Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Payment Remittance.pdf

Overview

General Information

Sample name:Payment Remittance.pdf
Analysis ID:1654239
MD5:be4a536d9ea34d6419fbdb13f161e43f
SHA1:b41fb15173937f5e601a4ea88d975d73c5961567
SHA256:3983e55a461d3dda073b3f654b155032bae5e096744c358357a92ee0c2516cc3
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Antivirus detection for URL or domain
AI detected landing page (webpage, office document or email)
Creates files inside the system directory
Deletes files inside the Windows folder
Form action URLs do not match main URL
HTML body contains low number of good links
HTML title does not match URL
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Suspicious form URL found
Unable to load, office file is protected or invalid

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 4104 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Payment Remittance.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7184 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7388 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2236 --field-trial-handle=1588,i,12727439123907870177,15176298521270964230,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 9204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 8460 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=280,i,5399740859030042710,15862493063084477710,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2124 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 9120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Phishing
  • Compliance
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://thynkfinance.co.za/admin/save/mer.phpAvira URL Cloud: Label: phishing
Source: https://res2.showcaseworkshop.com/favicon.icoAvira URL Cloud: Label: phishing
Source: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/Avira URL Cloud: Label: phishing

Phishing

barindex
Source: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'res2.showcaseworkshop.com' does not match the legitimate domain 'microsoft.com'., The domain 'showcaseworkshop.com' is unrelated to Microsoft, which is suspicious., The presence of input fields for 'Email' and 'Password' on an unrelated domain increases the risk of phishing., The URL does not contain any direct reference to Microsoft, which is a common tactic in phishing attempts. DOM: 0.0.pages.csv
Source: PDF documentJoe Sandbox AI: Page contains button: 'VIEW PAYMENT COPY HERE' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'view payment copy here'
Source: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51HTTP Parser: Form action: https://thynkfinance.co.za/admin/save/mer.php showcaseworkshop co
Source: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51HTTP Parser: Number of links: 0
Source: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51HTTP Parser: Title: REMITTANCE does not match URL
Source: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51HTTP Parser: Form action: https://thynkfinance.co.za/admin/save/mer.php
Source: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51HTTP Parser: <input type="password" .../> found
Source: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51HTTP Parser: No favicon
Source: https://i.ibb.co/nBXYTs4/wrong-details.jpgHTTP Parser: No favicon
Source: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51HTTP Parser: No <meta name="author".. found
Source: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.168.73.96:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.168.73.96:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 154.0.165.249:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 154.0.165.249:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 207.174.26.219:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.131.251:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.4.104:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 207.174.26.219 207.174.26.219
Source: Joe Sandbox ViewIP Address: 104.76.101.49 104.76.101.49
Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.99
Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51 HTTP/1.1Host: res2.showcaseworkshop.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: res2.showcaseworkshop.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /nBXYTs4/wrong-details.jpg HTTP/1.1Host: i.ibb.coConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://res2.showcaseworkshop.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: i.ibb.coConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://i.ibb.co/nBXYTs4/wrong-details.jpgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/favicon.png HTTP/1.1Host: simgbb.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://i.ibb.co/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /images/favicon.png HTTP/1.1Host: simgbb.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: res2.showcaseworkshop.com
Source: global trafficDNS traffic detected: DNS query: thynkfinance.co.za
Source: global trafficDNS traffic detected: DNS query: i.ibb.co
Source: global trafficDNS traffic detected: DNS query: simgbb.com
Source: unknownHTTP traffic detected: POST /admin/save/mer.php HTTP/1.1Host: thynkfinance.co.zaConnection: keep-aliveContent-Length: 47Cache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Origin: https://res2.showcaseworkshop.comContent-Type: application/x-www-form-urlencodedUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://res2.showcaseworkshop.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: Payment Remittance.pdfString found in binary or memory: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/
Source: chromecache_182.21.drString found in binary or memory: https://thynkfinance.co.za/admin/save/mer.php
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.168.73.96:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.168.73.96:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 154.0.165.249:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknownHTTPS traffic detected: 154.0.165.249:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 207.174.26.219:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.131.251:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.4.104:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir9204_508398426Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir9204_508398426Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeWindow title found: save password for res2.showcaseworkshop.com?
Source: classification engineClassification label: mal60.phis.winPDF@39/56@13/8
Source: Payment Remittance.pdfInitial sample: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51
Source: Payment Remittance.pdfInitial sample: https://res2.showcaseworkshop.com/ge395ea18yup75v94s5b2uzoz164ismu4z3s6giq/r/4krjua8ra90ucyiduasooe/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5292Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-02 01-12-50-425.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Payment Remittance.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2236 --field-trial-handle=1588,i,12727439123907870177,15176298521270964230,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=280,i,5399740859030042710,15862493063084477710,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2124 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2236 --field-trial-handle=1588,i,12727439123907870177,15176298521270964230,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=280,i,5399740859030042710,15862493063084477710,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2124 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Payment Remittance.pdfInitial sample: PDF keyword /JS count = 0
Source: Payment Remittance.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Payment Remittance.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management Instrumentation1
Browser Extensions		1
Process Injection		11
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1654239 Sample: Payment Remittance.pdf Startdate: 02/04/2025 Architecture: WINDOWS Score: 60 22 x1.i.lencr.org 2->22 24 e8652.dscx.akamaiedge.net 2->24 26 crl.root-x1.letsencrypt.org.edgekey.net 2->26 38 Antivirus detection for URL or domain 2->38 40 AI detected phishing page 2->40 42 AI detected landing page (webpage, office document or email) 2->42 8 chrome.exe 2 2->8         started        11 Acrobat.exe 20 72 2->11         started        13 chrome.exe 2->13         started        signatures3 process4 dnsIp5 28 192.168.2.4, 138, 443, 49484 unknown unknown 8->28 15 chrome.exe 8->15         started        18 AcroCEF.exe 106 11->18         started        process6 dnsIp7 30 res2.showcaseworkshop.com 3.168.73.96, 443, 49741, 49742 AMAZON-02US United States 15->30 32 i.ibb.co 207.174.26.219, 443, 49751, 49752 RCN-ASUS United States 15->32 36 4 other IPs or domains 15->36 34 e8652.dscx.akamaiedge.net 104.76.101.49, 49726, 80 AKAMAI-ASUS United States 18->34 20 AcroCEF.exe 2 18->20         started        process8

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Payment Remittance.pdf8%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://thynkfinance.co.za/admin/save/mer.php100%Avira URL Cloudphishing
https://res2.showcaseworkshop.com/favicon.ico100%Avira URL Cloudphishing
https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/100%Avira URL Cloudphishing

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
e8652.dscx.akamaiedge.net
104.76.101.49
truefalse
    		high
    simgbb.com
    		172.67.131.251
    		truefalse
      		high
      www.google.com
      		142.251.40.132
      		truefalse
        		high
        thynkfinance.co.za
        		154.0.165.249
        		truefalse
          		unknown
          res2.showcaseworkshop.com
          		3.168.73.96
          		truetrue
            		unknown
            i.ibb.co
            		207.174.26.219
            		truefalse
              		high
              x1.i.lencr.org
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51true
                  		unknown
                  https://thynkfinance.co.za/admin/save/mer.phpfalse
                  • Avira URL Cloud: phishing
                  		unknown
                  https://simgbb.com/images/favicon.pngfalse
                    		high
                    http://x1.i.lencr.org/false
                      		high
                      http://c.pki.goog/r/gsr1.crlfalse
                        		high
                        http://c.pki.goog/r/r4.crlfalse
                          		high
                          https://res2.showcaseworkshop.com/favicon.icofalse
                          • Avira URL Cloud: phishing
                          		unknown
                          https://i.ibb.co/favicon.icofalse
                            		high
                            https://i.ibb.co/nBXYTs4/wrong-details.jpgfalse
                              		high
                              NameSourceMaliciousAntivirus DetectionReputation
                              https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/Payment Remittance.pdffalse
                              • Avira URL Cloud: phishing
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              207.174.26.219
                              		i.ibb.coUnited States
                              		6079RCN-ASUSfalse
                              104.76.101.49
                              		e8652.dscx.akamaiedge.netUnited States
                              		16625AKAMAI-ASUSfalse
                              172.67.131.251
                              		simgbb.comUnited States
                              		13335CLOUDFLARENETUSfalse
                              3.168.73.96
                              		res2.showcaseworkshop.comUnited States
                              		16509AMAZON-02UStrue
                              142.251.40.132
                              		www.google.comUnited States
                              		15169GOOGLEUSfalse
                              104.21.4.104
                              		unknownUnited States
                              		13335CLOUDFLARENETUSfalse
                              154.0.165.249
                              		thynkfinance.co.zaSouth Africa
                              		37611AfrihostZAfalse

                              Private

                              IP
                              192.168.2.4

                              General Information

                              Joe Sandbox version:42.0.0 Malachite
                              Analysis ID:1654239
                              Start date and time:2025-04-02 07:11:46 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 5m 57s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:defaultwindowspdfcookbook.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:26
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:Payment Remittance.pdf
                              Detection:MAL
                              Classification:mal60.phis.winPDF@39/56@13/8
                              Cookbook Comments:
                              • Found application associated with file extension: .pdf
                              • Found PDF document
                              • Close Viewer
                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 23.51.56.185, 52.6.155.20, 52.22.41.97, 3.233.129.217, 3.219.243.226, 23.219.161.132, 172.64.41.3, 162.159.61.3, 23.203.176.221, 23.206.121.16, 23.206.121.6, 23.206.121.11, 23.206.121.13, 23.206.121.52, 23.206.121.18, 23.206.121.25, 23.206.121.53, 23.206.121.28, 142.251.40.227, 142.250.65.174, 172.217.165.142, 172.253.122.84, 142.251.40.110, 142.251.40.174, 142.250.65.206, 142.250.80.74, 142.250.80.10, 142.250.81.234, 142.251.40.234, 142.250.65.202, 142.250.176.202, 142.250.80.42, 142.250.72.106, 142.251.40.202, 142.250.65.170, 142.251.41.10, 142.250.80.106, 142.250.64.106, 142.250.65.234, 142.251.40.170, 172.217.165.138, 142.250.64.110, 142.251.40.106, 142.251.35.170, 142.251.32.106, 142.251.40.138, 142.250.81.238, 142.250.80.78, 142.251.40.142, 142.250.65.227, 142.251.35.174, 142.251.32.99, 142.250.80.110, 142.250.65.238, 23.204.23.20, 23.47.168.24, 20.109.210.53
                              • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, c.pki.goog, wu-b-net.trafficmanager.net, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com, passwordsleakcheck-pa.googleapis.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtOpenFile calls found.
                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              01:12:59API Interceptor2x Sleep call for process: AcroCEF.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              207.174.26.219F Notice Docx 433 (1).htmlGet hashmaliciousHTMLPhisherBrowse
                                https://orgfarm-4ccb539e27-dev-ed.develop.my.salesforce-sites.com/Get hashmaliciousUnknownBrowse
                                  Presentation Of Court Order_Letter.pptxGet hashmaliciousHTMLPhisherBrowse
                                    Presentation Of Court Order_Letter.pptxGet hashmaliciousHTMLPhisherBrowse
                                      roblox.exeGet hashmaliciousXWormBrowse
                                        WizClient.exeGet hashmaliciousXWormBrowse
                                          XC.exeGet hashmaliciousXWormBrowse
                                            FINAL -Legal Notice Presentation (1).pptxGet hashmaliciousHTMLPhisherBrowse
                                              Formal Legal Notice Presentation (Approved).pptxGet hashmaliciousHTMLPhisherBrowse
                                                Presentation Of Legal Notice.pptxGet hashmaliciousHTMLPhisherBrowse
                                                  104.76.101.49CLAIM3456709.lnk.bin.lnkGet hashmaliciousDanaBotBrowse
                                                  • x1.i.lencr.org/
                                                  Contract Invoice Approval.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                  • x1.i.lencr.org/
                                                  460138.pdfGet hashmaliciousUnknownBrowse
                                                  • x1.i.lencr.org/
                                                  t8f2gm11IC.pdfGet hashmaliciousHTMLPhisherBrowse
                                                  • x1.i.lencr.org/
                                                  https://whatsapp.dianjin-inc.comGet hashmaliciousUnknownBrowse
                                                  • x1.c.lencr.org/
                                                  104.21.4.104Payment.pdfGet hashmaliciousHTMLPhisherBrowse
                                                    AGREEMENT AND APPROVAL REPORT DIAMOND TRAILER 2024-502244_6.5.248.pdfGet hashmaliciousUnknownBrowse
                                                      https://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=zoom-meeting.top/scJF1SSXVzFB/zFBa2scJF17067/HkeS73tjSSXV1331248624633021?HkeS73tjSSXV1331248624633021=Yy5iYWtrZXJAbWVkaXJldmEubmw=Get hashmaliciousHTMLPhisherBrowse
                                                        172.67.131.251Payment.pdfGet hashmaliciousHTMLPhisherBrowse
                                                          https://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=zoom-meeting.top/scJF1SSXVzFB/zFBa2scJF17067/HkeS73tjSSXV1331248624633021?HkeS73tjSSXV1331248624633021=Yy5iYWtrZXJAbWVkaXJldmEubmw=Get hashmaliciousHTMLPhisherBrowse

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            i.ibb.coF Notice Docx 433 (1).htmlGet hashmaliciousHTMLPhisherBrowse
                                                            • 207.174.26.219
                                                            https://orgfarm-4ccb539e27-dev-ed.develop.my.salesforce-sites.com/Get hashmaliciousUnknownBrowse
                                                            • 207.174.26.219
                                                            Presentation Of Court Order_Letter.pptxGet hashmaliciousHTMLPhisherBrowse
                                                            • 207.174.26.219
                                                            Presentation Of Court Order_Letter.pptxGet hashmaliciousHTMLPhisherBrowse
                                                            • 207.174.26.219
                                                            roblox.exeGet hashmaliciousXWormBrowse
                                                            • 207.174.26.219
                                                            WizClient.exeGet hashmaliciousXWormBrowse
                                                            • 207.174.26.219
                                                            XC.exeGet hashmaliciousXWormBrowse
                                                            • 207.174.26.219
                                                            FINAL -Legal Notice Presentation (1).pptxGet hashmaliciousHTMLPhisherBrowse
                                                            • 207.174.26.219
                                                            Formal Legal Notice Presentation (Approved).pptxGet hashmaliciousHTMLPhisherBrowse
                                                            • 207.174.26.219
                                                            Presentation Of Legal Notice.pptxGet hashmaliciousHTMLPhisherBrowse
                                                            • 207.174.26.219
                                                            e8652.dscx.akamaiedge.netRemittance Details Bellpotter_207YtLX_4397_.pdfGet hashmaliciousUnknownBrowse
                                                            • 23.46.224.249
                                                            FA-43-02-2025.pdfGet hashmaliciousUnknownBrowse
                                                            • 23.39.37.95
                                                            Employee Plan Selection.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                            • 23.46.224.249
                                                            AR Care.pdfGet hashmaliciousUnknownBrowse
                                                            • 23.48.144.248
                                                            mara.roth-Handbook_DocuSign6h0-3958.pdfGet hashmaliciousFake CaptchaBrowse
                                                            • 23.216.136.238
                                                            email.emlGet hashmaliciousUnknownBrowse
                                                            • 23.197.253.105
                                                            Petroleum Systems Services Corporation WAV Caller.pdfGet hashmaliciousHTMLPhisherBrowse
                                                            • 23.216.136.238
                                                            7ivgZ6j7.pdfGet hashmaliciousUnknownBrowse
                                                            • 23.46.224.249
                                                            Hess Vioce Message.pdfGet hashmaliciousUnknownBrowse
                                                            • 23.216.136.238
                                                            ATT02683-1.pdfGet hashmaliciousUnknownBrowse
                                                            • 23.216.136.238
                                                            res2.showcaseworkshop.comhttps://res2.showcaseworkshop.com/UC48PXNB6W73ISX1PK71FS0DPANMIH4LQ45SLW8M/r/5HNAJDHGY5IZWPP9MCCDAS/5877514.html?response-content-disposition=attachment%3Bfilename%3D%22Letter%2520of%2520demand.html%22&e=1746316800&s2=838245666bc16fd83e0d8def624300a64e3df0609db970c9443011fc72e137c831b27b9c938762f1ef0ea039a2ee0be8e6ac0583670dddb9609dfa7abd5a509cGet hashmaliciousUnknownBrowse
                                                            • 3.168.73.74
                                                            https://app.showcaseworkshop.com/share/qv84v9Get hashmaliciousHTMLPhisherBrowse
                                                            • 18.66.122.26
                                                            simgbb.comPayment.pdfGet hashmaliciousHTMLPhisherBrowse
                                                            • 104.21.4.104
                                                            AGREEMENT AND APPROVAL REPORT DIAMOND TRAILER 2024-502244_6.5.248.pdfGet hashmaliciousUnknownBrowse
                                                            • 104.21.4.104
                                                            https://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=zoom-meeting.top/scJF1SSXVzFB/zFBa2scJF17067/HkeS73tjSSXV1331248624633021?HkeS73tjSSXV1331248624633021=Yy5iYWtrZXJAbWVkaXJldmEubmw=Get hashmaliciousHTMLPhisherBrowse
                                                            • 104.21.4.104

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            AKAMAI-ASUSRemittance Details Bellpotter_207YtLX_4397_.pdfGet hashmaliciousUnknownBrowse
                                                            • 23.46.224.249
                                                            Black Myth Wukong Sigma Downloader.zipGet hashmaliciousUnknownBrowse
                                                            • 104.71.182.190
                                                            Black Myth Wukong Sigma Downloader.zipGet hashmaliciousUnknownBrowse
                                                            • 104.71.182.190
                                                            i1myxYUbbP.exeGet hashmaliciousVidarBrowse
                                                            • 104.71.182.190
                                                            BIGIPEdgeClient 2024.exeGet hashmaliciousUnknownBrowse
                                                            • 23.46.226.182
                                                            BIGIPEdgeClient.exeGet hashmaliciousUnknownBrowse
                                                            • 23.197.253.43
                                                            BIGIPEdgeClient 2024.exeGet hashmaliciousUnknownBrowse
                                                            • 23.39.37.29
                                                            https://sprayfoamsys.com/service-center/Get hashmaliciousUnknownBrowse
                                                            • 23.196.3.202
                                                            https://microwaveeng-dot-m365view-318723.uc.r.appspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                            • 23.56.162.51
                                                            i486.elfGet hashmaliciousUnknownBrowse
                                                            • 104.106.110.98
                                                            AMAZON-02USOC-8563 PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                            • 13.248.169.48
                                                            SHIPPING DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                                            • 13.248.169.48
                                                            vejfa5.elfGet hashmaliciousUnknownBrowse
                                                            • 34.243.160.129
                                                            efefa7.elfGet hashmaliciousMiraiBrowse
                                                            • 34.249.145.219
                                                            jfeeps.elfGet hashmaliciousUnknownBrowse
                                                            • 54.247.62.1
                                                            Payment Copy.exeGet hashmaliciousFormBookBrowse
                                                            • 13.248.169.48
                                                            vjwe68k.elfGet hashmaliciousUnknownBrowse
                                                            • 34.254.182.186
                                                            arm.elfGet hashmaliciousUnknownBrowse
                                                            • 54.247.62.1
                                                            sh4.elfGet hashmaliciousUnknownBrowse
                                                            • 34.249.145.219
                                                            https://snu2i.mjt.lu/lnk/AVUAAGf9XKgAAAAAAAAAA9xrFsMAAYKJjLUAAAAAAC68kgBn7Bfqac3lXyTWRGaDtKriXw3emQAq56U/1/cdW9bHmcUWqJ_AB7I3vlvw/aHR0cHM6Ly9jb25zdC5mb3Jtc3RhY2suY29tL2Zvcm1zL2l0ZgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                            • 54.231.166.192
                                                            RCN-ASUSF Notice Docx 433 (1).htmlGet hashmaliciousHTMLPhisherBrowse
                                                            • 207.174.26.219
                                                            https://orgfarm-4ccb539e27-dev-ed.develop.my.salesforce-sites.com/Get hashmaliciousUnknownBrowse
                                                            • 207.174.26.219
                                                            Presentation Of Court Order_Letter.pptxGet hashmaliciousHTMLPhisherBrowse
                                                            • 207.174.26.219
                                                            Presentation Of Court Order_Letter.pptxGet hashmaliciousHTMLPhisherBrowse
                                                            • 207.174.26.219
                                                            roblox.exeGet hashmaliciousXWormBrowse
                                                            • 207.174.26.219
                                                            WizClient.exeGet hashmaliciousXWormBrowse
                                                            • 207.174.26.219
                                                            XC.exeGet hashmaliciousXWormBrowse
                                                            • 207.174.26.219
                                                            FINAL -Legal Notice Presentation (1).pptxGet hashmaliciousHTMLPhisherBrowse
                                                            • 207.174.26.219
                                                            Formal Legal Notice Presentation (Approved).pptxGet hashmaliciousHTMLPhisherBrowse
                                                            • 207.174.26.219
                                                            k03ldc.arm.elfGet hashmaliciousUnknownBrowse
                                                            • 208.59.25.232
                                                            CLOUDFLARENETUSwVpIwnZk2zaRDkQ.exeGet hashmaliciousSnake KeyloggerBrowse
                                                            • 104.21.32.1
                                                            SHIPPING DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.22.160
                                                            https://url.us.m.mimecastprotect.com/s/_DzwCmZV9XHP6wOBoIGf1UR62E_?domain=minkagroup.on.spiceworks.comGet hashmaliciousUnknownBrowse
                                                            • 104.18.19.130
                                                            Payment Copy.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.96.1
                                                            BestPlayer102.exeGet hashmaliciousLummaC StealerBrowse
                                                            • 172.67.192.221
                                                            BestPlayer102.exeGet hashmaliciousLummaC StealerBrowse
                                                            • 172.67.192.221
                                                            Datasheet.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                            • 104.26.12.205
                                                            https://snu2i.mjt.lu/lnk/AVUAAGf9XKgAAAAAAAAAA9xrFsMAAYKJjLUAAAAAAC68kgBn7Bfqac3lXyTWRGaDtKriXw3emQAq56U/1/cdW9bHmcUWqJ_AB7I3vlvw/aHR0cHM6Ly9jb25zdC5mb3Jtc3RhY2suY29tL2Zvcm1zL2l0ZgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                            • 104.26.0.100
                                                            EQui6HmTFg.exeGet hashmaliciousUnknownBrowse
                                                            • 162.159.135.232
                                                            http://www.ravinn.comGet hashmaliciousRedLineBrowse
                                                            • 104.21.27.152

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):292
                                                            Entropy (8bit):5.155889861454642
                                                            Encrypted:false
                                                            SSDEEP:6:iORvLXiOq2Pwkn2nKuAl9OmbnIFUtDvLX5ZZmw9vLX5zkwOwkn2nKuAl9OmbjLJ:7RvLPvYfHAahFUtDvLD/9vLZ5JfHAaSJ
                                                            MD5:6AA8DA5DD6DCF46CF592A6B70481EA11
                                                            SHA1:5EF5739B218277496CEA59DFD2699C39CA0F2562
                                                            SHA-256:A6BCFDEF45F79D7B0E7F1C7A2E8113D2DEAD637BA8C8D7E9011A7A6EA6C8E634
                                                            SHA-512:B8A153F8CEDBA7ED4EB0CADDD3F702020CA904FC2962F90E3D9806286264FBE4487FF64E49BF3E432655744A03125632EE92F2C4D40D3E14A838FC6EC8586930
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:2025/04/02-01:12:48.850 1c40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/02-01:12:48.853 1c40 Recovering log #3.2025/04/02-01:12:48.853 1c40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):292
                                                            Entropy (8bit):5.155889861454642
                                                            Encrypted:false
                                                            SSDEEP:6:iORvLXiOq2Pwkn2nKuAl9OmbnIFUtDvLX5ZZmw9vLX5zkwOwkn2nKuAl9OmbjLJ:7RvLPvYfHAahFUtDvLD/9vLZ5JfHAaSJ
                                                            MD5:6AA8DA5DD6DCF46CF592A6B70481EA11
                                                            SHA1:5EF5739B218277496CEA59DFD2699C39CA0F2562
                                                            SHA-256:A6BCFDEF45F79D7B0E7F1C7A2E8113D2DEAD637BA8C8D7E9011A7A6EA6C8E634
                                                            SHA-512:B8A153F8CEDBA7ED4EB0CADDD3F702020CA904FC2962F90E3D9806286264FBE4487FF64E49BF3E432655744A03125632EE92F2C4D40D3E14A838FC6EC8586930
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:2025/04/02-01:12:48.850 1c40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/02-01:12:48.853 1c40 Recovering log #3.2025/04/02-01:12:48.853 1c40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):336
                                                            Entropy (8bit):5.170209574112304
                                                            Encrypted:false
                                                            SSDEEP:6:iORvLXzmq2Pwkn2nKuAl9Ombzo2jMGIFUtDvLXthZmw9vLX747kwOwkn2nKuAl97:7RvLzmvYfHAa8uFUtDvLth/9vLM75Jfg
                                                            MD5:BD66AEE5FA67A7846FE86EB3BC5A207D
                                                            SHA1:2F3415F8064A3368190FEC7E185A859D43E670AE
                                                            SHA-256:F63A43F291A7DB40DEC74E560A70532DAEA1213B90725BEF4E2EF65753D2E891
                                                            SHA-512:9282FB8166E5E5DEF1D1C376A7EF8619167C9A5477687C0BBD0A25C718BB64CB4FCBDB0A7ECD281EEFB426595AE71C6DF7579B929FDCEC9E981BFB8A6D0F0CE6
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:2025/04/02-01:12:48.632 1d00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/02-01:12:48.636 1d00 Recovering log #3.2025/04/02-01:12:48.637 1d00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):336
                                                            Entropy (8bit):5.170209574112304
                                                            Encrypted:false
                                                            SSDEEP:6:iORvLXzmq2Pwkn2nKuAl9Ombzo2jMGIFUtDvLXthZmw9vLX747kwOwkn2nKuAl97:7RvLzmvYfHAa8uFUtDvLth/9vLM75Jfg
                                                            MD5:BD66AEE5FA67A7846FE86EB3BC5A207D
                                                            SHA1:2F3415F8064A3368190FEC7E185A859D43E670AE
                                                            SHA-256:F63A43F291A7DB40DEC74E560A70532DAEA1213B90725BEF4E2EF65753D2E891
                                                            SHA-512:9282FB8166E5E5DEF1D1C376A7EF8619167C9A5477687C0BBD0A25C718BB64CB4FCBDB0A7ECD281EEFB426595AE71C6DF7579B929FDCEC9E981BFB8A6D0F0CE6
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:2025/04/02-01:12:48.632 1d00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/02-01:12:48.636 1d00 Recovering log #3.2025/04/02-01:12:48.637 1d00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5d68394d-6f5f-4dfa-91be-509282bed852.tmp

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:JSON data
                                                            Category:modified
                                                            Size (bytes):474
                                                            Entropy (8bit):4.963400431369916
                                                            Encrypted:false
                                                            SSDEEP:12:YH/um3RA8sqghsBdOg2H8caq3QYiubInP7E4T3y:Y2sRdsCdMH/3QYhbG7nby
                                                            MD5:7EB5AD1EF355E7A13AE1121424F038EF
                                                            SHA1:397EF2C21D58DE5B62910B9C876F25229CADF707
                                                            SHA-256:49609D12FE742FD47AB3C07D6110F96936AC3EEA3F89E946D8EBDB403FCF7D56
                                                            SHA-512:ED37BD5BDBC63591622A29B5B1E10DD67D1CD4E082D43FBCE886FD41141DD862260BF4C652B584D684A2DCE1F8AABF8165F67D77011188AF0DC5EDC071624FED
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13388130780256034","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":98243},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):474
                                                            Entropy (8bit):4.963400431369916
                                                            Encrypted:false
                                                            SSDEEP:12:YH/um3RA8sqghsBdOg2H8caq3QYiubInP7E4T3y:Y2sRdsCdMH/3QYhbG7nby
                                                            MD5:7EB5AD1EF355E7A13AE1121424F038EF
                                                            SHA1:397EF2C21D58DE5B62910B9C876F25229CADF707
                                                            SHA-256:49609D12FE742FD47AB3C07D6110F96936AC3EEA3F89E946D8EBDB403FCF7D56
                                                            SHA-512:ED37BD5BDBC63591622A29B5B1E10DD67D1CD4E082D43FBCE886FD41141DD862260BF4C652B584D684A2DCE1F8AABF8165F67D77011188AF0DC5EDC071624FED
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13388130780256034","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":98243},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):4730
                                                            Entropy (8bit):5.253699577735579
                                                            Encrypted:false
                                                            SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo71cLqsVq6Z:etJCV4FiN/jTN/2r8Mta02fEhgO73goI
                                                            MD5:330E1862E803CBCA2B2FB838F6B903A9
                                                            SHA1:8A9C3928D8B10B538140C5AEF35B46E622882045
                                                            SHA-256:45B25AE4E5BF446DCDA8ABB174EECFC454D55369DB446398C86C2A78B134C6C1
                                                            SHA-512:C5A3C85C55B88746C84A0C2C1806F8EFAB96D234DEB2C09CB01FCF6B0D2DFD55DC06BDD9D75EB56F0A91A6E0E60DE08493318610149510F209BC653EFA31B6AF
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):324
                                                            Entropy (8bit):5.1505474800618485
                                                            Encrypted:false
                                                            SSDEEP:6:iORvLXdFJq2Pwkn2nKuAl9OmbzNMxIFUtDvLXQUlZmw9vLX2YFkwOwkn2nKuAl9c:7RvLHJvYfHAa8jFUtDvLBl/9vL2YF5JH
                                                            MD5:1A06AAEFC8D9F6BC4E38F6BE92F25673
                                                            SHA1:D9BF7A23B30DE764D2CF37D13316C9FBFDEF02E8
                                                            SHA-256:4B497CA0C020B880A75993E513ECB94D1510322B4F38F91C78BDE492DEFE9410
                                                            SHA-512:A87C54112A68BECCBF63AF89FCEB9C30D9C352797F36FB37D8A6E4DD237D904F5E1D154CDB89FFC5C9697054CFAEDE393D43284E873B62415D195DD947D06053
                                                            Malicious:false
                                                            Preview:2025/04/02-01:12:48.938 1d00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/02-01:12:48.940 1d00 Recovering log #3.2025/04/02-01:12:48.942 1d00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):324
                                                            Entropy (8bit):5.1505474800618485
                                                            Encrypted:false
                                                            SSDEEP:6:iORvLXdFJq2Pwkn2nKuAl9OmbzNMxIFUtDvLXQUlZmw9vLX2YFkwOwkn2nKuAl9c:7RvLHJvYfHAa8jFUtDvLBl/9vL2YF5JH
                                                            MD5:1A06AAEFC8D9F6BC4E38F6BE92F25673
                                                            SHA1:D9BF7A23B30DE764D2CF37D13316C9FBFDEF02E8
                                                            SHA-256:4B497CA0C020B880A75993E513ECB94D1510322B4F38F91C78BDE492DEFE9410
                                                            SHA-512:A87C54112A68BECCBF63AF89FCEB9C30D9C352797F36FB37D8A6E4DD237D904F5E1D154CDB89FFC5C9697054CFAEDE393D43284E873B62415D195DD947D06053
                                                            Malicious:false
                                                            Preview:2025/04/02-01:12:48.938 1d00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/02-01:12:48.940 1d00 Recovering log #3.2025/04/02-01:12:48.942 1d00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250402051252Z-162.bmp

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                                                            Category:dropped
                                                            Size (bytes):71190
                                                            Entropy (8bit):0.2822324385208886
                                                            Encrypted:false
                                                            SSDEEP:24:wFBLOQe+cZLcgf8DdHa3AbtvCoHvDNt2cPK/SKIaPGy6GcBDV:MvR4NgHuAbtvBHvucK/7PGyOH
                                                            MD5:C58323AE969CE81DF57C7C0B069581C5
                                                            SHA1:640BA342193CCED35759EE611B945BD52D832333
                                                            SHA-256:7DE01773F9113AA03BA0611329EF1EFB6D3FCBAE92BF8E80265E1F4C59FFF879
                                                            SHA-512:7B6D8B8F33259891CEB0397CA9B427FE094FFD160CD6939D808B08A3EFE6C914B2E99F490BB46EAB174B1F0FA2F8E8AB74B91C41466635FE79BA36A83A54F1F0
                                                            Malicious:false
                                                            Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                            Category:dropped
                                                            Size (bytes):86016
                                                            Entropy (8bit):4.444867569183
                                                            Encrypted:false
                                                            SSDEEP:384:yezci5tWiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rZs3OazzU89UTTgUL
                                                            MD5:3FE5D6C1B6390869846F041729601BA8
                                                            SHA1:DC02E7BB118C7F1B89D7665FA779A8B5276905DA
                                                            SHA-256:36A5B3DDEBBB4EEE7BB81187014726EDE4CCA951D4C0B1136BAD30AE9FC8B914
                                                            SHA-512:695CC5121308B1A03F875E10700B2CD0D20801923930569ADED54A6306D39B732A756670957D39239AD290C7E30A3D02200B56D3ADCDBCE596E3CAEBA13211B5
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:SQLite Rollback Journal
                                                            Category:dropped
                                                            Size (bytes):8720
                                                            Entropy (8bit):3.772255737715285
                                                            Encrypted:false
                                                            SSDEEP:48:7Mep/E2ioyVRHioy9oWoy1Cwoy10kKOioy1noy1AYoy1Wioy1hioybioyWIoy1ni:7ZpjutFMXKQUyb9IVXEBodRBkv
                                                            MD5:295B968098F0EB5731588CAF03427505
                                                            SHA1:79D7EE9A30EA2C5949A3002F7585FFEF8AA40F55
                                                            SHA-256:0567A210AD4D7CFBA1E2E65335CFF4385FA73BB36CA3AA5114E7111695CA5242
                                                            SHA-512:CD28D4839C2DDC23382318ACB969CBDC2C12BA1D9D7D202C7353D2FAFEBC0722F763931E07CE7506AC15D1B3079E0A6B3F99189FE20152870F66FB6826B5C332
                                                            Malicious:false
                                                            Preview:.... .c.....3z.s...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:Certificate, Version=3
                                                            Category:dropped
                                                            Size (bytes):1391
                                                            Entropy (8bit):7.705940075877404
                                                            Encrypted:false
                                                            SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                            Malicious:false
                                                            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                            Category:dropped
                                                            Size (bytes):73305
                                                            Entropy (8bit):7.996028107841645
                                                            Encrypted:true
                                                            SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
                                                            MD5:83142242E97B8953C386F988AA694E4A
                                                            SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                                                            SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                                                            SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                                                            Malicious:false
                                                            Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):192
                                                            Entropy (8bit):2.772609235396284
                                                            Encrypted:false
                                                            SSDEEP:3:kkFklV+pkN/XfllXlE/HT8kbzXNNX8RolJuRdxLlGB9lQRYwpDdt:kKVKNQT8mdNMa8RdWBwRd
                                                            MD5:50CD5356A78CE842CF3B1B8134700D81
                                                            SHA1:26749550CEBE32BB57CAD4EE3C4EF78541CE2A62
                                                            SHA-256:C44A127DB35920A050B1F6D9AF0DB0DD17A5FAA32CC55993B494EC702AE82D62
                                                            SHA-512:D8A5136EE51AEA5800CC843A583D300461A3E189513B381BB77E6CDE04F46550BDC362259C86477A2F076BF89E4E27DF34E88D437525174EC98EAD7D24EAAC06
                                                            Malicious:false
                                                            Preview:p...... ..............(....................................................... ..........W...../..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):330
                                                            Entropy (8bit):3.1897121670185173
                                                            Encrypted:false
                                                            SSDEEP:6:kKxGmcvSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:cmCkPlE99SNxAhUeq8S
                                                            MD5:7D5696146237FF86157A2B3747515B4E
                                                            SHA1:FC234CF463EAC88086EBE35E5E039E2299B8EBCE
                                                            SHA-256:FA3C24D9355D2A022763A5702D8A69E63BB4844B16C8AE659842D3E6C8AA5DF8
                                                            SHA-512:D1A5668B23487668E3983CE251B6D780EAEFC39719C29E89C1B9B5D123A9659F596F694CF1042EF41A43ECC83CD56549B717F2B93E19673C69CEBD3DAE52C939
                                                            Malicious:false
                                                            Preview:p...... ........._......(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5292

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:PostScript document text
                                                            Category:dropped
                                                            Size (bytes):185099
                                                            Entropy (8bit):5.182478651346149
                                                            Encrypted:false
                                                            SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                            MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                            Malicious:false
                                                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:PostScript document text
                                                            Category:dropped
                                                            Size (bytes):185099
                                                            Entropy (8bit):5.182478651346149
                                                            Encrypted:false
                                                            SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                            MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                            Malicious:false
                                                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):243196
                                                            Entropy (8bit):3.3450692389394283
                                                            Encrypted:false
                                                            SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                                                            MD5:F5567C4FF4AB049B696D3BE0DD72A793
                                                            SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                                                            SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                                                            SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                                                            Malicious:false
                                                            Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):295
                                                            Entropy (8bit):5.362641174626742
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJM3g98kUwPeUkwRe9:YvXKXSImqOEZc0vTZGMbLUkee9
                                                            MD5:B37BC3DDE44DF5977E7E6BED2CF56AEF
                                                            SHA1:44FBC22DD3A27C5E521F47E392FA16802F0F5565
                                                            SHA-256:771E25D7AE012BBC15B4C4DB2696E216FE22AE843E438C85DF64FE82BD42943C
                                                            SHA-512:845B5D66AD21AAC4F7B27A16DEC0E9E5E5D1C635635FA895DA003C0F390F17A3C7DE90865C6B9A5DD0791CFD97E73978855ED52EF766320180596416D8952E29
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):294
                                                            Entropy (8bit):5.312808899014868
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJfBoTfXpnrPeUkwRe9:YvXKXSImqOEZc0vTZGWTfXcUkee9
                                                            MD5:95587B194889AD15BE4175257D3F928E
                                                            SHA1:A9E285F5C6364E161F498061579112BE7C405491
                                                            SHA-256:4F2533811AD57FC2C58DCA731BD65C43DF2B8A60E7D920C00DED0CBC0B108A3E
                                                            SHA-512:C53C3BE92D45248463DE8D7485F546E01023208CA07AF7FB441B172D6E03613346819C33E46B0639D21A8384BAE546C9A23C753B0AA8DF093A7B053FDDB924BB
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):294
                                                            Entropy (8bit):5.292006646984073
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJfBD2G6UpnrPeUkwRe9:YvXKXSImqOEZc0vTZGR22cUkee9
                                                            MD5:E514EF253911A97973F228BA07FA5937
                                                            SHA1:05E19B0C47646305738076FFB3E3529F573A97C6
                                                            SHA-256:8BC11818DD9238D67FEEB1F47372BC2ACD0997055C2B2B8ACFED9FD948124554
                                                            SHA-512:8DF66BAC152AA35D56652965E285B21B6D597661ACE246953970655710AFDFC1CBC1847F29A527FDB525D91DE54449F5A733214FCC15196DC4E8C9565BC25D19
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):285
                                                            Entropy (8bit):5.3496263400608335
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJfPmwrPeUkwRe9:YvXKXSImqOEZc0vTZGH56Ukee9
                                                            MD5:216A514B49D3D3B83DA7B8EA65E02780
                                                            SHA1:7B382AFF2C8D875FCEAD97F9047393895CCDF156
                                                            SHA-256:27EE2559ACAA030EEB1AA1B84F29FF7BABDA5EF038B8BDFAE4362EEE6BE1A7E7
                                                            SHA-512:656608121EA87D2EF78A68FEC34D8B9AA2E485997EFEBED1370F5AFD868AA9F1DCB41B67C88301176E586F7BC4B9BC936DAD4E1BBBA23CB5204A406B4E3A2319
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):2129
                                                            Entropy (8bit):5.842503945059642
                                                            Encrypted:false
                                                            SSDEEP:24:Yv6XzyEzvqpLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcX5bpEsrArq:YvwdChgly48Y/TWCjiOumNcXwKOpkU+
                                                            MD5:FEC89AD44F77A8A9C7ACFAA4D00A2ED3
                                                            SHA1:771085F2DC9BAB611CFACC846E451688FE34C350
                                                            SHA-256:80F0A3E474C593856385318A0F82ACFF148CC655C76CE85F9D06DDBE0E4AF31C
                                                            SHA-512:A51B9FFCB18A1780D93E41F83628C966E8D59E26C0C3D595895245B05D208C5DABF81D4CAD18B76CA661488088BE5AF39FCB6C717D276C40008B7856A6A66E44
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):289
                                                            Entropy (8bit):5.297442045396985
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJf8dPeUkwRe9:YvXKXSImqOEZc0vTZGU8Ukee9
                                                            MD5:E193A3C85008F793E0C6643E5A8434A5
                                                            SHA1:1627F3F304E05DD27FEBD2B2EBE2B739AB25FBD5
                                                            SHA-256:863AF2A73D58865D6809FB931506C807C9E39210FDD52F9A0C233730FA8BE384
                                                            SHA-512:560978D40F117829082A90D4D1DA9BEFC4FEFAAB25FC6A2A75851D84A7026674F45BE02F8EA9F561681151F7B318173CF62A35E565355171FC385B68A444E8B7
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):292
                                                            Entropy (8bit):5.301659760772207
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJfQ1rPeUkwRe9:YvXKXSImqOEZc0vTZGY16Ukee9
                                                            MD5:DFB025B6766AF4E7529BC61B615DEC85
                                                            SHA1:8AE3F840A0F206CF2D454FAB5612BF1EA1386740
                                                            SHA-256:755866C287ADD037C222319C7DDB5F3E4EEFB1473CADFAD766B943221243888F
                                                            SHA-512:98B21353412874B285CF90B2B3A04FF1AFDBCE1069EE9C6AF814496A3422684F96A64170CBFCA81B75C797EEBB555A57F76E12E69928DC34EBF86ABF8F2485DE
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):2080
                                                            Entropy (8bit):5.828905349025965
                                                            Encrypted:false
                                                            SSDEEP:48:YvwdJogbN48l/GiyLVzyODVHKOkQLcSmjWA+:GPg54Y/IVO48OkQASmm
                                                            MD5:C15A85CF548660653A81F79267C6362F
                                                            SHA1:2DB0C2B84EDA6F64FF2A9C86CFECF4F8A7764F7C
                                                            SHA-256:CF40A6004CA881C952CE9A7AD92FCFCA9F40F4D90217B00BD51D1583B3F82C98
                                                            SHA-512:17089B78414298AF481DDA4AAC560840A2ABD3501FC5AD828F209EF8534FFADA7EC5B1D6C9354172519FE3BB18D1AA7D1F9B62CEADDCD7157518E4A6EE6EBD3C
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):295
                                                            Entropy (8bit):5.322266676394871
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJfzdPeUkwRe9:YvXKXSImqOEZc0vTZGb8Ukee9
                                                            MD5:30E0375E0C2BF1D7CB7E0A2995B88B14
                                                            SHA1:0E7A201CF5AB1CB1E5090503EAB8F76CB50719D8
                                                            SHA-256:D9B0F704C87974AE28E1D2276FD833BF41ED09D82A6EE64BB1F25D11CEAACCFC
                                                            SHA-512:D8E68A2A2751A38D7B62B3BF46458F9EE08B97F54EAF8DE2E94573635AF6A2C84C79247F49146D04AA7E38ACA095339C399FD7E3E098D9B4039E44680CF58D20
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):289
                                                            Entropy (8bit):5.302970690216509
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJfYdPeUkwRe9:YvXKXSImqOEZc0vTZGg8Ukee9
                                                            MD5:6A9EE0151E9742DF222AD3689B5D20C7
                                                            SHA1:15399536611DA751787F500290983F82E1B64956
                                                            SHA-256:FEAEF88DFFE73C6F521898B8C65B351838D24386A4DAB725D4ECC863CD75CEC6
                                                            SHA-512:27F5AF80AA6C06CB7ABCEF65F5FBE1E82B64458E4FB686DCF6346B2E68AF726D9D8054DD2E161DD73A314DF45FEF1BE7AC7A92C3F922034354D7A3FA0A700381
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):284
                                                            Entropy (8bit):5.289073363923476
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJf+dPeUkwRe9:YvXKXSImqOEZc0vTZG28Ukee9
                                                            MD5:C53FA169015A0EB54E6025A8D90C2431
                                                            SHA1:99B3D69B5A2D72A03CA6FB0F774EE716614B7692
                                                            SHA-256:AA260675B4BC9D835E7630CDA5ABF969D9C21510311263FC72711F98B0181309
                                                            SHA-512:348D92A3E330F1E8BDD99954831D33ADB80DB06468BAB7AB89A0A9E709A1B802F3AB98ABAC6C66E1F7EAF4195B3434313636D0CAEAD3A7D86FADC4654F864AB1
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):291
                                                            Entropy (8bit):5.286497370775482
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJfbPtdPeUkwRe9:YvXKXSImqOEZc0vTZGDV8Ukee9
                                                            MD5:92BD290835BD7BF9D311A3C991D28B36
                                                            SHA1:1184AC0314BCB90EEC1FD4CB0E39A123C0C8AD0A
                                                            SHA-256:8F0FBF7EEDE72A21F21EAB1703CD0773AFE7056387B38805A5F0F0AE001DB9BB
                                                            SHA-512:DA071DADAD8113CC8E5F36A99EF0E7E35169D280A7DAAF4A15B7157464949E5EB9FB5BC2910260187EA329B8DFB8D221BA15B31E887E56DD4740966FF6F32750
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):287
                                                            Entropy (8bit):5.29118994220058
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJf21rPeUkwRe9:YvXKXSImqOEZc0vTZG+16Ukee9
                                                            MD5:2726C510B208AE3A488EAD3ACCBD8B71
                                                            SHA1:4E75627941C6E297576C92CA36B07B5666177B98
                                                            SHA-256:9D849C0AAF4127700D8946457B2C68A1649D189E5249B7F91B306FE2A94074FC
                                                            SHA-512:6E47EC6A010C34C98B29C60EA4D8921C704DDC93F88ECC38DE29143E2DC52165EC89B33E843817AEFC830BCE4401E438D8DF7F478C63904805A3E5139FBDFB25
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):2028
                                                            Entropy (8bit):5.842283009937318
                                                            Encrypted:false
                                                            SSDEEP:24:Yv6XzyEzv2amXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBE1:YvwdgBgBG48j/SiyLVWOAlNkU+
                                                            MD5:BFD7EB72486699A3F09B9BAE0F53AF9E
                                                            SHA1:AFCEC85D2B3132F724761E4CB12FFF5FE1DCF887
                                                            SHA-256:087CD62F78CDA3E41DBB75F53279F5A12FF939B21404E5D8AECD25414E784858
                                                            SHA-512:8F21169A22734FDC113AF38A5C68DE863298256D618BE6F5278F773BF0C39A1B38BFD56B6C4A53810B60780DC0165C937F2782D57F1307093777F724E89FA3DE
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):286
                                                            Entropy (8bit):5.266544847511317
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJfshHHrPeUkwRe9:YvXKXSImqOEZc0vTZGUUUkee9
                                                            MD5:19D7B07EA89D6F4B4C4C0037D075D8A3
                                                            SHA1:3F42E38DDD8513482E0C3CD513CE29078A0982BD
                                                            SHA-256:A1123794F5C197E1FA0A12B8AF59F1344CC1037EDF3F934C9DDA42DD44DF9968
                                                            SHA-512:5CB4719D057AE841DFD2455A99873028F40409322868159F2031A055B3C818465B171E8A048C0C0B619E6BC4C37DDF1B1C3E3E3E9FD77FDD5527D7371D171874
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):282
                                                            Entropy (8bit):5.271306757526085
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXSE+xKHHmqO9VoZcg1vRcR0YM9qoAvJTqgFCrPeUkwRe9:YvXKXSImqOEZc0vTZGTq16Ukee9
                                                            MD5:5F193D867FCDDFA62C8998E36D788500
                                                            SHA1:809B73B5B38D14F3350B9E5DAA97E70C85DD7F0C
                                                            SHA-256:50D0FF47DBEF3587EEFC950F5DFEF4236ADDA8110AA617685CD63588EF386736
                                                            SHA-512:CBB39F126B6656E88D4DC80709677BE48E678898721270035CBFF171F4D737CA7F233F327A41DB87FA5B5C35273C00D7EED581B82EC289F4519ECB5DDCBCCEC9
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"923a2fe7-7501-4140-a194-0954722df2df","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1743748613367,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):4
                                                            Entropy (8bit):0.8112781244591328
                                                            Encrypted:false
                                                            SSDEEP:3:e:e
                                                            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                            Malicious:false
                                                            Preview:....

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):2815
                                                            Entropy (8bit):5.1314531564643975
                                                            Encrypted:false
                                                            SSDEEP:24:YCFO8TaRGxayLABsI9ggfF8iBKjc1iyj0SmIySq2IV2LSYCP5Lq9EuE+cBz15l9A:YFcaWM8Pc1iEHyB5G05G91E9Zr9l45
                                                            MD5:AD910D9CE87BD48ECD139171EAF8A8CD
                                                            SHA1:55C49733631E33F33E73FCB465ED8D86605DAF2A
                                                            SHA-256:0D6A2D65B525CFB3AA741C1D92A2E2B34498D67E2C92566E1D6CCB31A6AB2940
                                                            SHA-512:365E35362E44EFD1EEC3228770429DA59F6D23879A56999B68EA935FC1CAEEC21FF5923988F3B6477C93149D4BD92C98A7D412EC459F6F83478B7AFFEC5FCD98
                                                            Malicious:false
                                                            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3bdb5cb84e5221cde4ba8871fcc11656","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1743570772000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"e7e0e56745745c2bc5cd99b333e59bb1","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2080,"ts":1743570772000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"b4581a567be669a533f197d5623944b0","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2028,"ts":1743570772000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"4f7383128c7194f517b4e0487bdceffa","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2129,"ts":1743570772000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f768e6295592155c868f3e9b6f44c001","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1743570772000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"c41ead41fb4afef3863f6fb529dd4511","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                            Category:dropped
                                                            Size (bytes):12288
                                                            Entropy (8bit):1.1869197106439073
                                                            Encrypted:false
                                                            SSDEEP:48:TGufl2GL7msEHUUUUUUUUMxGSSvR9H9vxFGiDIAEkGVvpgxGU:lNVmswUUUUUUUUs+FGSItS
                                                            MD5:344FF344E19C5F9A21A41F4AD8A46048
                                                            SHA1:C1BB397054D901C24F623C1BE69ED64FE3FD0898
                                                            SHA-256:A26362323775A90BD8A28BCB376B28FEA6ED35D4086C290B9198933C34DEB965
                                                            SHA-512:236BB2A96B0DD77E11BE390CA7E8DA85AFAD628B1FB4C56011FB5E789F3B8A821ABBDAEF69951798F73D6D8443BADE70703AC87FAD81A5B1EF0478C90EDA889D
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:SQLite Rollback Journal
                                                            Category:dropped
                                                            Size (bytes):8720
                                                            Entropy (8bit):1.6064980459851814
                                                            Encrypted:false
                                                            SSDEEP:48:7MAzKUUUUUUUUUUMxGAvR9H9vxFGiDIAEkGVvGqFl2GL7msB:7WUUUUUUUUUUCFGSItQKVmsB
                                                            MD5:D1685D814264AB92A8E8FAB7D78CD215
                                                            SHA1:EDBE84D8259844728C8EBA060776B710B45B46C2
                                                            SHA-256:59951FE081F883928FB65FC490DDE3F210D0DE901DB62A639AD6B4F9CC758625
                                                            SHA-512:20AFE5D63509552F5C0EDBBB014A5A436D333EDB6E73C2412DC559C2901B2825FB59E1CE206EDD87B223CCE50B6CF7CFB2537C245D9FB81F44F58A439A325F0F
                                                            Malicious:false
                                                            Preview:.... .c.....F.,.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\MSId3cc8.LOG

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):246
                                                            Entropy (8bit):3.50000825118868
                                                            Encrypted:false
                                                            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8g+Cl8xlNw:Qw946cPbiOxDlbYnuRKLklNw
                                                            MD5:644BC5F1D766B97E21B73D07B04623F4
                                                            SHA1:6CBB2822A58BE338581B1C3693DF77FA30FEF0B1
                                                            SHA-256:619CC3083B6ACE8E9912F3EECB5029D2C24EAA24E01AD9532EAF70D94110BC40
                                                            SHA-512:A5072E7A3553349FAF7DE7EC5C8C57AFDCDFF0803BBF0D5FB8E09973D2927B11408AB5D9A0D7822521CF130C7A1EDE4755E79D875E24E5B00C8CE8725C9A8C32
                                                            Malicious:false
                                                            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.2./.0.4./.2.0.2.5. . .0.1.:.1.2.:.5.5. .=.=.=.....

                                                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-02 01-12-50-425.log

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:ASCII text, with very long lines (393)
                                                            Category:dropped
                                                            Size (bytes):16525
                                                            Entropy (8bit):5.345946398610936
                                                            Encrypted:false
                                                            SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                                            MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                                            SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                                            SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                                            SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                                            Malicious:false
                                                            Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):15114
                                                            Entropy (8bit):5.362281942060394
                                                            Encrypted:false
                                                            SSDEEP:384:tPByJ7Y3vwxvnPlzZBNcewE+6xcD9HnimpG6YQAAl2EdtjWs0DlFjsjWH93KXaiF:d0k
                                                            MD5:69C2FB2A4F67E041A429D84C4DB91349
                                                            SHA1:16F7C19D5C6BAE1960E10B245D394D25DFA089F3
                                                            SHA-256:41FCF4D475D243C85C527551EF77AEB7110D33EA6C2CF3A6D3EECBF613041967
                                                            SHA-512:5E4598A2EC2A4A536747CC659F03D2E6F3E955E27DCC8FCE39E2A53774592898A17473D94DA02A53BC2028D0993B6E433C4F6D7EFC12744FE8C14B1D1F556DD9
                                                            Malicious:false
                                                            Preview:SessionID=f0cfa345-823b-4f08-8f13-5f8a10991c96.1743570770449 Timestamp=2025-04-02T01:12:50:449-0400 ThreadID=7896 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=f0cfa345-823b-4f08-8f13-5f8a10991c96.1743570770449 Timestamp=2025-04-02T01:12:50:451-0400 ThreadID=7896 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=f0cfa345-823b-4f08-8f13-5f8a10991c96.1743570770449 Timestamp=2025-04-02T01:12:50:451-0400 ThreadID=7896 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=f0cfa345-823b-4f08-8f13-5f8a10991c96.1743570770449 Timestamp=2025-04-02T01:12:50:451-0400 ThreadID=7896 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=f0cfa345-823b-4f08-8f13-5f8a10991c96.1743570770449 Timestamp=2025-04-02T01:12:50:451-0400 ThreadID=7896 Component=ngl-lib_NglAppLib Description="SetConf

                                                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):29752
                                                            Entropy (8bit):5.379837595707584
                                                            Encrypted:false
                                                            SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rX:D
                                                            MD5:568306396038D738D2DF83A06F570EEA
                                                            SHA1:E2521243AE6E9009146ED89A611DA64A71610C5D
                                                            SHA-256:5D9FAEB9053B6C2B4CD19688FF701ADF436F81A8E6582109A74A8640E3B3F4C6
                                                            SHA-512:19C252F8E23E325667D61E511459479796E6AFBE6BBF390D24EF5575429471BA346850227EDE0E80DAB09B03CD3BC042E77DB571422279FC65926423DABDEC75
                                                            Malicious:false
                                                            Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                                            C:\Users\user\AppData\Local\Temp\acrocef_low\34bda9b4-dda2-4c50-9e2a-fdaee4c8398d.tmp

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                            Category:dropped
                                                            Size (bytes):1419751
                                                            Entropy (8bit):7.976496077007677
                                                            Encrypted:false
                                                            SSDEEP:24576:/xA7ouWLgGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLgGZtwZGk3mlind9i4ufFXpAXkru
                                                            MD5:A8E5C37206C98D1B655FF994A420FFB6
                                                            SHA1:827237782AB5971EC205C3BCECCC7950BE9F84C3
                                                            SHA-256:F1F755059AF7C2CBC36920337941AEFB18FBDB3CD14D3239CBBBCF0CB8F208EA
                                                            SHA-512:12DE33EB7624458AEC44D83D4E2C09E626F8E54E177FC0C26EEBA232935F34FAAAEB71FBB025EB7C53BEA9933C46ADCE759C32516D1B80C03B6734C61D61CEB2
                                                            Malicious:false
                                                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                            C:\Users\user\AppData\Local\Temp\acrocef_low\4c66737b-1431-4406-a4f5-720ed515232c.tmp

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                            Category:dropped
                                                            Size (bytes):758601
                                                            Entropy (8bit):7.98639316555857
                                                            Encrypted:false
                                                            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                            MD5:3A49135134665364308390AC398006F1
                                                            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                            Malicious:false
                                                            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                            C:\Users\user\AppData\Local\Temp\acrocef_low\a95ea8bd-7ca1-4c6b-b061-1ebed401a11f.tmp

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                            Category:dropped
                                                            Size (bytes):1407294
                                                            Entropy (8bit):7.97605879016224
                                                            Encrypted:false
                                                            SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                                            MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                                            SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                                            SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                                            SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                                            Malicious:false
                                                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                            C:\Users\user\AppData\Local\Temp\acrocef_low\ab3b80d5-98ab-4210-8ea9-95448d826fec.tmp

                                                            Download File
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                            Category:dropped
                                                            Size (bytes):386528
                                                            Entropy (8bit):7.9736851559892425
                                                            Encrypted:false
                                                            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                            MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                            Malicious:false
                                                            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                            Chrome Cache Entry: 179

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:downloaded
                                                            Size (bytes):28
                                                            Entropy (8bit):4.208966082694623
                                                            Encrypted:false
                                                            SSDEEP:3:0jKcrR:0jKcrR
                                                            MD5:4B7627631A08460D9E2249B74C6225DE
                                                            SHA1:DE0356D98FB0316D77A86B7CFD6F762667632948
                                                            SHA-256:E94B925E0EE76DBEEADBD45CDD1B633F1DFD1A14C9C3B9164C85CB4F2189B16B
                                                            SHA-512:C7EC3E046DC4A92E6D2FD6BF2A9C44568154DEF4B417D05A7187A4C024E6140FEFCC07AB381D768DB554A04164B33127D26D12811C334E8047BE944143937944
                                                            Malicious:false
                                                            URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCTdrS1Y4scYlEgUNmdbFPRIFDYo-uLghoRpA7mjkAXw=?alt=proto
                                                            Preview:ChIKBw2Z1sU9GgAKBw2KPri4GgA=

                                                            Chrome Cache Entry: 180

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1119x530, components 3
                                                            Category:downloaded
                                                            Size (bytes):42786
                                                            Entropy (8bit):7.560196098084351
                                                            Encrypted:false
                                                            SSDEEP:384:QzfEtmgAxU+NoHZT04iHP04T19LfTHMhbRE26m1fkGhQOPIhEw6hNhyswQM7vG78:QzfEtjAmG6TxS9fsD7VfkGhRsEBwZN
                                                            MD5:B078562CE3B7759C76E1F184734683DD
                                                            SHA1:192BFFAE3279CFA47A7539B19D3811A18EBA1AEB
                                                            SHA-256:8D2AE2E196083C37B7D3F39601ECEF4A19CDA7AE910F64E49E958C3BDA51A176
                                                            SHA-512:445E4E8E5A8EEACBEB9FD931D7A282992E10645A9C9B0A69ABD83AA58A580F4846AB3CBD143C686B94AC242F38EA929C602719D7BFBD4C3932A93E54DFA0BA3B
                                                            Malicious:false
                                                            URL:https://i.ibb.co/nBXYTs4/wrong-details.jpg
                                                            Preview:......JFIF.....`.`....."Exif..MM.*.........................C....................................................................C........................................................................._.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......./._t....[....{G.^/....i?.......}^.U"b7..Z<.e..(.*J...Z<.e..(.(.<.e...Z].......Z<.e..(.(.<.e...Zu.....M*.9.z..^k.......O..7rn.b.h.4p\...g..W,..U..PL...G..y...m...V.S.~._/..........b.hvV7O..TMg$........|..Y[..n.........fO.....Z<.e..).h..A.._....-&...P.y~.G......'..y~.FV.`....../.iv.n.....Z<.e..).].v....e...Z].......Z<.e

                                                            Chrome Cache Entry: 181

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
                                                            Category:downloaded
                                                            Size (bytes):7235
                                                            Entropy (8bit):7.854530968163744
                                                            Encrypted:false
                                                            SSDEEP:96:XvtH6yH1xG+B9yulnhK/xXD8OktMUgwxqpTLEQhVYEnfxPqCsM8BeHnudkFvL:lHnHzb3yYhiZkCTXnnf9+R9dkFj
                                                            MD5:40B917B7789A2852E23B074DF0EDC560
                                                            SHA1:22CE76F00BC9D294E51409F31ACBBAC3921461E1
                                                            SHA-256:AE2D45946C7B4F594006A87CF961ABA86CE880DE9BA334B03B9CDE9C39EC6FF3
                                                            SHA-512:7D22377A197530B9E377FEE232C3F70CFF9201CF2E806240F20D94C08546C22C9FBC7406304F5E2E0A10B5C6D7C7B970BB8406FE3443EAE33EC7C22661950187
                                                            Malicious:false
                                                            URL:https://simgbb.com/images/favicon.png
                                                            Preview:.PNG........IHDR...,...,.....y}.u....bKGD..............pHYs..........+......tIME.....8..Qj.....IDATx..y...}.==.....jOi%!....8.a..e.qA.q%&...@.8.q....Q.q...@......l....m.....a....v.BH......}..?.\.C........E...~.}..;~O[.y..!.(....B..E.!..!..".....B(,B..E.!..!.PX.....B(,B....!..!.PX..Ba.B(,B....!..".PX..Ba.B..E....!..".....Ba.B..E.!..!..".....Ba.B..E.!..!..".....B(,B..E.!..!.PX.....B(,B....!..!.PX..Ba.B(,B....!..".PX..Ba.B..E....!..".....Ba.B..E.!..!..".....Ba.B..E.!..!..".....B(,BHK.m..K.5l..a.. ....."..@..i.d..h...2../aw......-.<j7......-+.....W.}..H..G....,.&o.B(,.,....$.....s.K...Lc.H.64.!...!k..C0..k.\...W.'......'...I.*.sS. .E...Q..E_..W..s.e.u..`..P~../W.p.@..{eO......~r.#Y.i..z..Q..F..x...?G....g|..*.$...O....}~_...q..qH.ii...._.d~.......)..YPXuq..PY.&.....]x./O`.d......?....x...."^..bV..LUh!fAa..y1/.(....F|....p.......Gu|e}..F.....x.]B7.. S.;...r.G5...%.=...]!.,&./....z.>.....`.YPX...F..# .?.*.._N.k..k>.....UG..c+..r.~.7.....k%7.......

                                                            Chrome Cache Entry: 182

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, ASCII text, with very long lines (17642), with CRLF line terminators
                                                            Category:downloaded
                                                            Size (bytes):18964
                                                            Entropy (8bit):6.051166653033828
                                                            Encrypted:false
                                                            SSDEEP:384:fUwPSh3Uds6y8fV/D8O9BF+DvX+zIRrEQCjjiJDMVYpJI89Ulp:fUww3PNi/F+izkEQCjGlSYpG+Ulp
                                                            MD5:A84EB8CCB518DC96F1D4F0F2F53556DF
                                                            SHA1:B0F17A8F02660F37F12F8C70C3CB45411A40EB5D
                                                            SHA-256:D73A1E132450DF375107353E0CCFA8DE5916A645252A807BA2F3F1F70D2AFBAA
                                                            SHA-512:DBBA2CB51C1BDCAFB0BF074DBE1D3D38F064A55DD17A9854B012202F9D7CC7C81795A16E7D4981C5234F795DA1847109146245EA27A35BE2BFBB5CEF600FC771
                                                            Malicious:false
                                                            URL:https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51
                                                            Preview: .. .. ...<title>REMITTANCE</title> ...<style> ....body { .....background-image: url('data:image/jpeg;base64,/9j/4QBWRXhpZgAATU0AKgAAAAgABAESAAMAAAABAAEAAAEaAAUAAAABAAAAPgEbAAUAAAABAAAARgEoAAMAAAABAAIAAAAAAAAAAACQAAAAAQAAAJAAAAAB/+AAEEpGSUYAAQEBAJAAkAAA/+IB2ElDQ19QUk9GSUxFAAEBAAAByAAAAAAEMAAAbW50clJHQiBYWVogB+AAAQABAAAAAAAAYWNzcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAPbWAAEAAAAA0y0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJZGVzYwAAAPAAAAAkclhZWgAAARQAAAAUZ1hZWgAAASgAAAAUYlhZWgAAATwAAAAUd3RwdAAAAVAAAAAUclRSQwAAAWQAAAAoZ1RSQwAAAWQAAAAoYlRSQwAAAWQAAAAoY3BydAAAAYwAAAA8bWx1YwAAAAAAAAABAAAADGVuVVMAAAAIAAAAHABzAFIARwBCWFlaIAAAAAAAAG+iAAA49QAAA5BYWVogAAAAAAAAYpkAALeFAAAY2lhZWiAAAAAAAAAkoAAAD4QAALbPWFlaIAAAAAAAAPbWAAEAAAAA0y1wYXJhAAAAAAAEAAAAAmZmAADypwAADVkAABPQAAAKWwAAAAAAAAAAbWx1YwAAAAAAAAABAAAADGVuVVMAAAAgAAAAHABHAG8AbwBnAGwAZQAgAEkAbgBjAC4AIAAyADAAMQA2/9sAQwADAgICAgIDAgICAwMDAwQGBAQEBAQIBgYFBgkICgoJCAkJCgwPDAoLDgsJCQ0RDQ4PEBAREAoMEhMSEBMPEBAQ/9sAQwEDAwMEAwQIB

                                                            Chrome Cache Entry: 183

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):7235
                                                            Entropy (8bit):7.854530968163744
                                                            Encrypted:false
                                                            SSDEEP:96:XvtH6yH1xG+B9yulnhK/xXD8OktMUgwxqpTLEQhVYEnfxPqCsM8BeHnudkFvL:lHnHzb3yYhiZkCTXnnf9+R9dkFj
                                                            MD5:40B917B7789A2852E23B074DF0EDC560
                                                            SHA1:22CE76F00BC9D294E51409F31ACBBAC3921461E1
                                                            SHA-256:AE2D45946C7B4F594006A87CF961ABA86CE880DE9BA334B03B9CDE9C39EC6FF3
                                                            SHA-512:7D22377A197530B9E377FEE232C3F70CFF9201CF2E806240F20D94C08546C22C9FBC7406304F5E2E0A10B5C6D7C7B970BB8406FE3443EAE33EC7C22661950187
                                                            Malicious:false
                                                            Preview:.PNG........IHDR...,...,.....y}.u....bKGD..............pHYs..........+......tIME.....8..Qj.....IDATx..y...}.==.....jOi%!....8.a..e.qA.q%&...@.8.q....Q.q...@......l....m.....a....v.BH......}..?.\.C........E...~.}..;~O[.y..!.(....B..E.!..!..".....B(,B..E.!..!.PX.....B(,B....!..!.PX..Ba.B(,B....!..".PX..Ba.B..E....!..".....Ba.B..E.!..!..".....Ba.B..E.!..!..".....B(,B..E.!..!.PX.....B(,B....!..!.PX..Ba.B(,B....!..".PX..Ba.B..E....!..".....Ba.B..E.!..!..".....Ba.B..E.!..!..".....B(,BHK.m..K.5l..a.. ....."..@..i.d..h...2../aw......-.<j7......-+.....W.}..H..G....,.&o.B(,.,....$.....s.K...Lc.H.64.!...!k..C0..k.\...W.'......'...I.*.sS. .E...Q..E_..W..s.e.u..`..P~../W.p.@..{eO......~r.#Y.i..z..Q..F..x...?G....g|..*.$...O....}~_...q..qH.ii...._.d~.......)..YPXuq..PY.&.....]x./O`.d......?....x...."^..bV..LUh!fAa..y1/.(....F|....p.......Gu|e}..F.....x.]B7.. S.;...r.G5...%.=...]!.,&./....z.>.....`.YPX...F..# .?.*.._N.k..k>.....UG..c+..r.~.7.....k%7.......

                                                            Static File Info

                                                            General

                                                            File type:PDF document, version 1.7, 1 pages
                                                            Entropy (8bit):7.64229441866097
                                                            TrID:
                                                            • Adobe Portable Document Format (5005/1) 100.00%
                                                            File name:Payment Remittance.pdf
                                                            File size:31'526 bytes
                                                            MD5:be4a536d9ea34d6419fbdb13f161e43f
                                                            SHA1:b41fb15173937f5e601a4ea88d975d73c5961567
                                                            SHA256:3983e55a461d3dda073b3f654b155032bae5e096744c358357a92ee0c2516cc3
                                                            SHA512:e58c2509c3aad858c6f239ebf2402c3f74f97578ebf58ec2cbd6c79f27403e1ba9e5c1416d980b9d277364342e3676faab15831e1ebed323e64528d4da7f7ac0
                                                            SSDEEP:768:yeIxjw/1Fr30hZuvYw9xc91UhhAhoBbF9dAmScGB36nhbo/O:gk/u+JzdZ9qp9B36hE/O
                                                            TLSH:5EE2AF248C092CCDD56993E16F19344AFA9DB322B1C418E37CACCB9B5B10EA7DC1715A
                                                            File Content Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 14 0 R/MarkInfo<</Marked true>>/Metadata 35 0 R/ViewerPreferences 36 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/R

                                                            File Icon

                                                            Icon Hash:62cc8caeb29e8ae0

                                                            Static PDF Info

                                                            General

                                                            Header:%PDF-1.7
                                                            Total Entropy:7.642294
                                                            Total Bytes:31526
                                                            Stream Entropy:7.742906
                                                            Stream Bytes:27187
                                                            Entropy outside Streams:5.227217
                                                            Bytes outside Streams:4339
                                                            Number of EOF found:2
                                                            Bytes after EOF:
                                                            NameCount
                                                            obj21
                                                            endobj21
                                                            stream7
                                                            endstream7
                                                            xref2
                                                            trailer2
                                                            startxref2
                                                            /Page1
                                                            /Encrypt0
                                                            /ObjStm1
                                                            /URI2
                                                            /JS0
                                                            /JavaScript0
                                                            /AA0
                                                            /OpenAction0
                                                            /AcroForm0
                                                            /JBIG2Decode0
                                                            /RichMedia0
                                                            /Launch0
                                                            /EmbeddedFile0
                                                            IDDHASHMD5Preview
                                                            1280ae2e36a6a0bca85fff7c35d2e55ca3e376bdf3ebbb9036

                                                            Network Behavior

                                                            Download Network PCAP: filteredfull

                                                            Network Port Distribution

                                                            • Total Packets: 163
                                                            • 443 (HTTPS)
                                                            • 80 (HTTP)
                                                            • 53 (DNS)
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Apr 2, 2025 07:12:44.111064911 CEST49671443192.168.2.4204.79.197.203
                                                            Apr 2, 2025 07:12:44.423311949 CEST49671443192.168.2.4204.79.197.203
                                                            Apr 2, 2025 07:12:45.032721996 CEST49671443192.168.2.4204.79.197.203
                                                            Apr 2, 2025 07:12:46.235714912 CEST49671443192.168.2.4204.79.197.203
                                                            Apr 2, 2025 07:12:48.641951084 CEST49671443192.168.2.4204.79.197.203
                                                            Apr 2, 2025 07:12:49.798207998 CEST49680443192.168.2.4204.79.197.222
                                                            Apr 2, 2025 07:12:52.879043102 CEST49678443192.168.2.420.189.173.27
                                                            Apr 2, 2025 07:12:53.194422007 CEST49678443192.168.2.420.189.173.27
                                                            Apr 2, 2025 07:12:53.585136890 CEST49671443192.168.2.4204.79.197.203
                                                            Apr 2, 2025 07:12:53.803814888 CEST49678443192.168.2.420.189.173.27
                                                            Apr 2, 2025 07:12:55.014666080 CEST49678443192.168.2.420.189.173.27
                                                            Apr 2, 2025 07:12:57.425605059 CEST49678443192.168.2.420.189.173.27
                                                            Apr 2, 2025 07:12:59.328659058 CEST4968180192.168.2.42.17.190.73
                                                            Apr 2, 2025 07:12:59.613518000 CEST49710443192.168.2.4204.79.197.222
                                                            Apr 2, 2025 07:12:59.613817930 CEST49710443192.168.2.4204.79.197.222
                                                            Apr 2, 2025 07:12:59.613986015 CEST49710443192.168.2.4204.79.197.222
                                                            Apr 2, 2025 07:12:59.628742933 CEST4968180192.168.2.42.17.190.73
                                                            Apr 2, 2025 07:12:59.703099966 CEST44349710204.79.197.222192.168.2.4
                                                            Apr 2, 2025 07:12:59.703129053 CEST44349710204.79.197.222192.168.2.4
                                                            Apr 2, 2025 07:12:59.703514099 CEST44349710204.79.197.222192.168.2.4
                                                            Apr 2, 2025 07:12:59.704811096 CEST44349710204.79.197.222192.168.2.4
                                                            Apr 2, 2025 07:12:59.704828024 CEST44349710204.79.197.222192.168.2.4
                                                            Apr 2, 2025 07:12:59.704890013 CEST49710443192.168.2.4204.79.197.222
                                                            Apr 2, 2025 07:12:59.704890013 CEST49710443192.168.2.4204.79.197.222
                                                            Apr 2, 2025 07:12:59.705348015 CEST49710443192.168.2.4204.79.197.222
                                                            Apr 2, 2025 07:12:59.705885887 CEST44349710204.79.197.222192.168.2.4
                                                            Apr 2, 2025 07:12:59.705933094 CEST49710443192.168.2.4204.79.197.222
                                                            Apr 2, 2025 07:12:59.705946922 CEST44349710204.79.197.222192.168.2.4
                                                            Apr 2, 2025 07:12:59.705986977 CEST49710443192.168.2.4204.79.197.222
                                                            Apr 2, 2025 07:12:59.795327902 CEST44349710204.79.197.222192.168.2.4
                                                            Apr 2, 2025 07:13:00.027182102 CEST4972480192.168.2.4142.251.40.99
                                                            Apr 2, 2025 07:13:00.117465973 CEST8049724142.251.40.99192.168.2.4
                                                            Apr 2, 2025 07:13:00.117544889 CEST4972480192.168.2.4142.251.40.99
                                                            Apr 2, 2025 07:13:00.117670059 CEST4972480192.168.2.4142.251.40.99
                                                            Apr 2, 2025 07:13:00.207315922 CEST8049724142.251.40.99192.168.2.4
                                                            Apr 2, 2025 07:13:00.207504034 CEST8049724142.251.40.99192.168.2.4
                                                            Apr 2, 2025 07:13:00.212203026 CEST4972480192.168.2.4142.251.40.99
                                                            Apr 2, 2025 07:13:00.238117933 CEST4968180192.168.2.42.17.190.73
                                                            Apr 2, 2025 07:13:00.302412033 CEST8049724142.251.40.99192.168.2.4
                                                            Apr 2, 2025 07:13:00.347505093 CEST4972480192.168.2.4142.251.40.99
                                                            Apr 2, 2025 07:13:00.689292908 CEST4972680192.168.2.4104.76.101.49
                                                            Apr 2, 2025 07:13:00.779035091 CEST8049726104.76.101.49192.168.2.4
                                                            Apr 2, 2025 07:13:00.779385090 CEST4972680192.168.2.4104.76.101.49
                                                            Apr 2, 2025 07:13:00.779386044 CEST4972680192.168.2.4104.76.101.49
                                                            Apr 2, 2025 07:13:00.868804932 CEST8049726104.76.101.49192.168.2.4
                                                            Apr 2, 2025 07:13:00.871630907 CEST8049726104.76.101.49192.168.2.4
                                                            Apr 2, 2025 07:13:00.871661901 CEST8049726104.76.101.49192.168.2.4
                                                            Apr 2, 2025 07:13:00.871855974 CEST4972680192.168.2.4104.76.101.49
                                                            Apr 2, 2025 07:13:01.448688984 CEST4968180192.168.2.42.17.190.73
                                                            Apr 2, 2025 07:13:02.245328903 CEST49678443192.168.2.420.189.173.27
                                                            Apr 2, 2025 07:13:03.186964035 CEST49671443192.168.2.4204.79.197.203
                                                            Apr 2, 2025 07:13:03.861681938 CEST4968180192.168.2.42.17.190.73
                                                            Apr 2, 2025 07:13:08.669292927 CEST4968180192.168.2.42.17.190.73
                                                            Apr 2, 2025 07:13:11.862478971 CEST49678443192.168.2.420.189.173.27
                                                            Apr 2, 2025 07:13:11.995796919 CEST4972680192.168.2.4104.76.101.49
                                                            Apr 2, 2025 07:13:18.194672108 CEST49740443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:13:18.194777012 CEST44349740142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:13:18.194979906 CEST49740443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:13:18.195107937 CEST49740443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:13:18.195127010 CEST44349740142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:13:18.281934023 CEST4968180192.168.2.42.17.190.73
                                                            Apr 2, 2025 07:13:18.400533915 CEST44349740142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:13:18.400660992 CEST49740443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:13:18.401870012 CEST49740443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:13:18.401886940 CEST44349740142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:13:18.402380943 CEST44349740142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:13:18.453835011 CEST49740443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:13:19.021559954 CEST49741443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.021645069 CEST443497413.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.021801949 CEST49741443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.021917105 CEST49741443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.021939039 CEST443497413.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.021976948 CEST49742443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.022062063 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.024698973 CEST49742443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.024699926 CEST49742443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.024826050 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.219486952 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.220586061 CEST49742443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.220587015 CEST49742443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.220649958 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.220985889 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.221504927 CEST49742443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.230283976 CEST443497413.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.230555058 CEST49741443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.231111050 CEST49741443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.231128931 CEST443497413.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.231616020 CEST443497413.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.264332056 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.285327911 CEST49741443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.672584057 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.676568031 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.677187920 CEST49742443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.677248001 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.687253952 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.687402010 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.687473059 CEST49742443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.687535048 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.687575102 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.687580109 CEST49742443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.688308001 CEST49742443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.727667093 CEST49742443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.727727890 CEST443497423.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.836190939 CEST49741443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.876274109 CEST443497413.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.963433981 CEST443497413.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.964072943 CEST443497413.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:19.964247942 CEST49741443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.964809895 CEST49741443192.168.2.43.168.73.96
                                                            Apr 2, 2025 07:13:19.964847088 CEST443497413.168.73.96192.168.2.4
                                                            Apr 2, 2025 07:13:28.401312113 CEST44349740142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:13:28.401447058 CEST44349740142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:13:28.401622057 CEST49740443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:13:29.643151045 CEST49740443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:13:29.643219948 CEST44349740142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:13:35.229423046 CEST49749443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:35.229471922 CEST44349749154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:35.229556084 CEST49749443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:35.230154991 CEST49750443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:35.230160952 CEST49749443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:35.230180025 CEST44349749154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:35.230240107 CEST44349750154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:35.230320930 CEST49750443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:35.230477095 CEST49750443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:35.230495930 CEST44349750154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:36.205883026 CEST44349749154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:36.205960989 CEST49749443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:36.207099915 CEST49749443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:36.207112074 CEST44349749154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:36.207448959 CEST44349749154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:36.207767010 CEST49749443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:36.219791889 CEST44349750154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:36.219886065 CEST49750443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:36.220582962 CEST49750443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:36.220613003 CEST44349750154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:36.221366882 CEST44349750154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:36.248306990 CEST44349749154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:36.265703917 CEST49750443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:37.586007118 CEST44349749154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:37.586177111 CEST44349749154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:37.586447954 CEST49749443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:37.586482048 CEST44349749154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:13:37.586503029 CEST49749443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:37.586525917 CEST49749443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:13:37.688658953 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:37.688746929 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:37.688833952 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:37.688973904 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:37.688992023 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:37.890775919 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:37.890975952 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:37.893390894 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:37.893415928 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:37.893834114 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:37.894366980 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:37.936269045 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.066890955 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.066947937 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.067106962 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.067137957 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.067195892 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.073422909 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.073647022 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.082318068 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.082513094 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.108561039 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.108771086 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.159972906 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.160217047 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.172336102 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.172533035 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.179003954 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.179188967 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.191339970 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.191549063 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.203274012 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.203469992 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.209882975 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.210093975 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.215584040 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.215789080 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.215786934 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.215853930 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.365129948 CEST49751443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.365190983 CEST44349751207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.446620941 CEST49752443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.446716070 CEST44349752207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.446793079 CEST49752443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.446964025 CEST49752443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.446990013 CEST44349752207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.636823893 CEST44349752207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.637008905 CEST49752443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.637079000 CEST44349752207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.637170076 CEST49752443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.637182951 CEST44349752207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.819314957 CEST44349752207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.819504976 CEST44349752207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.819669962 CEST49752443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.832274914 CEST49752443192.168.2.4207.174.26.219
                                                            Apr 2, 2025 07:13:38.832326889 CEST44349752207.174.26.219192.168.2.4
                                                            Apr 2, 2025 07:13:38.939974070 CEST49755443192.168.2.4172.67.131.251
                                                            Apr 2, 2025 07:13:38.940016985 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:38.940109015 CEST49755443192.168.2.4172.67.131.251
                                                            Apr 2, 2025 07:13:38.940223932 CEST49755443192.168.2.4172.67.131.251
                                                            Apr 2, 2025 07:13:38.940232992 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.160546064 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.160645962 CEST49755443192.168.2.4172.67.131.251
                                                            Apr 2, 2025 07:13:39.164510965 CEST49755443192.168.2.4172.67.131.251
                                                            Apr 2, 2025 07:13:39.164539099 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.164963007 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.165440083 CEST49755443192.168.2.4172.67.131.251
                                                            Apr 2, 2025 07:13:39.208319902 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.393569946 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.393723965 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.393826008 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.393892050 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.393893957 CEST49755443192.168.2.4172.67.131.251
                                                            Apr 2, 2025 07:13:39.393958092 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.394025087 CEST49755443192.168.2.4172.67.131.251
                                                            Apr 2, 2025 07:13:39.394042015 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.394107103 CEST49755443192.168.2.4172.67.131.251
                                                            Apr 2, 2025 07:13:39.394120932 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.394149065 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.394196987 CEST49755443192.168.2.4172.67.131.251
                                                            Apr 2, 2025 07:13:39.394413948 CEST49755443192.168.2.4172.67.131.251
                                                            Apr 2, 2025 07:13:39.394440889 CEST44349755172.67.131.251192.168.2.4
                                                            Apr 2, 2025 07:13:39.504806042 CEST49756443192.168.2.4104.21.4.104
                                                            Apr 2, 2025 07:13:39.504889011 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.505023003 CEST49756443192.168.2.4104.21.4.104
                                                            Apr 2, 2025 07:13:39.505122900 CEST49756443192.168.2.4104.21.4.104
                                                            Apr 2, 2025 07:13:39.505141973 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.715150118 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.715234041 CEST49756443192.168.2.4104.21.4.104
                                                            Apr 2, 2025 07:13:39.715576887 CEST49756443192.168.2.4104.21.4.104
                                                            Apr 2, 2025 07:13:39.715604067 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.715939999 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.716142893 CEST49756443192.168.2.4104.21.4.104
                                                            Apr 2, 2025 07:13:39.756289959 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.968216896 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.968416929 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.968530893 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.968624115 CEST49756443192.168.2.4104.21.4.104
                                                            Apr 2, 2025 07:13:39.968630075 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.968693018 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.968739986 CEST49756443192.168.2.4104.21.4.104
                                                            Apr 2, 2025 07:13:39.968827009 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.968960047 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:13:39.968998909 CEST49756443192.168.2.4104.21.4.104
                                                            Apr 2, 2025 07:13:39.969065905 CEST49756443192.168.2.4104.21.4.104
                                                            Apr 2, 2025 07:13:39.969120979 CEST49756443192.168.2.4104.21.4.104
                                                            Apr 2, 2025 07:13:39.969156027 CEST44349756104.21.4.104192.168.2.4
                                                            Apr 2, 2025 07:14:00.610457897 CEST4972480192.168.2.4142.251.40.99
                                                            Apr 2, 2025 07:14:00.701368093 CEST8049724142.251.40.99192.168.2.4
                                                            Apr 2, 2025 07:14:00.701602936 CEST4972480192.168.2.4142.251.40.99
                                                            Apr 2, 2025 07:14:05.884512901 CEST44349750154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:14:05.884680033 CEST44349750154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:14:05.884784937 CEST49750443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:14:07.644356012 CEST49750443192.168.2.4154.0.165.249
                                                            Apr 2, 2025 07:14:07.644427061 CEST44349750154.0.165.249192.168.2.4
                                                            Apr 2, 2025 07:14:18.159444094 CEST49760443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:14:18.159529924 CEST44349760142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:14:18.159699917 CEST49760443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:14:18.159840107 CEST49760443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:14:18.159869909 CEST44349760142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:14:18.358462095 CEST44349760142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:14:18.359276056 CEST49760443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:14:18.359333992 CEST44349760142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:14:28.349523067 CEST44349760142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:14:28.349695921 CEST44349760142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:14:28.349945068 CEST49760443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:14:29.644438982 CEST49760443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:14:29.644504070 CEST44349760142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:14:30.626632929 CEST49708443192.168.2.452.113.196.254
                                                            Apr 2, 2025 07:14:30.954437971 CEST49709443192.168.2.4131.253.33.254
                                                            Apr 2, 2025 07:15:04.864495993 CEST44349710204.79.197.222192.168.2.4
                                                            Apr 2, 2025 07:15:18.221973896 CEST49774443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:15:18.222068071 CEST44349774142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:15:18.222206116 CEST49774443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:15:18.222352982 CEST49774443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:15:18.222376108 CEST44349774142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:15:18.415644884 CEST44349774142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:15:18.415945053 CEST49774443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:15:18.416009903 CEST44349774142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:15:28.445405960 CEST44349774142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:15:28.445471048 CEST44349774142.251.40.132192.168.2.4
                                                            Apr 2, 2025 07:15:28.445532084 CEST49774443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:15:29.299500942 CEST49774443192.168.2.4142.251.40.132
                                                            Apr 2, 2025 07:15:29.299585104 CEST44349774142.251.40.132192.168.2.4
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Apr 2, 2025 07:13:00.564506054 CEST5665853192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:00.685718060 CEST53566581.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:13.562625885 CEST53614481.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:13.723701000 CEST53561251.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:14.330132008 CEST53632321.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:14.480143070 CEST53587101.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:18.095808983 CEST5437053192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:18.095973969 CEST4982253192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:18.193531036 CEST53543701.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:18.193619967 CEST53498221.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:18.909960032 CEST6443653192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:18.910300016 CEST4962053192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:19.013911009 CEST53496201.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:19.020582914 CEST53644361.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:19.901479006 CEST53495661.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:31.475255966 CEST53531691.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:34.405786037 CEST6240653192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:34.405936003 CEST5925053192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:35.219353914 CEST53592501.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:35.228806973 CEST53624061.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:37.588717937 CEST5404053192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:37.588844061 CEST6044353192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:37.687547922 CEST53540401.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:37.688162088 CEST53604431.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:38.524411917 CEST53494841.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:38.835001945 CEST6315453192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:38.835170984 CEST6030153192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:38.937726974 CEST53631541.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:38.939014912 CEST53603011.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:39.397953033 CEST5475353192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:39.398080111 CEST4984453192.168.2.41.1.1.1
                                                            Apr 2, 2025 07:13:39.500200033 CEST53547531.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:39.504281998 CEST53498441.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:50.210386992 CEST53581221.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:13:52.599390984 CEST138138192.168.2.4192.168.2.255
                                                            Apr 2, 2025 07:14:12.734831095 CEST53644351.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:14:13.356865883 CEST53570401.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:14:16.506148100 CEST53636701.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:14:42.335766077 CEST53516841.1.1.1192.168.2.4
                                                            Apr 2, 2025 07:15:29.399104118 CEST53531761.1.1.1192.168.2.4

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Apr 2, 2025 07:13:00.564506054 CEST192.168.2.41.1.1.10x10ceStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:18.095808983 CEST192.168.2.41.1.1.10x57e8Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:18.095973969 CEST192.168.2.41.1.1.10xb807Standard query (0)www.google.com65IN (0x0001)false
                                                            Apr 2, 2025 07:13:18.909960032 CEST192.168.2.41.1.1.10x63e0Standard query (0)res2.showcaseworkshop.comA (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:18.910300016 CEST192.168.2.41.1.1.10x8ec6Standard query (0)res2.showcaseworkshop.com65IN (0x0001)false
                                                            Apr 2, 2025 07:13:34.405786037 CEST192.168.2.41.1.1.10xdf3cStandard query (0)thynkfinance.co.zaA (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:34.405936003 CEST192.168.2.41.1.1.10x150cStandard query (0)thynkfinance.co.za65IN (0x0001)false
                                                            Apr 2, 2025 07:13:37.588717937 CEST192.168.2.41.1.1.10xfa4bStandard query (0)i.ibb.coA (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:37.588844061 CEST192.168.2.41.1.1.10x1541Standard query (0)i.ibb.co65IN (0x0001)false
                                                            Apr 2, 2025 07:13:38.835001945 CEST192.168.2.41.1.1.10xb2f9Standard query (0)simgbb.comA (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:38.835170984 CEST192.168.2.41.1.1.10x5232Standard query (0)simgbb.com65IN (0x0001)false
                                                            Apr 2, 2025 07:13:39.397953033 CEST192.168.2.41.1.1.10x6086Standard query (0)simgbb.comA (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:39.398080111 CEST192.168.2.41.1.1.10x2bc1Standard query (0)simgbb.com65IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Apr 2, 2025 07:13:00.685718060 CEST1.1.1.1192.168.2.40x10ceNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                            Apr 2, 2025 07:13:00.685718060 CEST1.1.1.1192.168.2.40x10ceNo error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                                            Apr 2, 2025 07:13:00.685718060 CEST1.1.1.1192.168.2.40x10ceNo error (0)e8652.dscx.akamaiedge.net104.76.101.49A (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:18.193531036 CEST1.1.1.1192.168.2.40x57e8No error (0)www.google.com142.251.40.132A (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:18.193619967 CEST1.1.1.1192.168.2.40xb807No error (0)www.google.com65IN (0x0001)false
                                                            Apr 2, 2025 07:13:19.020582914 CEST1.1.1.1192.168.2.40x63e0No error (0)res2.showcaseworkshop.com3.168.73.96A (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:19.020582914 CEST1.1.1.1192.168.2.40x63e0No error (0)res2.showcaseworkshop.com3.168.73.74A (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:19.020582914 CEST1.1.1.1192.168.2.40x63e0No error (0)res2.showcaseworkshop.com3.168.73.108A (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:19.020582914 CEST1.1.1.1192.168.2.40x63e0No error (0)res2.showcaseworkshop.com3.168.73.84A (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:35.228806973 CEST1.1.1.1192.168.2.40xdf3cNo error (0)thynkfinance.co.za154.0.165.249A (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:37.687547922 CEST1.1.1.1192.168.2.40xfa4bNo error (0)i.ibb.co207.174.26.219A (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:38.937726974 CEST1.1.1.1192.168.2.40xb2f9No error (0)simgbb.com172.67.131.251A (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:38.937726974 CEST1.1.1.1192.168.2.40xb2f9No error (0)simgbb.com104.21.4.104A (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:38.939014912 CEST1.1.1.1192.168.2.40x5232No error (0)simgbb.com65IN (0x0001)false
                                                            Apr 2, 2025 07:13:39.500200033 CEST1.1.1.1192.168.2.40x6086No error (0)simgbb.com104.21.4.104A (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:39.500200033 CEST1.1.1.1192.168.2.40x6086No error (0)simgbb.com172.67.131.251A (IP address)IN (0x0001)false
                                                            Apr 2, 2025 07:13:39.504281998 CEST1.1.1.1192.168.2.40x2bc1No error (0)simgbb.com65IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • res2.showcaseworkshop.com
                                                              • thynkfinance.co.za
                                                              • i.ibb.co
                                                                • simgbb.com
                                                            • c.pki.goog
                                                            • x1.i.lencr.org

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            0192.168.2.449724142.251.40.9980
                                                            TimestampBytes transferredDirectionData
                                                            Apr 2, 2025 07:13:00.117670059 CEST202OUTGET /r/gsr1.crl HTTP/1.1
                                                            Cache-Control: max-age = 3000
                                                            Connection: Keep-Alive
                                                            Accept: */*
                                                            If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                                                            User-Agent: Microsoft-CryptoAPI/10.0
                                                            Host: c.pki.goog
                                                            Apr 2, 2025 07:13:00.207504034 CEST223INHTTP/1.1 304 Not Modified
                                                            Date: Wed, 02 Apr 2025 04:42:01 GMT
                                                            Expires: Wed, 02 Apr 2025 05:32:01 GMT
                                                            Age: 1859
                                                            Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                                                            Cache-Control: public, max-age=3000
                                                            Vary: Accept-Encoding
                                                            Apr 2, 2025 07:13:00.212203026 CEST200OUTGET /r/r4.crl HTTP/1.1
                                                            Cache-Control: max-age = 3000
                                                            Connection: Keep-Alive
                                                            Accept: */*
                                                            If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                                                            User-Agent: Microsoft-CryptoAPI/10.0
                                                            Host: c.pki.goog
                                                            Apr 2, 2025 07:13:00.302412033 CEST223INHTTP/1.1 304 Not Modified
                                                            Date: Wed, 02 Apr 2025 04:42:01 GMT
                                                            Expires: Wed, 02 Apr 2025 05:32:01 GMT
                                                            Age: 1859
                                                            Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                                                            Cache-Control: public, max-age=3000
                                                            Vary: Accept-Encoding


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.449726104.76.101.49807184C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            TimestampBytes transferredDirectionData
                                                            Apr 2, 2025 07:13:00.779386044 CEST115OUTGET / HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Accept: */*
                                                            User-Agent: Microsoft-CryptoAPI/10.0
                                                            Host: x1.i.lencr.org
                                                            Apr 2, 2025 07:13:00.871630907 CEST1254INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Content-Type: application/pkix-cert
                                                            Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
                                                            ETag: "64cd6654-56f"
                                                            Content-Disposition: attachment; filename="ISRG Root X1.der"
                                                            Cache-Control: max-age=77752
                                                            Expires: Thu, 03 Apr 2025 02:48:52 GMT
                                                            Date: Wed, 02 Apr 2025 05:13:00 GMT
                                                            Content-Length: 1391
                                                            Connection: keep-alive
                                                            Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
                                                            Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au
                                                            Apr 2, 2025 07:13:00.871661901 CEST491INData Raw: 5c 8a 6e f8 82 e5 69 2f d5 f6 56 4b b9 b8 73 10 59 d3 21 97 7e e7 4c 71 fb b2 d2 60 ad 39 a8 0b ea 17 21 56 85 f1 50 0e 59 eb ce e0 59 e9 ba c9 15 ef 86 9d 8f 84 80 f6 e4 e9 91 90 dc 17 9b 62 1b 45 f0 66 95 d2 7c 6f c2 ea 3b ef 1f cf cb d6 ae 27
                                                            Data Ascii: \ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{


                                                            HTTPS Proxied Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.4497423.168.73.964438460C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-04-02 05:13:19 UTC898OUTGET /GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51 HTTP/1.1
                                                            Host: res2.showcaseworkshop.com
                                                            Connection: keep-alive
                                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                            sec-ch-ua-mobile: ?0
                                                            sec-ch-ua-platform: "Windows"
                                                            Upgrade-Insecure-Requests: 1
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: navigate
                                                            Sec-Fetch-User: ?1
                                                            Sec-Fetch-Dest: document
                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                            Accept-Language: en-US,en;q=0.9
                                                            2025-04-02 05:13:19 UTC706INHTTP/1.1 200 OK
                                                            Content-Type: text/html
                                                            Content-Length: 18964
                                                            Connection: close
                                                            x-amz-id-2: vAhwIksDiLW3oY2c0+mcafARLF6mMKW+ECTRM4oVJGE/aTU/Bh5jx3auSZCTt8HyGFB4s8kap5ATcRn3VqOMgccQvf7RQxglIiqJxstG2fs=
                                                            x-amz-request-id: 9HBBTHG48DYADKJ6
                                                            Date: Wed, 02 Apr 2025 05:13:20 GMT
                                                            Last-Modified: Wed, 02 Apr 2025 04:34:03 GMT
                                                            ETag: "a84eb8ccb518dc96f1d4f0f2f53556df"
                                                            x-amz-server-side-encryption: AES256
                                                            Cache-Control: max-age=7776000
                                                            Accept-Ranges: bytes
                                                            Server: AmazonS3
                                                            X-Cache: Miss from cloudfront
                                                            Via: 1.1 96514100085c5a3055b3debbca21d95c.cloudfront.net (CloudFront)
                                                            X-Amz-Cf-Pop: JFK50-P9
                                                            Alt-Svc: h3=":443"; ma=86400
                                                            X-Amz-Cf-Id: X1hcxTMOrxexRg7GpUnIfz5G77FcHUlqINaDVluV8A1fGBtw8OVLYA==
                                                            2025-04-02 05:13:19 UTC8494INData Raw: 20 20 0d 0a 20 20 0d 0a 20 20 0d 0a 09 3c 74 69 74 6c 65 3e 52 45 4d 49 54 54 41 4e 43 45 3c 2f 74 69 74 6c 65 3e 20 20 0d 0a 09 3c 73 74 79 6c 65 3e 20 20 0d 0a 09 09 62 6f 64 79 20 7b 20 20 0d 0a 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 27 64 61 74 61 3a 69 6d 61 67 65 2f 6a 70 65 67 3b 62 61 73 65 36 34 2c 2f 39 6a 2f 34 51 42 57 52 58 68 70 5a 67 41 41 54 55 30 41 4b 67 41 41 41 41 67 41 42 41 45 53 41 41 4d 41 41 41 41 42 41 41 45 41 41 41 45 61 41 41 55 41 41 41 41 42 41 41 41 41 50 67 45 62 41 41 55 41 41 41 41 42 41 41 41 41 52 67 45 6f 41 41 4d 41 41 41 41 42 41 41 49 41 41 41 41 41 41 41 41 41 41 41 43 51 41 41 41 41 41 51 41 41 41 4a 41 41 41 41 41 42 2f 2b 41 41 45 45 70 47 53 55 59 41 41 51 45 42 41 4a 41 41
                                                            Data Ascii: <title>REMITTANCE</title> <style> body { background-image: url('data:image/jpeg;base64,/9j/4QBWRXhpZgAATU0AKgAAAAgABAESAAMAAAABAAEAAAEaAAUAAAABAAAAPgEbAAUAAAABAAAARgEoAAMAAAABAAIAAAAAAAAAAACQAAAAAQAAAJAAAAAB/+AAEEpGSUYAAQEBAJAA
                                                            2025-04-02 05:13:19 UTC10470INData Raw: 6f 75 45 4e 66 64 6f 37 77 37 64 70 39 34 4f 65 4f 43 67 6d 44 77 38 6f 2f 7a 6b 45 45 6e 35 71 6a 58 2b 64 4e 62 53 57 71 4b 51 32 56 34 71 43 38 4e 63 4d 65 69 73 66 71 66 58 31 4c 56 4d 32 32 70 7a 34 6e 59 4a 34 36 49 4a 4f 37 69 58 38 78 55 37 69 54 31 6b 4b 6a 35 32 74 39 58 4e 6c 63 33 34 4b 2f 61 47 38 63 65 71 7a 32 37 57 65 71 4b 71 68 71 5a 70 37 4f 39 6b 73 58 79 4e 78 31 51 65 36 37 68 2f 54 76 56 58 75 6e 34 77 4a 46 45 59 31 39 32 68 76 71 79 44 70 2b 51 52 6e 6a 4f 46 76 56 75 71 39 65 30 37 59 5a 71 65 30 75 65 48 44 7a 6a 48 52 42 4a 34 59 38 44 47 39 55 63 79 54 38 7a 43 38 4e 58 33 6e 56 34 74 4d 4e 79 70 36 45 39 36 34 5a 64 46 37 46 65 64 67 31 6e 32 67 79 56 63 66 66 32 64 37 49 53 63 48 68 42 4c 62 59 35 42 2b 4e 44 46 4c 36 50 55
                                                            Data Ascii: ouENfdo7w7dp94OeOCgmDw8o/zkEEn5qjX+dNbSWqKQ2V4qC8NcMeisfqfX1LVM22pz4nYJ46IJO7iX8xU7iT1kKj52t9XNlc34K/aG8ceqz27WeqKqhqZp7O9ksXyNx1Qe67h/TvVXun4wJFEY192hvqyDp+QRnjOFvVuq9e07YZqe0ueHDzjHRBJ4Y8DG9UcyT8zC8NX3nV4tMNyp6E964ZdF7Fedg1n2gyVcff2d7IScHhBLbY5B+NDFL6PU


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.4497413.168.73.964438460C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-04-02 05:13:19 UTC836OUTGET /favicon.ico HTTP/1.1
                                                            Host: res2.showcaseworkshop.com
                                                            Connection: keep-alive
                                                            sec-ch-ua-platform: "Windows"
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                            sec-ch-ua-mobile: ?0
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-origin
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51
                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                            Accept-Language: en-US,en;q=0.9
                                                            2025-04-02 05:13:19 UTC422INHTTP/1.1 401 Unauthorised
                                                            Content-Type: text/html
                                                            Content-Length: 285
                                                            Connection: close
                                                            Server: CloudFront
                                                            Date: Wed, 02 Apr 2025 05:13:19 GMT
                                                            Content-Encoding: UTF-8
                                                            X-Cache: LambdaGeneratedResponse from cloudfront
                                                            Via: 1.1 1af2e71d065fc2eea37b6b349c843830.cloudfront.net (CloudFront)
                                                            X-Amz-Cf-Pop: JFK50-P9
                                                            Alt-Svc: h3=":443"; ma=86400
                                                            X-Amz-Cf-Id: UaHqwH6y_19ATuJoapwxjGKJJOP-0hFawjoDzagpvXL4tIfy9Xr98A==
                                                            2025-04-02 05:13:19 UTC285INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3a 20 55 6e 61 75 74 68 6f 72 69 73 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3a 20 55 6e 61 75 74 68 6f 72 69 73 65 64 3c 2f 68 31 3e 0a 20 20 20 20 20
                                                            Data Ascii: <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Access Denied: Unauthorised</title> </head> <body> <h1>Access Denied: Unauthorised</h1>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.449749154.0.165.2494438460C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-04-02 05:13:36 UTC876OUTPOST /admin/save/mer.php HTTP/1.1
                                                            Host: thynkfinance.co.za
                                                            Connection: keep-alive
                                                            Content-Length: 47
                                                            Cache-Control: max-age=0
                                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                            sec-ch-ua-mobile: ?0
                                                            sec-ch-ua-platform: "Windows"
                                                            Origin: https://res2.showcaseworkshop.com
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Upgrade-Insecure-Requests: 1
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Sec-Fetch-Site: cross-site
                                                            Sec-Fetch-Mode: navigate
                                                            Sec-Fetch-User: ?1
                                                            Sec-Fetch-Dest: document
                                                            Referer: https://res2.showcaseworkshop.com/
                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                            Accept-Language: en-US,en;q=0.9
                                                            2025-04-02 05:13:36 UTC47OUTData Raw: 32 32 32 32 3d 70 73 6f 65 35 79 25 34 30 62 72 6c 69 6e 68 6a 2e 63 6f 6d 26 31 31 31 31 3d 62 35 25 32 42 64 25 33 41 55 54 58 6d 69 71 55
                                                            Data Ascii: 2222=psoe5y%40brlinhj.com&1111=b5%2Bd%3AUTXmiqU
                                                            2025-04-02 05:13:37 UTC315INHTTP/1.1 302 Moved Temporarily
                                                            Server: nginx
                                                            Date: Wed, 02 Apr 2025 05:13:37 GMT
                                                            Content-Type: text/html; charset=UTF-8
                                                            Content-Length: 0
                                                            Connection: close
                                                            Location: https://i.ibb.co/nBXYTs4/wrong-details.jpg
                                                            X-XSS-Protection: 1; mode=block
                                                            X-Content-Type-Options: nosniff
                                                            X-Server-Powered-By: nginx-ah


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.2.449751207.174.26.2194438460C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-04-02 05:13:37 UTC760OUTGET /nBXYTs4/wrong-details.jpg HTTP/1.1
                                                            Host: i.ibb.co
                                                            Connection: keep-alive
                                                            Cache-Control: max-age=0
                                                            Upgrade-Insecure-Requests: 1
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                            Sec-Fetch-Site: cross-site
                                                            Sec-Fetch-Mode: navigate
                                                            Sec-Fetch-User: ?1
                                                            Sec-Fetch-Dest: document
                                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                            sec-ch-ua-mobile: ?0
                                                            sec-ch-ua-platform: "Windows"
                                                            Referer: https://res2.showcaseworkshop.com/
                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                            Accept-Language: en-US,en;q=0.9
                                                            2025-04-02 05:13:38 UTC380INHTTP/1.1 200 OK
                                                            Server: nginx
                                                            Date: Wed, 02 Apr 2025 05:13:38 GMT
                                                            Content-Type: image/jpeg
                                                            Content-Length: 42786
                                                            Connection: close
                                                            Last-Modified: Mon, 18 Dec 2023 06:24:29 GMT
                                                            Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                                            Cache-Control: max-age=315360000
                                                            Cache-Control: public
                                                            Access-Control-Allow-Origin: *
                                                            Access-Control-Allow-Methods: GET, OPTIONS
                                                            Accept-Ranges: bytes
                                                            2025-04-02 05:13:38 UTC3716INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 22 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 01 01 12 00 03 00 00 00 01 00 01 00 00 00 00 00 00 ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 02 12 04 5f 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03
                                                            Data Ascii: JFIF``"ExifMM*CC_"
                                                            2025-04-02 05:13:38 UTC4096INData Raw: 44 50 cb b7 6e dd bf c5 5e e7 fb 67 7c 3e d6 fc 7f fb 32 dd e9 3a 0e 97 71 ab 6b 11 bd 94 a9 67 0b a2 bc 9e 5c a8 cc 14 bb 2a fd d0 df 79 b6 d0 06 cf c3 9f da a7 43 f1 f7 8c a2 f0 ec fa 57 89 bc 2f ae dc c1 f6 8b 3b 3d 7a c3 ec ad 7d 1a fd e6 89 83 32 3e dc fc ca 1b 72 ff 00 76 ba cd 17 e2 df 85 fc 51 e2 7b ad 0f 4d f1 37 87 f5 0d 66 cc 1f b4 58 db 6a 30 cb 75 6f 8e bb e3 56 2c bf 88 af 08 d7 7e 1f 78 db f6 8f f8 91 e1 ad 46 e7 c3 37 de 03 d2 fc 1b 61 76 b1 4b a8 5c 45 25 dd e5 d4 f0 79 6b b5 62 66 55 45 fb db 99 be f7 f0 d7 19 f0 ff 00 f6 78 f1 85 c4 3f 0d 7c 3a be 07 ff 00 84 56 fb c0 b7 ef 71 a8 f8 9c 4b 07 97 7c bb 1d 4b 44 c8 de 6b 34 8c ca cd bd 57 ee d0 07 d4 92 7c 6b f0 78 f1 45 c6 8a de 2c f0 df f6 d5 9a 33 cf a7 ff 00 6a 42 2e a0 55 19 66 78 b7
                                                            Data Ascii: DPn^g|>2:qkg\*yCW/;=z}2>rvQ{M7fXj0uoV,~xF7avK\E%ykbfUEx?|:VqK|KDk4W|kxE,3jB.Ufx
                                                            2025-04-02 05:13:38 UTC4096INData Raw: f0 b2 5f fe 81 97 5f f7 f5 2b c3 ff 00 62 cf f9 37 bb 1f fb 0b eb 5f fa 76 bc af 56 a2 5f 10 1b 5f f0 b2 5f fe 81 97 5f f7 f5 28 ff 00 85 92 ff 00 f4 0c ba ff 00 bf a9 58 b4 50 06 d7 fc 2c 97 ff 00 a0 65 d7 fd fd 4a 3f e1 64 bf fd 03 2e bf ef ea 56 2d 14 01 b5 ff 00 0b 25 ff 00 e8 19 75 ff 00 7f 52 8f f8 59 2f ff 00 40 cb af fb fa 95 8b 45 00 6d 7f c2 c9 7f fa 06 5d 7f df d4 a3 fe 16 4b ff 00 d0 32 eb fe fe a5 62 d1 40 1b 5f f0 b2 5f fe 81 97 5f f7 f5 28 ff 00 85 92 ff 00 f4 0c ba ff 00 bf a9 58 b4 50 06 d7 fc 2c 87 ff 00 a0 65 d7 fd fd 4a 3f e1 64 bf fd 03 2e bf ef ea 56 2d 14 01 b5 ff 00 0b 25 ff 00 e8 19 75 ff 00 7f 52 8f f8 59 2f ff 00 40 cb af fb fa 95 8b 45 00 6d 7f c2 c9 7f fa 06 5d 7f df d4 a3 fe 16 4b ff 00 d0 32 eb fe fe a5 62 d1 40 1b 5f f0 b2
                                                            Data Ascii: __+b7_vV____(XP,eJ?d.V-%uRY/@Em]K2b@___(XP,eJ?d.V-%uRY/@Em]K2b@_
                                                            2025-04-02 05:13:38 UTC4096INData Raw: 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 40 05 14 51 47 d9 d4 02 8a 28 a0 02 8a 28 a0 02 8a 28 a0 02 8a 28 a3 de 00 a2 8a 28 00 a2 8a 28 00 a2 8a 28 00 a2 8a 28 00 a2 8a 28 00 a2 8a 28 f5 2b 97 de 0a 28 a2 82 7d 42 8a 28 a0 02 8a 28 a0 3d de 81 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 45 14 50 01 5b 5e 08 ff 00 90 b4 9f f5 c8 ff 00 35 ac
                                                            Data Ascii: Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@QG((((((((((+(}B((=EPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEP[^5
                                                            2025-04-02 05:13:38 UTC4096INData Raw: 6b f6 c2 bf 02 ff 00 e0 b1 fa a3 ea 5f f0 51 4f 88 1b bf e5 dd ed 60 53 9d df 76 d6 2f f3 ff 00 01 a3 23 b3 ad 79 74 37 f1 3a b7 26 5a a1 dd 9f 2f 8e 6b b4 fd 9d fc 20 be 3e fd a0 3c 0f a1 ba ee 8f 56 d7 ac ac dc 7f b2 f3 a2 b7 fe 3b ba b8 bc d7 b6 7f c1 38 f4 f5 d5 3f 6e cf 85 71 32 ef 5f f8 48 2d dd 87 de fb ac cd bb fe 03 b7 75 7d 4d 7d 29 36 7e 17 94 53 e7 c6 53 5f de 47 f4 49 6d 0a db db c7 1a ae c5 8d 55 54 7f c0 57 e5 a9 28 ff 00 96 7f e7 fb d4 57 e7 cf e2 e6 3f ae 28 d3 e5 82 51 0a fe 7a ff 00 e0 a9 7e 0a 1e 03 ff 00 82 80 fc 51 b3 8a 3f 2a 1b 8d 5b ed a0 0f bb fe 90 89 3b 7f e3 d2 b5 7f 42 95 f8 4f ff 00 05 ca d2 d7 4c ff 00 82 89 78 99 97 fe 5e b4 ed 3e 76 3b 76 fc df 67 45 ff 00 d9 6b d9 c8 a5 6a cd 1f 9a f8 a1 4e f9 7c 27 e6 7c 8c bf fb 2d 7d
                                                            Data Ascii: k_QO`Sv/#yt7:&Z/k ><V;8?nq2_H-u}M})6~SS_GImUTW(W?(Qz~Q?*[;BOLx^>v;vgEkjN|'|-}
                                                            2025-04-02 05:13:38 UTC4096INData Raw: 87 94 2f 52 47 e5 de 27 67 10 aa e1 83 a4 ef cb b8 dd f5 f5 a7 fc 11 27 e1 bc 9e 3c ff 00 82 82 78 5e e7 ca 66 b7 f0 dd ad d6 ab 3b ff 00 0a ed 89 91 3f f2 23 ad 7c 93 5f ad 9f f0 6e ff 00 ec ef 37 87 fe 1e f8 bb e2 5d f5 bb 42 de 20 95 74 8d 35 dd 7f e5 8c 4d ba 57 5f f6 5a 4d aa df ee 35 7a 79 85 6e 4c 3b 3e 37 82 f2 f9 62 b3 3a 71 5f 67 53 ec af f8 28 07 fc 99 2f c5 5f fb 16 6f bf f4 43 57 f3 97 ff 00 2c ab fa 5e fd a2 3e 15 cd f1 c3 e0 3f 8b bc 1f 6f 79 1e 9f 37 89 b4 9b 8d 39 2e 64 46 91 61 69 51 94 33 2a b2 ee db bb 76 dd df c3 5f 99 ff 00 f1 0d df 89 bc bf f9 2a 1a 0f aa ff 00 c4 a2 5f fe 3b 5e 36 4f 8c a5 49 38 cd ee 7e 8d e2 07 0f e3 b1 f5 e9 cb 0b 4e ea 27 e6 8e 7f da a3 b7 fe 83 5f a5 7f f1 0d c7 89 bf e8 a8 68 3f f8 27 97 ff 00 8e d1 ff 00 10
                                                            Data Ascii: /RG'g'<x^f;?#|_n7]B t5MW_ZM5zynL;>7b:q_gS(/_oCW,^>?oy79.dFaiQ3*v_*_;^6OI8~N'_h?'
                                                            2025-04-02 05:13:38 UTC4096INData Raw: c5 f7 a8 03 eb 2a 2b 90 f8 3b e0 3d 5b e1 fe 87 71 6f aa 78 b3 50 f1 6f 9d 2e f8 2e 6e d1 56 48 d3 6a ae dd ca cd bb e6 f9 b7 7c bf 7a ba fa 00 28 a2 8a 00 2b ca 7f 68 8f da 52 4f d9 ff 00 c4 be 19 b7 b8 d1 7e dd a6 6b d7 1f 67 96 f7 ed 5e 5f d9 5b 72 ab 7c bb 5b 76 d5 65 6f bc b5 ea d5 e3 7f b7 67 c3 7f f8 58 9f b3 de a8 d0 c7 be f3 45 65 bf 80 85 dc df 2f ca ca bf dd f9 59 9b fe 03 40 1e c5 1d c2 c9 6e b2 2b 7e ed 97 72 bf f0 ed fb db ab c3 7e 07 fe db 16 3f 19 be 34 6a 9e 13 5d 25 6c 12 d5 65 6b 3b b3 79 e6 35 d6 c6 da df 26 c5 da cc bf 37 de 6f e2 aa fa 5f ed 00 26 fd 85 9b c5 12 4d ba fa 3d 25 ac 98 bb 7c cd 71 fe a9 bf e0 5b be 6f f8 0d 78 3c 7f 0f e6 fd 9b f4 bf 84 3f 10 02 f9 72 5e 4a cb a9 1d bf 36 d9 59 9b 9f e1 ff 00 57 2b 2f fc 06 80 3e d0 f8
                                                            Data Ascii: *+;=[qoxPo..nVHj|z(+hRO~kg^_[r|[veogXEe/Y@n+~r~?4j]%lek;y5&7o_&M=%|q[ox<?r^J6YW+/>
                                                            2025-04-02 05:13:38 UTC4096INData Raw: df 37 f7 b7 3b 7f c0 56 bd 2b fe 0a 75 ff 00 26 e3 0f fd 86 6d ff 00 f4 09 6b df 34 bf 0f d9 68 9b fe c3 63 67 67 e6 7c cf e4 40 b1 ee ff 00 7b 6a ae ea 93 52 d2 ad 75 8b 7f 26 f2 d6 de ea 1d db b6 4c 8b 22 ee fe f6 d6 f9 68 02 2d 03 fe 45 fb 1f fa f6 4f fd 05 6b e4 ef 84 fe 33 8f f6 33 f8 ed e3 2d 37 c6 16 f7 96 fa 2f 88 2e 3e d1 65 aa 24 0d 24 5b 55 99 97 76 d5 6f bc ac bf ee b2 d7 d7 ca bb 57 6a ae d5 fb aa 05 57 d4 b4 7b 5d 62 15 8e f2 d2 de ee 3f bc a9 2c 4b 22 ff 00 df 2c b4 01 f2 9f ed 47 f1 d3 4f fd a9 7c 3f a7 f8 0f e1 fc 37 5a f5 e6 a5 78 93 dc 5d a4 0d 1c 16 a8 bb 97 e6 66 0b fd ed cc df 75 55 7f 8b 77 cb a7 ff 00 05 04 f0 c2 f8 37 f6 42 f0 ee 92 ad e6 2e 9b a8 d9 5b ef c7 de db 04 eb bb ff 00 1d af a5 74 bf 0f e9 fa 18 6f b0 d9 59 d9 ee f9 5b
                                                            Data Ascii: 7;V+u&mk4hcgg|@{jRu&L"h-EOk33-7/.>e$$[UvoWjW{]b?,K",GO|?7Zx]fuUw7B.[toY[
                                                            2025-04-02 05:13:38 UTC4096INData Raw: 8b 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28 a2 80 0a 28
                                                            Data Ascii: ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
                                                            2025-04-02 05:13:38 UTC4096INData Raw: ff 00 7f 7f fb 1a 00 86 8a 9b fb 13 50 ff 00 9f 58 7f ef ef ff 00 63 47 f6 26 a1 ff 00 3e b0 ff 00 df df fe c6 80 21 a2 a6 fe c4 d4 3f e7 d6 1f fb fb ff 00 d8 d1 fd 89 a8 7f cf ac 3f f7 f7 ff 00 b1 a0 08 68 a9 bf b1 35 0f f9 f5 87 fe fe ff 00 f6 34 7f 62 6a 1f f3 eb 0f fd fd ff 00 ec 68 02 1a 2a 6f ec 4d 43 fe 7d 61 ff 00 bf bf fd 8d 1f d8 9a 87 fc fa c3 ff 00 7f 7f fb 1a 00 86 8a 9b fb 13 50 ff 00 9f 58 7f ef ef ff 00 63 47 f6 26 a1 ff 00 3e b0 ff 00 df df fe c6 80 21 a2 a6 fe c4 d4 3f e7 d6 1f fb fb ff 00 d8 d1 fd 89 a8 7f cf ac 3f f7 f7 ff 00 b1 a0 08 68 a9 bf b1 35 0f f9 f5 87 fe fe ff 00 f6 34 7f 62 6a 1f f3 eb 0f fd fd ff 00 ec 68 02 1a 2a 6f ec 4d 43 fe 7d 61 ff 00 bf bf fd 8d 1f d8 9a 87 fc fa c3 ff 00 7f 7f fb 1a 00 86 8a 9b fb 13 50 ff 00 9f 58
                                                            Data Ascii: PXcG&>!??h54bjh*oMC}aPXcG&>!??h54bjh*oMC}aPX


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.2.449752207.174.26.2194438460C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-04-02 05:13:38 UTC604OUTGET /favicon.ico HTTP/1.1
                                                            Host: i.ibb.co
                                                            Connection: keep-alive
                                                            sec-ch-ua-platform: "Windows"
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                            sec-ch-ua-mobile: ?0
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: same-origin
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Referer: https://i.ibb.co/nBXYTs4/wrong-details.jpg
                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                            Accept-Language: en-US,en;q=0.9
                                                            2025-04-02 05:13:38 UTC200INHTTP/1.1 301 Moved Permanently
                                                            Server: nginx
                                                            Date: Wed, 02 Apr 2025 05:13:38 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 162
                                                            Connection: close
                                                            Location: https://simgbb.com/images/favicon.png
                                                            2025-04-02 05:13:38 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.2.449755172.67.131.2514438460C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-04-02 05:13:39 UTC621OUTGET /images/favicon.png HTTP/1.1
                                                            Host: simgbb.com
                                                            Connection: keep-alive
                                                            sec-ch-ua-platform: "Windows"
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                            sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                                                            sec-ch-ua-mobile: ?0
                                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                            Sec-Fetch-Site: cross-site
                                                            Sec-Fetch-Mode: no-cors
                                                            Sec-Fetch-Dest: image
                                                            Sec-Fetch-Storage-Access: active
                                                            Referer: https://i.ibb.co/
                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                            Accept-Language: en-US,en;q=0.9
                                                            2025-04-02 05:13:39 UTC358INHTTP/1.1 200 OK
                                                            Date: Wed, 02 Apr 2025 05:13:39 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 7235
                                                            Connection: close
                                                            Server: cloudflare
                                                            Accept-Ranges: bytes
                                                            Last-Modified: Tue, 09 Apr 2024 09:36:03 GMT
                                                            Etag: "66150c03-1c43"
                                                            Cache-Control: max-age=31536000
                                                            Cf-Cache-Status: HIT
                                                            Age: 751
                                                            CF-RAY: 929dd694de1e1aea-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            2025-04-02 05:13:39 UTC1011INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 06 00 00 00 79 7d 8e 75 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 07 74 49 4d 45 07 e0 03 0e 14 38 02 9f 51 6a ba 00 00 1b d0 49 44 41 54 78 da ed 9d 79 90 1c d5 7d c7 bf 3d 3d f7 cc ce ec cc 6a 4f 69 25 21 81 84 ae 95 38 c4 61 10 b2 65 97 71 41 ca b1 71 25 26 d8 15 db 40 e1 38 d8 71 8c 8b c4 f1 51 b1 71 95 e3 d8 40 ca 89 83 03 06 93 04 6c a4 10 a7 f0 6d 07 db 18 90 c5 61 8c 8e d5 b5 92 76 b5 42 48 ab dd d5 ce ce ce 7d f4 91 3f 84 5c 84 43 da 99 9d d7 af df cc f7 f3 17 45 c1 cc f4 7e fb 7d fa f5 3b 7e 4f 5b ba 79 d4 06 21 84 28 80 87 7f 02 42 08 85 45 08 21 14 16 21 84 c2 22 84 10 0a 8b 10 42 28 2c
                                                            Data Ascii: PNGIHDR,,y}ubKGDpHYs+tIME8QjIDATxy}==jOi%!8aeqAq%&@8qQq@lmavBH}?\CE~};~O[y!(BE!!"B(,
                                                            2025-04-02 05:13:39 UTC1369INData Raw: fb 97 44 e1 d5 9c 1d 3f 88 e8 c0 92 36 79 c3 8d 65 c3 c2 3e 6e 5d 62 16 14 56 6d 5c bb 30 22 fd 37 b4 07 74 5c d9 13 72 f4 3b 07 3a 02 d0 3d f2 a2 da 3f 53 01 c7 db 99 05 85 55 23 6f e9 0e ba e2 77 5c e1 f0 ef 18 48 ca ed 55 ee 9a e2 80 3b b3 a0 b0 6a a2 33 e0 41 5f c4 e7 8a df 72 81 c3 63 18 b2 07 79 b9 c2 9d 59 50 58 35 b2 b8 cd eb a2 df e2 ac 38 07 92 1c e4 75 4f 0f 8b 59 50 58 b3 a0 2b e4 1e 61 b5 07 74 f8 1c 5a dd d0 13 f4 a0 3b 2c ef da 67 ca 26 46 9b 68 2f 25 b3 a0 b0 1c 21 ec d5 5a f2 f7 c8 9e 42 df 95 2a 03 1a cb ec 30 0b 0a ab 26 4c bb 35 7f 8f f4 45 8a 5c e1 ce 2c 28 ac da c9 57 2d d7 fc 16 cb b2 50 30 9c f9 3d 03 1d 72 67 a5 38 7e c5 2c 28 ac 3a 18 2b b8 e7 dd 7d bc 68 c2 72 60 13 b4 06 1b ab 13 72 1b c9 4e 36 12 66 41 61 d5 ce 48 b6 0a cb b2
                                                            Data Ascii: D?6ye>n]bVm\0"7t\r;:=?SU#ow\HU;j3A_rcyYPX58uOYPX+atZ;,g&Fh/%!ZB*0&L5E\,(W-P0=rg8~,(:+}hr`rN6fAaH
                                                            2025-04-02 05:13:39 UTC1369INData Raw: a9 0d e4 34 97 76 85 f0 e0 c6 6e 84 25 0d 21 31 0b f7 64 a1 8c b0 64 77 c9 f7 a6 ab 8e 1d 47 0f 00 ab 12 7e f8 75 ae df 3d cd c5 9d 41 7c eb ca 2e 68 70 7e f4 97 59 b8 27 0b 65 84 25 fd 75 d0 f1 f1 2b 3f 5b c6 6b b8 a2 27 84 db 07 12 12 1e 96 cc c2 2d 59 b0 87 35 4b 9c de 74 2a fb 7a dd ca 2d 2b e2 d8 d8 13 64 16 2d 9a 85 12 c2 f2 c0 c6 ca 76 b9 63 08 4e 0f b8 af 4d b2 91 bc 19 5f bc 28 09 bf 87 59 b4 62 16 4a 08 6b 59 dc 87 b0 4f de 28 5f ea 8d 16 ed 09 a4 dd a7 61 61 9b 8f ad e1 4d e8 8f fa 70 eb ca 38 b3 68 b1 2c 94 11 96 ec 29 e5 c1 14 5f 07 dd c6 8d cb da 90 f0 6b cc a2 85 b2 50 46 58 b2 cf 81 73 fa 94 92 75 6c 24 67 25 e4 d3 f1 e1 65 31 66 d1 42 59 28 23 2c e9 c7 2a 4d 71 86 d0 8d 7c f0 dc 36 e1 eb 81 98 85 7b b2 38 13 ae 59 e9 1e f4 00 4b 25 8f 21
                                                            Data Ascii: 4vn%!1ddwG~u=A|.hp~Y'e%u+?[k'-Y5Kt*z-+d-vcNM_(YbJkYO(_aaMp8h,)_kPFXsul$g%e1fBY(#,*Mq|6{8YK%!
                                                            2025-04-02 05:13:39 UTC1369INData Raw: a3 2d 56 12 59 d2 20 6f 87 c0 3a 49 93 45 93 59 28 9e 85 32 c2 1a 68 b1 a7 dc da 16 a8 1b fe 86 8d 24 28 b0 91 d4 db c3 62 16 ec 61 d5 82 df 03 2c 8b fb a4 de 34 4e 0e b8 7b 60 63 55 bb bc eb 75 7a 81 ec ab 11 59 eb bb 9e a7 3a b3 60 0f ab 66 56 27 fc f0 e9 f2 16 ed 4d 14 0c 9c 70 70 9b fc f2 b8 0f 21 9f bc 09 86 a1 99 2a 2a 96 9c ef 5e 2c 70 35 f9 44 1d 4f 75 66 e1 9e 2c 94 11 96 f4 0a 0d a9 d6 7a 1d dc 2e 69 90 17 00 16 45 c5 f4 66 0c d3 c2 c9 3a 1a 09 b3 70 4f 16 ea 08 ab e5 2a 34 b4 d6 8a fe ff df 48 c4 3c d5 8f e6 8d ba 0e 1f 65 16 ee c9 42 19 61 c9 ae d0 b0 b3 d5 2a 34 48 6c 24 cb 05 8d 55 d6 7b 02 0c b3 70 4f 16 4a 08 ab dd a7 61 61 9b bc 41 4f cb b2 1c 3d 25 27 a2 03 4b 63 f2 16 29 ce 94 4d 8c 66 0d 29 df dd 17 d6 91 10 74 84 56 3d 8d 84 59 b8 27
                                                            Data Ascii: -VY o:IEY(2h$(ba,4N{`cUuzY:`fV'Mpp!**^,p5DOuf,z.iEf:pO*4H<eBa*4Hl$U{pOJaaAO=%'Kc)Mf)tV=Y'
                                                            2025-04-02 05:13:39 UTC1369INData Raw: ab 31 0b 97 64 a1 8c b0 12 01 b9 c2 ca 09 9c 86 5d 97 f4 e3 b6 35 ed ae 0a 51 f4 df 7b 43 77 00 1f 12 b8 4f 2d 53 31 f1 cd 3d e9 86 7c 56 40 d7 98 85 4b b2 50 46 58 21 c9 37 8d 69 8b 11 56 7f 58 c7 bd 1b 3a 5d f3 2a 78 9a d5 02 37 fa f6 04 3d b8 f3 b2 79 f0 08 ac 6b f6 ed fd 33 98 ae 34 26 b3 80 47 63 16 2e c9 42 19 61 05 25 0b ab dd df f8 cb 8a fb 34 3c b0 b1 4b d8 8a e2 b9 70 51 87 1f 3e 01 7f f2 a0 07 b8 77 83 d8 6b 3e 96 ab e2 3b 43 8d 5b 49 6d d8 cc c2 2d 59 28 23 2c bf 64 61 9d df e0 6d 41 71 9f 86 07 37 76 09 1d 37 98 53 8f d6 a7 e3 ba 73 1a bb 3d c8 ab d9 b8 e7 ca 4e ac 12 bc 2f ef 0b bf 4f a1 91 45 61 4b a6 c5 2c 5c 92 85 32 c2 32 2c b9 8f b9 2b ba 83 f0 37 c8 99 0b c2 3a 1e d9 d4 83 81 8e a0 ab 83 bc 75 65 1c 8d 9a 9c f5 7b 80 7b ae e8 c2 55 bd
                                                            Data Ascii: 1d]5Q{CwO-S1=|V@KPFX!7iVX:]*x7=yk34&Gc.Ba%4<KpQ>wk>;C[Im-Y(#,damAq7v7Ss=N/OEaK,\22,+7:ue{{U
                                                            2025-04-02 05:13:39 UTC748INData Raw: dc 8b 6f be a5 13 e7 48 3e 85 26 5f 35 f1 1f 07 b2 b8 6f 7f 06 39 87 ce 87 ba a6 3f 84 2f 5d 98 44 c2 85 c7 85 bd 96 67 c6 8b b8 6f df 0c 9e 1e 6f ce d7 0d 66 41 61 cd 9a a0 07 f8 ec 05 09 5c bf 24 2a f4 60 c8 37 62 bc 60 e0 bf 46 72 78 e8 60 06 29 09 b5 ac 13 7e 0d 1f 5f d5 8e eb 97 44 11 70 59 29 e6 92 61 e1 7f 5f 2e e0 3b 43 19 ec 4e 37 7f c5 0d 66 41 61 d5 c4 ea 84 0f 5f b8 20 29 bc d8 fe e9 32 c9 5b 46 72 78 fc e5 82 2b f6 55 cd 0f eb b8 69 79 0c ef 59 14 41 4c e2 0c 6a c9 38 f5 b7 f9 c5 cb 05 fc ec 68 1e 39 a3 f5 1a 02 b3 a0 b0 6a e2 92 ce 00 6e 5c de 86 8d 3d 21 f8 f4 c6 3c e9 d2 65 13 bf 3d 51 c4 2f 8f 17 f1 c4 f1 a2 63 af 7d f5 f4 36 af 59 18 c1 d5 0b c2 b8 bc 2b 20 bc 1e 79 c9 b0 b0 37 5d c1 0b 93 65 3c 37 51 c2 73 13 25 94 2c 36 06 66 41 61 d5
                                                            Data Ascii: oH>&_5o9?/]DgoofAa\$*`7b`Frx`)~_DpY)a_.;CN7fAa_ )2[Frx+UiyYALj8h9jn\=!<e=Q/c}6Y+ y7]e<7Qs%,6fAa


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.2.449756104.21.4.1044438460C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            TimestampBytes transferredDirectionData
                                                            2025-04-02 05:13:39 UTC392OUTGET /images/favicon.png HTTP/1.1
                                                            Host: simgbb.com
                                                            Connection: keep-alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                            Accept: */*
                                                            Sec-Fetch-Site: none
                                                            Sec-Fetch-Mode: cors
                                                            Sec-Fetch-Dest: empty
                                                            Sec-Fetch-Storage-Access: active
                                                            Accept-Encoding: gzip, deflate, br, zstd
                                                            Accept-Language: en-US,en;q=0.9
                                                            2025-04-02 05:13:39 UTC358INHTTP/1.1 200 OK
                                                            Date: Wed, 02 Apr 2025 05:13:39 GMT
                                                            Content-Type: image/png
                                                            Content-Length: 7235
                                                            Connection: close
                                                            Server: cloudflare
                                                            Accept-Ranges: bytes
                                                            Last-Modified: Tue, 09 Apr 2024 09:36:03 GMT
                                                            Etag: "66150c03-1c43"
                                                            Cache-Control: max-age=31536000
                                                            Cf-Cache-Status: HIT
                                                            Age: 751
                                                            CF-RAY: 929dd6985d7f0f47-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            2025-04-02 05:13:39 UTC1011INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 01 2c 08 06 00 00 00 79 7d 8e 75 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 07 74 49 4d 45 07 e0 03 0e 14 38 02 9f 51 6a ba 00 00 1b d0 49 44 41 54 78 da ed 9d 79 90 1c d5 7d c7 bf 3d 3d f7 cc ce ec cc 6a 4f 69 25 21 81 84 ae 95 38 c4 61 10 b2 65 97 71 41 ca b1 71 25 26 d8 15 db 40 e1 38 d8 71 8c 8b c4 f1 51 b1 71 95 e3 d8 40 ca 89 83 03 06 93 04 6c a4 10 a7 f0 6d 07 db 18 90 c5 61 8c 8e d5 b5 92 76 b5 42 48 ab dd d5 ce ce ce 7d f4 91 3f 84 5c 84 43 da 99 9d d7 af df cc f7 f3 17 45 c1 cc f4 7e fb 7d fa f5 3b 7e 4f 5b ba 79 d4 06 21 84 28 80 87 7f 02 42 08 85 45 08 21 14 16 21 84 c2 22 84 10 0a 8b 10 42 28 2c
                                                            Data Ascii: PNGIHDR,,y}ubKGDpHYs+tIME8QjIDATxy}==jOi%!8aeqAq%&@8qQq@lmavBH}?\CE~};~O[y!(BE!!"B(,
                                                            2025-04-02 05:13:39 UTC1369INData Raw: fb 97 44 e1 d5 9c 1d 3f 88 e8 c0 92 36 79 c3 8d 65 c3 c2 3e 6e 5d 62 16 14 56 6d 5c bb 30 22 fd 37 b4 07 74 5c d9 13 72 f4 3b 07 3a 02 d0 3d f2 a2 da 3f 53 01 c7 db 99 05 85 55 23 6f e9 0e ba e2 77 5c e1 f0 ef 18 48 ca ed 55 ee 9a e2 80 3b b3 a0 b0 6a a2 33 e0 41 5f c4 e7 8a df 72 81 c3 63 18 b2 07 79 b9 c2 9d 59 50 58 35 b2 b8 cd eb a2 df e2 ac 38 07 92 1c e4 75 4f 0f 8b 59 50 58 b3 a0 2b e4 1e 61 b5 07 74 f8 1c 5a dd d0 13 f4 a0 3b 2c ef da 67 ca 26 46 9b 68 2f 25 b3 a0 b0 1c 21 ec d5 5a f2 f7 c8 9e 42 df 95 2a 03 1a cb ec 30 0b 0a ab 26 4c bb 35 7f 8f f4 45 8a 5c e1 ce 2c 28 ac da c9 57 2d d7 fc 16 cb b2 50 30 9c f9 3d 03 1d 72 67 a5 38 7e c5 2c 28 ac 3a 18 2b b8 e7 dd 7d bc 68 c2 72 60 13 b4 06 1b ab 13 72 1b c9 4e 36 12 66 41 61 d5 ce 48 b6 0a cb b2
                                                            Data Ascii: D?6ye>n]bVm\0"7t\r;:=?SU#ow\HU;j3A_rcyYPX58uOYPX+atZ;,g&Fh/%!ZB*0&L5E\,(W-P0=rg8~,(:+}hr`rN6fAaH
                                                            2025-04-02 05:13:39 UTC1369INData Raw: a9 0d e4 34 97 76 85 f0 e0 c6 6e 84 25 0d 21 31 0b f7 64 a1 8c b0 64 77 c9 f7 a6 ab 8e 1d 47 0f 00 ab 12 7e f8 75 ae df 3d cd c5 9d 41 7c eb ca 2e 68 70 7e f4 97 59 b8 27 0b 65 84 25 fd 75 d0 f1 f1 2b 3f 5b c6 6b b8 a2 27 84 db 07 12 12 1e 96 cc c2 2d 59 b0 87 35 4b 9c de 74 2a fb 7a dd ca 2d 2b e2 d8 d8 13 64 16 2d 9a 85 12 c2 f2 c0 c6 ca 76 b9 63 08 4e 0f b8 af 4d b2 91 bc 19 5f bc 28 09 bf 87 59 b4 62 16 4a 08 6b 59 dc 87 b0 4f de 28 5f ea 8d 16 ed 09 a4 dd a7 61 61 9b 8f ad e1 4d e8 8f fa 70 eb ca 38 b3 68 b1 2c 94 11 96 ec 29 e5 c1 14 5f 07 dd c6 8d cb da 90 f0 6b cc a2 85 b2 50 46 58 b2 cf 81 73 fa 94 92 75 6c 24 67 25 e4 d3 f1 e1 65 31 66 d1 42 59 28 23 2c e9 c7 2a 4d 71 86 d0 8d 7c f0 dc 36 e1 eb 81 98 85 7b b2 38 13 ae 59 e9 1e f4 00 4b 25 8f 21
                                                            Data Ascii: 4vn%!1ddwG~u=A|.hp~Y'e%u+?[k'-Y5Kt*z-+d-vcNM_(YbJkYO(_aaMp8h,)_kPFXsul$g%e1fBY(#,*Mq|6{8YK%!
                                                            2025-04-02 05:13:39 UTC1369INData Raw: a3 2d 56 12 59 d2 20 6f 87 c0 3a 49 93 45 93 59 28 9e 85 32 c2 1a 68 b1 a7 dc da 16 a8 1b fe 86 8d 24 28 b0 91 d4 db c3 62 16 ec 61 d5 82 df 03 2c 8b fb a4 de 34 4e 0e b8 7b 60 63 55 bb bc eb 75 7a 81 ec ab 11 59 eb bb 9e a7 3a b3 60 0f ab 66 56 27 fc f0 e9 f2 16 ed 4d 14 0c 9c 70 70 9b fc f2 b8 0f 21 9f bc 09 86 a1 99 2a 2a 96 9c ef 5e 2c 70 35 f9 44 1d 4f 75 66 e1 9e 2c 94 11 96 f4 0a 0d a9 d6 7a 1d dc 2e 69 90 17 00 16 45 c5 f4 66 0c d3 c2 c9 3a 1a 09 b3 70 4f 16 ea 08 ab e5 2a 34 b4 d6 8a fe ff df 48 c4 3c d5 8f e6 8d ba 0e 1f 65 16 ee c9 42 19 61 c9 ae d0 b0 b3 d5 2a 34 48 6c 24 cb 05 8d 55 d6 7b 02 0c b3 70 4f 16 4a 08 ab dd a7 61 61 9b bc 41 4f cb b2 1c 3d 25 27 a2 03 4b 63 f2 16 29 ce 94 4d 8c 66 0d 29 df dd 17 d6 91 10 74 84 56 3d 8d 84 59 b8 27
                                                            Data Ascii: -VY o:IEY(2h$(ba,4N{`cUuzY:`fV'Mpp!**^,p5DOuf,z.iEf:pO*4H<eBa*4Hl$U{pOJaaAO=%'Kc)Mf)tV=Y'
                                                            2025-04-02 05:13:39 UTC1369INData Raw: ab 31 0b 97 64 a1 8c b0 12 01 b9 c2 ca 09 9c 86 5d 97 f4 e3 b6 35 ed ae 0a 51 f4 df 7b 43 77 00 1f 12 b8 4f 2d 53 31 f1 cd 3d e9 86 7c 56 40 d7 98 85 4b b2 50 46 58 21 c9 37 8d 69 8b 11 56 7f 58 c7 bd 1b 3a 5d f3 2a 78 9a d5 02 37 fa f6 04 3d b8 f3 b2 79 f0 08 ac 6b f6 ed fd 33 98 ae 34 26 b3 80 47 63 16 2e c9 42 19 61 05 25 0b ab dd df f8 cb 8a fb 34 3c b0 b1 4b d8 8a e2 b9 70 51 87 1f 3e 01 7f f2 a0 07 b8 77 83 d8 6b 3e 96 ab e2 3b 43 8d 5b 49 6d d8 cc c2 2d 59 28 23 2c bf 64 61 9d df e0 6d 41 71 9f 86 07 37 76 09 1d 37 98 53 8f d6 a7 e3 ba 73 1a bb 3d c8 ab d9 b8 e7 ca 4e ac 12 bc 2f ef 0b bf 4f a1 91 45 61 4b a6 c5 2c 5c 92 85 32 c2 32 2c b9 8f b9 2b ba 83 f0 37 c8 99 0b c2 3a 1e d9 d4 83 81 8e a0 ab 83 bc 75 65 1c 8d 9a 9c f5 7b 80 7b ae e8 c2 55 bd
                                                            Data Ascii: 1d]5Q{CwO-S1=|V@KPFX!7iVX:]*x7=yk34&Gc.Ba%4<KpQ>wk>;C[Im-Y(#,damAq7v7Ss=N/OEaK,\22,+7:ue{{U
                                                            2025-04-02 05:13:39 UTC748INData Raw: dc 8b 6f be a5 13 e7 48 3e 85 26 5f 35 f1 1f 07 b2 b8 6f 7f 06 39 87 ce 87 ba a6 3f 84 2f 5d 98 44 c2 85 c7 85 bd 96 67 c6 8b b8 6f df 0c 9e 1e 6f ce d7 0d 66 41 61 cd 9a a0 07 f8 ec 05 09 5c bf 24 2a f4 60 c8 37 62 bc 60 e0 bf 46 72 78 e8 60 06 29 09 b5 ac 13 7e 0d 1f 5f d5 8e eb 97 44 11 70 59 29 e6 92 61 e1 7f 5f 2e e0 3b 43 19 ec 4e 37 7f c5 0d 66 41 61 d5 c4 ea 84 0f 5f b8 20 29 bc d8 fe e9 32 c9 5b 46 72 78 fc e5 82 2b f6 55 cd 0f eb b8 69 79 0c ef 59 14 41 4c e2 0c 6a c9 38 f5 b7 f9 c5 cb 05 fc ec 68 1e 39 a3 f5 1a 02 b3 a0 b0 6a e2 92 ce 00 6e 5c de 86 8d 3d 21 f8 f4 c6 3c e9 d2 65 13 bf 3d 51 c4 2f 8f 17 f1 c4 f1 a2 63 af 7d f5 f4 36 af 59 18 c1 d5 0b c2 b8 bc 2b 20 bc 1e 79 c9 b0 b0 37 5d c1 0b 93 65 3c 37 51 c2 73 13 25 94 2c 36 06 66 41 61 d5
                                                            Data Ascii: oH>&_5o9?/]DgoofAa\$*`7b`Frx`)~_DpY)a_.;CN7fAa_ )2[Frx+UiyYALj8h9jn\=!<e=Q/c}6Y+ y7]e<7Qs%,6fAa


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            • File
                                                            • Registry

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:1
                                                            Start time:01:12:46
                                                            Start date:02/04/2025
                                                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Payment Remittance.pdf"
                                                            Imagebase:0x7ff6a0340000
                                                            File size:5'641'176 bytes
                                                            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true
                                                            Show Windows behavior

                                                            File Activities

                                                            Show Windows behavior

                                                            Section Activities

                                                            Show Windows behavior

                                                            Registry Activities

                                                            Show Windows behavior

                                                            COM Activities

                                                            Show Windows behavior

                                                            Mutex Activities

                                                            Show Windows behavior

                                                            Process Activities

                                                            Show Windows behavior

                                                            Thread Activities

                                                            Show Windows behavior

                                                            Memory Activities

                                                            Show Windows behavior

                                                            System Activities

                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            Show Windows behavior

                                                            Windows UI Activities

                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                            General

                                                            Target ID:2
                                                            Start time:01:12:47
                                                            Start date:02/04/2025
                                                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                            Imagebase:0x7ff65b910000
                                                            File size:3'581'912 bytes
                                                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true
                                                            Show Windows behavior

                                                            File Activities

                                                            Show Windows behavior

                                                            Section Activities

                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            Show Windows behavior

                                                            Mutex Activities

                                                            Show Windows behavior

                                                            Process Activities

                                                            Show Windows behavior

                                                            Thread Activities

                                                            Show Windows behavior

                                                            Memory Activities

                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            Show Windows behavior

                                                            Process Token Activities

                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                            General

                                                            Target ID:3
                                                            Start time:01:12:48
                                                            Start date:02/04/2025
                                                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2236 --field-trial-handle=1588,i,12727439123907870177,15176298521270964230,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                            Imagebase:0x7ff65b910000
                                                            File size:3'581'912 bytes
                                                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true
                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            Show Windows behavior

                                                            Section Activities

                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            Show Windows behavior

                                                            Process Activities

                                                            Show Windows behavior

                                                            Thread Activities

                                                            Show Windows behavior

                                                            Memory Activities

                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                            General

                                                            Target ID:20
                                                            Start time:01:13:11
                                                            Start date:02/04/2025
                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                            Imagebase:0x7ff786830000
                                                            File size:3'388'000 bytes
                                                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:false
                                                            Show Windows behavior

                                                            File Activities

                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            Show Windows behavior

                                                            COM Activities

                                                            Show Windows behavior

                                                            Process Activities

                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            Show Windows behavior

                                                            Memory Activities

                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            Show Windows behavior

                                                            Process Token Activities


                                                            General

                                                            Target ID:21
                                                            Start time:01:13:12
                                                            Start date:02/04/2025
                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=280,i,5399740859030042710,15862493063084477710,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2124 /prefetch:3
                                                            Imagebase:0x7ff786830000
                                                            File size:3'388'000 bytes
                                                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:false
                                                            Show Windows behavior

                                                            File Activities

                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            Show Windows behavior

                                                            Memory Activities

                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                            General

                                                            Target ID:22
                                                            Start time:01:13:17
                                                            Start date:02/04/2025
                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://res2.showcaseworkshop.com/GE395EA18YUP75V94S5B2UZOZ164ISMU4Z3S6GIQ/r/4KRJUA8RA90UCYIDUASOOE/5881585.html?e=1746403200&s2=801f060ed37b69949cfe64de9631a1b9dc830004143f29d4460257e26362b79b97a3e0aa793407e995ecabcb7e5a99bf4f0727b44a0e089b35fcb2de9c07ea51"
                                                            Imagebase:0x7ff786830000
                                                            File size:3'388'000 bytes
                                                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true
                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                            Disassembly

                                                            No disassembly