:59:48.412404060 CET5023153192.168.2.71.1.1.1
                                                Jan 8, 2025 17:59:49.720673084 CET5247853192.168.2.71.1.1.1
                                                Jan 8, 2025 17:59:49.720876932 CET5219053192.168.2.71.1.1.1
                                                Jan 8, 2025 17:59:49.727437973 CET53521901.1.1.1192.168.2.7
                                                Jan 8, 2025 17:59:49.727742910 CET53524781.1.1.1192.168.2.7
                                                Jan 8, 2025 17:59:50.752321959 CET6305153192.168.2.71.1.1.1
                                                Jan 8, 2025 17:59:50.752480030 CET6458553192.168.2.71.1.1.1
                                                Jan 8, 2025 17:59:50.759157896 CET53645851.1.1.1192.168.2.7
                                                Jan 8, 2025 17:59:50.759171963 CET53630511.1.1.1192.168.2.7
                                                Jan 8, 2025 18:00:04.314604044 CET53633991.1.1.1192.168.2.7
                                                Jan 8, 2025 18:00:23.066148043 CET53654981.1.1.1192.168.2.7
                                                Jan 8, 2025 18:00:24.079191923 CET53551511.1.1.1192.168.2.7
                                                Jan 8, 2025 18:00:35.988157988 CET138138192.168.2.7192.168.2.255
                                                Jan 8, 2025 18:00:45.770133972 CET53532851.1.1.1192.168.2.7

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Jan 8, 2025 17:59:46.085517883 CET192.168.2.71.1.1.10x162cStandard query (0)advitya-heights.comA (IP address)IN (0x0001)false
                                                Jan 8, 2025 17:59:46.086741924 CET192.168.2.71.1.1.10x60fbStandard query (0)advitya-heights.com65IN (0x0001)false
                                                Jan 8, 2025 17:59:48.375855923 CET192.168.2.71.1.1.10x54abStandard query (0)google.comA (IP address)IN (0x0001)false
                                                Jan 8, 2025 17:59:48.376055956 CET192.168.2.71.1.1.10x8a9dStandard query (0)google.com65IN (0x0001)false
                                                Jan 8, 2025 17:59:48.412404060 CET192.168.2.71.1.1.10x4e49Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                Jan 8, 2025 17:59:49.720673084 CET192.168.2.71.1.1.10xdabeStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                Jan 8, 2025 17:59:49.720876932 CET192.168.2.71.1.1.10xbd4dStandard query (0)www.google.com65IN (0x0001)false
                                                Jan 8, 2025 17:59:50.752321959 CET192.168.2.71.1.1.10x7fd7Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                Jan 8, 2025 17:59:50.752480030 CET192.168.2.71.1.1.10x6becStandard query (0)www.google.com65IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Jan 8, 2025 17:59:46.098016024 CET1.1.1.1192.168.2.70x162cNo error (0)advitya-heights.com188.114.97.3A (IP address)IN (0x0001)false
                                                Jan 8, 2025 17:59:46.098016024 CET1.1.1.1192.168.2.70x162cNo error (0)advitya-heights.com188.114.96.3A (IP address)IN (0x0001)false
                                                Jan 8, 2025 17:59:46.146810055 CET1.1.1.1192.168.2.70x60fbNo error (0)advitya-heights.com65IN (0x0001)false
                                                Jan 8, 2025 17:59:48.382455111 CET1.1.1.1192.168.2.70x54abNo error (0)google.com172.217.23.110A (IP address)IN (0x0001)false
                                                Jan 8, 2025 17:59:48.382589102 CET1.1.1.1192.168.2.70x8a9dNo error (0)google.com65IN (0x0001)false
                                                Jan 8, 2025 17:59:48.420078993 CET1.1.1.1192.168.2.70x4e49No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                Jan 8, 2025 17:59:49.327970028 CET1.1.1.1192.168.2.70xda2dNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                Jan 8, 2025 17:59:49.327970028 CET1.1.1.1192.168.2.70xda2dNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                Jan 8, 2025 17:59:49.727437973 CET1.1.1.1192.168.2.70xbd4dNo error (0)www.google.com65IN (0x0001)false
                                                Jan 8, 2025 17:59:49.727742910 CET1.1.1.1192.168.2.70xdabeNo error (0)www.google.com142.250.184.228A (IP address)IN (0x0001)false
                                                Jan 8, 2025 17:59:50.759157896 CET1.1.1.1192.168.2.70x6becNo error (0)www.google.com65IN (0x0001)false
                                                Jan 8, 2025 17:59:50.759171963 CET1.1.1.1192.168.2.70x7fd7No error (0)www.google.com142.250.185.196A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • advitya-heights.com
                                                • google.com
                                                • https:
                                                  • www.google.com

                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.749724188.114.97.34438428C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-01-08 16:59:47 UTC743OUTGET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9Ya3piRFU9JnVpZD1VU0VSMDYwMTIwMjVVMjUwMTA2NTA=N0123N HTTP/1.1
                                                Host: advitya-heights.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2025-01-08 16:59:47 UTC946INHTTP/1.1 302 Found
                                                Date: Wed, 08 Jan 2025 16:59:47 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                location: https://google.com/404/
                                                x-powered-by: PHP/8.2.23
                                                Cache-Control: no-cache, no-store, must-revalidate, max-age=0
                                                vary: Accept-Encoding
                                                alt-svc: h3=":443"; ma=86400
                                                cf-cache-status: DYNAMIC
                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1sD9AjoC%2Brr23BrLED1bm06p%2BA5mVetoVV7edKCVsQ8ykU8RloSszTzVdGEyQM9l9RPMLW3OkR952APIMMnUnY76wiv%2Fjinefssh6xBW4%2FQT0JlIBF8qnF%2FeOsb7zUBV6h%2BLl2hi"}],"group":"cf-nel","max_age":604800}
                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 8fedbd747fa841a1-EWR
                                                server-timing: cfL4;desc="?proto=TCP&rtt=1736&min_rtt=1728&rtt_var=664&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1321&delivery_rate=1627647&cwnd=229&unsent_bytes=0&cid=6a73aacf2c4c1f58&ts=772&x=0"
                                                2025-01-08 16:59:47 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                Data Ascii: 1
                                                2025-01-08 16:59:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.749736172.217.23.1104438428C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-01-08 16:59:49 UTC657OUTGET /404/ HTTP/1.1
                                                Host: google.com
                                                Connection: keep-alive
                                                Upgrade-Insecure-Requests: 1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: navigate
                                                Sec-Fetch-User: ?1
                                                Sec-Fetch-Dest: document
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                sec-ch-ua-platform: "Windows"
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2025-01-08 16:59:49 UTC231INHTTP/1.1 404 Not Found
                                                Content-Type: text/html; charset=UTF-8
                                                Referrer-Policy: no-referrer
                                                Content-Length: 1565
                                                Date: Wed, 08 Jan 2025 16:59:49 GMT
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close
                                                2025-01-08 16:59:49 UTC1159INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65
                                                Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-se
                                                2025-01-08 16:59:49 UTC406INData Raw: 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0a 20 20
                                                Data Ascii: .google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                2192.168.2.749751142.250.184.2284438428C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-01-08 16:59:50 UTC751OUTGET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1
                                                Host: www.google.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=
                                                Sec-Fetch-Site: same-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://google.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2025-01-08 16:59:50 UTC671INHTTP/1.1 200 OK
                                                Accept-Ranges: bytes
                                                Content-Type: image/png
                                                Cross-Origin-Resource-Policy: cross-origin
                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                Content-Length: 3170
                                                Date: Wed, 08 Jan 2025 16:59:50 GMT
                                                Expires: Wed, 08 Jan 2025 16:59:50 GMT
                                                Cache-Control: private, max-age=31536000
                                                Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                X-Content-Type-Options: nosniff
                                                Server: sffe
                                                X-XSS-Protection: 0
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close
                                                2025-01-08 16:59:50 UTC719INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 36 08 06 00 00 00 25 1d 60 0c 00 00 0c 29 49 44 41 54 78 da ed 5d 0b 70 54 d5 19 3e 98 6c 00 1f 88 da 97 b5 82 62 ad 14 28 48 76 37 20 44 37 f7 6e 08 38 83 a2 a5 b4 56 ab a5 48 5f 82 52 3b 53 1f 68 59 60 77 13 28 b6 d5 2a b6 4e 5f 52 ab 22 30 60 a9 2d e6 41 a9 1d 7c b4 2a 4e c5 fa 60 b0 a8 80 ec 6e 02 84 7b ef 26 90 84 6c ff 6f e0 0e 3b 9b ff de bd 8f 84 61 9a f3 cd 9c d9 64 ef dd 24 e7 f0 9d ff f1 fd ff b9 08 09 09 09 89 fe 89 e9 b1 dc e9 4a 9d 31 ae 2a 91 9d a1 d4 1a 37 2b 09 63 8e 9a d4 6f a0 a1 54 2f cf 7e 56 e4 72 03 84 84 84 13 44 eb da 47 a8 49 63 11 91 e7 e5 aa b8 d6 45 5f e7 ac 46 55 52 db a3 26 f4 df 55 25 8c a9 b1 58 ee 34 21 21 51 88 48 22 3b 91 c8 f4 1c 08 e3 65 28 49 63 07
                                                Data Ascii: PNGIHDR6%`)IDATx]pT>lb(Hv7 D7n8VH_R;ShY`w(*N_R"0`-A|*N`n{&lo;ad$J1*7+coT/~VrDGIcE_FUR&U%X4!!QH";e(Ic
                                                2025-01-08 16:59:50 UTC1390INData Raw: df d8 08 c8 2f 44 6b db ae 38 9e 54 fd 99 be 7f 2b 7f f8 25 56 73 34 14 ce 44 43 1b 52 d1 60 a7 f5 5a 06 df c2 e6 05 c1 bc 0a a2 1f 30 13 5b 29 4e 21 a4 ab 83 95 19 25 fc 3e 26 ec 62 ec 24 92 4d 12 0e d1 d1 50 1a 21 c2 fc 97 21 92 1d c1 de 27 4b 76 a5 e3 b5 4e 64 af a1 b5 6d 76 52 fa 3a 96 4c e9 0b e8 eb 77 0b af 79 25 d6 8e 69 9f 1f 48 eb f2 b0 bb 75 0c d5 ef 89 86 cf 73 dd 53 65 31 b1 5b c5 29 02 22 c7 cd 29 25 d8 85 49 ba 1d d8 91 f8 bc 28 82 23 4d 81 d9 34 ba 40 16 b7 03 9f 23 17 f9 cd e2 1b 58 9f e7 84 50 3c c1 fc 13 6b df 94 b1 67 a4 95 f0 16 4f eb a8 86 df 49 a9 13 3e 2d 9c 02 a2 27 1f 5f e9 51 e1 12 54 ea 79 0f 3d 5a 9e 47 52 7b 5d 14 80 26 74 7d 2a 1a ee c6 e4 bc 8e 94 12 3e 4a 04 9b 21 2c d0 d9 58 36 f3 48 43 a0 1b 24 f1 3a 8e 7d be ec 7a bb da
                                                Data Ascii: /Dk8T+%Vs4DCR`Z0[)N!%>&b$MP!!'KvNdmvR:Lwy%iHusSe1[)")%I(#M4@#XP<kgOI>-'_QTy=ZGR{]&t}*>J!,X6HC$:}z
                                                2025-01-08 16:59:50 UTC1061INData Raw: ab 50 1a 37 9a 50 9e f0 62 0d d1 67 44 a4 6d b3 e8 52 9d 27 0a 80 0c 90 57 cf 83 f3 85 03 40 9a e0 3e 0f 51 30 cf 8d 8d 03 11 18 1d ea 36 e1 00 74 df 9d 6c 69 a7 3e 30 e6 84 85 36 ca 2d d6 73 a1 28 82 e0 63 b9 00 e9 89 af f4 89 40 0a 0f a0 56 28 a2 38 b0 c9 6f 43 dc d5 5c 13 1c e9 cf 25 26 8c 47 6d ca 2e 59 22 c2 4f 6a e2 6d 17 8a 22 40 f0 8a 62 36 7a 8b ac 7f 9e be d1 aa ac 01 cd 89 31 dd 5d e8 11 2a a2 5f cd c6 7d 4c 91 f5 2f 8c 5c d0 c8 65 75 d4 ad 60 2b 09 a0 9b 81 eb 86 a0 f7 36 89 02 70 f3 c7 b9 4d 25 ae 7f dd f6 54 53 42 fb 83 df 92 8e 29 2b c0 42 31 e4 6a a6 8e 85 b1 c2 06 a8 bf a2 62 61 66 d4 10 4f 1d 5a 2f 9e 10 78 4a 4c d1 56 8e b8 b1 15 19 0b 74 19 f4 c6 a3 be 88 7e 23 fa ec 7c 94 2c 68 61 76 db fd 0c ec c6 48 2c 6d 29 b4 c1 6a 99 b2 03 33 d6
                                                Data Ascii: P7PbgDmR'W@>Q06tli>06-s(c@V(8oC\%&Gm.Y"Ojm"@b6z1]*_}L/\eu`+6pM%TSB)+B1jbafOZ/xJLVt~#|,havH,m)j3


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                3192.168.2.749752142.250.184.2284438428C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-01-08 16:59:50 UTC715OUTGET /images/errors/robot.png HTTP/1.1
                                                Host: www.google.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=
                                                Sec-Fetch-Site: same-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Referer: https://google.com/
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2025-01-08 16:59:50 UTC683INHTTP/1.1 200 OK
                                                Accept-Ranges: bytes
                                                Cross-Origin-Resource-Policy: cross-origin
                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                Content-Length: 6327
                                                X-Content-Type-Options: nosniff
                                                Server: sffe
                                                X-XSS-Protection: 0
                                                Date: Tue, 07 Jan 2025 12:21:02 GMT
                                                Expires: Wed, 07 Jan 2026 12:21:02 GMT
                                                Cache-Control: public, max-age=31536000
                                                Age: 103128
                                                Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                Content-Type: image/png
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close
                                                2025-01-08 16:59:50 UTC707INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ab 00 00 00 d5 08 03 00 00 00 1f 1e f0 9a 00 00 00 57 50 4c 54 45 9d c7 ed 7a b3 e7 7a b3 e8 d4 e6 f7 9e c7 ee 32 8a db bb d8 f3 ba d8 f3 bb d8 f4 57 9f e1 7b b3 e8 56 9e e1 d4 e6 f8 d3 e6 f7 7a b2 e7 e9 f3 fb 32 89 da 33 8a db ea f3 fc 56 9f e1 32 8a da 9d c6 ed 9e c7 ed d3 e5 f7 ba d7 f3 e9 f2 fb ea f3 fb 57 9f e2 ff ff ff 3e 60 10 a0 00 00 00 1d 74 52 4e 53 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 59 86 e7 6a 00 00 17 f2 49 44 41 54 78 01 b5 c1 07 42 63 49 0c 40 41 a9 73 ff e4 48 58 e9 dd ff 9c 6b c3 30 63 1b 93 0c 54 09 3f 6e c5 2f 11 7e d6 14 97 1e 62 8c fc 02 e1 47 4d de 47 75 cf 63 e4 e7 09 3f aa 7b 35 88 35 b8 cc fc 34 e1 27 15 6f 3c 93 1c f8 69
                                                Data Ascii: PNGIHDRWPLTEzz2W{Vz23V2W>`tRNSYjIDATxBcI@AsHXk0cT?n/~bGMGuc?{554'o<i
                                                2025-01-08 16:59:50 UTC1390INData Raw: 27 36 a7 9e 7b 28 3c b9 9b b9 85 70 93 e8 06 c3 3a f1 be e6 21 3d 80 d5 bb 31 87 66 fc 11 22 b7 10 6e f2 38 02 da 8d 0f c4 a2 7e 6f b3 bb 4e fc 33 6c b9 85 70 13 5b 0c a6 c4 c1 2a 0a ef 89 da 93 18 a7 a4 72 0b e1 36 8b f1 ac 7a de 14 ae 28 91 67 31 71 41 85 5b 08 9f 11 8b 71 c6 76 2b 9e d8 26 e7 1c b8 42 7b e1 49 8b 5c f0 ca 2d 84 0f c5 ba f4 ec 89 53 d1 79 26 fb bc d9 0b d7 a8 17 8e 4a e2 82 57 6e 21 7c 44 dc bd 98 e4 99 13 e6 2b 9e 14 cf 79 b7 e5 1a d3 1c 39 a8 81 0b c3 1d b7 10 3e 20 eb 6a 1c c8 c6 f8 c7 b4 f1 a4 b8 7b e4 0d c1 0d b8 4b 5c 58 16 6e 21 bc af 65 e5 49 19 2b 27 c6 ca b3 87 6a bc c5 b2 00 2d 70 41 95 5b 08 ef 32 1f 8c a3 38 67 e7 44 4f bc 23 a9 3f 70 10 06 20 05 2e 8c c2 2d 84 77 35 e7 89 64 f7 81 13 bb ca db 34 e7 ec 1c c4 6e d0 9c 0b 21
                                                Data Ascii: '6{(<p:!=1f"n8~oN3lp[*r6z(g1qA[qv+&B{I\-Sy&JWn!|D+y9> j{K\Xn!eI+'j-pA[28gDO#?p .-w5d4n!
                                                2025-01-08 16:59:50 UTC1390INData Raw: 05 d5 c6 51 4b c5 78 43 09 6b 77 31 6e 24 bc a6 ce 1f 75 1c bd 6e 39 30 1e 24 ea c2 13 db 45 2e d9 10 7a 89 1c a4 94 a2 71 5d 7c 18 dd 0b b7 11 5e 8b 63 e2 49 49 36 85 4d d0 a0 1a 7a 1e e3 ca 2b 47 e6 89 2b 24 04 a9 1c 58 d2 12 b9 ce 4a c8 43 04 e6 b8 e2 6b 84 2b 64 9c 01 4b 21 02 2a 83 fa 2e 94 58 13 77 0b 47 d6 13 57 59 0a 5a b7 06 94 94 9a 71 9d 8c 9b 30 0d 29 f2 45 c2 15 31 14 26 19 1a 07 26 40 13 c0 02 d1 13 47 cb 23 6f b0 a2 21 84 95 41 ac 22 91 2b ac 8c 7d b3 5b 1e f9 2a e1 9a fb 2c 65 e2 49 14 20 2a 07 52 79 f4 c8 41 6f bc 6d 5b 54 43 6a 60 55 52 31 4e 59 15 df 6c b4 46 6a e0 ab 84 ab 8a eb 5d e4 a8 0a 10 07 8e ea 14 3d eb 90 24 2f bc 2f a6 10 c2 0a 5b b5 54 66 5e 44 f5 bc c9 a1 19 d0 94 af 12 ae 6b da 47 2d c5 56 8b 01 35 71 d4 c6 30 88 4a 48 3d
                                                Data Ascii: QKxCkw1n$un90$E.zq]|^cII6Mz+G+$XJCk+dK!*.XwGWYZq0)E1&&@G#o!A"+}[*,eI *RyAom[TCj`UR1NYlFj]=$//[Tf^DkG-V5q0JH=
                                                2025-01-08 16:59:50 UTC1390INData Raw: 1f 7a f4 ec 7d e6 2d 51 67 4e a5 ac 5c 30 30 71 0f de 5b b8 07 cc c5 38 b0 31 44 03 84 d7 4c 1b 78 01 9a 72 90 bc f1 09 51 c2 66 3f 84 66 5c 15 84 53 16 02 6f 88 9e 47 37 cc d3 96 a3 28 d9 9b 81 f0 5a 15 48 0b 10 83 01 96 85 3f 6c 9e 92 06 e3 2d 71 f0 9e d7 21 99 71 c2 cc c0 c6 ca 19 49 bc a9 f9 e8 0c f7 3c 69 2e e2 15 10 5e a9 0b c4 60 60 1e 81 d5 30 f0 87 79 77 0f dd b7 bc 29 ca 10 f6 bd 8f 69 e2 45 eb c1 2b 84 3b ce 14 e5 1d 32 78 36 8e 82 37 cc 77 06 c2 2b 21 42 52 b0 70 0f 4c be 18 2f 54 63 35 f3 02 36 f3 a6 47 0d 3e 66 6f 5b 8e cc 83 f9 18 d1 c4 3f 36 63 91 f7 44 cf 62 40 08 11 30 15 10 2e 15 81 38 18 54 01 4c 83 71 14 ff 03 06 0f bd d7 5c b1 e0 c3 7f bc ad ca ac 79 2d 1c 8d 0d 59 cf a4 60 bc 88 a1 f0 91 69 93 13 44 e7 c8 c2 00 c2 05 0b 11 e4 11 18
                                                Data Ascii: z}-QgN\00q[81DLxrQf?f\SoG7(ZH?l-q!qI<i.^``0yw)iE+;2x67w+!BRpL/Tc56G>fo[?6cDb@0.8TLq\y-Y`iD
                                                2025-01-08 16:59:50 UTC1390INData Raw: 7a 00 e2 58 78 62 b5 cf bc 4d f8 a7 5a 5d f9 c4 57 cc a3 6d 07 35 2e d4 ae fc 11 bd 1b d8 ae 01 65 a7 de fb 7e 48 c6 1f 41 ad 89 ee 2b cf 6a af bc 4d 78 21 e3 7a 93 3d 0f ad 24 89 ab 15 ac f8 98 05 81 41 38 97 bc 67 e5 8f ba 1e 1f 30 55 20 ad f3 fd e3 1c c5 c3 96 67 c1 d7 3e ba 73 30 27 98 5d 78 9b f0 47 cd e3 22 79 3f a6 c1 47 7f 92 e2 8a 0f cc 6d b3 80 04 4e 58 94 ae 53 71 35 9e c9 5e e1 ce 1b a9 6b e5 c0 dc 57 3c 9b 53 69 b6 04 0e da ba 80 27 de 26 fc e1 79 b6 92 37 01 6c 1b a5 25 a9 3e 7a 08 d5 8c b7 ac da d8 93 c1 e4 c6 3f 45 3d cc 10 47 bf 33 9e 14 0f ff 31 04 5c d8 72 60 a9 71 22 7a 03 6c c8 13 0c 0b 7f cd c5 38 23 1c 95 41 7a dd aa e7 2c fc 13 eb e0 e3 6e b7 a4 d9 78 cd d4 3d a4 b4 34 ee 47 e3 85 dd 29 c6 51 ec d9 1f 23 47 ad ef 28 bd f9 03 4f a2
                                                Data Ascii: zXxbMZ]Wm5.e~HA+jMx!z=$A8g0U g>s0']xG"y?GmNXSq5^kW<Si'&y7l%>z?E=G31\r`q"zl8#Az,nx=4G)Q#G(O
                                                2025-01-08 16:59:50 UTC60INData Raw: df 25 fc aa e8 62 40 d2 9c 8c ef 12 7e d7 a4 63 35 93 f5 3e f2 6d c2 6f 2b 7d 18 46 99 f9 3e e1 d7 d9 5c b6 fc 84 ff 01 4e de f0 b9 5c 13 aa be 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                Data Ascii: %b@~c5>mo+}F>\N\IENDB`


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                4192.168.2.749758142.250.185.1964438428C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-01-08 16:59:51 UTC482OUTGET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1
                                                Host: www.google.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2025-01-08 16:59:51 UTC671INHTTP/1.1 200 OK
                                                Accept-Ranges: bytes
                                                Content-Type: image/png
                                                Cross-Origin-Resource-Policy: cross-origin
                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                Content-Length: 3170
                                                Date: Wed, 08 Jan 2025 16:59:51 GMT
                                                Expires: Wed, 08 Jan 2025 16:59:51 GMT
                                                Cache-Control: private, max-age=31536000
                                                Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                X-Content-Type-Options: nosniff
                                                Server: sffe
                                                X-XSS-Protection: 0
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close
                                                2025-01-08 16:59:51 UTC719INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 36 08 06 00 00 00 25 1d 60 0c 00 00 0c 29 49 44 41 54 78 da ed 5d 0b 70 54 d5 19 3e 98 6c 00 1f 88 da 97 b5 82 62 ad 14 28 48 76 37 20 44 37 f7 6e 08 38 83 a2 a5 b4 56 ab a5 48 5f 82 52 3b 53 1f 68 59 60 77 13 28 b6 d5 2a b6 4e 5f 52 ab 22 30 60 a9 2d e6 41 a9 1d 7c b4 2a 4e c5 fa 60 b0 a8 80 ec 6e 02 84 7b ef 26 90 84 6c ff 6f e0 0e 3b 9b ff de bd 8f 84 61 9a f3 cd 9c d9 64 ef dd 24 e7 f0 9d ff f1 fd ff b9 08 09 09 09 89 fe 89 e9 b1 dc e9 4a 9d 31 ae 2a 91 9d a1 d4 1a 37 2b 09 63 8e 9a d4 6f a0 a1 54 2f cf 7e 56 e4 72 03 84 84 84 13 44 eb da 47 a8 49 63 11 91 e7 e5 aa b8 d6 45 5f e7 ac 46 55 52 db a3 26 f4 df 55 25 8c a9 b1 58 ee 34 21 21 51 88 48 22 3b 91 c8 f4 1c 08 e3 65 28 49 63 07
                                                Data Ascii: PNGIHDR6%`)IDATx]pT>lb(Hv7 D7n8VH_R;ShY`w(*N_R"0`-A|*N`n{&lo;ad$J1*7+coT/~VrDGIcE_FUR&U%X4!!QH";e(Ic
                                                2025-01-08 16:59:51 UTC1390INData Raw: df d8 08 c8 2f 44 6b db ae 38 9e 54 fd 99 be 7f 2b 7f f8 25 56 73 34 14 ce 44 43 1b 52 d1 60 a7 f5 5a 06 df c2 e6 05 c1 bc 0a a2 1f 30 13 5b 29 4e 21 a4 ab 83 95 19 25 fc 3e 26 ec 62 ec 24 92 4d 12 0e d1 d1 50 1a 21 c2 fc 97 21 92 1d c1 de 27 4b 76 a5 e3 b5 4e 64 af a1 b5 6d 76 52 fa 3a 96 4c e9 0b e8 eb 77 0b af 79 25 d6 8e 69 9f 1f 48 eb f2 b0 bb 75 0c d5 ef 89 86 cf 73 dd 53 65 31 b1 5b c5 29 02 22 c7 cd 29 25 d8 85 49 ba 1d d8 91 f8 bc 28 82 23 4d 81 d9 34 ba 40 16 b7 03 9f 23 17 f9 cd e2 1b 58 9f e7 84 50 3c c1 fc 13 6b df 94 b1 67 a4 95 f0 16 4f eb a8 86 df 49 a9 13 3e 2d 9c 02 a2 27 1f 5f e9 51 e1 12 54 ea 79 0f 3d 5a 9e 47 52 7b 5d 14 80 26 74 7d 2a 1a ee c6 e4 bc 8e 94 12 3e 4a 04 9b 21 2c d0 d9 58 36 f3 48 43 a0 1b 24 f1 3a 8e 7d be ec 7a bb da
                                                Data Ascii: /Dk8T+%Vs4DCR`Z0[)N!%>&b$MP!!'KvNdmvR:Lwy%iHusSe1[)")%I(#M4@#XP<kgOI>-'_QTy=ZGR{]&t}*>J!,X6HC$:}z
                                                2025-01-08 16:59:51 UTC1061INData Raw: ab 50 1a 37 9a 50 9e f0 62 0d d1 67 44 a4 6d b3 e8 52 9d 27 0a 80 0c 90 57 cf 83 f3 85 03 40 9a e0 3e 0f 51 30 cf 8d 8d 03 11 18 1d ea 36 e1 00 74 df 9d 6c 69 a7 3e 30 e6 84 85 36 ca 2d d6 73 a1 28 82 e0 63 b9 00 e9 89 af f4 89 40 0a 0f a0 56 28 a2 38 b0 c9 6f 43 dc d5 5c 13 1c e9 cf 25 26 8c 47 6d ca 2e 59 22 c2 4f 6a e2 6d 17 8a 22 40 f0 8a 62 36 7a 8b ac 7f 9e be d1 aa ac 01 cd 89 31 dd 5d e8 11 2a a2 5f cd c6 7d 4c 91 f5 2f 8c 5c d0 c8 65 75 d4 ad 60 2b 09 a0 9b 81 eb 86 a0 f7 36 89 02 70 f3 c7 b9 4d 25 ae 7f dd f6 54 53 42 fb 83 df 92 8e 29 2b c0 42 31 e4 6a a6 8e 85 b1 c2 06 a8 bf a2 62 61 66 d4 10 4f 1d 5a 2f 9e 10 78 4a 4c d1 56 8e b8 b1 15 19 0b 74 19 f4 c6 a3 be 88 7e 23 fa ec 7c 94 2c 68 61 76 db fd 0c ec c6 48 2c 6d 29 b4 c1 6a 99 b2 03 33 d6
                                                Data Ascii: P7PbgDmR'W@>Q06tli>06-s(c@V(8oC\%&Gm.Y"Ojm"@b6z1]*_}L/\eu`+6pM%TSB)+B1jbafOZ/xJLVt~#|,havH,m)j3


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                5192.168.2.749762172.217.23.1104438428C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-01-08 16:59:51 UTC671OUTGET /favicon.ico HTTP/1.1
                                                Host: google.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=
                                                Sec-Fetch-Site: same-origin
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2025-01-08 16:59:51 UTC454INHTTP/1.1 301 Moved Permanently
                                                Location: https://www.google.com/favicon.ico
                                                Cross-Origin-Resource-Policy: cross-origin
                                                X-Content-Type-Options: nosniff
                                                Server: sffe
                                                Content-Length: 231
                                                X-XSS-Protection: 0
                                                Date: Wed, 08 Jan 2025 16:37:55 GMT
                                                Expires: Wed, 08 Jan 2025 17:07:55 GMT
                                                Cache-Control: public, max-age=1800
                                                Content-Type: text/html; charset=UTF-8
                                                Age: 1316
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close
                                                2025-01-08 16:59:51 UTC231INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/favicon.ico">here</A>.</BODY></HTML>


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                6192.168.2.749763142.250.185.1964438428C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-01-08 16:59:51 UTC446OUTGET /images/errors/robot.png HTTP/1.1
                                                Host: www.google.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2025-01-08 16:59:51 UTC683INHTTP/1.1 200 OK
                                                Accept-Ranges: bytes
                                                Cross-Origin-Resource-Policy: cross-origin
                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                Content-Length: 6327
                                                X-Content-Type-Options: nosniff
                                                Server: sffe
                                                X-XSS-Protection: 0
                                                Date: Tue, 07 Jan 2025 08:55:12 GMT
                                                Expires: Wed, 07 Jan 2026 08:55:12 GMT
                                                Cache-Control: public, max-age=31536000
                                                Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                Content-Type: image/png
                                                Age: 115479
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close
                                                2025-01-08 16:59:51 UTC707INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ab 00 00 00 d5 08 03 00 00 00 1f 1e f0 9a 00 00 00 57 50 4c 54 45 9d c7 ed 7a b3 e7 7a b3 e8 d4 e6 f7 9e c7 ee 32 8a db bb d8 f3 ba d8 f3 bb d8 f4 57 9f e1 7b b3 e8 56 9e e1 d4 e6 f8 d3 e6 f7 7a b2 e7 e9 f3 fb 32 89 da 33 8a db ea f3 fc 56 9f e1 32 8a da 9d c6 ed 9e c7 ed d3 e5 f7 ba d7 f3 e9 f2 fb ea f3 fb 57 9f e2 ff ff ff 3e 60 10 a0 00 00 00 1d 74 52 4e 53 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 59 86 e7 6a 00 00 17 f2 49 44 41 54 78 01 b5 c1 07 42 63 49 0c 40 41 a9 73 ff e4 48 58 e9 dd ff 9c 6b c3 30 63 1b 93 0c 54 09 3f 6e c5 2f 11 7e d6 14 97 1e 62 8c fc 02 e1 47 4d de 47 75 cf 63 e4 e7 09 3f aa 7b 35 88 35 b8 cc fc 34 e1 27 15 6f 3c 93 1c f8 69
                                                Data Ascii: PNGIHDRWPLTEzz2W{Vz23V2W>`tRNSYjIDATxBcI@AsHXk0cT?n/~bGMGuc?{554'o<i
                                                2025-01-08 16:59:51 UTC1390INData Raw: 27 36 a7 9e 7b 28 3c b9 9b b9 85 70 93 e8 06 c3 3a f1 be e6 21 3d 80 d5 bb 31 87 66 fc 11 22 b7 10 6e f2 38 02 da 8d 0f c4 a2 7e 6f b3 bb 4e fc 33 6c b9 85 70 13 5b 0c a6 c4 c1 2a 0a ef 89 da 93 18 a7 a4 72 0b e1 36 8b f1 ac 7a de 14 ae 28 91 67 31 71 41 85 5b 08 9f 11 8b 71 c6 76 2b 9e d8 26 e7 1c b8 42 7b e1 49 8b 5c f0 ca 2d 84 0f c5 ba f4 ec 89 53 d1 79 26 fb bc d9 0b d7 a8 17 8e 4a e2 82 57 6e 21 7c 44 dc bd 98 e4 99 13 e6 2b 9e 14 cf 79 b7 e5 1a d3 1c 39 a8 81 0b c3 1d b7 10 3e 20 eb 6a 1c c8 c6 f8 c7 b4 f1 a4 b8 7b e4 0d c1 0d b8 4b 5c 58 16 6e 21 bc af 65 e5 49 19 2b 27 c6 ca b3 87 6a bc c5 b2 00 2d 70 41 95 5b 08 ef 32 1f 8c a3 38 67 e7 44 4f bc 23 a9 3f 70 10 06 20 05 2e 8c c2 2d 84 77 35 e7 89 64 f7 81 13 bb ca db 34 e7 ec 1c c4 6e d0 9c 0b 21
                                                Data Ascii: '6{(<p:!=1f"n8~oN3lp[*r6z(g1qA[qv+&B{I\-Sy&JWn!|D+y9> j{K\Xn!eI+'j-pA[28gDO#?p .-w5d4n!
                                                2025-01-08 16:59:51 UTC1390INData Raw: 05 d5 c6 51 4b c5 78 43 09 6b 77 31 6e 24 bc a6 ce 1f 75 1c bd 6e 39 30 1e 24 ea c2 13 db 45 2e d9 10 7a 89 1c a4 94 a2 71 5d 7c 18 dd 0b b7 11 5e 8b 63 e2 49 49 36 85 4d d0 a0 1a 7a 1e e3 ca 2b 47 e6 89 2b 24 04 a9 1c 58 d2 12 b9 ce 4a c8 43 04 e6 b8 e2 6b 84 2b 64 9c 01 4b 21 02 2a 83 fa 2e 94 58 13 77 0b 47 d6 13 57 59 0a 5a b7 06 94 94 9a 71 9d 8c 9b 30 0d 29 f2 45 c2 15 31 14 26 19 1a 07 26 40 13 c0 02 d1 13 47 cb 23 6f b0 a2 21 84 95 41 ac 22 91 2b ac 8c 7d b3 5b 1e f9 2a e1 9a fb 2c 65 e2 49 14 20 2a 07 52 79 f4 c8 41 6f bc 6d 5b 54 43 6a 60 55 52 31 4e 59 15 df 6c b4 46 6a e0 ab 84 ab 8a eb 5d e4 a8 0a 10 07 8e ea 14 3d eb 90 24 2f bc 2f a6 10 c2 0a 5b b5 54 66 5e 44 f5 bc c9 a1 19 d0 94 af 12 ae 6b da 47 2d c5 56 8b 01 35 71 d4 c6 30 88 4a 48 3d
                                                Data Ascii: QKxCkw1n$un90$E.zq]|^cII6Mz+G+$XJCk+dK!*.XwGWYZq0)E1&&@G#o!A"+}[*,eI *RyAom[TCj`UR1NYlFj]=$//[Tf^DkG-V5q0JH=
                                                2025-01-08 16:59:51 UTC1390INData Raw: 1f 7a f4 ec 7d e6 2d 51 67 4e a5 ac 5c 30 30 71 0f de 5b b8 07 cc c5 38 b0 31 44 03 84 d7 4c 1b 78 01 9a 72 90 bc f1 09 51 c2 66 3f 84 66 5c 15 84 53 16 02 6f 88 9e 47 37 cc d3 96 a3 28 d9 9b 81 f0 5a 15 48 0b 10 83 01 96 85 3f 6c 9e 92 06 e3 2d 71 f0 9e d7 21 99 71 c2 cc c0 c6 ca 19 49 bc a9 f9 e8 0c f7 3c 69 2e e2 15 10 5e a9 0b c4 60 60 1e 81 d5 30 f0 87 79 77 0f dd b7 bc 29 ca 10 f6 bd 8f 69 e2 45 eb c1 2b 84 3b ce 14 e5 1d 32 78 36 8e 82 37 cc 77 06 c2 2b 21 42 52 b0 70 0f 4c be 18 2f 54 63 35 f3 02 36 f3 a6 47 0d 3e 66 6f 5b 8e cc 83 f9 18 d1 c4 3f 36 63 91 f7 44 cf 62 40 08 11 30 15 10 2e 15 81 38 18 54 01 4c 83 71 14 ff 03 06 0f bd d7 5c b1 e0 c3 7f bc ad ca ac 79 2d 1c 8d 0d 59 cf a4 60 bc 88 a1 f0 91 69 93 13 44 e7 c8 c2 00 c2 05 0b 11 e4 11 18
                                                Data Ascii: z}-QgN\00q[81DLxrQf?f\SoG7(ZH?l-q!qI<i.^``0yw)iE+;2x67w+!BRpL/Tc56G>fo[?6cDb@0.8TLq\y-Y`iD
                                                2025-01-08 16:59:51 UTC1390INData Raw: 7a 00 e2 58 78 62 b5 cf bc 4d f8 a7 5a 5d f9 c4 57 cc a3 6d 07 35 2e d4 ae fc 11 bd 1b d8 ae 01 65 a7 de fb 7e 48 c6 1f 41 ad 89 ee 2b cf 6a af bc 4d 78 21 e3 7a 93 3d 0f ad 24 89 ab 15 ac f8 98 05 81 41 38 97 bc 67 e5 8f ba 1e 1f 30 55 20 ad f3 fd e3 1c c5 c3 96 67 c1 d7 3e ba 73 30 27 98 5d 78 9b f0 47 cd e3 22 79 3f a6 c1 47 7f 92 e2 8a 0f cc 6d b3 80 04 4e 58 94 ae 53 71 35 9e c9 5e e1 ce 1b a9 6b e5 c0 dc 57 3c 9b 53 69 b6 04 0e da ba 80 27 de 26 fc e1 79 b6 92 37 01 6c 1b a5 25 a9 3e 7a 08 d5 8c b7 ac da d8 93 c1 e4 c6 3f 45 3d cc 10 47 bf 33 9e 14 0f ff 31 04 5c d8 72 60 a9 71 22 7a 03 6c c8 13 0c 0b 7f cd c5 38 23 1c 95 41 7a dd aa e7 2c fc 13 eb e0 e3 6e b7 a4 d9 78 cd d4 3d a4 b4 34 ee 47 e3 85 dd 29 c6 51 ec d9 1f 23 47 ad ef 28 bd f9 03 4f a2
                                                Data Ascii: zXxbMZ]Wm5.e~HA+jMx!z=$A8g0U g>s0']xG"y?GmNXSq5^kW<Si'&y7l%>z?E=G31\r`q"zl8#Az,nx=4G)Q#G(O
                                                2025-01-08 16:59:51 UTC60INData Raw: df 25 fc aa e8 62 40 d2 9c 8c ef 12 7e d7 a4 63 35 93 f5 3e f2 6d c2 6f 2b 7d 18 46 99 f9 3e e1 d7 d9 5c b6 fc 84 ff 01 4e de f0 b9 5c 13 aa be 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                Data Ascii: %b@~c5>mo+}F>\N\IENDB`


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                7192.168.2.749771142.250.184.2284438428C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-01-08 16:59:52 UTC673OUTGET /favicon.ico HTTP/1.1
                                                Host: www.google.com
                                                Connection: keep-alive
                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                sec-ch-ua-mobile: ?0
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                sec-ch-ua-platform: "Windows"
                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=
                                                Sec-Fetch-Site: same-site
                                                Sec-Fetch-Mode: no-cors
                                                Sec-Fetch-Dest: image
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2025-01-08 16:59:52 UTC706INHTTP/1.1 200 OK
                                                Accept-Ranges: bytes
                                                Cross-Origin-Resource-Policy: cross-origin
                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                Content-Length: 5430
                                                X-Content-Type-Options: nosniff
                                                Server: sffe
                                                X-XSS-Protection: 0
                                                Date: Wed, 08 Jan 2025 13:06:49 GMT
                                                Expires: Thu, 16 Jan 2025 13:06:49 GMT
                                                Cache-Control: public, max-age=691200
                                                Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                Content-Type: image/x-icon
                                                Vary: Accept-Encoding
                                                Age: 13983
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close
                                                2025-01-08 16:59:52 UTC684INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                Data Ascii: h& ( 0.v]X:X:rY
                                                2025-01-08 16:59:52 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c
                                                Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<
                                                2025-01-08 16:59:52 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42
                                                Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                2025-01-08 16:59:52 UTC1390INData Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                Data Ascii: BBBBBBBF!4I
                                                2025-01-08 16:59:52 UTC576INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                Data Ascii: $'


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                8192.168.2.749777142.250.185.1964438428C:\Program Files\Google\Chrome\Application\chrome.exe
                                                TimestampBytes transferredDirectionData
                                                2025-01-08 16:59:53 UTC434OUTGET /favicon.ico HTTP/1.1
                                                Host: www.google.com
                                                Connection: keep-alive
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                Accept: */*
                                                X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlKHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=
                                                Sec-Fetch-Site: none
                                                Sec-Fetch-Mode: cors
                                                Sec-Fetch-Dest: empty
                                                Accept-Encoding: gzip, deflate, br
                                                Accept-Language: en-US,en;q=0.9
                                                2025-01-08 16:59:53 UTC705INHTTP/1.1 200 OK
                                                Accept-Ranges: bytes
                                                Cross-Origin-Resource-Policy: cross-origin
                                                Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                Content-Length: 5430
                                                X-Content-Type-Options: nosniff
                                                Server: sffe
                                                X-XSS-Protection: 0
                                                Date: Wed, 08 Jan 2025 16:12:07 GMT
                                                Expires: Thu, 16 Jan 2025 16:12:07 GMT
                                                Cache-Control: public, max-age=691200
                                                Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                Content-Type: image/x-icon
                                                Vary: Accept-Encoding
                                                Age: 2866
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close
                                                2025-01-08 16:59:53 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                Data Ascii: h& ( 0.v]X:X:rY
                                                2025-01-08 16:59:53 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                2025-01-08 16:59:53 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                2025-01-08 16:59:53 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                Data Ascii: BBBBBBF!4I
                                                2025-01-08 16:59:53 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                Data Ascii: $'


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:1
                                                Start time:11:59:39
                                                Start date:08/01/2025
                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Magicleap-bonus disbursment.pdf"
                                                Imagebase:0x7ff702560000
                                                File size:5'641'176 bytes
                                                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:3
                                                Start time:11:59:40
                                                Start date:08/01/2025
                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                Imagebase:0x7ff6c3ff0000
                                                File size:3'581'912 bytes
                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:5
                                                Start time:11:59:40
                                                Start date:08/01/2025
                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1564,i,8862215800978117416,16348351130941415892,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                Imagebase:0x7ff6c3ff0000
                                                File size:3'581'912 bytes
                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:7
                                                Start time:11:59:42
                                                Start date:08/01/2025
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://advitya-heights.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPU9Ya3piRFU9JnVpZD1VU0VSMDYwMTIwMjVVMjUwMTA2NTA=N0123N#jmillermcgrath@magicleap.com
                                                Imagebase:0x7ff6c4390000
                                                File size:3'242'272 bytes
                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:8
                                                Start time:11:59:44
                                                Start date:08/01/2025
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1836,i,4765830214496362550,14973404584205648395,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                Imagebase:0x7ff6c4390000
                                                File size:3'242'272 bytes
                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                Disassembly

                                                No disassembly