Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payout_receipt.pdf

Overview

General Information

Sample name:Payout_receipt.pdf
Analysis ID:1520601
MD5:e048521fbbf986421ac498bb3bc1c1c7
SHA1:4ec40c79e71773f919d71c648418c342ce958568
SHA256:b4c9df77e1ce58cf19caef16109ad1f0bbfbd64c79f5dbec81263563575dabe0
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

HTML body contains low number of good links
HTML title does not match URL
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 4176 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Payout_receipt.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3820 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7224 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1704,i,18440606700539718416,14801587109196978139,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 7624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://main.d3engbxc9elyir.amplifyapp.com/ MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 8040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=2012,i,18386076530219394762,12710799648275093929,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: Number of links: 0
Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: Title: Security Check does not match URL
Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: No favicon
Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: No <meta name="author".. found
Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 199.232.188.159 199.232.188.159
Source: Joe Sandbox ViewIP Address: 18.207.85.246 18.207.85.246
Source: Joe Sandbox ViewIP Address: 23.203.104.175 23.203.104.175
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknownTCP traffic detected without corresponding DNS query: 18.207.85.246
Source: unknownTCP traffic detected without corresponding DNS query: 18.207.85.246
Source: unknownTCP traffic detected without corresponding DNS query: 18.207.85.246
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 18.207.85.246
Source: unknownTCP traffic detected without corresponding DNS query: 18.207.85.246
Source: unknownTCP traffic detected without corresponding DNS query: 18.207.85.246
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 18.207.85.246
Source: unknownTCP traffic detected without corresponding DNS query: 18.207.85.246
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: main.d3engbxc9elyir.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1Host: pbs.twimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://main.d3engbxc9elyir.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: main.d3engbxc9elyir.amplifyapp.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://main.d3engbxc9elyir.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "029912fa35a1fe0ffd93c74661b3f40c"If-Modified-Since: Fri, 27 Sep 2024 09:39:59 GMT
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: main.d3engbxc9elyir.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://main.d3engbxc9elyir.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: main.d3engbxc9elyir.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://main.d3engbxc9elyir.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1Host: pbs.twimg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 0b65fa77-f9dd-4c6e-a1b5-fa4d63973307x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8lrpCwyrtaBDdYd&MD=v3g6a+mw HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8lrpCwyrtaBDdYd&MD=v3g6a+mw HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: main.d3engbxc9elyir.amplifyapp.com
Source: global trafficDNS traffic detected: DNS query: pbs.twimg.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 4343Connection: closeDate: Fri, 27 Sep 2024 14:40:22 GMTServer: AmazonS3Accept-Ranges: bytesETag: "029912fa35a1fe0ffd93c74661b3f40c"Last-Modified: Fri, 27 Sep 2024 09:39:59 GMTVary: Accept-EncodingX-Cache: Error from cloudfrontVia: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA56-P2Alt-Svc: h3=":443"; ma=86400X-Amz-Cf-Id: o20zcmgcA6yWVi3cj68q-XsZOAQ2V3-E8n3KrjS-5NHctIrpopTd-g==
Source: chromecache_162.8.dr, chromecache_163.8.drString found in binary or memory: https://l0g1n-micros.ftdocs.tech/o365#
Source: chromecache_162.8.dr, chromecache_163.8.drString found in binary or memory: https://pbs.twimg.com/media/GGrR89_WgAAgrOI?format=jpg&name=large
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: classification engineClassification label: clean2.winPDF@28/50@10/8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-27 10-40-14-905.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Payout_receipt.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1704,i,18440606700539718416,14801587109196978139,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://main.d3engbxc9elyir.amplifyapp.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=2012,i,18386076530219394762,12710799648275093929,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1704,i,18440606700539718416,14801587109196978139,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=2012,i,18386076530219394762,12710799648275093929,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Payout_receipt.pdfInitial sample: PDF keyword /JS count = 0
Source: Payout_receipt.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A957arsh_uwdiaf_5h4.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A957arsh_uwdiaf_5h4.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: Payout_receipt.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dualstack.twimg.twitter.map.fastly.net
199.232.188.159
truefalse
    		unknown
    main.d3engbxc9elyir.amplifyapp.com
    		18.66.102.84
    		truefalse
      		unknown
      www.google.com
      		142.250.185.132
      		truefalse
        		unknown
        pbs.twimg.com
        		unknown
        		unknownfalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://main.d3engbxc9elyir.amplifyapp.com/favicon.icofalse
            		unknown
            https://main.d3engbxc9elyir.amplifyapp.com/false
              		unknown
              https://pbs.twimg.com/media/GGrR89_WgAAgrOI?format=jpg&name=largefalse
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://l0g1n-micros.ftdocs.tech/o365#chromecache_162.8.dr, chromecache_163.8.drfalse
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.185.132
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  216.58.206.68
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  199.232.188.159
                  		dualstack.twimg.twitter.map.fastly.netUnited States
                  		54113FASTLYUSfalse
                  18.207.85.246
                  		unknownUnited States
                  		14618AMAZON-AESUSfalse
                  23.203.104.175
                  		unknownUnited States
                  		16625AKAMAI-ASUSfalse
                  18.66.102.84
                  		main.d3engbxc9elyir.amplifyapp.comUnited States
                  		3MIT-GATEWAYSUSfalse

                  Private

                  IP
                  192.168.2.6

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1520601
                  Start date and time:2024-09-27 16:39:18 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 34s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowspdfcookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:15
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:Payout_receipt.pdf
                  Detection:CLEAN
                  Classification:clean2.winPDF@28/50@10/8
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • Found application associated with file extension: .pdf
                  • Found PDF document
                  • Close Viewer

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, CompPkgSrv.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.250.185.238, 74.125.71.84, 184.28.88.176, 172.217.18.10, 172.217.23.106, 216.58.212.170, 216.58.206.42, 142.250.74.202, 172.217.16.138, 216.58.206.74, 142.250.186.106, 142.250.185.106, 142.250.185.74, 172.217.18.106, 142.250.185.138, 142.250.186.74, 142.250.186.138, 142.250.186.42, 172.217.16.202, 34.104.35.123, 162.159.61.3, 172.64.41.3, 2.19.126.143, 2.19.126.149, 192.229.221.95, 199.232.214.172, 216.58.206.67, 172.217.18.110
                  • Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtSetInformationFile calls found.
                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • VT rate limit hit for: Payout_receipt.pdf

                  Simulations

                  Behavior and APIs

                  No simulations

                  QR Codes

                  SourceURL
                  Screenshothttps://main.d3engbxc9elyir.amplifyapp.com/
                  Screenshothttps://main.d3engbxc9elyir.amplifyapp.com/

                  LLM Input / Output

                  InputOutput
                  URL: https://main.d3engbxc9elyir.amplifyapp.com/ Model: jbxai
                  {
"brand":["Microsoft"],
"contains_trigger_text":false,
"trigger_text":"unknown",
"prominent_buttonname":"Submit",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                  URL: PDF document Model: jbxai
                  {
"brand":["Stc"],
"contains_trigger_text":true,
"trigger_text":"Employee Benefit Bonus Scheduled",
"prominent_buttonname":"Kindly scan to review and approve.",
"text_input_field_labels":["Dear Gareth,
"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":true}

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  239.255.255.250file.exeGet hashmaliciousUnknownBrowse
                    https://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fcasaderestauraciononline.com%2Fholy%2Findexsyn1.html%23cmltYS5hbWV1ckBjYXRhbGluYW1hcmtldGluZy5mcg==Get hashmaliciousHTMLPhisherBrowse
                      https://changeofscene.ladesk.com/605425-Secure-Business-DocumenGet hashmaliciousHTMLPhisherBrowse
                        http://polskie-torrenty.eu/redir.php?url=https://globalfinanceweb.com%2FProfile%2Fluig%2Fnzx0k%2FmProtect.html%23abrumley@highlandfunds.comGet hashmaliciousUnknownBrowse
                          https://careeligibility.vercel.app/chubedanGet hashmaliciousHTMLPhisherBrowse
                            https://clicktracking.yellowbook.com/trackinguserwebapp/tracking.html?MB_ID=256862&SE_ID=9&AG_ID=2952701&AD_ID=6851395&kw=restaurants%20near%20me&kw_type=p&C_ID=874339&SE_AD_ID=73873744870314&se_clk_id=0651300f23401ca1b2e355991fb49377&hibu_site=0&redirect_url=https://femalewhowork.sa.com/rUswT/Get hashmaliciousHTMLPhisherBrowse
                              file.exeGet hashmaliciousUnknownBrowse
                                https://sci-hub.tw/Get hashmaliciousUnknownBrowse
                                  https://lkk6m.conownsup.com/tpgbE/Get hashmaliciousHTMLPhisherBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      199.232.188.159https://telagremn.com/Get hashmaliciousUnknownBrowse
                                        https://arjunshaw.github.io/4.7-Project-1-Netflix-/Get hashmaliciousHTMLPhisherBrowse
                                          http://sg2.putrivpn.us.kg/Get hashmaliciousUnknownBrowse
                                            https://investors.spotify.com.id6.tingkehvpn.us.kg/Get hashmaliciousUnknownBrowse
                                              https://investors.spotify.com.id8.tingkehvpn.us.kg/Get hashmaliciousUnknownBrowse
                                                https://id8.tingkehvpn.us.kg/Get hashmaliciousUnknownBrowse
                                                  Sign and preview.pdfGet hashmaliciousUnknownBrowse
                                                    https://t.co/gYSeG2q7l2Get hashmaliciousUnknownBrowse
                                                      http://i-am-sherlocked21.github.io/netflixGet hashmaliciousHTMLPhisherBrowse
                                                        http://mir-belting.comGet hashmaliciousUnknownBrowse
                                                          18.207.85.246#U0631#U0648#U0632 #U0633#U06cc#U0627#U0647 #U06a9#U0627#U0631#U06af#U0631.exeGet hashmaliciousUnknownBrowse
                                                            EXTERNALInvoice 3388 from Mazzitti Sullivan EAP.msgGet hashmaliciousUnknownBrowse
                                                              AKLZ00025635.pdfGet hashmaliciousUnknownBrowse
                                                                https://zone02.b-cdn.net/tra18Get hashmaliciousUnknownBrowse
                                                                  Amex Message.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                    IDR-500000000.pdfGet hashmaliciousUnknownBrowse
                                                                      PO 55488220.pdfGet hashmaliciousUnknownBrowse
                                                                        https://acrobat.adobe.com/id/urn:aaid:sc:US:6b473b2a-bd40-4154-8733-c1bbca42e1c1Get hashmaliciousLummaC StealerBrowse
                                                                          https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:d45888c7-1c94-44ce-be0c-a501f747fb8cGet hashmaliciousLummaC StealerBrowse
                                                                            OJO!!! No lo he abiertoFwd_ Message From 646___xbx2.emlGet hashmaliciousUnknownBrowse
                                                                              23.203.104.175Final_Contract_Copy-532392974.pdfGet hashmaliciousUnknownBrowse
                                                                                Hamilton Associates, PC..pdfGet hashmaliciousUnknownBrowse
                                                                                  #U0631#U0648#U0632 #U0633#U06cc#U0627#U0647 #U06a9#U0627#U0631#U06af#U0631.exeGet hashmaliciousUnknownBrowse
                                                                                    Inv_Doc_18#908.pdfGet hashmaliciousUnknownBrowse
                                                                                      IN-ORDER.pdfGet hashmaliciousUnknownBrowse
                                                                                        EXTERNALInvoice 3388 from Mazzitti Sullivan EAP.msgGet hashmaliciousUnknownBrowse
                                                                                          https://cloudsds1-my.sharepoint.com/:f:/g/personal/soumitra_cloudsds_com/Ei6OHXc0_bNHleZYwdiea4gBdHbOiJReQ2tSzcE567VwIQ?e=C01mZ0&xsdata=MDV8MDJ8ZGVzdGluLmNvbGVAeGNlbGVuZXJneS5jb218NGY4MDM5MDliNTcwNDQ5MDRmNTMwOGRjZDFkNTZmZTl8MjRiMmE1ODM1YzA1NGI2YWI0ZTk0ZTEyZGMwMDI1YWR8MHwwfDYzODYxNTk2MTg1OTEwMjA0MHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=bUh6aFliRUZYLzNBRGdPWk1kTFd6R0o5N3pKdkxXSnNpUVptVUFXZXYwZz0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                            Employee Appraisal Egrazak Hilcorp Agreement Signature Required.pdfGet hashmaliciousUnknownBrowse
                                                                                              Payment.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                Madisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse

                                                                                                  Domains

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  dualstack.twimg.twitter.map.fastly.nethttps://telagremn.com/Get hashmaliciousUnknownBrowse
                                                                                                  • 199.232.188.159
                                                                                                  https://arjunshaw.github.io/4.7-Project-1-Netflix-/Get hashmaliciousHTMLPhisherBrowse
                                                                                                  • 199.232.36.159
                                                                                                  http://sg2.putrivpn.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                  • 199.232.188.159
                                                                                                  https://investors.spotify.com.id6.tingkehvpn.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                  • 199.232.188.159
                                                                                                  https://investors.spotify.com.id8.tingkehvpn.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                  • 199.232.188.159
                                                                                                  https://id8.tingkehvpn.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                  • 199.232.188.159
                                                                                                  Sign and preview.pdfGet hashmaliciousUnknownBrowse
                                                                                                  • 199.232.188.159
                                                                                                  https://t.co/gYSeG2q7l2Get hashmaliciousUnknownBrowse
                                                                                                  • 199.232.188.159
                                                                                                  http://i-am-sherlocked21.github.io/netflixGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 199.232.188.159
                                                                                                  http://mir-belting.comGet hashmaliciousUnknownBrowse
                                                                                                  • 199.232.188.159

                                                                                                  ASNs

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  AKAMAI-ASUShttps://kulodayplastomer-my.sharepoint.com/:f:/g/personal/exim_kpplindia_com/EpT6drgdzgdPk3kwQBUf2ZAB7JXXdY25CyMiKP-z5XBGWQ?e=8byFZYGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 23.38.98.68
                                                                                                  ATT71725.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 173.223.116.167
                                                                                                  Aisha C. Yetman shared you a document..msgGet hashmaliciousUnknownBrowse
                                                                                                  • 104.102.55.235
                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                  • 104.102.49.254
                                                                                                  https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjsulL2bcqZSGb5TVbFOhW-BzJJtb8_QJJBgbE1zqe78Ie8BMxsNyhIFwdKd0pdA90RMhgTdSzkU9EZ9vbhoKh9hWuvNOpIawTAXoH5R0ak3U5rG_o-sZZz3gEiDRvTxtIDu5LY0qOySZABWrjrj9OfeDXHmC1qe7sBrjM2U90kovZKuuD34ZvXQ_OD2Hq--rkZwnu_VhQVAySwVh2ojndP52NUX9X40zwPfUt6TCc4F2rNspoMzray6vSBsFLXUX7nVDHqqILMYBWJr9fSc6AC0-g4meRNvX0rdEgcGztZ5SXk2Zbb1UlFLMFg&sai=AMfl-YQ851Qqa8i013PHKiB6TgTZ-QzfEpO1vcyiniBLSOaNAv3siIC9L9LV3aRq_nbn81w6wFB7OvNqhOdGvo-t7Q&sig=Cg0ArKJSzNuc_g1R_f21EAE&fbs_aeid=&urlfix=1&adurl=https://t.events.caixabank.com/r/?id=h665ab089,6dc7f7ae,f89fd96&p1=d70r46aqireop.cloudfront.net%23QZ~MamRpYXpAZXZlcnNoZWRzLXN1dGhlcmxhbmQuZXM=Get hashmaliciousHTMLPhisherBrowse
                                                                                                  • 23.220.112.201
                                                                                                  kewyIO69TI.exeGet hashmaliciousLummaCBrowse
                                                                                                  • 104.102.49.254
                                                                                                  gZzI6gTYn4.exeGet hashmaliciousLummaCBrowse
                                                                                                  • 104.102.49.254
                                                                                                  U6b3tLFqN5.exeGet hashmaliciousLummaCBrowse
                                                                                                  • 104.102.49.254
                                                                                                  zlsXub68El.exeGet hashmaliciousVidarBrowse
                                                                                                  • 104.102.49.254
                                                                                                  0UB3FIL25c.exeGet hashmaliciousLummaCBrowse
                                                                                                  • 104.102.49.254
                                                                                                  MIT-GATEWAYSUShttps://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fcasaderestauraciononline.com%2Fholy%2Findexsyn1.html%23cmltYS5hbWV1ckBjYXRhbGluYW1hcmtldGluZy5mcg==Get hashmaliciousHTMLPhisherBrowse
                                                                                                  • 18.66.122.10
                                                                                                  https://changeofscene.ladesk.com/605425-Secure-Business-DocumenGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 18.173.205.27
                                                                                                  https://sci-hub.tw/Get hashmaliciousUnknownBrowse
                                                                                                  • 18.173.205.110
                                                                                                  ATT71725.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 18.172.112.77
                                                                                                  https://smallpdf.com/sign-pdf/document#data=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2VzaWduLnNtYWxscGRmLXN0YWdpbmcuY29tIiwic3ViIjoiNjE3MmQyMzMtODcyNy00M2NhLWI1NjQtYjgwZDUyZjYxYmVjIiwiYXVkIjpbImVzaWduIl0sImV4cCI6MTcyODYzODEyMCwibmJmIjoxNzI3NDI4NTIwLCJpYXQiOjE3Mjc0Mjg1MjAsImp0aSI6IjYxNzJkMjMzLTg3MjctNDNjYS1iNTY0LWI4MGQ1MmY2MWJlYyIsInBheWxvYWQiOnsiZW52ZWxvcGVfaWQiOiI2ZWRlMzFjZS00Mzc2LTQwYzItYjJjNy1jMDc2Y2M3MjY4NjIiLCJzaWduX3JlcXVlc3RfaWQiOiI2MTcyZDIzMy04NzI3LTQzY2EtYjU2NC1iODBkNTJmNjFiZWMiLCJ0b2tlbl90eXBlIjoibm90aWZpY2F0aW9uIiwidXNlcl9lbWFpbCI6ImNoYW8ud3VAd3JpLm9yZyIsInVzZXJfZmlyc3RuYW1lIjoiY2hhby53dUB3cmkub3JnIiwidXNlcl9sYXN0bmFtZSI6ImNoYW8ud3VAd3JpLm9yZyJ9fQ.UX67GiHBKgjV8XyH-SFTt_KgB2I_q2j9cbGTSqbzRvY&eid=6ede31ce-4376-40c2-b2c7-c076cc726862&esrt=6172d233-8727-43ca-b564-b80d52f61becGet hashmaliciousUnknownBrowse
                                                                                                  • 18.173.205.107
                                                                                                  https://jbrizuelablplegal.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                                                                  • 18.173.205.117
                                                                                                  http://home-103607.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                  • 18.66.102.26
                                                                                                  https://business-helpcenter-case-review.d1qp3r75retmpg.amplifyapp.com/Get hashmaliciousUnknownBrowse
                                                                                                  • 18.66.102.114
                                                                                                  http://bao.usdt888.net/Get hashmaliciousUnknownBrowse
                                                                                                  • 18.66.147.89
                                                                                                  http://home-101829.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                  • 18.172.103.101
                                                                                                  FASTLYUShttps://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fcasaderestauraciononline.com%2Fholy%2Findexsyn1.html%23cmltYS5hbWV1ckBjYXRhbGluYW1hcmtldGluZy5mcg==Get hashmaliciousHTMLPhisherBrowse
                                                                                                  • 151.101.2.137
                                                                                                  https://changeofscene.ladesk.com/605425-Secure-Business-DocumenGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 151.101.2.137
                                                                                                  https://clicktracking.yellowbook.com/trackinguserwebapp/tracking.html?MB_ID=256862&SE_ID=9&AG_ID=2952701&AD_ID=6851395&kw=restaurants%20near%20me&kw_type=p&C_ID=874339&SE_AD_ID=73873744870314&se_clk_id=0651300f23401ca1b2e355991fb49377&hibu_site=0&redirect_url=https://femalewhowork.sa.com/rUswT/Get hashmaliciousHTMLPhisherBrowse
                                                                                                  • 151.101.2.137
                                                                                                  https://sci-hub.tw/Get hashmaliciousUnknownBrowse
                                                                                                  • 151.101.2.217
                                                                                                  https://lkk6m.conownsup.com/tpgbE/Get hashmaliciousHTMLPhisherBrowse
                                                                                                  • 151.101.66.137
                                                                                                  PO.xlsGet hashmaliciousRemcosBrowse
                                                                                                  • 185.199.108.133
                                                                                                  ATT71725.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 151.101.2.137
                                                                                                  https://github.com/oneclick/rubyinstaller2/releases/download/RubyInstaller-3.3.5-1/rubyinstaller-devkit-3.3.5-1-x64.exeGet hashmaliciousUnknownBrowse
                                                                                                  • 185.199.110.133
                                                                                                  Aisha C. Yetman shared you a document..msgGet hashmaliciousUnknownBrowse
                                                                                                  • 151.101.66.137
                                                                                                  AMAZON-AESUShttps://changeofscene.ladesk.com/605425-Secure-Business-DocumenGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 18.234.10.85
                                                                                                  https://smallpdf.com/sign-pdf/document#data=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2VzaWduLnNtYWxscGRmLXN0YWdpbmcuY29tIiwic3ViIjoiNjE3MmQyMzMtODcyNy00M2NhLWI1NjQtYjgwZDUyZjYxYmVjIiwiYXVkIjpbImVzaWduIl0sImV4cCI6MTcyODYzODEyMCwibmJmIjoxNzI3NDI4NTIwLCJpYXQiOjE3Mjc0Mjg1MjAsImp0aSI6IjYxNzJkMjMzLTg3MjctNDNjYS1iNTY0LWI4MGQ1MmY2MWJlYyIsInBheWxvYWQiOnsiZW52ZWxvcGVfaWQiOiI2ZWRlMzFjZS00Mzc2LTQwYzItYjJjNy1jMDc2Y2M3MjY4NjIiLCJzaWduX3JlcXVlc3RfaWQiOiI2MTcyZDIzMy04NzI3LTQzY2EtYjU2NC1iODBkNTJmNjFiZWMiLCJ0b2tlbl90eXBlIjoibm90aWZpY2F0aW9uIiwidXNlcl9lbWFpbCI6ImNoYW8ud3VAd3JpLm9yZyIsInVzZXJfZmlyc3RuYW1lIjoiY2hhby53dUB3cmkub3JnIiwidXNlcl9sYXN0bmFtZSI6ImNoYW8ud3VAd3JpLm9yZyJ9fQ.UX67GiHBKgjV8XyH-SFTt_KgB2I_q2j9cbGTSqbzRvY&eid=6ede31ce-4376-40c2-b2c7-c076cc726862&esrt=6172d233-8727-43ca-b564-b80d52f61becGet hashmaliciousUnknownBrowse
                                                                                                  • 3.5.66.42
                                                                                                  https://www.vossloh-events.com/EMOS/Login.aspx?ReturnUrl=%2femosGet hashmaliciousUnknownBrowse
                                                                                                  • 3.220.53.221
                                                                                                  https://jbrizuelablplegal.taplink.ws/Get hashmaliciousHTMLPhisherBrowse
                                                                                                  • 34.195.119.102
                                                                                                  http://home-103607.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                  • 50.19.89.137
                                                                                                  https://d2y5b082yylhnc.cloudfront.net/Get hashmaliciousUnknownBrowse
                                                                                                  • 3.5.28.155
                                                                                                  https://tiktok8.biz/Get hashmaliciousUnknownBrowse
                                                                                                  • 3.5.27.214
                                                                                                  http://bao.usdt888.net/Get hashmaliciousUnknownBrowse
                                                                                                  • 35.171.58.3
                                                                                                  http://home-101829.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                  • 50.19.89.137
                                                                                                  http://sky-102142.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                  • 50.19.89.137

                                                                                                  JA3 Fingerprints

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousUnknownBrowse
                                                                                                  • 184.28.90.27
                                                                                                  • 52.165.165.26
                                                                                                  • 20.114.59.183
                                                                                                  https://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fcasaderestauraciononline.com%2Fholy%2Findexsyn1.html%23cmltYS5hbWV1ckBjYXRhbGluYW1hcmtldGluZy5mcg==Get hashmaliciousHTMLPhisherBrowse
                                                                                                  • 184.28.90.27
                                                                                                  • 52.165.165.26
                                                                                                  • 20.114.59.183
                                                                                                  https://changeofscene.ladesk.com/605425-Secure-Business-DocumenGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 184.28.90.27
                                                                                                  • 52.165.165.26
                                                                                                  • 20.114.59.183
                                                                                                  https://careeligibility.vercel.app/chubedanGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 184.28.90.27
                                                                                                  • 52.165.165.26
                                                                                                  • 20.114.59.183
                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                  • 184.28.90.27
                                                                                                  • 52.165.165.26
                                                                                                  • 20.114.59.183
                                                                                                  https://sci-hub.tw/Get hashmaliciousUnknownBrowse
                                                                                                  • 184.28.90.27
                                                                                                  • 52.165.165.26
                                                                                                  • 20.114.59.183
                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                  • 184.28.90.27
                                                                                                  • 52.165.165.26
                                                                                                  • 20.114.59.183
                                                                                                  http://webmail-7ba16a93.elod.com.br/?id=voiceofdesign.frGet hashmaliciousUnknownBrowse
                                                                                                  • 184.28.90.27
                                                                                                  • 52.165.165.26
                                                                                                  • 20.114.59.183
                                                                                                  http://specsavers.definition-ai.comGet hashmaliciousUnknownBrowse
                                                                                                  • 184.28.90.27
                                                                                                  • 52.165.165.26
                                                                                                  • 20.114.59.183
                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                  • 184.28.90.27
                                                                                                  • 52.165.165.26
                                                                                                  • 20.114.59.183
                                                                                                  3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                  • 20.7.1.246
                                                                                                  Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                  • 20.7.1.246
                                                                                                  PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                  • 20.7.1.246
                                                                                                  http://polskie-torrenty.eu/redir.php?url=https://globalfinanceweb.com%2FProfile%2Fluig%2Fnzx0k%2FmProtect.html%23abrumley@highlandfunds.comGet hashmaliciousUnknownBrowse
                                                                                                  • 20.7.1.246
                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                  • 20.7.1.246
                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                  • 20.7.1.246
                                                                                                  rQuotation3200025006.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                  • 20.7.1.246
                                                                                                  .05.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 20.7.1.246
                                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                                  • 20.7.1.246
                                                                                                  https://smallpdf.com/sign-pdf/document#data=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2VzaWduLnNtYWxscGRmLXN0YWdpbmcuY29tIiwic3ViIjoiNjE3MmQyMzMtODcyNy00M2NhLWI1NjQtYjgwZDUyZjYxYmVjIiwiYXVkIjpbImVzaWduIl0sImV4cCI6MTcyODYzODEyMCwibmJmIjoxNzI3NDI4NTIwLCJpYXQiOjE3Mjc0Mjg1MjAsImp0aSI6IjYxNzJkMjMzLTg3MjctNDNjYS1iNTY0LWI4MGQ1MmY2MWJlYyIsInBheWxvYWQiOnsiZW52ZWxvcGVfaWQiOiI2ZWRlMzFjZS00Mzc2LTQwYzItYjJjNy1jMDc2Y2M3MjY4NjIiLCJzaWduX3JlcXVlc3RfaWQiOiI2MTcyZDIzMy04NzI3LTQzY2EtYjU2NC1iODBkNTJmNjFiZWMiLCJ0b2tlbl90eXBlIjoibm90aWZpY2F0aW9uIiwidXNlcl9lbWFpbCI6ImNoYW8ud3VAd3JpLm9yZyIsInVzZXJfZmlyc3RuYW1lIjoiY2hhby53dUB3cmkub3JnIiwidXNlcl9sYXN0bmFtZSI6ImNoYW8ud3VAd3JpLm9yZyJ9fQ.UX67GiHBKgjV8XyH-SFTt_KgB2I_q2j9cbGTSqbzRvY&eid=6ede31ce-4376-40c2-b2c7-c076cc726862&esrt=6172d233-8727-43ca-b564-b80d52f61becGet hashmaliciousUnknownBrowse
                                                                                                  • 20.7.1.246

                                                                                                  Dropped Files

                                                                                                  No context

                                                                                                  Created / dropped Files

                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):295
                                                                                                  Entropy (8bit):5.157979854298921
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:PE0zCsLIq2PN72nKuAl9OmbnIFUt82E0zE2Zmw+2E0z/wkwON72nKuAl9OmbjLJ:PECCDvVaHAahFUt82ECV/+2ECI5OaHAR
                                                                                                  MD5:CFAA8C8D568EEDB99B3008AAC5A1CDBF
                                                                                                  SHA1:AE4FE46074C13671710E1AB748B2F1E4E332E73D
                                                                                                  SHA-256:33954AB0F8328037E8FA1B072EE916EC83DB899C86564492028AD5DF9A7A39FA
                                                                                                  SHA-512:E1CE73F62F1BF4D72BC48D3FF75CCC98387072FC060FAB0180E041B7F87E9B2DE5AE2318D2D86C07AE2FB1341A33989C69027BBD44ECF104379608FC405D9BB6
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:2024/09/27-10:40:13.322 3f0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/27-10:40:13.324 3f0 Recovering log #3.2024/09/27-10:40:13.325 3f0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):295
                                                                                                  Entropy (8bit):5.157979854298921
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:PE0zCsLIq2PN72nKuAl9OmbnIFUt82E0zE2Zmw+2E0z/wkwON72nKuAl9OmbjLJ:PECCDvVaHAahFUt82ECV/+2ECI5OaHAR
                                                                                                  MD5:CFAA8C8D568EEDB99B3008AAC5A1CDBF
                                                                                                  SHA1:AE4FE46074C13671710E1AB748B2F1E4E332E73D
                                                                                                  SHA-256:33954AB0F8328037E8FA1B072EE916EC83DB899C86564492028AD5DF9A7A39FA
                                                                                                  SHA-512:E1CE73F62F1BF4D72BC48D3FF75CCC98387072FC060FAB0180E041B7F87E9B2DE5AE2318D2D86C07AE2FB1341A33989C69027BBD44ECF104379608FC405D9BB6
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:2024/09/27-10:40:13.322 3f0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/27-10:40:13.324 3f0 Recovering log #3.2024/09/27-10:40:13.325 3f0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):342
                                                                                                  Entropy (8bit):5.174286250652631
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:PE0zvQ9yq2PN72nKuAl9Ombzo2jMGIFUt82E0zME1Zmw+2E0zMSRkwON72nKuAlx:PECvRvVaHAa8uFUt82ECx1/+2ECR5Oag
                                                                                                  MD5:7C9A5805BA5D814A2F1DFD8DDC9D832E
                                                                                                  SHA1:42688D8CD32E51F070B6613E79AF4318B490B514
                                                                                                  SHA-256:EF9D8F6BE4550DCCBA9C1DCC37C3708142F118E893F5323697C573F70BE08BF1
                                                                                                  SHA-512:6C0E9B1E35908DB75BC0D7EA6EC898A57EF45F4681DB5854AA73B9F5ADAA87E5123B82F93A61DB9EDA55565317E9524D3A36399AB0552B226807381EEC8FEAF8
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:2024/09/27-10:40:13.358 1c50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/27-10:40:13.360 1c50 Recovering log #3.2024/09/27-10:40:13.360 1c50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):342
                                                                                                  Entropy (8bit):5.174286250652631
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:PE0zvQ9yq2PN72nKuAl9Ombzo2jMGIFUt82E0zME1Zmw+2E0zMSRkwON72nKuAlx:PECvRvVaHAa8uFUt82ECx1/+2ECR5Oag
                                                                                                  MD5:7C9A5805BA5D814A2F1DFD8DDC9D832E
                                                                                                  SHA1:42688D8CD32E51F070B6613E79AF4318B490B514
                                                                                                  SHA-256:EF9D8F6BE4550DCCBA9C1DCC37C3708142F118E893F5323697C573F70BE08BF1
                                                                                                  SHA-512:6C0E9B1E35908DB75BC0D7EA6EC898A57EF45F4681DB5854AA73B9F5ADAA87E5123B82F93A61DB9EDA55565317E9524D3A36399AB0552B226807381EEC8FEAF8
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:2024/09/27-10:40:13.358 1c50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/27-10:40:13.360 1c50 Recovering log #3.2024/09/27-10:40:13.360 1c50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):546
                                                                                                  Entropy (8bit):4.946535725240054
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:YHgLdvsoqBWsB6um3RA8sqc22sBd2caq3QH7E4T3y:YALtuB7JsRdsb2bdJ3QH7nby
                                                                                                  MD5:46DED73EC2F064F32A239E726DC689A2
                                                                                                  SHA1:5ECF6C472A6E3B4744A2EB63B4D2EBE4F6FD178F
                                                                                                  SHA-256:234888720301127C1EC7FCADC9A1176ED543EE4E6BAE34068AE29B3FDFF56890
                                                                                                  SHA-512:E60E5A710DECB40E7A941F1A656F794DD9FA9C1A928A1FC80085E0A18814C477805CF44C8EF6682E3CBA31F6CD7D16263E82AAACBEBE59C1439B8B7EAA3B2F1F
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":2,"broken_until":"1727448324","host":"chrome.cloudflare-dns.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372008025309832","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e8cec4a0-a5db-4e5e-8c55-c59259296e24.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:modified
                                                                                                  Size (bytes):546
                                                                                                  Entropy (8bit):4.946535725240054
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:YHgLdvsoqBWsB6um3RA8sqc22sBd2caq3QH7E4T3y:YALtuB7JsRdsb2bdJ3QH7nby
                                                                                                  MD5:46DED73EC2F064F32A239E726DC689A2
                                                                                                  SHA1:5ECF6C472A6E3B4744A2EB63B4D2EBE4F6FD178F
                                                                                                  SHA-256:234888720301127C1EC7FCADC9A1176ED543EE4E6BAE34068AE29B3FDFF56890
                                                                                                  SHA-512:E60E5A710DECB40E7A941F1A656F794DD9FA9C1A928A1FC80085E0A18814C477805CF44C8EF6682E3CBA31F6CD7D16263E82AAACBEBE59C1439B8B7EAA3B2F1F
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":2,"broken_until":"1727448324","host":"chrome.cloudflare-dns.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372008025309832","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5859
                                                                                                  Entropy (8bit):5.2524805990912915
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7ClFh4:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhj
                                                                                                  MD5:DD538593E65352A1B76156A2D2040F87
                                                                                                  SHA1:B7420AE3DCC7DEDABA35F4E45D6AA7C62066520A
                                                                                                  SHA-256:03DF5FB379842EB7853F1CAF3A9B7956B0E0C598A893B311BC4E5C41DCE1EEE7
                                                                                                  SHA-512:C1043790246B1226439A1DB566881565E5B9F012A1C9B9B47A33A49B0E7CD2F293BF1FF573F3C5724977B2D6A4B6F341AA2ED5F0446FDCC1F52376C144FCF9BC
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):330
                                                                                                  Entropy (8bit):5.143195630160368
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:PE0zG1Flyq2PN72nKuAl9OmbzNMxIFUt82E0y/E1Zmw+2E0yhfglRkwON72nKuAo:PECWIvVaHAa8jFUt82ElM1/+2ElhfgzN
                                                                                                  MD5:FF310688CC964FB093D354E0BA6BCC8A
                                                                                                  SHA1:E1520970FE1BDE73E8CB98EBB3981971EE5171B0
                                                                                                  SHA-256:102E5EC2E2E4D71F260E83D5597E4ACDAF7ED16A6E166E1033577FAA09B816DF
                                                                                                  SHA-512:1BA71CB3BCE7E90CFFD700E7ECD2A49070A203023C65C5D7855F7464478A1081717E34E6C5D2726D22BD034BDB4388838D1AED0133F3FF061BF63D1330AEF763
                                                                                                  Malicious:false
                                                                                                  Preview:2024/09/27-10:40:13.969 1c50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/27-10:40:14.000 1c50 Recovering log #3.2024/09/27-10:40:14.039 1c50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):330
                                                                                                  Entropy (8bit):5.143195630160368
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:PE0zG1Flyq2PN72nKuAl9OmbzNMxIFUt82E0y/E1Zmw+2E0yhfglRkwON72nKuAo:PECWIvVaHAa8jFUt82ElM1/+2ElhfgzN
                                                                                                  MD5:FF310688CC964FB093D354E0BA6BCC8A
                                                                                                  SHA1:E1520970FE1BDE73E8CB98EBB3981971EE5171B0
                                                                                                  SHA-256:102E5EC2E2E4D71F260E83D5597E4ACDAF7ED16A6E166E1033577FAA09B816DF
                                                                                                  SHA-512:1BA71CB3BCE7E90CFFD700E7ECD2A49070A203023C65C5D7855F7464478A1081717E34E6C5D2726D22BD034BDB4388838D1AED0133F3FF061BF63D1330AEF763
                                                                                                  Malicious:false
                                                                                                  Preview:2024/09/27-10:40:13.969 1c50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/27-10:40:14.000 1c50 Recovering log #3.2024/09/27-10:40:14.039 1c50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240927144017Z-192.bmp

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                                                                                                  Category:dropped
                                                                                                  Size (bytes):71190
                                                                                                  Entropy (8bit):1.0856073352410975
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:5Rqoo1zvoBKEsC0fuWcs7wCUHVUGfpRDanNIeOu:5R4EsnWWlAiIeOu
                                                                                                  MD5:8DF22A96041CE58ECAF5D627CBFA130C
                                                                                                  SHA1:79CD94B6986A77BD491C9A63007A1F35A15067FE
                                                                                                  SHA-256:DB5D21A192FC97F4624EBD9DEEB787F03646F6A457C7155D2BB1511293918335
                                                                                                  SHA-512:91B1355BEA1C878C3F003E8DD1E975BA1B39B045922C08754C9122EFB030B609CC952819FC09F130E0F55DA9775BF2FBE7D1A8D12B333FC94B8143E013E8F35B
                                                                                                  Malicious:false
                                                                                                  Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                                                                                                  Category:dropped
                                                                                                  Size (bytes):86016
                                                                                                  Entropy (8bit):4.44472564506563
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:ye6ci5tViBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:m+s3OazzU89UTTgUL
                                                                                                  MD5:B4FCEA2098B33BB37DC34CDB7065CA9B
                                                                                                  SHA1:D46E0787091E16E4B81C2993385F2C35A58D087F
                                                                                                  SHA-256:EC6DD9B20ECADF4317DC18C338F17712722AA7290FAD41E53DD60CB8C487ACDF
                                                                                                  SHA-512:D4E079CF53E0B4FF923E628870BA542ED3328EAE471362338A1ADCB32195C6BCDEB770F6E97589DA8A7E91B48D6E8036D75A5E21A81FE9A0D7964D454CA72B5C
                                                                                                  Malicious:false
                                                                                                  Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:SQLite Rollback Journal
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8720
                                                                                                  Entropy (8bit):3.7669725243733407
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:7MvJioyVxioyJoy1C7oy16oy1XKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Oj:7AJuxvGXjBiTb9IVXEBodRBkY
                                                                                                  MD5:C9F484AC1961B97CDF4593B3EC16EA17
                                                                                                  SHA1:BBE3BF6A121C605ED8E67E532FD2603673AF32A3
                                                                                                  SHA-256:EA7B337506EFA4A3C2CDA891F16078306B7CFB61D1C27FDB619F325F503A6388
                                                                                                  SHA-512:46767B0B8EA0FDFAE244BC367863941E945562C9CF456026046118EDF991320E87A8DBAEBD94D3A03ABD1D2DACEB7719A729D57964F5D143A854E1EC8CC304C3
                                                                                                  Malicious:false
                                                                                                  Preview:.... .c.....T..&...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):295
                                                                                                  Entropy (8bit):5.351464503294261
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:YEQXJ2HXPAHWLs/A93nZiQ0YUVeoAvJM3g98kUwPeUkwRe9:YvXKXBcAJcnGMbLUkee9
                                                                                                  MD5:45D0A5055BF208951733C8378E84A9C7
                                                                                                  SHA1:47EE68CCF05E88291372F11600022BFD66D7B27A
                                                                                                  SHA-256:A03C8B3E17F5163D7A983B0AE947998A24868BDA9789D3C22C5E23B0B4FFA294
                                                                                                  SHA-512:9C64D5186D9E54C245AECFA3EF5BFC9EEEFE20ED7B5EEDD6214964589288FAD52ED6B753EBC2DEBCE471803263E8E3613069E30808430100AA934204A60D2FC9
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):294
                                                                                                  Entropy (8bit):5.303386365431421
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:YEQXJ2HXPAHWLs/A93nZiQ0YUVeoAvJfBoTfXpnrPeUkwRe9:YvXKXBcAJcnGWTfXcUkee9
                                                                                                  MD5:43A15A59BEB0C68C4AFBF6F0E1F6EAA5
                                                                                                  SHA1:0428AAD22D425CAC590E6FF823861C878B163FF4
                                                                                                  SHA-256:5B97C89406D3088B764E578BC0B3CCAAB6A44F5EAC94ACA46B03C79C62453B06
                                                                                                  SHA-512:1632203F9A1163359A0D6F5BF93B8DC3DD23BE9067485707E019E20E37FFD85289E52FD12C5CC673CB0F0D97B3614EA6724E4A257CFB30D06089E5A12C6FEF2A
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):294
                                                                                                  Entropy (8bit):5.282465829636383
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:YEQXJ2HXPAHWLs/A93nZiQ0YUVeoAvJfBD2G6UpnrPeUkwRe9:YvXKXBcAJcnGR22cUkee9
                                                                                                  MD5:F390633E37F62054783BBBFB0D6A60E0
                                                                                                  SHA1:8EAD1178B27A6D47234A23F81232BC736758067E
                                                                                                  SHA-256:0953809A3F18AD555962DD6F9D3E4347129A2D15354DB46881B6A08B82A53AB2
                                                                                                  SHA-512:0A17797AE01C2CFC8EE5EEA1756C8F09503349FB53354F2C8C81ECA1F435F285E581DFD2EFE23CF62CB40EB817105309EA77CDFC9DF8D9F516DF083292BAB378
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):285
                                                                                                  Entropy (8bit):5.331069574290726
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:YEQXJ2HXPAHWLs/A93nZiQ0YUVeoAvJfPmwrPeUkwRe9:YvXKXBcAJcnGH56Ukee9
                                                                                                  MD5:616076E0119EC27D986DE24833A28B0D
                                                                                                  SHA1:B0DBD7F3A9B8EE727085C2C97E933FC930322EEC
                                                                                                  SHA-256:4C0FBA107E2A694BB4B6776C7EB10303BAE9596B2C844EB258E855517C7DDCAD
                                                                                                  SHA-512:111AE0201F4BA9C09EA91D6CF0C7DCADDF52F058BE2A840E16535BA90C929CD2142342829B33524BFC2D0D8B604F9FE4F28EE5DAFABC459F194B33FBE83E1995
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1063
                                                                                                  Entropy (8bit):5.6579646783003
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:Yv6XBcAuspLgEFqciGennl0RCmK8czOCY4w2e:YvzShgLtaAh8cvYvp
                                                                                                  MD5:3829864BCBBBC65FB56C6373A5BBD2EC
                                                                                                  SHA1:453D9C40DF90F037DDB5DEF0721F107EDD15568F
                                                                                                  SHA-256:B9E8BC722559190A30DE73B75FD384CFE7CC7F8E99FE53C77EC6E89C73A8EE44
                                                                                                  SHA-512:75F6CA4350F4FB384DE636C3579DF5C8D048BB581F468147FA1A69855C4F34E9925D0AF1C1BDD6275F624BB3339B0DAB111FD0DB834F167250A58BD58023416D
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1050
                                                                                                  Entropy (8bit):5.646867727691095
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:Yv6XBcAuGVLgEF0c7sbnl0RCmK8czOCYHflEpwiVe:YvzUFg6sGAh8cvYHWpwz
                                                                                                  MD5:092079377FD19251CCAB389140AF5E41
                                                                                                  SHA1:FA230217BD40C3E0E2BAB0C460AA9EA1FCCEE48D
                                                                                                  SHA-256:782ACB77B08B1E6B56B99C09B46AC8FD940BC93D7DA87850FB0B99B72FDD400F
                                                                                                  SHA-512:6781EFBEBC0796363200365A22AF62526B6011E96028E1730BF66C400A788C24749C48921E555D33C25729B241E5FC7E57480211B2682626F7D894A6B450A188
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):292
                                                                                                  Entropy (8bit):5.279261366280055
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:YEQXJ2HXPAHWLs/A93nZiQ0YUVeoAvJfQ1rPeUkwRe9:YvXKXBcAJcnGY16Ukee9
                                                                                                  MD5:9E388C935C6EBCC393491656E088C94A
                                                                                                  SHA1:C46EC999DA4EB1CB4D7BCF0536E9D6FAF57FB66A
                                                                                                  SHA-256:203A16993BDA14624D63192CBEB60BD652E90F7C84D6557A2AABC275A30A4184
                                                                                                  SHA-512:5D796F8031AD4757FBD3FF8AD6D4498624691A3303EDDF9FAE24E69C40994454F68673623EE357CC056A8B14B216B3CC8717A2EA1FBFD50A00A5C6BF621BCD7A
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1038
                                                                                                  Entropy (8bit):5.639896662485424
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:Yv6XBcAuz2LgEF7cciAXs0nl0RCmK8czOCAPtciBe:Yvz5ogc8hAh8cvAw
                                                                                                  MD5:1ECAF999B44C2E00FB9906B5A1E03686
                                                                                                  SHA1:213C45DED94BA1224F84A2965E813D2474FE656A
                                                                                                  SHA-256:C2518F64A5EFB6413011F827CED4C62A493A0F3BCA4A9E471706AAF9AF52478E
                                                                                                  SHA-512:CB6524FF95755632B32F6CE7DA18E56385CB6107499B6C4F4F49CC8574E72B374911BBB3AD29E2E9C7FD0B2707C7C4E2446F87C8CCE7A79A6438DF53BCFA0C55
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1164
                                                                                                  Entropy (8bit):5.6956354841558055
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:Yv6XBcAu/KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5e:YvzJEgqprtrS5OZjSlwTmAfSK0
                                                                                                  MD5:ACA17827D946DBED524EF22E6A715E88
                                                                                                  SHA1:1A6DB0914C51C97348ADCA7D3784827D3FE33332
                                                                                                  SHA-256:771DD75E45DDB799D0E8EC4BA414EEDB59AE2812DF9C5685648B939A755E3BC3
                                                                                                  SHA-512:A0062B36EEF462A06C0B547C271C2906B92795594DEADED8C5F865B1A7E84845B62171EF960C8358D8DA6DDDC1A0E3A808D55A388E0F5A62678874BFF1978560
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):289
                                                                                                  Entropy (8bit):5.284150642651551
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:YEQXJ2HXPAHWLs/A93nZiQ0YUVeoAvJfYdPeUkwRe9:YvXKXBcAJcnGg8Ukee9
                                                                                                  MD5:4C6DF9A01CE88B10E2A3E2ED5039AE86
                                                                                                  SHA1:1F41E5B60544536A5E90D8440E109021B3B6BA60
                                                                                                  SHA-256:DDC53652EE02955DED45B9AF2E94A011594D2FE0EB2DED5D91F14E085F6C229C
                                                                                                  SHA-512:4F0AC115685AD558FFE6EDCC9B8D9DF10F97787812920B9DD497C2FBFC4297C0D66532265F8C128C0E437665F01E2B4FF9B015B9AE565EE205E065DF4518DC4E
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1395
                                                                                                  Entropy (8bit):5.77326399278493
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:Yv6XBcAuCrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNZ:YvzkHgDv3W2aYQfgB5OUupHrQ9FJL
                                                                                                  MD5:081DA9E77B5C01981D97CACDCA6C75DC
                                                                                                  SHA1:2749E2292D3DB17BF4B36ECE89183392C7F5F937
                                                                                                  SHA-256:ECB1AF07FBC796A4597156F4364E972ED999E75BCC65669F6A9D0A47FF61A48A
                                                                                                  SHA-512:6B0DF77FB27656BC997F8097CA32755152D2A965E099A65D1554713B55DC55C30AB5AF00D5947302480EF1BFB9E1303546E3D9BFD3C495007CDDE321B04A3A7B
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):291
                                                                                                  Entropy (8bit):5.267806670616468
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:YEQXJ2HXPAHWLs/A93nZiQ0YUVeoAvJfbPtdPeUkwRe9:YvXKXBcAJcnGDV8Ukee9
                                                                                                  MD5:8BC92E50ED75186EF7FA2EA4CC5CD0E9
                                                                                                  SHA1:BA7FB03F7A56911CCCCA4C7152B19B5374596463
                                                                                                  SHA-256:D5E3463FB78D11AC335118A6794F3DC96AF810480C89CFA0483F1D721CA46A84
                                                                                                  SHA-512:E364997C1D4DBC0507DC77B50F06DC9F72F7B90DFECE58B504793A36089BF1653F09F24EF6CDA1730D27C721448A05D70A1D8B070079A7C51D96C2EDAA35806A
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):287
                                                                                                  Entropy (8bit):5.270654231544634
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:YEQXJ2HXPAHWLs/A93nZiQ0YUVeoAvJf21rPeUkwRe9:YvXKXBcAJcnG+16Ukee9
                                                                                                  MD5:C0C8183F25A5969B74923BFB9AB9DF72
                                                                                                  SHA1:FE257040D62B5CEE135DB5C0BC3C181637BF9A45
                                                                                                  SHA-256:000BF6BF9B0D7ED3DF36FFE75CEF7736303BC972A862BF593BD96C1B76C58010
                                                                                                  SHA-512:A0973D226DE0576251818AAFEBD07FDF863922E3D6890DEFFB5C641E4595E9B48BD5348474F0DFE585DE1037BA0A2F7F141974624EB7C2E83379352C8942FC6F
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1058
                                                                                                  Entropy (8bit):5.647902299242186
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:Yv6XBcAuYamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8Be:YvzQBguOAh8cv+NKB
                                                                                                  MD5:90A804F2BC50FA4C9BF29E3B71CF6ECD
                                                                                                  SHA1:AB63CA5BF93B9C5488866B3974C57AC020A5FE9E
                                                                                                  SHA-256:311018B1D377F3B8F2918508B183D49C32AFB9C3EA705C84E08FD5E960BFE362
                                                                                                  SHA-512:EFF0464035C3FA7A96BFC87241BC3AC666A91556DC2C5724772BB87E3E8EB4E595006A0515219157FBBE1C0B8CED00A8815CB37270A3B2B4FBB4BAEA1327932B
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):286
                                                                                                  Entropy (8bit):5.246802526109512
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:YEQXJ2HXPAHWLs/A93nZiQ0YUVeoAvJfshHHrPeUkwRe9:YvXKXBcAJcnGUUUkee9
                                                                                                  MD5:50EAFDA41967ED53BAFA342A90B1C895
                                                                                                  SHA1:50254379555DAB9484BA6F8038B4584C6A793888
                                                                                                  SHA-256:1E1C670106273C8273641EB81A65D53F42B86CC7E2DEC17878210C626D993E01
                                                                                                  SHA-512:841BC4FCCB79DAD40C22AF0A8AC2F44B99C8A26B717C2B43A14DCA279BB99C05A00D2D5CFFE764CEB640514D2E4563F861E0A99C33D53DDFDF814DDBC1A8ED74
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):782
                                                                                                  Entropy (8bit):5.35295771600012
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:YvXKXBcAJcnGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW9:Yv6XBcAun168CgEXX5kcIfANhc
                                                                                                  MD5:1345D8FB697E19E2A0749A1F8F9BA759
                                                                                                  SHA1:DEA1FD4E2C0513BB5A96C6A251AE10D2A11926AE
                                                                                                  SHA-256:A39376781BE1F3CAFEA3FCC4FEB1AEED711B5863DF48155331BEDEA120A85AB1
                                                                                                  SHA-512:6F7ECECC86AF7A48C11D0A6D99FECCB2ED696CDD0E206DA23F57066FB51744F0F3BDDE2D4184EA915EBF7403CBA8A0C60E99B12656BA25F12BD72BF97FF78C20
                                                                                                  Malicious:false
                                                                                                  Preview:{"analyticsData":{"responseGUID":"8eaec503-d30d-40bd-859e-245e494dc070","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1727624678752,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727448023783}}}}

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4
                                                                                                  Entropy (8bit):0.8112781244591328
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:e:e
                                                                                                  MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                                                  SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                                                  SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                                                  SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                                                  Malicious:false
                                                                                                  Preview:....

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2818
                                                                                                  Entropy (8bit):5.1319951035503015
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:Y7o4GlI9atGmayg7+Xp0G2OCxpn+cm8BrNeJTbAt4p204vBBP2LSGujCfkj0SG+5:Y7oY2plcn+c3GYtyB83PPCerKMqfA9Bb
                                                                                                  MD5:4381937EE261DCB3BF304E111CC52178
                                                                                                  SHA1:BEBF1FC168BE5062AC9C0985F8FD256A3E886C5D
                                                                                                  SHA-256:BDD705AB39EBC75F4E13552564CE4AB0A3344672BEC8BC90F8B82EA3A1D35436
                                                                                                  SHA-512:009C7796FDB47B720A8C8FF82C3B137CD109B414CB457EBE8011938457E606568CA8EF11D6EB0A2861AEB6C0B511A21AF7117DBEE79E8791DBFA3AC044527EFA
                                                                                                  Malicious:false
                                                                                                  Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"bdbceecab20969a541560ae700a15a64","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727448023000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"7912fc40b8c288dd5aabd3e81ba12f9f","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727448023000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"6237f74ad3809e367cb705130e6db160","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1727448023000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"311808d24b11a52ecb20e64ea4f62ca1","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1727448023000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"c6b3ec134f07a51e942085c9d1fc55ec","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1727448023000},{"id":"Edit_InApp_Aug2020","info":{"dg":"3b81df2f62645349c7e9865241071555","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12288
                                                                                                  Entropy (8bit):1.1460826497546077
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:TLhx/XYKQvGJF7ursUPRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcZ:TFl2GL7msYXc+XcGNFlRYIX2v3k5
                                                                                                  MD5:75EF3D6440EA0064D8F9818417E159EF
                                                                                                  SHA1:89A13277D7F6FE620065982200B23A1260018109
                                                                                                  SHA-256:2165B6B059D9F822517A97D3F5C1AB9F33139269315E3FCBB2177D6C4FFD36C7
                                                                                                  SHA-512:68697E36ACCA39B5A13D4F0668731E81D278FE95225F11C6B62BC43723A6FDC9F2037654D243AD6F7751B3D2E1B35DF870FCB7CA6AABCF64B5FCB11F472CC02F
                                                                                                  Malicious:false
                                                                                                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:SQLite Rollback Journal
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8720
                                                                                                  Entropy (8bit):1.551574404177066
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:7+tbPUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxtpqLxx/XYF:7MgXc+XcGNFlRYIX2vqqVl2GL7msM
                                                                                                  MD5:AF4F4688EAB7D14EA0CBA1023F023076
                                                                                                  SHA1:E541304697F2BB007E075284AFB2DD8AAE863BD9
                                                                                                  SHA-256:B126E133203DFCB38D988C8CD3114CB41BE58E65CB689494BD11D37A549AA743
                                                                                                  SHA-512:432673A66672D728065AD44CD98DCC0FE55D5B4F3F4DDBF43DBFD20F89551C0767D2281FF9EF9A6C482C81B1E9A35B82BCF40EA77ADA4A31FE456BDEB9FF08C5
                                                                                                  Malicious:false
                                                                                                  Preview:.... .c......V............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\MSI4362c.LOG

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):246
                                                                                                  Entropy (8bit):3.5030768995714583
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8UdNYlH:Qw946cPbiOxDlbYnuRKG9
                                                                                                  MD5:9B38A9A175DDF1248F90E6C5870FF1B4
                                                                                                  SHA1:25F4D84BD334DA4AE808983B8DDE7884DD85A105
                                                                                                  SHA-256:FB17D925A22699B9DE32F00F983924264E02A70E67A819D21195CAEC8E35CC4B
                                                                                                  SHA-512:0083C346A7743407B8C8933E9E1A54ECA68AE8E4910C46291B6013499517BD023F63B864E4A3DC093A2E2735EBE82035C4CB302F421A330A26F5E6B8A2CD1BA2
                                                                                                  Malicious:false
                                                                                                  Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.0.9./.2.0.2.4. . .1.0.:.4.0.:.2.1. .=.=.=.....

                                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\A957arsh_uwdiaf_5h4.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:PDF document, version 1.6, 0 pages
                                                                                                  Category:dropped
                                                                                                  Size (bytes):358
                                                                                                  Entropy (8bit):5.080568449716385
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOsHdQVJw49dQVJw4dLCSyAAO:IngVMre9T0HQIDmy9g06JXEdQwsQwSlX
                                                                                                  MD5:835889457AA91CF2CD8D325C86C0E4B8
                                                                                                  SHA1:B7C1D50049B0C42E604C79D303D5DBF358D9BA0E
                                                                                                  SHA-256:610CA69270D0C6212AB8D4A1115F8C89CB1181A43C020F6A829BE90729EC997B
                                                                                                  SHA-512:1408DDEE7E500261F75AEE545E6C02448703122A6FE9D76390134FC90702A9823BB904010029A45B5D21917BBFB4A15422A40F40E5042F31DF0D4DB0B782766E
                                                                                                  Malicious:false
                                                                                                  Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<752D4832820C574F97F6986333AC49BD><752D4832820C574F97F6986333AC49BD>]>>..startxref..127..%%EOF..

                                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-27 10-40-14-905.log

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:ASCII text, with very long lines (393)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16525
                                                                                                  Entropy (8bit):5.338264912747007
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
                                                                                                  MD5:128A51060103D95314048C2F32A15C66
                                                                                                  SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
                                                                                                  SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
                                                                                                  SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
                                                                                                  Malicious:false
                                                                                                  Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):15114
                                                                                                  Entropy (8bit):5.318067312525406
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:thVwll0MbduuxEiz/tPcPJDhJCpcd+u3u5w02OeSZm6mIrDJpKhUHsHSzFTuT3vH:8LU
                                                                                                  MD5:F532521535666B8E21C43BBFFBB1D73F
                                                                                                  SHA1:24193C4C85FB40F36CB13937DDB58A3E520AD12A
                                                                                                  SHA-256:D27E025D2F7CA04951802E1C223C241540EE9492553FFCA4A007609C804CEBC5
                                                                                                  SHA-512:2DD3909F1777881275656C29FC556DB04B08C54BC0311B7E268CD63FA081D3A8D78B5FD2F77B3C3B84548D859066DF66504A5172ADD8A1593F9BE6CB4680F3ED
                                                                                                  Malicious:false
                                                                                                  Preview:SessionID=c8a10b23-99d9-4620-9e2b-9b508f414eed.1727448014930 Timestamp=2024-09-27T10:40:14:930-0400 ThreadID=2328 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=c8a10b23-99d9-4620-9e2b-9b508f414eed.1727448014930 Timestamp=2024-09-27T10:40:14:932-0400 ThreadID=2328 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=c8a10b23-99d9-4620-9e2b-9b508f414eed.1727448014930 Timestamp=2024-09-27T10:40:14:932-0400 ThreadID=2328 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=c8a10b23-99d9-4620-9e2b-9b508f414eed.1727448014930 Timestamp=2024-09-27T10:40:14:932-0400 ThreadID=2328 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=c8a10b23-99d9-4620-9e2b-9b508f414eed.1727448014930 Timestamp=2024-09-27T10:40:14:932-0400 ThreadID=2328 Component=ngl-lib_NglAppLib Description="SetConf

                                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):29752
                                                                                                  Entropy (8bit):5.40176457935675
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbd+cbQIkWcb1:V3fOCIdJDepk5
                                                                                                  MD5:64B173CF90A82FB02FF1A0E0D4BFD4FE
                                                                                                  SHA1:A63C92095C6ED28279F5AF26B5B2A31866717B6F
                                                                                                  SHA-256:2435B177DDA221210E668C807B01748FCBC70029DA5DB06562A423F8AD66C58E
                                                                                                  SHA-512:2723A98748BE0EF443255E3558214F28B55068E51E04DA22056D59F106FD9F74EF272E433ED9B7EA96C6B68DD1B1DFBA5E67DEBFF4800633879ECD895D196B5D
                                                                                                  Malicious:false
                                                                                                  Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

                                                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\75658686-fc1e-4c54-85d4-0a369ff4845a.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                                                  Category:dropped
                                                                                                  Size (bytes):758601
                                                                                                  Entropy (8bit):7.98639316555857
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                                                  MD5:3A49135134665364308390AC398006F1
                                                                                                  SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                                                  SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                                                  SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                                                  Malicious:false
                                                                                                  Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\910b8650-520f-4677-91d0-5a29d25b3576.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1407294
                                                                                                  Entropy (8bit):7.97605879016224
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24576:6Dbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WL07oXGZGwYIGNPJF:cb3mlind9i4ufFXpAXkrfUs0jWLxXGZY
                                                                                                  MD5:279B811F8FB7ED83618C0B37825CCF25
                                                                                                  SHA1:5718DA0EF8F5A938CB88800665F18C9B805208B2
                                                                                                  SHA-256:2AF4D3CE45FACE3A6DF83A17E90912767BE01A6F2C96AD8B3F270FDB13F77E46
                                                                                                  SHA-512:74A736359646F91F28AC496DFFF249D0E5B005AA6BB34DAFDDE3C2A29B70D52E6F865239579AC94540AAB0D20BFC03AE6501814358D2122FCB60A4591213A9B9
                                                                                                  Malicious:false
                                                                                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\bb62c450-eb83-4ed9-9b3f-8d7e515e73ef.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                                                  Category:dropped
                                                                                                  Size (bytes):386528
                                                                                                  Entropy (8bit):7.9736851559892425
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                                                  MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                                                  SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                                                  SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                                                  SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                                                  Malicious:false
                                                                                                  Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\c4f7e7e2-709e-4ad6-a5b7-d20a8e01a4d2.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1419751
                                                                                                  Entropy (8bit):7.976496077007677
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24576:6DaWL07oXGZGwYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:caWLxXGZGwZGh3mlind9i4ufFXpAXkru
                                                                                                  MD5:7867DAFF192926A49EB7516D226D452F
                                                                                                  SHA1:BD0B185B12DB865CEA23060A9789C6B2D814B62E
                                                                                                  SHA-256:C7586BA81615BBAA63DA0D81CE18C0D087D1237500C99C35239A4D3CAEED2934
                                                                                                  SHA-512:B556042E82056983EA6A69AEE0DAB370641437EF6239FD04676FC26EC9472C6E5EF6194885C165E3987E8019321DCD9B4A574EA7A6253AC3C9468434AEAA0C21
                                                                                                  Malicious:false
                                                                                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                                                  Chrome Cache Entry: 160

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1840x630, components 3
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):39755
                                                                                                  Entropy (8bit):7.574348657479085
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:LYU5cIupDSkdi0l48StkLA1bAjtenAB7MGrv+/:TruJSkwIlDMBAjtenAB7xrW/
                                                                                                  MD5:3972435031D02D6FF6CB8A5F2A786094
                                                                                                  SHA1:0AE6D027CD444F4C4605B21486E919C310FD92D3
                                                                                                  SHA-256:BA7E54CBF5CA0A4BBDAA39254C20EB8490ADBBA42CD0A14B5B0001A6AA51A26D
                                                                                                  SHA-512:18BC5D61EC062605ADDB6B06FBA90283E24CA3D6D3333D3803EFCFCFEA100899AF23A5E21649BD0EE751001CF7402508D0817CB570D0243A0BBE4C40657B11BE
                                                                                                  Malicious:false
                                                                                                  URL:https://pbs.twimg.com/media/GGrR89_WgAAgrOI?format=jpg&name=large
                                                                                                  Preview:......JFIF.............C..............................................!........."$".$.......C.......................................................................v.0..".................................................................................@............................................................................................?+7r..O3q.3w.!..'..s......].v.7..^.qxQ..Z....@y.>.Y.O...4..|9.p.~.h..m..\.x.........?..i._.h.....YU.!...........................................................H...G....,5.....U..+.C....l..,...`A.z.V},..[.......;MX.e".D..I....[..y...kGYl..2...>..Ec?.hf...+.........Z..1..C3..fw.....5.c..[...............................................................".".-.+.....2.[i7jN4.........l.N......Y..........O...k.ff..+.g..5..9...........*IH.<.u.....c.[.vm..........#..;..>.X.}.:..Q.zI[.Q.R.A..rV...?...........................................................r.q......Xk..u....'.W.......T..'......L.......T|.6..R+y.....\.Q.l...d.....d|>....

                                                                                                  Chrome Cache Entry: 161

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):16
                                                                                                  Entropy (8bit):3.875
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:HoUinYn:IUyY
                                                                                                  MD5:903747EA4323C522742842A52CE710C9
                                                                                                  SHA1:9F806EA4288867A31A4AD53AC171AA4029DF182B
                                                                                                  SHA-256:4BD8B60F91849C936AE45615145A7B7BE2CF803322A30BABBAE7267A142CA5BB
                                                                                                  SHA-512:EEF73DC29A38ED70FFCFC321931BCB5B5A29FAAC356E8F6D84F57C532EEF44AE75021C341CF7DAE26B8211924A1C0E0EC4735F6BFC4AF3970A48EB63BFB7895F
                                                                                                  Malicious:false
                                                                                                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAkRpIMO4ph2dRIFDYOoWz0=?alt=proto
                                                                                                  Preview:CgkKBw2DqFs9GgA=

                                                                                                  Chrome Cache Entry: 162

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:HTML document, ASCII text
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):4343
                                                                                                  Entropy (8bit):4.4743461473840895
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:6cq2JDsm8FTcFF9cTWT645m+kTDJfVWLFxgudbb1GnaC+jHCj:6cq2Jgm8FTcFF9ce4XJg5uaCEHe
                                                                                                  MD5:029912FA35A1FE0FFD93C74661B3F40C
                                                                                                  SHA1:D60556BE77ACCA4428A17072F7CD8DDE09E062B9
                                                                                                  SHA-256:FC8BA563575130DE3D9E75F953DA1834E1C5295E1D5FC482547E48AED82C0F31
                                                                                                  SHA-512:6A930F1EB852C36F94E9B34B68A1AB46D540F7494C768DC738B0E3EF2924A0376AB17F6130814105350A30A12D39302DD1F88390C7CA3B7A188DAB685A9A10D3
                                                                                                  Malicious:false
                                                                                                  URL:https://main.d3engbxc9elyir.amplifyapp.com/
                                                                                                  Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Security Check</title>. Security Headers -->. <meta name="robots" content="noindex, nofollow, noarchive">. <meta http-equiv="X-Content-Type-Options" content="nosniff">. <meta http-equiv="X-Frame-Options" content="DENY">. <meta http-equiv="X-XSS-Protection" content="1; mode=block">. <meta http-equiv="Strict-Transport-Security" content="max-age=31536000; includeSubDomains; preload">. <meta http-equiv="Referrer-Policy" content="no-referrer">. . <style>. body {. font-family: 'Arial', sans-serif;. background-color: #f9f9f9;. margin: 0;. padding: 0;. }.. .container {. display: flex;. flex-direction: column;. align-items: center;. justify-content: center;. min-height: 100vh;. positi

                                                                                                  Chrome Cache Entry: 163

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:HTML document, ASCII text
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):4343
                                                                                                  Entropy (8bit):4.4743461473840895
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:6cq2JDsm8FTcFF9cTWT645m+kTDJfVWLFxgudbb1GnaC+jHCj:6cq2Jgm8FTcFF9ce4XJg5uaCEHe
                                                                                                  MD5:029912FA35A1FE0FFD93C74661B3F40C
                                                                                                  SHA1:D60556BE77ACCA4428A17072F7CD8DDE09E062B9
                                                                                                  SHA-256:FC8BA563575130DE3D9E75F953DA1834E1C5295E1D5FC482547E48AED82C0F31
                                                                                                  SHA-512:6A930F1EB852C36F94E9B34B68A1AB46D540F7494C768DC738B0E3EF2924A0376AB17F6130814105350A30A12D39302DD1F88390C7CA3B7A188DAB685A9A10D3
                                                                                                  Malicious:false
                                                                                                  URL:https://main.d3engbxc9elyir.amplifyapp.com/favicon.ico
                                                                                                  Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Security Check</title>. Security Headers -->. <meta name="robots" content="noindex, nofollow, noarchive">. <meta http-equiv="X-Content-Type-Options" content="nosniff">. <meta http-equiv="X-Frame-Options" content="DENY">. <meta http-equiv="X-XSS-Protection" content="1; mode=block">. <meta http-equiv="Strict-Transport-Security" content="max-age=31536000; includeSubDomains; preload">. <meta http-equiv="Referrer-Policy" content="no-referrer">. . <style>. body {. font-family: 'Arial', sans-serif;. background-color: #f9f9f9;. margin: 0;. padding: 0;. }.. .container {. display: flex;. flex-direction: column;. align-items: center;. justify-content: center;. min-height: 100vh;. positi

                                                                                                  Chrome Cache Entry: 164

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1840x630, components 3
                                                                                                  Category:dropped
                                                                                                  Size (bytes):39755
                                                                                                  Entropy (8bit):7.574348657479085
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:LYU5cIupDSkdi0l48StkLA1bAjtenAB7MGrv+/:TruJSkwIlDMBAjtenAB7xrW/
                                                                                                  MD5:3972435031D02D6FF6CB8A5F2A786094
                                                                                                  SHA1:0AE6D027CD444F4C4605B21486E919C310FD92D3
                                                                                                  SHA-256:BA7E54CBF5CA0A4BBDAA39254C20EB8490ADBBA42CD0A14B5B0001A6AA51A26D
                                                                                                  SHA-512:18BC5D61EC062605ADDB6B06FBA90283E24CA3D6D3333D3803EFCFCFEA100899AF23A5E21649BD0EE751001CF7402508D0817CB570D0243A0BBE4C40657B11BE
                                                                                                  Malicious:false
                                                                                                  Preview:......JFIF.............C..............................................!........."$".$.......C.......................................................................v.0..".................................................................................@............................................................................................?+7r..O3q.3w.!..'..s......].v.7..^.qxQ..Z....@y.>.Y.O...4..|9.p.~.h..m..\.x.........?..i._.h.....YU.!...........................................................H...G....,5.....U..+.C....l..,...`A.z.V},..[.......;MX.e".D..I....[..y...kGYl..2...>..Ec?.hf...+.........Z..1..C3..fw.....5.c..[...............................................................".".-.+.....2.[i7jN4.........l.N......Y..........O...k.ff..+.g..5..9...........*IH.<.u.....c.[.vm..........#..;..>.X.}.:..Q.zI[.Q.R.A..rV...?...........................................................r.q......Xk..u....'.W.......T..'......L.......T|.6..R+y.....\.Q.l...d.....d|>....

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:PDF document, version 1.4, 1 pages
                                                                                                  Entropy (8bit):7.71171256065227
                                                                                                  TrID:
                                                                                                  • Adobe Portable Document Format (5005/1) 100.00%
                                                                                                  File name:Payout_receipt.pdf
                                                                                                  File size:30'871 bytes
                                                                                                  MD5:e048521fbbf986421ac498bb3bc1c1c7
                                                                                                  SHA1:4ec40c79e71773f919d71c648418c342ce958568
                                                                                                  SHA256:b4c9df77e1ce58cf19caef16109ad1f0bbfbd64c79f5dbec81263563575dabe0
                                                                                                  SHA512:ab57b51676e606ab997aebcca4b0c6fd855ee6dcc5fb9c1573af7b8ccdf35d45a15fccef2bf3e631972d828d5b42982e74d9bd4346d275c654f190ce3181cdb6
                                                                                                  SSDEEP:768:gDY8zEXVX2yZolsWc++NKJ9jekiW26kYQR1tVmjqlhw+geU3:gD3yVX2y1WvlJ9j7iW+YQREWsj3
                                                                                                  TLSH:71D26BB7C6566E4CE6D2C3F19B34FD88265FF15E00E224D130A30A226D94DC66823F6E
                                                                                                  File Content Preview:%PDF-1.4.1 0 obj.<<./Title (...E.m.p.l.o.y.e.e. .B.e.n.e.f.i.t. .B.o.n.u.s. .N.o.t.i.f.i.c.a.t.i.o.n)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20240927143329+01'00').>>.endobj.3 0 obj.<<./Type /ExtG

                                                                                                  File Icon

                                                                                                  Icon Hash:62cc8caeb29e8ae0

                                                                                                  Static PDF Info

                                                                                                  General

                                                                                                  Header:%PDF-1.4
                                                                                                  Total Entropy:7.711713
                                                                                                  Total Bytes:30871
                                                                                                  Stream Entropy:7.802967
                                                                                                  Stream Bytes:26631
                                                                                                  Entropy outside Streams:5.168244
                                                                                                  Bytes outside Streams:4240
                                                                                                  Number of EOF found:1
                                                                                                  Bytes after EOF:

                                                                                                  Keywords Statistics

                                                                                                  NameCount
                                                                                                  obj30
                                                                                                  endobj30
                                                                                                  stream9
                                                                                                  endstream9
                                                                                                  xref1
                                                                                                  trailer1
                                                                                                  startxref1
                                                                                                  /Page1
                                                                                                  /Encrypt0
                                                                                                  /ObjStm0
                                                                                                  /URI0
                                                                                                  /JS0
                                                                                                  /JavaScript0
                                                                                                  /AA0
                                                                                                  /OpenAction0
                                                                                                  /AcroForm0
                                                                                                  /JBIG2Decode0
                                                                                                  /RichMedia0
                                                                                                  /Launch0
                                                                                                  /EmbeddedFile0

                                                                                                  Image Streams

                                                                                                  IDDHASHMD5Preview
                                                                                                  682828282828282802ac8766628af67971208322db0009c41
                                                                                                  80000000000000000e0c85a9412706a65d550a30d3193fa35
                                                                                                  10410c070b0f0e0922833a0837a49d2ebcd423537e1131a4ea
                                                                                                  14595919130d455b59afd0f63f3dfa2a75350e565fc6630ae4

                                                                                                  Network Behavior

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Sep 27, 2024 16:40:06.352335930 CEST49672443192.168.2.6173.222.162.64
                                                                                                  Sep 27, 2024 16:40:12.955816984 CEST49710443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:12.955879927 CEST4434971020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:12.955946922 CEST49710443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:12.956573963 CEST49710443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:12.956585884 CEST4434971020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:13.569994926 CEST4434971020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:13.570100069 CEST49710443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:13.594146013 CEST49710443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:13.594180107 CEST4434971020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:13.594583035 CEST4434971020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:13.649077892 CEST49710443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:13.854830027 CEST49710443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:13.854904890 CEST49710443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:13.854916096 CEST4434971020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:13.855170965 CEST49710443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:13.899403095 CEST4434971020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:13.964744091 CEST4434971020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:13.966734886 CEST4434971020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:13.966806889 CEST49710443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:13.995338917 CEST49710443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:13.995364904 CEST4434971020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:15.648999929 CEST49673443192.168.2.6173.222.162.64
                                                                                                  Sep 27, 2024 16:40:15.649410009 CEST49674443192.168.2.6173.222.162.64
                                                                                                  Sep 27, 2024 16:40:15.961502075 CEST49672443192.168.2.6173.222.162.64
                                                                                                  Sep 27, 2024 16:40:17.389120102 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:17.389130116 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:17.390114069 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:17.390521049 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:17.390537977 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:17.826571941 CEST44349705173.222.162.64192.168.2.6
                                                                                                  Sep 27, 2024 16:40:17.826664925 CEST49705443192.168.2.6173.222.162.64
                                                                                                  Sep 27, 2024 16:40:18.069111109 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.180840969 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:18.217055082 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:18.217061996 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.219213009 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.219223022 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.219271898 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:18.225029945 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:18.225214958 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.231843948 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:18.231877089 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.294481993 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:18.469837904 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.469893932 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.469938040 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.469948053 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:18.469996929 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.470019102 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:18.470076084 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.470118046 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:18.834614038 CEST49716443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:18.834650040 CEST4434971618.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.844748020 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:18.844788074 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.844865084 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:18.845037937 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:18.845047951 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.722265959 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.724081993 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:19.724097967 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.725172997 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.725231886 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:19.736952066 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:19.737034082 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.737493992 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:19.737502098 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.821942091 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:19.930910110 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.930970907 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.931019068 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.931046009 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.931067944 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.931085110 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:19.931097984 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.931123972 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:19.931140900 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:19.936930895 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.942208052 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.942245007 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.942264080 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:19.942276955 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.942312956 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:19.948662996 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.948731899 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:19.949301958 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:19.949312925 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.013106108 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:20.018146992 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.018382072 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.018404961 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.018435955 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:20.018440962 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.018491983 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:20.018604040 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.018748999 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.018928051 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.018984079 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:20.018989086 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.019275904 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:20.019345045 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.019392967 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.019433022 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:20.019437075 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.024358034 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.024408102 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:20.024411917 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.024470091 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.024509907 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:20.024513006 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.025652885 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.025723934 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.025769949 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:20.147361994 CEST49719443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:20.147378922 CEST44349719199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.568952084 CEST49723443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:20.569000006 CEST4434972318.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.569277048 CEST49723443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:20.570730925 CEST49723443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:20.570749998 CEST4434972318.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.672465086 CEST49724443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:20.672528028 CEST44349724184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.672704935 CEST49724443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:20.674535990 CEST49724443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:20.674570084 CEST44349724184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.873706102 CEST49725443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:20.873747110 CEST4434972518.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.873806953 CEST49725443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:20.875549078 CEST49725443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:20.875561953 CEST4434972518.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.954391003 CEST49727443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:20.954437971 CEST4434972720.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:20.954500914 CEST49727443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:20.955460072 CEST49727443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:20.955481052 CEST4434972720.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.258096933 CEST4434972318.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.258954048 CEST49723443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.258980989 CEST4434972318.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.259339094 CEST4434972318.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.260469913 CEST49723443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.260538101 CEST4434972318.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.260703087 CEST49723443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.303402901 CEST4434972318.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.364361048 CEST44349724184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.364449024 CEST49724443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:21.369946003 CEST49724443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:21.369981050 CEST44349724184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.370419979 CEST44349724184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.440360069 CEST49724443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:21.483428001 CEST44349724184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.506067038 CEST49729443192.168.2.6142.250.185.132
                                                                                                  Sep 27, 2024 16:40:21.506108046 CEST44349729142.250.185.132192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.506166935 CEST49729443192.168.2.6142.250.185.132
                                                                                                  Sep 27, 2024 16:40:21.506510973 CEST49729443192.168.2.6142.250.185.132
                                                                                                  Sep 27, 2024 16:40:21.506522894 CEST44349729142.250.185.132192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.539953947 CEST4434972518.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.540427923 CEST49725443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.540489912 CEST4434972518.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.540849924 CEST4434972518.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.541671038 CEST49725443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.541745901 CEST4434972518.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.542071104 CEST49725443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.562638044 CEST4434972318.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.562696934 CEST4434972318.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.562737942 CEST49723443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.568461895 CEST49723443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.568480968 CEST4434972318.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.578047991 CEST4434972720.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.578104973 CEST49727443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:21.583408117 CEST4434972518.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.598936081 CEST49727443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:21.598953009 CEST4434972720.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.599317074 CEST4434972720.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.600660086 CEST49725443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.600756884 CEST4434972518.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.600826025 CEST49725443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.621191978 CEST49727443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:21.621249914 CEST49727443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:21.621256113 CEST4434972720.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.621411085 CEST49727443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:21.637042046 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.637078047 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.637375116 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.637406111 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:21.637412071 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.641093969 CEST44349724184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.641165018 CEST44349724184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.641227007 CEST49724443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:21.655155897 CEST49724443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:21.655170918 CEST44349724184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.663393021 CEST4434972720.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.710365057 CEST49731443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:21.710385084 CEST44349731184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.710752964 CEST49731443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:21.711687088 CEST49731443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:21.711698055 CEST44349731184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.732296944 CEST4434972720.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.732884884 CEST4434972720.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.732934952 CEST49727443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:21.733304024 CEST49727443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:21.733314037 CEST4434972720.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.733324051 CEST49727443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:21.794260025 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:21.794287920 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.794409037 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:21.795028925 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:21.795039892 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.041738033 CEST49734443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:22.041780949 CEST4434973418.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.041951895 CEST49734443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:22.042232990 CEST49734443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:22.042244911 CEST4434973418.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.172749996 CEST44349729142.250.185.132192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.174499989 CEST49729443192.168.2.6142.250.185.132
                                                                                                  Sep 27, 2024 16:40:22.174520016 CEST44349729142.250.185.132192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.175513029 CEST44349729142.250.185.132192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.175574064 CEST49729443192.168.2.6142.250.185.132
                                                                                                  Sep 27, 2024 16:40:22.177658081 CEST49729443192.168.2.6142.250.185.132
                                                                                                  Sep 27, 2024 16:40:22.177706003 CEST44349729142.250.185.132192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.228682995 CEST49729443192.168.2.6142.250.185.132
                                                                                                  Sep 27, 2024 16:40:22.228697062 CEST44349729142.250.185.132192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.320802927 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.321120977 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:22.321136951 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.322242022 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.322365999 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:22.322673082 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:22.322732925 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.322788954 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:22.367403030 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.386737108 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:22.386775970 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.399425030 CEST44349731184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.399653912 CEST49731443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:22.400882959 CEST49731443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:22.400907993 CEST44349731184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.401231050 CEST44349731184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.402985096 CEST49731443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:22.413470984 CEST49729443192.168.2.6142.250.185.132
                                                                                                  Sep 27, 2024 16:40:22.447401047 CEST44349731184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.489674091 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.490194082 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.490228891 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.491322994 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.491610050 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.491985083 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.492049932 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.492245913 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.507251978 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:22.539401054 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.605192900 CEST4434973418.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.641396046 CEST49734443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:22.641419888 CEST4434973418.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.642545938 CEST4434973418.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.642841101 CEST49734443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:22.642848969 CEST4434973418.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.642920971 CEST49734443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:22.682946920 CEST44349731184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.683136940 CEST44349731184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.683768034 CEST49731443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:22.691103935 CEST49734443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:22.691260099 CEST4434973418.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.691415071 CEST49734443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:22.700299025 CEST49731443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:22.700337887 CEST44349731184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.700355053 CEST49731443192.168.2.6184.28.90.27
                                                                                                  Sep 27, 2024 16:40:22.700361013 CEST44349731184.28.90.27192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.703404903 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.703510046 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.735411882 CEST4434973418.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.776715040 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.776797056 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.776839972 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.776870012 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.776936054 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.776969910 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.776969910 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.776988983 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.777218103 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.777241945 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.777252913 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.779418945 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.783371925 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.836131096 CEST4434973418.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.836211920 CEST49734443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:22.868172884 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.868226051 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.868261099 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.868318081 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.868323088 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.868335009 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.868371010 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.868385077 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.868390083 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.868506908 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.868570089 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.868576050 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.868722916 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.868767023 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.868782997 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.869280100 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.869322062 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.869337082 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.869343042 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.869385958 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.869486094 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.870174885 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.870222092 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.870244980 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.870260000 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.870306015 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.870378971 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.874581099 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.874633074 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.874676943 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.874682903 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.874725103 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.874743938 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.874777079 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:22.896373034 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.896399021 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.896419048 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.896461010 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:22.896469116 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.896482944 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:22.896483898 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:22.896564960 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:23.067586899 CEST49734443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.067627907 CEST4434973418.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.093928099 CEST49735443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.093972921 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.094037056 CEST49735443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.094224930 CEST49735443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.094237089 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.154272079 CEST49733443192.168.2.6199.232.188.159
                                                                                                  Sep 27, 2024 16:40:23.154299021 CEST44349733199.232.188.159192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.159240961 CEST49730443192.168.2.618.66.102.84
                                                                                                  Sep 27, 2024 16:40:23.159256935 CEST4434973018.66.102.84192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.672274113 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.672662973 CEST49735443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.672688007 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.673794985 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.673861027 CEST49735443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.673880100 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.673919916 CEST49735443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.674221992 CEST49735443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.674285889 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.674638033 CEST49735443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.674652100 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.725624084 CEST49735443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.839566946 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.839601994 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.839631081 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.839653015 CEST49735443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.839682102 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.839704990 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:23.839744091 CEST49735443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.841563940 CEST49735443192.168.2.618.207.85.246
                                                                                                  Sep 27, 2024 16:40:23.841594934 CEST4434973518.207.85.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.013375044 CEST49737443192.168.2.623.203.104.175
                                                                                                  Sep 27, 2024 16:40:26.013423920 CEST4434973723.203.104.175192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.013622046 CEST49737443192.168.2.623.203.104.175
                                                                                                  Sep 27, 2024 16:40:26.013829947 CEST49737443192.168.2.623.203.104.175
                                                                                                  Sep 27, 2024 16:40:26.013839006 CEST4434973723.203.104.175192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.054068089 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:26.054116011 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.054184914 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:26.055139065 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:26.055154085 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.594022036 CEST4434973723.203.104.175192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.594547033 CEST49737443192.168.2.623.203.104.175
                                                                                                  Sep 27, 2024 16:40:26.594611883 CEST4434973723.203.104.175192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.595676899 CEST4434973723.203.104.175192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.595751047 CEST49737443192.168.2.623.203.104.175
                                                                                                  Sep 27, 2024 16:40:26.599858046 CEST49737443192.168.2.623.203.104.175
                                                                                                  Sep 27, 2024 16:40:26.599939108 CEST4434973723.203.104.175192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.600090027 CEST49737443192.168.2.623.203.104.175
                                                                                                  Sep 27, 2024 16:40:26.600106955 CEST4434973723.203.104.175192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.642549992 CEST49737443192.168.2.623.203.104.175
                                                                                                  Sep 27, 2024 16:40:26.701673985 CEST4434973723.203.104.175192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.701756954 CEST4434973723.203.104.175192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.701812983 CEST49737443192.168.2.623.203.104.175
                                                                                                  Sep 27, 2024 16:40:26.702821016 CEST49737443192.168.2.623.203.104.175
                                                                                                  Sep 27, 2024 16:40:26.702857971 CEST4434973723.203.104.175192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.913628101 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.913822889 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:26.916193008 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:26.916207075 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.916544914 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:26.970659018 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:26.979818106 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:27.027446032 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.254080057 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.254220963 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.254247904 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.254267931 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.254312992 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:27.254334927 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.254360914 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.254370928 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:27.254393101 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:27.254394054 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.254427910 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:27.254625082 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.254637957 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:27.254647970 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.254676104 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:27.254872084 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:27.254885912 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.255738020 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.255836964 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:27.263336897 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:27.263354063 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:27.263391972 CEST49738443192.168.2.620.114.59.183
                                                                                                  Sep 27, 2024 16:40:27.263397932 CEST4434973820.114.59.183192.168.2.6
                                                                                                  Sep 27, 2024 16:40:32.084063053 CEST44349729142.250.185.132192.168.2.6
                                                                                                  Sep 27, 2024 16:40:32.084130049 CEST44349729142.250.185.132192.168.2.6
                                                                                                  Sep 27, 2024 16:40:32.084219933 CEST49729443192.168.2.6142.250.185.132
                                                                                                  Sep 27, 2024 16:40:32.832073927 CEST49729443192.168.2.6142.250.185.132
                                                                                                  Sep 27, 2024 16:40:32.832098007 CEST44349729142.250.185.132192.168.2.6
                                                                                                  Sep 27, 2024 16:40:32.870162964 CEST49742443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:32.870214939 CEST4434974220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:32.870313883 CEST49742443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:32.870949030 CEST49742443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:32.870969057 CEST4434974220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:33.477467060 CEST4434974220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:33.477579117 CEST49742443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:33.480803013 CEST49742443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:33.480822086 CEST4434974220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:33.481111050 CEST4434974220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:33.483160019 CEST49742443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:33.483213902 CEST49742443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:33.483221054 CEST4434974220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:33.483381033 CEST49742443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:33.523449898 CEST4434974220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:33.592762947 CEST4434974220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:33.593611956 CEST49742443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:33.593631983 CEST4434974220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:33.593658924 CEST49742443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:33.593688965 CEST49742443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:50.686692953 CEST49743443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:50.686741114 CEST4434974320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:50.686846972 CEST49743443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:50.687499046 CEST49743443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:50.687509060 CEST4434974320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:51.358957052 CEST4434974320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:51.359070063 CEST49743443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:51.362874985 CEST49743443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:51.362888098 CEST4434974320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:51.363126040 CEST4434974320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:51.365000963 CEST49743443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:51.365067005 CEST49743443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:51.365071058 CEST4434974320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:51.365252972 CEST49743443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:51.411403894 CEST4434974320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:51.477075100 CEST4434974320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:51.477683067 CEST49743443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:51.477711916 CEST4434974320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:40:51.477734089 CEST49743443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:40:51.477760077 CEST49743443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:03.686595917 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:03.686641932 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:03.686745882 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:03.687271118 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:03.687287092 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.388041019 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.388123989 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:04.389911890 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:04.389920950 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.390284061 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.399957895 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:04.443393946 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.657253981 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.657279968 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.657299042 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.657393932 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:04.657421112 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.657469988 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:04.658190966 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.658226013 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.658252954 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:04.658258915 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.658282042 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:04.658462048 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.658507109 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:04.662120104 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:04.662136078 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:04.662147045 CEST49744443192.168.2.652.165.165.26
                                                                                                  Sep 27, 2024 16:41:04.662152052 CEST4434974452.165.165.26192.168.2.6
                                                                                                  Sep 27, 2024 16:41:12.473596096 CEST49745443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:12.473659992 CEST4434974520.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:12.473790884 CEST49745443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:12.474983931 CEST49745443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:12.475002050 CEST4434974520.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:13.073489904 CEST4434974520.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:13.073591948 CEST49745443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:13.075229883 CEST49745443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:13.075243950 CEST4434974520.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:13.075484037 CEST4434974520.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:13.095449924 CEST49745443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:13.095530033 CEST49745443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:13.095536947 CEST4434974520.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:13.095736027 CEST49745443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:13.139405012 CEST4434974520.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:13.203663111 CEST4434974520.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:13.204184055 CEST49745443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:13.204205036 CEST4434974520.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:13.204224110 CEST49745443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:13.204263926 CEST49745443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:22.465610027 CEST49747443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:41:22.465658903 CEST44349747216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:41:22.465781927 CEST49747443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:41:22.466031075 CEST49747443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:41:22.466048956 CEST44349747216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:41:23.100915909 CEST44349747216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:41:23.101319075 CEST49747443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:41:23.101336956 CEST44349747216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:41:23.101655960 CEST44349747216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:41:23.101999044 CEST49747443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:41:23.102077961 CEST44349747216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:41:23.147063971 CEST49747443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:41:33.005928040 CEST44349747216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:41:33.006016016 CEST44349747216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:41:33.006300926 CEST49747443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:41:34.838464975 CEST49747443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:41:34.838525057 CEST44349747216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:41:39.807986021 CEST49748443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:39.808062077 CEST4434974820.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:39.808232069 CEST49748443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:39.810072899 CEST49748443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:39.810103893 CEST4434974820.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:40.531800032 CEST4434974820.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:40.532114983 CEST49748443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:40.537302971 CEST49748443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:40.537321091 CEST4434974820.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:40.537539959 CEST4434974820.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:40.541383028 CEST49748443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:40.541471958 CEST49748443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:40.541486979 CEST4434974820.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:40.541639090 CEST49748443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:40.587399960 CEST4434974820.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:40.677921057 CEST4434974820.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:40.678679943 CEST4434974820.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:40.678747892 CEST49748443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:40.678867102 CEST49748443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:40.678900003 CEST4434974820.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:41:40.678925991 CEST49748443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:41:45.834815979 CEST4970480192.168.2.693.184.221.240
                                                                                                  Sep 27, 2024 16:41:45.841547966 CEST804970493.184.221.240192.168.2.6
                                                                                                  Sep 27, 2024 16:41:45.841742992 CEST4970480192.168.2.693.184.221.240
                                                                                                  Sep 27, 2024 16:42:10.379543066 CEST49750443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:10.379579067 CEST4434975020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:10.379720926 CEST49750443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:10.380768061 CEST49750443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:10.380778074 CEST4434975020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:11.014632940 CEST4434975020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:11.014811993 CEST49750443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:11.019917965 CEST49750443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:11.019928932 CEST4434975020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:11.020139933 CEST4434975020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:11.022485971 CEST49750443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:11.022552013 CEST49750443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:11.022557020 CEST4434975020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:11.022689104 CEST49750443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:11.067399025 CEST4434975020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:11.130515099 CEST4434975020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:11.131109953 CEST4434975020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:11.131246090 CEST49750443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:11.131287098 CEST49750443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:11.131287098 CEST49750443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:11.131298065 CEST4434975020.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:21.618633032 CEST49751443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:42:21.618679047 CEST44349751216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:42:21.618828058 CEST49751443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:42:21.619611025 CEST49751443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:42:21.619628906 CEST44349751216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:42:22.252722025 CEST44349751216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:42:22.253456116 CEST49751443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:42:22.253475904 CEST44349751216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:42:22.253757954 CEST44349751216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:42:22.254724026 CEST49751443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:42:22.254782915 CEST44349751216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:42:22.303302050 CEST49751443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:42:32.162658930 CEST44349751216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:42:32.162719965 CEST44349751216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:42:32.162959099 CEST49751443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:42:32.838193893 CEST49751443192.168.2.6216.58.206.68
                                                                                                  Sep 27, 2024 16:42:32.838222980 CEST44349751216.58.206.68192.168.2.6
                                                                                                  Sep 27, 2024 16:42:44.384901047 CEST49752443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:44.384924889 CEST4434975220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:44.385044098 CEST49752443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:44.386905909 CEST49752443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:44.386919022 CEST4434975220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:44.982346058 CEST4434975220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:44.982517004 CEST49752443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:44.987941980 CEST49752443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:44.987947941 CEST4434975220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:44.988265038 CEST4434975220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:44.992016077 CEST49752443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:44.992091894 CEST49752443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:44.992095947 CEST4434975220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:44.992238045 CEST49752443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:45.039402008 CEST4434975220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:45.097213984 CEST4434975220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:45.097687960 CEST4434975220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:42:45.097974062 CEST49752443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:45.098126888 CEST49752443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:42:45.098134995 CEST4434975220.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:43:25.867520094 CEST49753443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:43:25.867559910 CEST4434975320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:43:25.867682934 CEST49753443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:43:25.870342016 CEST49753443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:43:25.870357037 CEST4434975320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:43:26.467406034 CEST4434975320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:43:26.467488050 CEST49753443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:43:26.469295979 CEST49753443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:43:26.469305038 CEST4434975320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:43:26.469521999 CEST4434975320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:43:26.480545998 CEST49753443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:43:26.480628014 CEST49753443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:43:26.480634928 CEST4434975320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:43:26.480743885 CEST49753443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:43:26.523430109 CEST4434975320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:43:26.591053009 CEST4434975320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:43:26.591583014 CEST49753443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:43:26.591604948 CEST4434975320.7.1.246192.168.2.6
                                                                                                  Sep 27, 2024 16:43:26.591681957 CEST49753443192.168.2.620.7.1.246
                                                                                                  Sep 27, 2024 16:43:26.591718912 CEST49753443192.168.2.620.7.1.246

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Sep 27, 2024 16:40:17.253016949 CEST5964353192.168.2.61.1.1.1
                                                                                                  Sep 27, 2024 16:40:17.253017902 CEST6118153192.168.2.61.1.1.1
                                                                                                  Sep 27, 2024 16:40:17.261872053 CEST53614691.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:17.299745083 CEST53611811.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:17.300932884 CEST53596431.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:17.314011097 CEST53500091.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.836014986 CEST5178653192.168.2.61.1.1.1
                                                                                                  Sep 27, 2024 16:40:18.836312056 CEST5919153192.168.2.61.1.1.1
                                                                                                  Sep 27, 2024 16:40:18.842839956 CEST53517861.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.843374014 CEST53591911.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.922800064 CEST53504091.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:18.927483082 CEST53545531.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.496967077 CEST6405953192.168.2.61.1.1.1
                                                                                                  Sep 27, 2024 16:40:21.497208118 CEST6302553192.168.2.61.1.1.1
                                                                                                  Sep 27, 2024 16:40:21.503999949 CEST53630251.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.504453897 CEST53640591.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.786514044 CEST4962253192.168.2.61.1.1.1
                                                                                                  Sep 27, 2024 16:40:21.786722898 CEST6250753192.168.2.61.1.1.1
                                                                                                  Sep 27, 2024 16:40:21.793478966 CEST53625071.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:21.793580055 CEST53496221.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:36.034262896 CEST53616011.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:40:54.969738007 CEST53559721.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:41:17.130765915 CEST53646511.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:41:17.625751972 CEST53645681.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:41:21.554699898 CEST5613153192.168.2.61.1.1.1
                                                                                                  Sep 27, 2024 16:41:21.554841042 CEST5149953192.168.2.61.1.1.1
                                                                                                  Sep 27, 2024 16:41:22.463258982 CEST53561311.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:41:22.463324070 CEST53514991.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:41:45.547082901 CEST53619321.1.1.1192.168.2.6
                                                                                                  Sep 27, 2024 16:42:32.110407114 CEST53576901.1.1.1192.168.2.6

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                  Sep 27, 2024 16:40:17.253016949 CEST192.168.2.61.1.1.10x6947Standard query (0)main.d3engbxc9elyir.amplifyapp.comA (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:17.253017902 CEST192.168.2.61.1.1.10x9026Standard query (0)main.d3engbxc9elyir.amplifyapp.com65IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:18.836014986 CEST192.168.2.61.1.1.10xccd0Standard query (0)pbs.twimg.comA (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:18.836312056 CEST192.168.2.61.1.1.10x84e8Standard query (0)pbs.twimg.com65IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:21.496967077 CEST192.168.2.61.1.1.10x6f6eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:21.497208118 CEST192.168.2.61.1.1.10xadfaStandard query (0)www.google.com65IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:21.786514044 CEST192.168.2.61.1.1.10x5c3fStandard query (0)pbs.twimg.comA (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:21.786722898 CEST192.168.2.61.1.1.10x85ceStandard query (0)pbs.twimg.com65IN (0x0001)false
                                                                                                  Sep 27, 2024 16:41:21.554699898 CEST192.168.2.61.1.1.10x5daStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:41:21.554841042 CEST192.168.2.61.1.1.10x4ae2Standard query (0)www.google.com65IN (0x0001)false

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                  Sep 27, 2024 16:40:17.300932884 CEST1.1.1.1192.168.2.60x6947No error (0)main.d3engbxc9elyir.amplifyapp.com18.66.102.84A (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:17.300932884 CEST1.1.1.1192.168.2.60x6947No error (0)main.d3engbxc9elyir.amplifyapp.com18.66.102.36A (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:17.300932884 CEST1.1.1.1192.168.2.60x6947No error (0)main.d3engbxc9elyir.amplifyapp.com18.66.102.22A (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:17.300932884 CEST1.1.1.1192.168.2.60x6947No error (0)main.d3engbxc9elyir.amplifyapp.com18.66.102.75A (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:18.842839956 CEST1.1.1.1192.168.2.60xccd0No error (0)pbs.twimg.comdualstack.twimg.twitter.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:18.842839956 CEST1.1.1.1192.168.2.60xccd0No error (0)dualstack.twimg.twitter.map.fastly.net199.232.188.159A (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:18.843374014 CEST1.1.1.1192.168.2.60x84e8No error (0)pbs.twimg.comdualstack.twimg.twitter.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:21.503999949 CEST1.1.1.1192.168.2.60xadfaNo error (0)www.google.com65IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:21.504453897 CEST1.1.1.1192.168.2.60x6f6eNo error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:21.793478966 CEST1.1.1.1192.168.2.60x85ceNo error (0)pbs.twimg.comdualstack.twimg.twitter.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:21.793580055 CEST1.1.1.1192.168.2.60x5c3fNo error (0)pbs.twimg.comdualstack.twimg.twitter.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:40:21.793580055 CEST1.1.1.1192.168.2.60x5c3fNo error (0)dualstack.twimg.twitter.map.fastly.net199.232.188.159A (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:41:22.463258982 CEST1.1.1.1192.168.2.60x5daNo error (0)www.google.com216.58.206.68A (IP address)IN (0x0001)false
                                                                                                  Sep 27, 2024 16:41:22.463324070 CEST1.1.1.1192.168.2.60x4ae2No error (0)www.google.com65IN (0x0001)false

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • main.d3engbxc9elyir.amplifyapp.com
                                                                                                  • https:
                                                                                                    • pbs.twimg.com
                                                                                                    • p13n.adobe.io
                                                                                                  • fs.microsoft.com
                                                                                                  • armmf.adobe.com
                                                                                                  • slscr.update.microsoft.com

                                                                                                  HTTPS Proxied Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  0192.168.2.64971020.7.1.246443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:13 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 6e 58 2f 65 6d 4b 33 73 45 6d 68 31 2b 68 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 65 36 39 32 62 39 65 33 32 32 32 38 37 33 34 0d 0a 0d 0a
                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: GnX/emK3sEmh1+h4.1Context: 7e692b9e32228734
                                                                                                  2024-09-27 14:40:13 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                  2024-09-27 14:40:13 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 47 6e 58 2f 65 6d 4b 33 73 45 6d 68 31 2b 68 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 65 36 39 32 62 39 65 33 32 32 32 38 37 33 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 58 39 31 72 6a 68 64 48 4b 36 73 4c 44 50 58 4d 70 5a 54 32 2b 71 74 78 35 77 31 32 79 50 4c 76 69 62 70 75 37 4c 6a 77 77 4a 37 51 33 43 32 6e 59 7a 58 63 79 43 4f 42 50 68 56 32 49 37 6c 50 2f 70 49 62 71 31 55 63 7a 49 47 66 2b 38 77 63 32 71 4c 47 50 75 4d 62 46 6e 4f 31 77 37 46 39 75 55 4d 51 73 76 30 6c 4f 6e 55
                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: GnX/emK3sEmh1+h4.2Context: 7e692b9e32228734<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfUX91rjhdHK6sLDPXMpZT2+qtx5w12yPLvibpu7LjwwJ7Q3C2nYzXcyCOBPhV2I7lP/pIbq1UczIGf+8wc2qLGPuMbFnO1w7F9uUMQsv0lOnU
                                                                                                  2024-09-27 14:40:13 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 6e 58 2f 65 6d 4b 33 73 45 6d 68 31 2b 68 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 65 36 39 32 62 39 65 33 32 32 32 38 37 33 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: GnX/emK3sEmh1+h4.3Context: 7e692b9e32228734<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                  2024-09-27 14:40:13 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                  2024-09-27 14:40:13 UTC58INData Raw: 4d 53 2d 43 56 3a 20 63 7a 39 30 4a 76 41 30 46 55 32 53 73 56 6f 32 6a 71 49 65 69 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                  Data Ascii: MS-CV: cz90JvA0FU2SsVo2jqIeiA.0Payload parsing failed.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  1192.168.2.64971618.66.102.844438040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:18 UTC677OUTGET / HTTP/1.1
                                                                                                  Host: main.d3engbxc9elyir.amplifyapp.com
                                                                                                  Connection: keep-alive
                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                  Upgrade-Insecure-Requests: 1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                  Sec-Fetch-Site: none
                                                                                                  Sec-Fetch-Mode: navigate
                                                                                                  Sec-Fetch-User: ?1
                                                                                                  Sec-Fetch-Dest: document
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  2024-09-27 14:40:18 UTC564INHTTP/1.1 200 OK
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 4343
                                                                                                  Connection: close
                                                                                                  Date: Fri, 27 Sep 2024 09:42:54 GMT
                                                                                                  Server: AmazonS3
                                                                                                  Accept-Ranges: bytes
                                                                                                  ETag: "029912fa35a1fe0ffd93c74661b3f40c"
                                                                                                  Last-Modified: Fri, 27 Sep 2024 09:39:59 GMT
                                                                                                  Cache-Control: public, max-age=0, s-maxage=31536000
                                                                                                  Vary: Accept-Encoding
                                                                                                  X-Cache: Hit from cloudfront
                                                                                                  Via: 1.1 21c2c1b3872c539a34b64bcf45f4054c.cloudfront.net (CloudFront)
                                                                                                  X-Amz-Cf-Pop: FRA56-P2
                                                                                                  Alt-Svc: h3=":443"; ma=86400
                                                                                                  X-Amz-Cf-Id: 7Jg-un_BFHcXGp8SWRMf21zPJN2xB9gcollCj17o2sQ_5WBcHXmqwQ==
                                                                                                  Age: 17844
                                                                                                  2024-09-27 14:40:18 UTC4343INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 65 63 75 72 69 74 79 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 21 2d 2d 20 53 65 63 75 72 69 74 79 20 48 65 61 64 65 72 73 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f
                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Security Check</title> ... Security Headers --> <meta name="robots" content="noindex, nofollo


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  2192.168.2.649719199.232.188.1594438040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:19 UTC634OUTGET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1
                                                                                                  Host: pbs.twimg.com
                                                                                                  Connection: keep-alive
                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                  Sec-Fetch-Dest: image
                                                                                                  Referer: https://main.d3engbxc9elyir.amplifyapp.com/
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  2024-09-27 14:40:19 UTC740INHTTP/1.1 200 OK
                                                                                                  Connection: close
                                                                                                  Content-Length: 39755
                                                                                                  perf: 7402827104
                                                                                                  cache-tag: media,media/bucket/3,media/1759449449804234752
                                                                                                  content-type: image/jpeg
                                                                                                  cache-control: max-age=604800, must-revalidate
                                                                                                  last-modified: Mon, 19 Feb 2024 05:24:52 GMT
                                                                                                  x-transaction-id: f067b583c6195c32
                                                                                                  timing-allow-origin: https://twitter.com, https://mobile.twitter.com
                                                                                                  strict-transport-security: max-age=631138519
                                                                                                  access-control-allow-origin: *
                                                                                                  access-control-expose-headers: Content-Length
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  Accept-Ranges: bytes
                                                                                                  Date: Fri, 27 Sep 2024 14:40:19 GMT
                                                                                                  X-Cache: HIT, HIT
                                                                                                  x-tw-cdn: FT
                                                                                                  x-served-by: cache-lhr-egll1980036-LHR, cache-muc13982-MUC, cache-tw-ZZZ1
                                                                                                  Server-Timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
                                                                                                  2024-09-27 14:40:19 UTC1379INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c2 00 11 08 02 76 07 30 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 01 00 03 01 01 01 01 01 00 00 00 00 00 00 00 00 00 05 06 07 01 04 03 02 08 ff c4 00 1b 01 01 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 03 06 02 04 05 01 07 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 d9 40 00 00 00
                                                                                                  Data Ascii: JFIFC!"$"$Cv0"@
                                                                                                  2024-09-27 14:40:19 UTC1379INData Raw: 2c 39 d2 7f 38 0e f0 3b ce f0 3a 39 d0 38 3b c0 eb 83 bc e8 e1 d3 8e f0 e9 c1 de 07 41 ce f0 03 a0 71 d3 80 eb 80 74 e1 d3 9d e7 47 00 ef 0e 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 1b 25 1b 24 79 c1 cb 25 6f a0 00 04 ec 14 ec 13 5b 2b 96 3a ef ce 6e dc 1c bd a0 00 02 5e 6e 12 6e d3 c9 3a e8 6b f1 d1 cf c7 e3 2a 2f 1e 1a 17 b0 bd 4f e3 97 d2 de e8 e3 bc 3b c0 3a 1c 74 e7 79 d3 8e 80 39 d0 e7 43 8e f0 3b c2 13 c9 53 8a 36 73 cc 7a 7b 48 b4 9e de 87 3a 1c 74 73 bc e9 c7 78 77 9d 1c 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii: ,98;:98;AqtG%$y%o[+:n^nn:k*/O;:ty9C;S6sz{H:tsxwt
                                                                                                  2024-09-27 14:40:19 UTC1379INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii:
                                                                                                  2024-09-27 14:40:19 UTC1379INData Raw: 00 00 00 00 67 f5 6b 4d 58 d7 72 6d 97 05 36 ea 35 ce 00 f0 5e 32 ab 89 0a 83 d5 8f 16 41 b0 51 08 bd 52 af 7b 00 ae d7 7f 36 e2 81 a6 66 36 22 ee 08 7c e3 5f fe 70 34 fa ae b9 4d 24 2a 7f 3d 80 cb f5 0f e7 4f e8 52 0a bb 41 fe 83 32 9b df 70 b3 76 ce 35 ff 00 e7 03 4f aa eb 94 d2 42 a7 f3 d8 0c bf 50 fe 74 fe 81 20 60 69 da 11 5c d3 f0 5d 28 85 fb f8 a4 ca e5 d6 77 1c 36 0f e7 df e9 cf e7 13 51 be 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 e7 9e ad 68 86 35 ac 17 7a c2 0d 96 02 4e b4 42 eb 59 0d dc a2 56 f7 ea 71 65 a1 f3 f6 4b 5e e8 17 73 d0 0a f5 4e 9d b1 99 cd 9a bd 3c 5f 80 fe 73 fe 8c fe 73 3f
                                                                                                  Data Ascii: gkMXrm65^2AQR{6f6"|_p4M$*=ORA2pv5OBPt `i\](w6Q(h5zNBYVqeK^sN<_ss?
                                                                                                  2024-09-27 14:40:19 UTC1379INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1f ff c4 00 35 10 00 02 02 01 02 04 05 03 03 03 04 02 03 00 00 00 04 05 02 03 01 00 06 14 15 34 35 10 11 12 13 30 20 33 70 21 32 36 16 31 40 22 24 25 60 50 80 90 a0 c0 ff da 00 08 01 01 00 01 05 02 ff 00 dd 3b ac 8d 35 73 60 b5 cd 82
                                                                                                  Data Ascii: 5450 3p!261@"$%`P;5s`
                                                                                                  2024-09-27 14:40:19 UTC1379INData Raw: 87 3e 78 45 7e 87 47 44 33 ab 52 55 65 ab 96 c0 3b 7c 4c 52 2d f9 92 1b 75 14 36 e8 45 22 d1 9d 67 1e 78 bd 15 59 d6 51 5f aa 50 fe a2 8d 48 d0 f0 2d 38 d7 66 48 6e d4 10 d9 e6 1a b1 47 cf 83 15 b0 32 ea 92 55 5d 9e 06 89 49 75 d8 86 cf 3a 90 cf ce b8 fa 2b fc 30 65 59 bc 6e 49 6e b9 25 ba e4 96 eb 92 5b ae 49 6e b9 25 ba e4 96 eb 92 5b ae 49 6e 96 ad 98 a4 9b 4e 6f a3 95 59 ae 55 66 b9 55 9a e5 56 6b 95 59 ae 55 66 b9 55 9a e5 56 6b 95 59 a5 e2 48 69 7e 50 22 cc 53 4f 37 ab 5c e2 ad 73 7a b5 cd ea d7 37 ab 5c de ad 73 8a b5 cd ea d7 37 ab 42 30 81 37 5d 66 2a 87 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 51 7e 2e cf e5 06 7d 07 c2 8f ae 3f a7 f8 56 fe ef aa 72 8c 23 73 91 21 9e 7d 56 ab 76 2c b4 3d f5 11 0f f2 18 b2 a8 3c 84 e2 ab
                                                                                                  Data Ascii: >xE~GD3RUe;|LR-u6E"gxYQ_PH-8fHnG2U]Iu:+0eYnIn%[In%[InNoYUfUVkYUfUVkYHi~P"SO7\sz7\s7B07]f*qqqqQ~.}?Vr#s!}Vv,=<
                                                                                                  2024-09-27 14:40:19 UTC1379INData Raw: 95 6e 5e 67 92 36 f4 dd 44 25 99 33 22 78 3c 6b 52 ca 40 cb d6 74 16 c9 ca 72 c2 22 b2 c5 f0 66 c2 95 f0 27 74 93 6d a7 bf b6 76 c9 fb 91 6f fe a0 0f 0b 0b 72 f6 51 45 b8 ee b8 ad 3a 6e 3a c8 0d 76 e3 61 59 2d 9d ab bd 43 31 d9 52 cd 85 2b e0 4e e9 26 db 4f 7f 6c ed 93 f7 22 df fd 40 1e 16 16 e5 ec a2 8b 71 dd 71 5a 74 e2 b0 33 64 b7 54 e0 06 e6 22 ab e5 74 38 66 3b 9c 88 48 5d c5 98 2b 31 c3 fa b3 b6 dc e5 8e 1c 48 fc 08 44 6d 89 34 d9 b9 fd ef c6 3b eb b5 ec 7e ef ad d9 df d5 76 bd e3 d8 f6 27 59 bb 71 3c a2 da 6d e9 0e 37 c2 a2 c4 4a 35 82 2c df da d8 fd a3 c7 75 28 30 e2 92 8b 30 d5 ef 8b e8 b7 3b 2a 5e a4 de 2d e3 88 b6 04 4a 02 1f 7c 53 19 2e d9 02 d1 79 1a 6b 0c 0a e2 eb 23 55 02 fa 9a bd c7 e9 a7 41 e0 e5 aa 0b 98 2c 34 de 38 8b 60 44 a0 21 f7 c5
                                                                                                  Data Ascii: n^g6D%3"x<kR@tr"f'tmvorQE:n:vaY-C1R+N&Ol"@qqZt3dT"t8f;H]+1HDm4;~v'Yq<m7J5,u(00;*^-J|S.yk#UA,48`D!
                                                                                                  2024-09-27 14:40:19 UTC1379INData Raw: 9f 16 dd b4 41 b4 57 57 60 d1 58 fb ed cf 63 c2 b0 62 f7 01 b0 93 7e 1d 56 5e 95 4e 2a b2 16 d5 ff 00 71 62 1d 67 6e e8 ed 75 d8 96 e8 ae 14 ed c7 1e ee 66 7d 0f 6c 0e eb a2 02 07 10 77 95 78 a4 62 36 a5 b8 7c b8 67 b7 e0 b0 8a a5 fc c5 db 34 e6 85 3b 82 91 88 5f 6e 1f 2e 19 f1 15 95 b5 5f 17 01 c1 71 07 79 56 77 f0 75 f0 8e 14 57 99 7f 47 03 ed f0 1b 2f d3 ec b6 ed 5b 47 d1 c8 97 e2 39 de 21 93 c9 f5 b5 85 e1 93 eb 76 0f ef a6 cf fc e9 81 dd cc a6 da 38 96 ec de bd 99 bf 75 af f9 b2 58 b3 99 d7 8a c2 6d f4 ce cc 2c dc a3 53 c0 d4 ab d5 70 5b 72 0e 32 b1 58 a4 c3 71 68 42 8f 38 85 b1 22 1b b9 14 71 fd 46 db 05 4b 77 38 19 c5 c1 01 1c c0 1d d7 fa b1 63 91 70 13 6c 0f 36 3b bb b0 b7 f7 65 23 e8 7b 60 65 d5 ed d2 c7 22 e0 27 f8 f5 93 b6 b3 cb 9a 5f fc d9 6c
                                                                                                  Data Ascii: AWW`Xcb~V^N*qbgnuf}lwxb6|g4;_n._qyVwuWG/[G9!v8uXm,Sp[r2XqhB8"qFKw8cpl6;e#{`e"'_l
                                                                                                  2024-09-27 14:40:19 UTC1379INData Raw: fd 7f 9a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 33 f4 6c 8c c5 f9 1c c5 f9 1c c5 f9 1c c5 f9 1c c2 cf 69 34 99 91 08 83 92 ab 2b 69 82 18 5b c6 43 0b 78 c8 61 6f 19 0c 2d e3 20 e2 93 49 22 4c b5 fb fe 9f 3f ff c4 00 4f 10 00 01 02 03 03 07 06 0c 03 05 05 06 07 00 00 00 01 02 03 00 04 11 12 21 31 05 10 13 22 32 41 71 33 42 51 61 72 91 14 20 23 30 52 70 73 81 82 a1 b1 c1 62 92 d1 15 34 40 43 f0 63 83 b2 c2 e1 24 50 60 74 a2 f1 53 80 90 a0 a3 c0 d2 ff da 00 08 01 01 00 06 3f 02 ff 00 ce 99 71 7b 23 18 e5 15 f9 63 94 57 e5 8e 51 5f 96 39 43 f9 63 94 57 e5 8e 51 5f 96 39 45 7e 58 e5 0f e5 8e 51 5f 96 34 6d 28 95 70 8b 6b 34 11 b6
                                                                                                  Data Ascii: IXgZIXgZIXgZIXgZ3li4+i[Cxao- I"L?O!1"2Aq3BQar #0Rpsb4@Cc$P`tS?q{#cWQ_9CcWQ_9E~XQ_4m(pk4
                                                                                                  2024-09-27 14:40:19 UTC1379INData Raw: 43 dd b3 0b ec 67 33 4c 8a fa 63 ef 9a c8 72 d0 fc 57 c5 2d 25 1d 91 15 30 26 9e 14 03 60 42 fb 26 3c 8b 85 3d 51 7a 1a 3e e8 1a 52 28 30 02 12 d2 07 13 d1 01 23 00 29 06 69 a1 54 1d a1 d1 9a cd b0 b1 f8 84 59 b6 10 3f 08 cd e1 4f 0a 1e 60 fb e6 47 62 1a ed 8c ee 5d 72 8d a1 01 c6 d5 65 42 2c da 40 eb 09 86 c9 bc 94 8f 53 2f 70 f3 5f 09 83 c4 79 a7 38 78 ca 64 aa c8 3b e3 97 5f 74 21 a0 6b 64 53 32 da 56 0a 14 8e 5d 7d d0 12 9c 00 a6 6d 12 94 53 7d 6e 8e 5d 7d d0 86 41 a8 4e f8 0d a9 65 34 35 ba 39 75 f7 42 51 e8 8a 66 f2 a8 bf d2 18 c7 92 7c 53 f1 08 bd e6 e2 af 2c b9 d5 80 cc a5 e9 d7 ac 6b 84 17 12 e2 95 51 4b c7 89 68 55 a5 74 a6 35 5f 41 e2 23 59 f4 0e 02 2d 2a ae ab f1 66 20 ef 8a b2 f2 93 d4 6f 8e 59 b8 f2 cf fe 51 16 19 45 9f be 7b 48 ab 4a ea c2
                                                                                                  Data Ascii: Cg3LcrW-%0&`B&<=Qz>R(0#)iTY?O`Gb]reB,@S/p_y8xd;_t!kdS2V]}mS}n]}ANe459uBQf|S,kQKhUt5_A#Y-*f oYQE{HJ


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  3192.168.2.64972318.66.102.844438040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:21 UTC845OUTGET / HTTP/1.1
                                                                                                  Host: main.d3engbxc9elyir.amplifyapp.com
                                                                                                  Connection: keep-alive
                                                                                                  Cache-Control: max-age=0
                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                  Upgrade-Insecure-Requests: 1
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                  Sec-Fetch-Mode: navigate
                                                                                                  Sec-Fetch-Dest: document
                                                                                                  Referer: https://main.d3engbxc9elyir.amplifyapp.com/
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  If-None-Match: "029912fa35a1fe0ffd93c74661b3f40c"
                                                                                                  If-Modified-Since: Fri, 27 Sep 2024 09:39:59 GMT
                                                                                                  2024-09-27 14:40:21 UTC459INHTTP/1.1 304 Not Modified
                                                                                                  Connection: close
                                                                                                  Date: Fri, 27 Sep 2024 14:40:21 GMT
                                                                                                  Server: AmazonS3
                                                                                                  ETag: "029912fa35a1fe0ffd93c74661b3f40c"
                                                                                                  Cache-Control: public, max-age=0, s-maxage=31536000
                                                                                                  Vary: Accept-Encoding
                                                                                                  X-Cache: Hit from cloudfront
                                                                                                  Via: 1.1 666eddda46892ed48d8d771b6142ac24.cloudfront.net (CloudFront)
                                                                                                  X-Amz-Cf-Pop: FRA56-P2
                                                                                                  Alt-Svc: h3=":443"; ma=86400
                                                                                                  X-Amz-Cf-Id: 1ZlbQLUu_L3xdTTDwccsNZEQUZouAY20z4WSJlL_-V6MjHqZFOWCRw==
                                                                                                  Age: 17847


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  4192.168.2.649724184.28.90.27443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:21 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                  Connection: Keep-Alive
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: identity
                                                                                                  User-Agent: Microsoft BITS/7.8
                                                                                                  Host: fs.microsoft.com
                                                                                                  2024-09-27 14:40:21 UTC466INHTTP/1.1 200 OK
                                                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                  Content-Type: application/octet-stream
                                                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                  Server: ECAcc (lpl/EF06)
                                                                                                  X-CID: 11
                                                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                                                  X-Ms-Region: prod-weu-z1
                                                                                                  Cache-Control: public, max-age=25944
                                                                                                  Date: Fri, 27 Sep 2024 14:40:21 GMT
                                                                                                  Connection: close
                                                                                                  X-CID: 2


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  5192.168.2.64972518.66.102.844438040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:21 UTC624OUTGET /favicon.ico HTTP/1.1
                                                                                                  Host: main.d3engbxc9elyir.amplifyapp.com
                                                                                                  Connection: keep-alive
                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                  Sec-Fetch-Dest: image
                                                                                                  Referer: https://main.d3engbxc9elyir.amplifyapp.com/
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  6192.168.2.64972720.7.1.246443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:21 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 59 62 39 70 55 6f 65 55 4b 55 61 38 63 42 2b 6d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 66 37 30 37 38 65 66 38 30 37 39 37 65 39 37 0d 0a 0d 0a
                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: Yb9pUoeUKUa8cB+m.1Context: 3f7078ef80797e97
                                                                                                  2024-09-27 14:40:21 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                  2024-09-27 14:40:21 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 59 62 39 70 55 6f 65 55 4b 55 61 38 63 42 2b 6d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 66 37 30 37 38 65 66 38 30 37 39 37 65 39 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 58 39 31 72 6a 68 64 48 4b 36 73 4c 44 50 58 4d 70 5a 54 32 2b 71 74 78 35 77 31 32 79 50 4c 76 69 62 70 75 37 4c 6a 77 77 4a 37 51 33 43 32 6e 59 7a 58 63 79 43 4f 42 50 68 56 32 49 37 6c 50 2f 70 49 62 71 31 55 63 7a 49 47 66 2b 38 77 63 32 71 4c 47 50 75 4d 62 46 6e 4f 31 77 37 46 39 75 55 4d 51 73 76 30 6c 4f 6e 55
                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Yb9pUoeUKUa8cB+m.2Context: 3f7078ef80797e97<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfUX91rjhdHK6sLDPXMpZT2+qtx5w12yPLvibpu7LjwwJ7Q3C2nYzXcyCOBPhV2I7lP/pIbq1UczIGf+8wc2qLGPuMbFnO1w7F9uUMQsv0lOnU
                                                                                                  2024-09-27 14:40:21 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 59 62 39 70 55 6f 65 55 4b 55 61 38 63 42 2b 6d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 66 37 30 37 38 65 66 38 30 37 39 37 65 39 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: Yb9pUoeUKUa8cB+m.3Context: 3f7078ef80797e97<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                  2024-09-27 14:40:21 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                  2024-09-27 14:40:21 UTC58INData Raw: 4d 53 2d 43 56 3a 20 47 75 30 32 30 55 51 56 38 30 65 58 76 48 56 56 6f 73 31 78 35 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                  Data Ascii: MS-CV: Gu020UQV80eXvHVVos1x5g.0Payload parsing failed.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  7192.168.2.64973018.66.102.844438040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:22 UTC624OUTGET /favicon.ico HTTP/1.1
                                                                                                  Host: main.d3engbxc9elyir.amplifyapp.com
                                                                                                  Connection: keep-alive
                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                  Sec-Fetch-Dest: image
                                                                                                  Referer: https://main.d3engbxc9elyir.amplifyapp.com/
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  2024-09-27 14:40:22 UTC508INHTTP/1.1 404 Not Found
                                                                                                  Content-Type: text/html
                                                                                                  Content-Length: 4343
                                                                                                  Connection: close
                                                                                                  Date: Fri, 27 Sep 2024 14:40:22 GMT
                                                                                                  Server: AmazonS3
                                                                                                  Accept-Ranges: bytes
                                                                                                  ETag: "029912fa35a1fe0ffd93c74661b3f40c"
                                                                                                  Last-Modified: Fri, 27 Sep 2024 09:39:59 GMT
                                                                                                  Vary: Accept-Encoding
                                                                                                  X-Cache: Error from cloudfront
                                                                                                  Via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
                                                                                                  X-Amz-Cf-Pop: FRA56-P2
                                                                                                  Alt-Svc: h3=":443"; ma=86400
                                                                                                  X-Amz-Cf-Id: o20zcmgcA6yWVi3cj68q-XsZOAQ2V3-E8n3KrjS-5NHctIrpopTd-g==
                                                                                                  2024-09-27 14:40:22 UTC4343INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 65 63 75 72 69 74 79 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 21 2d 2d 20 53 65 63 75 72 69 74 79 20 48 65 61 64 65 72 73 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f
                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Security Check</title> ... Security Headers --> <meta name="robots" content="noindex, nofollo


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  8192.168.2.649731184.28.90.27443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:22 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                  Connection: Keep-Alive
                                                                                                  Accept: */*
                                                                                                  Accept-Encoding: identity
                                                                                                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                  Range: bytes=0-2147483646
                                                                                                  User-Agent: Microsoft BITS/7.8
                                                                                                  Host: fs.microsoft.com
                                                                                                  2024-09-27 14:40:22 UTC514INHTTP/1.1 200 OK
                                                                                                  ApiVersion: Distribute 1.1
                                                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                  Content-Type: application/octet-stream
                                                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                  Server: ECAcc (lpl/EF06)
                                                                                                  X-CID: 11
                                                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                                                  X-Ms-Region: prod-weu-z1
                                                                                                  Cache-Control: public, max-age=25927
                                                                                                  Date: Fri, 27 Sep 2024 14:40:22 GMT
                                                                                                  Content-Length: 55
                                                                                                  Connection: close
                                                                                                  X-CID: 2
                                                                                                  2024-09-27 14:40:22 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  9192.168.2.649733199.232.188.1594438040C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:22 UTC380OUTGET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1
                                                                                                  Host: pbs.twimg.com
                                                                                                  Connection: keep-alive
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                  Accept: */*
                                                                                                  Sec-Fetch-Site: none
                                                                                                  Sec-Fetch-Mode: cors
                                                                                                  Sec-Fetch-Dest: empty
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  2024-09-27 14:40:22 UTC740INHTTP/1.1 200 OK
                                                                                                  Connection: close
                                                                                                  Content-Length: 39755
                                                                                                  perf: 7402827104
                                                                                                  cache-tag: media,media/bucket/3,media/1759449449804234752
                                                                                                  content-type: image/jpeg
                                                                                                  cache-control: max-age=604800, must-revalidate
                                                                                                  last-modified: Mon, 19 Feb 2024 05:24:52 GMT
                                                                                                  x-transaction-id: f067b583c6195c32
                                                                                                  timing-allow-origin: https://twitter.com, https://mobile.twitter.com
                                                                                                  strict-transport-security: max-age=631138519
                                                                                                  access-control-allow-origin: *
                                                                                                  access-control-expose-headers: Content-Length
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  Accept-Ranges: bytes
                                                                                                  Date: Fri, 27 Sep 2024 14:40:22 GMT
                                                                                                  X-Cache: HIT, HIT
                                                                                                  x-tw-cdn: FT
                                                                                                  x-served-by: cache-lhr-egll1980036-LHR, cache-muc13932-MUC, cache-tw-ZZZ1
                                                                                                  Server-Timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
                                                                                                  2024-09-27 14:40:22 UTC1379INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c2 00 11 08 02 76 07 30 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 01 00 03 01 01 01 01 01 00 00 00 00 00 00 00 00 00 05 06 07 01 04 03 02 08 ff c4 00 1b 01 01 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 03 06 02 04 05 01 07 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 d9 40 00 00 00
                                                                                                  Data Ascii: JFIFC!"$"$Cv0"@
                                                                                                  2024-09-27 14:40:22 UTC1379INData Raw: 2c 39 d2 7f 38 0e f0 3b ce f0 3a 39 d0 38 3b c0 eb 83 bc e8 e1 d3 8e f0 e9 c1 de 07 41 ce f0 03 a0 71 d3 80 eb 80 74 e1 d3 9d e7 47 00 ef 0e 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 1b 25 1b 24 79 c1 cb 25 6f a0 00 04 ec 14 ec 13 5b 2b 96 3a ef ce 6e dc 1c bd a0 00 02 5e 6e 12 6e d3 c9 3a e8 6b f1 d1 cf c7 e3 2a 2f 1e 1a 17 b0 bd 4f e3 97 d2 de e8 e3 bc 3b c0 3a 1c 74 e7 79 d3 8e 80 39 d0 e7 43 8e f0 3b c2 13 c9 53 8a 36 73 cc 7a 7b 48 b4 9e de 87 3a 1c 74 73 bc e9 c7 78 77 9d 1c 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii: ,98;:98;AqtG%$y%o[+:n^nn:k*/O;:ty9C;S6sz{H:tsxwt
                                                                                                  2024-09-27 14:40:22 UTC1379INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii:
                                                                                                  2024-09-27 14:40:22 UTC1379INData Raw: 00 00 00 00 67 f5 6b 4d 58 d7 72 6d 97 05 36 ea 35 ce 00 f0 5e 32 ab 89 0a 83 d5 8f 16 41 b0 51 08 bd 52 af 7b 00 ae d7 7f 36 e2 81 a6 66 36 22 ee 08 7c e3 5f fe 70 34 fa ae b9 4d 24 2a 7f 3d 80 cb f5 0f e7 4f e8 52 0a bb 41 fe 83 32 9b df 70 b3 76 ce 35 ff 00 e7 03 4f aa eb 94 d2 42 a7 f3 d8 0c bf 50 fe 74 fe 81 20 60 69 da 11 5c d3 f0 5d 28 85 fb f8 a4 ca e5 d6 77 1c 36 0f e7 df e9 cf e7 13 51 be 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 e7 9e ad 68 86 35 ac 17 7a c2 0d 96 02 4e b4 42 eb 59 0d dc a2 56 f7 ea 71 65 a1 f3 f6 4b 5e e8 17 73 d0 0a f5 4e 9d b1 99 cd 9a bd 3c 5f 80 fe 73 fe 8c fe 73 3f
                                                                                                  Data Ascii: gkMXrm65^2AQR{6f6"|_p4M$*=ORA2pv5OBPt `i\](w6Q(h5zNBYVqeK^sN<_ss?
                                                                                                  2024-09-27 14:40:22 UTC1379INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1f ff c4 00 35 10 00 02 02 01 02 04 05 03 03 03 04 02 03 00 00 00 04 05 02 03 01 00 06 14 15 34 35 10 11 12 13 30 20 33 70 21 32 36 16 31 40 22 24 25 60 50 80 90 a0 c0 ff da 00 08 01 01 00 01 05 02 ff 00 dd 3b ac 8d 35 73 60 b5 cd 82
                                                                                                  Data Ascii: 5450 3p!261@"$%`P;5s`
                                                                                                  2024-09-27 14:40:22 UTC1379INData Raw: 87 3e 78 45 7e 87 47 44 33 ab 52 55 65 ab 96 c0 3b 7c 4c 52 2d f9 92 1b 75 14 36 e8 45 22 d1 9d 67 1e 78 bd 15 59 d6 51 5f aa 50 fe a2 8d 48 d0 f0 2d 38 d7 66 48 6e d4 10 d9 e6 1a b1 47 cf 83 15 b0 32 ea 92 55 5d 9e 06 89 49 75 d8 86 cf 3a 90 cf ce b8 fa 2b fc 30 65 59 bc 6e 49 6e b9 25 ba e4 96 eb 92 5b ae 49 6e b9 25 ba e4 96 eb 92 5b ae 49 6e 96 ad 98 a4 9b 4e 6f a3 95 59 ae 55 66 b9 55 9a e5 56 6b 95 59 ae 55 66 b9 55 9a e5 56 6b 95 59 a5 e2 48 69 7e 50 22 cc 53 4f 37 ab 5c e2 ad 73 7a b5 cd ea d7 37 ab 5c de ad 73 8a b5 cd ea d7 37 ab 42 30 81 37 5d 66 2a 87 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 51 7e 2e cf e5 06 7d 07 c2 8f ae 3f a7 f8 56 fe ef aa 72 8c 23 73 91 21 9e 7d 56 ab 76 2c b4 3d f5 11 0f f2 18 b2 a8 3c 84 e2 ab
                                                                                                  Data Ascii: >xE~GD3RUe;|LR-u6E"gxYQ_PH-8fHnG2U]Iu:+0eYnIn%[In%[InNoYUfUVkYUfUVkYHi~P"SO7\sz7\s7B07]f*qqqqQ~.}?Vr#s!}Vv,=<
                                                                                                  2024-09-27 14:40:22 UTC1379INData Raw: 95 6e 5e 67 92 36 f4 dd 44 25 99 33 22 78 3c 6b 52 ca 40 cb d6 74 16 c9 ca 72 c2 22 b2 c5 f0 66 c2 95 f0 27 74 93 6d a7 bf b6 76 c9 fb 91 6f fe a0 0f 0b 0b 72 f6 51 45 b8 ee b8 ad 3a 6e 3a c8 0d 76 e3 61 59 2d 9d ab bd 43 31 d9 52 cd 85 2b e0 4e e9 26 db 4f 7f 6c ed 93 f7 22 df fd 40 1e 16 16 e5 ec a2 8b 71 dd 71 5a 74 e2 b0 33 64 b7 54 e0 06 e6 22 ab e5 74 38 66 3b 9c 88 48 5d c5 98 2b 31 c3 fa b3 b6 dc e5 8e 1c 48 fc 08 44 6d 89 34 d9 b9 fd ef c6 3b eb b5 ec 7e ef ad d9 df d5 76 bd e3 d8 f6 27 59 bb 71 3c a2 da 6d e9 0e 37 c2 a2 c4 4a 35 82 2c df da d8 fd a3 c7 75 28 30 e2 92 8b 30 d5 ef 8b e8 b7 3b 2a 5e a4 de 2d e3 88 b6 04 4a 02 1f 7c 53 19 2e d9 02 d1 79 1a 6b 0c 0a e2 eb 23 55 02 fa 9a bd c7 e9 a7 41 e0 e5 aa 0b 98 2c 34 de 38 8b 60 44 a0 21 f7 c5
                                                                                                  Data Ascii: n^g6D%3"x<kR@tr"f'tmvorQE:n:vaY-C1R+N&Ol"@qqZt3dT"t8f;H]+1HDm4;~v'Yq<m7J5,u(00;*^-J|S.yk#UA,48`D!
                                                                                                  2024-09-27 14:40:22 UTC1379INData Raw: 9f 16 dd b4 41 b4 57 57 60 d1 58 fb ed cf 63 c2 b0 62 f7 01 b0 93 7e 1d 56 5e 95 4e 2a b2 16 d5 ff 00 71 62 1d 67 6e e8 ed 75 d8 96 e8 ae 14 ed c7 1e ee 66 7d 0f 6c 0e eb a2 02 07 10 77 95 78 a4 62 36 a5 b8 7c b8 67 b7 e0 b0 8a a5 fc c5 db 34 e6 85 3b 82 91 88 5f 6e 1f 2e 19 f1 15 95 b5 5f 17 01 c1 71 07 79 56 77 f0 75 f0 8e 14 57 99 7f 47 03 ed f0 1b 2f d3 ec b6 ed 5b 47 d1 c8 97 e2 39 de 21 93 c9 f5 b5 85 e1 93 eb 76 0f ef a6 cf fc e9 81 dd cc a6 da 38 96 ec de bd 99 bf 75 af f9 b2 58 b3 99 d7 8a c2 6d f4 ce cc 2c dc a3 53 c0 d4 ab d5 70 5b 72 0e 32 b1 58 a4 c3 71 68 42 8f 38 85 b1 22 1b b9 14 71 fd 46 db 05 4b 77 38 19 c5 c1 01 1c c0 1d d7 fa b1 63 91 70 13 6c 0f 36 3b bb b0 b7 f7 65 23 e8 7b 60 65 d5 ed d2 c7 22 e0 27 f8 f5 93 b6 b3 cb 9a 5f fc d9 6c
                                                                                                  Data Ascii: AWW`Xcb~V^N*qbgnuf}lwxb6|g4;_n._qyVwuWG/[G9!v8uXm,Sp[r2XqhB8"qFKw8cpl6;e#{`e"'_l
                                                                                                  2024-09-27 14:40:22 UTC1379INData Raw: fd 7f 9a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 33 f4 6c 8c c5 f9 1c c5 f9 1c c5 f9 1c c5 f9 1c c2 cf 69 34 99 91 08 83 92 ab 2b 69 82 18 5b c6 43 0b 78 c8 61 6f 19 0c 2d e3 20 e2 93 49 22 4c b5 fb fe 9f 3f ff c4 00 4f 10 00 01 02 03 03 07 06 0c 03 05 05 06 07 00 00 00 01 02 03 00 04 11 12 21 31 05 10 13 22 32 41 71 33 42 51 61 72 91 14 20 23 30 52 70 73 81 82 a1 b1 c1 62 92 d1 15 34 40 43 f0 63 83 b2 c2 e1 24 50 60 74 a2 f1 53 80 90 a0 a3 c0 d2 ff da 00 08 01 01 00 06 3f 02 ff 00 ce 99 71 7b 23 18 e5 15 f9 63 94 57 e5 8e 51 5f 96 39 43 f9 63 94 57 e5 8e 51 5f 96 39 45 7e 58 e5 0f e5 8e 51 5f 96 34 6d 28 95 70 8b 6b 34 11 b6
                                                                                                  Data Ascii: IXgZIXgZIXgZIXgZ3li4+i[Cxao- I"L?O!1"2Aq3BQar #0Rpsb4@Cc$P`tS?q{#cWQ_9CcWQ_9E~XQ_4m(pk4
                                                                                                  2024-09-27 14:40:22 UTC1379INData Raw: 43 dd b3 0b ec 67 33 4c 8a fa 63 ef 9a c8 72 d0 fc 57 c5 2d 25 1d 91 15 30 26 9e 14 03 60 42 fb 26 3c 8b 85 3d 51 7a 1a 3e e8 1a 52 28 30 02 12 d2 07 13 d1 01 23 00 29 06 69 a1 54 1d a1 d1 9a cd b0 b1 f8 84 59 b6 10 3f 08 cd e1 4f 0a 1e 60 fb e6 47 62 1a ed 8c ee 5d 72 8d a1 01 c6 d5 65 42 2c da 40 eb 09 86 c9 bc 94 8f 53 2f 70 f3 5f 09 83 c4 79 a7 38 78 ca 64 aa c8 3b e3 97 5f 74 21 a0 6b 64 53 32 da 56 0a 14 8e 5d 7d d0 12 9c 00 a6 6d 12 94 53 7d 6e 8e 5d 7d d0 86 41 a8 4e f8 0d a9 65 34 35 ba 39 75 f7 42 51 e8 8a 66 f2 a8 bf d2 18 c7 92 7c 53 f1 08 bd e6 e2 af 2c b9 d5 80 cc a5 e9 d7 ac 6b 84 17 12 e2 95 51 4b c7 89 68 55 a5 74 a6 35 5f 41 e2 23 59 f4 0e 02 2d 2a ae ab f1 66 20 ef 8a b2 f2 93 d4 6f 8e 59 b8 f2 cf fe 51 16 19 45 9f be 7b 48 ab 4a ea c2
                                                                                                  Data Ascii: Cg3LcrW-%0&`B&<=Qz>R(0#)iTY?O`Gb]reB,@S/p_y8xd;_t!kdS2V]}mS}n]}ANe459uBQf|S,kQKhUt5_A#Y-*f oYQE{HJ


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  10192.168.2.64973418.207.85.2464437224C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:22 UTC1353OUTOPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                                                                                                  Host: p13n.adobe.io
                                                                                                  Connection: keep-alive
                                                                                                  Accept: */*
                                                                                                  Access-Control-Request-Method: GET
                                                                                                  Access-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-key
                                                                                                  Origin: https://rna-resource.acrobat.com
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                                                                  Sec-Fetch-Mode: cors
                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                  Sec-Fetch-Dest: empty
                                                                                                  Referer: https://rna-resource.acrobat.com/
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  2024-09-27 14:40:22 UTC572INHTTP/1.1 204 No Content
                                                                                                  Server: openresty
                                                                                                  Date: Fri, 27 Sep 2024 14:40:22 GMT
                                                                                                  Content-Type: text/plain
                                                                                                  Content-Length: 0
                                                                                                  Connection: close
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                  Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                  Access-Control-Expose-Headers: x-request-id
                                                                                                  X-Request-Id: c5P2PKcfneNwiPtvcYI5piQbcBYNxj6h
                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  11192.168.2.64973518.207.85.2464437224C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:23 UTC1473OUTGET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                                                                                                  Host: p13n.adobe.io
                                                                                                  Connection: keep-alive
                                                                                                  sec-ch-ua: "Chromium";v="105"
                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                                                                  Accept: application/json, text/javascript, */*; q=0.01
                                                                                                  x-adobe-uuid: 0b65fa77-f9dd-4c6e-a1b5-fa4d63973307
                                                                                                  x-adobe-uuid-type: visitorId
                                                                                                  x-api-key: AdobeReader9
                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                  Origin: https://rna-resource.acrobat.com
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                  Sec-Fetch-Mode: cors
                                                                                                  Sec-Fetch-Dest: empty
                                                                                                  Referer: https://rna-resource.acrobat.com/
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  2024-09-27 14:40:23 UTC608INHTTP/1.1 200
                                                                                                  Server: openresty
                                                                                                  Date: Fri, 27 Sep 2024 14:40:23 GMT
                                                                                                  Content-Type: application/json;charset=UTF-8
                                                                                                  Content-Length: 6301
                                                                                                  Connection: close
                                                                                                  x-request-id: I7AUFJ2Lkp9f5Map9JFfwo1S9fXjlRMt
                                                                                                  vary: accept-encoding
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                  Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                  Access-Control-Expose-Headers: x-request-id
                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                  2024-09-27 14:40:23 UTC6301INData Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 52 48 50 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 52 65 61 64 65 72 20 44 43 20 52 48 50 20 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 48 6c 77 5a 53 49 36 49 6d 4a 31 64 48 52 76 62 69 49 73 49 6e 52 6c 65 48 51 69 4f 69 4a 47 63 6d 56 6c 49 44 63 74 52 47 46 35 49 46 52 79 61 57 46 73 49 69 77 69 5a 32 39 66 64 58 4a 73 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 59 33 4a 76 59 6d 46 30
                                                                                                  Data Ascii: {"surfaces":{"DC_Reader_RHP_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","dataType":"application/json","data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  12192.168.2.64973723.203.104.1754437224C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:26 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                                                                  Host: armmf.adobe.com
                                                                                                  Connection: keep-alive
                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                  Sec-Fetch-Dest: empty
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  If-None-Match: "78-5faa31cce96da"
                                                                                                  If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                                                                                  2024-09-27 14:40:26 UTC198INHTTP/1.1 304 Not Modified
                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                  Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                                                                  ETag: "78-5faa31cce96da"
                                                                                                  Date: Fri, 27 Sep 2024 14:40:26 GMT
                                                                                                  Connection: close


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  13192.168.2.64973820.114.59.183443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:26 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8lrpCwyrtaBDdYd&MD=v3g6a+mw HTTP/1.1
                                                                                                  Connection: Keep-Alive
                                                                                                  Accept: */*
                                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                  Host: slscr.update.microsoft.com
                                                                                                  2024-09-27 14:40:27 UTC560INHTTP/1.1 200 OK
                                                                                                  Cache-Control: no-cache
                                                                                                  Pragma: no-cache
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Expires: -1
                                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                  MS-CorrelationId: 52b93f54-83a9-4b9e-b5ae-2314ad7c9909
                                                                                                  MS-RequestId: 5cd6e40c-dfb7-479e-b52b-4481f0839d75
                                                                                                  MS-CV: x5mAMnLIxkynyGfT.0
                                                                                                  X-Microsoft-SLSClientCache: 2880
                                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  Date: Fri, 27 Sep 2024 14:40:26 GMT
                                                                                                  Connection: close
                                                                                                  Content-Length: 24490
                                                                                                  2024-09-27 14:40:27 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                  2024-09-27 14:40:27 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  14192.168.2.64974220.7.1.246443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:33 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4c 49 5a 57 4f 7a 46 38 4f 6b 79 68 45 50 55 6a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 39 62 32 38 66 66 34 33 36 66 32 39 38 66 0d 0a 0d 0a
                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: LIZWOzF8OkyhEPUj.1Context: b29b28ff436f298f
                                                                                                  2024-09-27 14:40:33 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                  2024-09-27 14:40:33 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4c 49 5a 57 4f 7a 46 38 4f 6b 79 68 45 50 55 6a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 39 62 32 38 66 66 34 33 36 66 32 39 38 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 58 39 31 72 6a 68 64 48 4b 36 73 4c 44 50 58 4d 70 5a 54 32 2b 71 74 78 35 77 31 32 79 50 4c 76 69 62 70 75 37 4c 6a 77 77 4a 37 51 33 43 32 6e 59 7a 58 63 79 43 4f 42 50 68 56 32 49 37 6c 50 2f 70 49 62 71 31 55 63 7a 49 47 66 2b 38 77 63 32 71 4c 47 50 75 4d 62 46 6e 4f 31 77 37 46 39 75 55 4d 51 73 76 30 6c 4f 6e 55
                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: LIZWOzF8OkyhEPUj.2Context: b29b28ff436f298f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfUX91rjhdHK6sLDPXMpZT2+qtx5w12yPLvibpu7LjwwJ7Q3C2nYzXcyCOBPhV2I7lP/pIbq1UczIGf+8wc2qLGPuMbFnO1w7F9uUMQsv0lOnU
                                                                                                  2024-09-27 14:40:33 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4c 49 5a 57 4f 7a 46 38 4f 6b 79 68 45 50 55 6a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 39 62 32 38 66 66 34 33 36 66 32 39 38 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: LIZWOzF8OkyhEPUj.3Context: b29b28ff436f298f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                  2024-09-27 14:40:33 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                  2024-09-27 14:40:33 UTC58INData Raw: 4d 53 2d 43 56 3a 20 61 6c 6e 49 4f 51 37 2f 44 30 57 4c 65 55 6e 69 68 36 39 66 63 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                  Data Ascii: MS-CV: alnIOQ7/D0WLeUnih69fcg.0Payload parsing failed.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  15192.168.2.64974320.7.1.246443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:40:51 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 44 68 52 4c 59 77 52 54 30 57 50 4b 4a 50 49 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 63 39 36 34 35 32 37 38 36 37 34 64 37 32 62 0d 0a 0d 0a
                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: ODhRLYwRT0WPKJPI.1Context: fc9645278674d72b
                                                                                                  2024-09-27 14:40:51 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                  2024-09-27 14:40:51 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4f 44 68 52 4c 59 77 52 54 30 57 50 4b 4a 50 49 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 63 39 36 34 35 32 37 38 36 37 34 64 37 32 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 58 39 31 72 6a 68 64 48 4b 36 73 4c 44 50 58 4d 70 5a 54 32 2b 71 74 78 35 77 31 32 79 50 4c 76 69 62 70 75 37 4c 6a 77 77 4a 37 51 33 43 32 6e 59 7a 58 63 79 43 4f 42 50 68 56 32 49 37 6c 50 2f 70 49 62 71 31 55 63 7a 49 47 66 2b 38 77 63 32 71 4c 47 50 75 4d 62 46 6e 4f 31 77 37 46 39 75 55 4d 51 73 76 30 6c 4f 6e 55
                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ODhRLYwRT0WPKJPI.2Context: fc9645278674d72b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfUX91rjhdHK6sLDPXMpZT2+qtx5w12yPLvibpu7LjwwJ7Q3C2nYzXcyCOBPhV2I7lP/pIbq1UczIGf+8wc2qLGPuMbFnO1w7F9uUMQsv0lOnU
                                                                                                  2024-09-27 14:40:51 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4f 44 68 52 4c 59 77 52 54 30 57 50 4b 4a 50 49 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 63 39 36 34 35 32 37 38 36 37 34 64 37 32 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: ODhRLYwRT0WPKJPI.3Context: fc9645278674d72b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                  2024-09-27 14:40:51 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                  2024-09-27 14:40:51 UTC58INData Raw: 4d 53 2d 43 56 3a 20 53 2b 33 50 50 64 63 30 2b 55 6d 64 76 71 33 73 32 70 35 54 72 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                  Data Ascii: MS-CV: S+3PPdc0+Umdvq3s2p5Trg.0Payload parsing failed.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  16192.168.2.64974452.165.165.26443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:41:04 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=8lrpCwyrtaBDdYd&MD=v3g6a+mw HTTP/1.1
                                                                                                  Connection: Keep-Alive
                                                                                                  Accept: */*
                                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                  Host: slscr.update.microsoft.com
                                                                                                  2024-09-27 14:41:04 UTC560INHTTP/1.1 200 OK
                                                                                                  Cache-Control: no-cache
                                                                                                  Pragma: no-cache
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Expires: -1
                                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                  ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                  MS-CorrelationId: c5f884ca-963a-4b59-a4c0-2e75742fabfd
                                                                                                  MS-RequestId: 4bd76ee3-8cab-4f79-be0f-81c34e9216b6
                                                                                                  MS-CV: hR0XkxWCAE+bgXmi.0
                                                                                                  X-Microsoft-SLSClientCache: 1440
                                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  Date: Fri, 27 Sep 2024 14:41:03 GMT
                                                                                                  Connection: close
                                                                                                  Content-Length: 30005
                                                                                                  2024-09-27 14:41:04 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                  Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                  2024-09-27 14:41:04 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                  Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  17192.168.2.64974520.7.1.246443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:41:13 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6c 46 73 69 2f 2b 38 63 4b 45 4f 72 75 74 36 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 36 37 33 39 61 31 63 66 62 38 65 64 39 30 61 0d 0a 0d 0a
                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: lFsi/+8cKEOrut6r.1Context: 16739a1cfb8ed90a
                                                                                                  2024-09-27 14:41:13 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                  2024-09-27 14:41:13 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6c 46 73 69 2f 2b 38 63 4b 45 4f 72 75 74 36 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 36 37 33 39 61 31 63 66 62 38 65 64 39 30 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 58 39 31 72 6a 68 64 48 4b 36 73 4c 44 50 58 4d 70 5a 54 32 2b 71 74 78 35 77 31 32 79 50 4c 76 69 62 70 75 37 4c 6a 77 77 4a 37 51 33 43 32 6e 59 7a 58 63 79 43 4f 42 50 68 56 32 49 37 6c 50 2f 70 49 62 71 31 55 63 7a 49 47 66 2b 38 77 63 32 71 4c 47 50 75 4d 62 46 6e 4f 31 77 37 46 39 75 55 4d 51 73 76 30 6c 4f 6e 55
                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: lFsi/+8cKEOrut6r.2Context: 16739a1cfb8ed90a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfUX91rjhdHK6sLDPXMpZT2+qtx5w12yPLvibpu7LjwwJ7Q3C2nYzXcyCOBPhV2I7lP/pIbq1UczIGf+8wc2qLGPuMbFnO1w7F9uUMQsv0lOnU
                                                                                                  2024-09-27 14:41:13 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6c 46 73 69 2f 2b 38 63 4b 45 4f 72 75 74 36 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 36 37 33 39 61 31 63 66 62 38 65 64 39 30 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: lFsi/+8cKEOrut6r.3Context: 16739a1cfb8ed90a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                  2024-09-27 14:41:13 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                  2024-09-27 14:41:13 UTC58INData Raw: 4d 53 2d 43 56 3a 20 39 6c 75 54 73 68 78 44 63 6b 36 36 38 34 52 41 62 72 68 55 30 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                  Data Ascii: MS-CV: 9luTshxDck6684RAbrhU0A.0Payload parsing failed.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  18192.168.2.64974820.7.1.246443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:41:40 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 39 70 32 56 75 6f 58 77 30 57 47 6b 49 4a 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 35 32 39 63 34 35 38 39 34 63 39 61 61 65 36 0d 0a 0d 0a
                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: I9p2VuoXw0WGkIJ1.1Context: a529c45894c9aae6
                                                                                                  2024-09-27 14:41:40 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                  2024-09-27 14:41:40 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 49 39 70 32 56 75 6f 58 77 30 57 47 6b 49 4a 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 35 32 39 63 34 35 38 39 34 63 39 61 61 65 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 58 39 31 72 6a 68 64 48 4b 36 73 4c 44 50 58 4d 70 5a 54 32 2b 71 74 78 35 77 31 32 79 50 4c 76 69 62 70 75 37 4c 6a 77 77 4a 37 51 33 43 32 6e 59 7a 58 63 79 43 4f 42 50 68 56 32 49 37 6c 50 2f 70 49 62 71 31 55 63 7a 49 47 66 2b 38 77 63 32 71 4c 47 50 75 4d 62 46 6e 4f 31 77 37 46 39 75 55 4d 51 73 76 30 6c 4f 6e 55
                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: I9p2VuoXw0WGkIJ1.2Context: a529c45894c9aae6<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfUX91rjhdHK6sLDPXMpZT2+qtx5w12yPLvibpu7LjwwJ7Q3C2nYzXcyCOBPhV2I7lP/pIbq1UczIGf+8wc2qLGPuMbFnO1w7F9uUMQsv0lOnU
                                                                                                  2024-09-27 14:41:40 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 49 39 70 32 56 75 6f 58 77 30 57 47 6b 49 4a 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 35 32 39 63 34 35 38 39 34 63 39 61 61 65 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: I9p2VuoXw0WGkIJ1.3Context: a529c45894c9aae6<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                  2024-09-27 14:41:40 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                  2024-09-27 14:41:40 UTC58INData Raw: 4d 53 2d 43 56 3a 20 41 70 45 79 5a 6f 68 56 4f 30 71 63 4d 61 49 36 32 2f 78 2b 46 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                  Data Ascii: MS-CV: ApEyZohVO0qcMaI62/x+FA.0Payload parsing failed.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  19192.168.2.64975020.7.1.246443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:42:11 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 55 64 38 50 6e 59 66 4c 39 6b 71 30 61 35 56 4d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 37 39 32 61 35 39 62 36 33 62 66 33 66 35 0d 0a 0d 0a
                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: Ud8PnYfL9kq0a5VM.1Context: 22792a59b63bf3f5
                                                                                                  2024-09-27 14:42:11 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                  2024-09-27 14:42:11 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 55 64 38 50 6e 59 66 4c 39 6b 71 30 61 35 56 4d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 37 39 32 61 35 39 62 36 33 62 66 33 66 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 58 39 31 72 6a 68 64 48 4b 36 73 4c 44 50 58 4d 70 5a 54 32 2b 71 74 78 35 77 31 32 79 50 4c 76 69 62 70 75 37 4c 6a 77 77 4a 37 51 33 43 32 6e 59 7a 58 63 79 43 4f 42 50 68 56 32 49 37 6c 50 2f 70 49 62 71 31 55 63 7a 49 47 66 2b 38 77 63 32 71 4c 47 50 75 4d 62 46 6e 4f 31 77 37 46 39 75 55 4d 51 73 76 30 6c 4f 6e 55
                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Ud8PnYfL9kq0a5VM.2Context: 22792a59b63bf3f5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfUX91rjhdHK6sLDPXMpZT2+qtx5w12yPLvibpu7LjwwJ7Q3C2nYzXcyCOBPhV2I7lP/pIbq1UczIGf+8wc2qLGPuMbFnO1w7F9uUMQsv0lOnU
                                                                                                  2024-09-27 14:42:11 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 55 64 38 50 6e 59 66 4c 39 6b 71 30 61 35 56 4d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 37 39 32 61 35 39 62 36 33 62 66 33 66 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: Ud8PnYfL9kq0a5VM.3Context: 22792a59b63bf3f5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                  2024-09-27 14:42:11 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                  2024-09-27 14:42:11 UTC58INData Raw: 4d 53 2d 43 56 3a 20 63 71 2f 4e 43 6d 66 68 41 45 79 34 63 55 53 48 50 6e 49 51 4a 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                  Data Ascii: MS-CV: cq/NCmfhAEy4cUSHPnIQJw.0Payload parsing failed.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  20192.168.2.64975220.7.1.246443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:42:44 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6d 33 59 4c 6a 56 70 61 31 55 75 73 62 74 39 79 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 63 64 34 30 63 34 39 66 34 35 31 66 37 33 38 0d 0a 0d 0a
                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: m3YLjVpa1Uusbt9y.1Context: 8cd40c49f451f738
                                                                                                  2024-09-27 14:42:44 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                  2024-09-27 14:42:44 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6d 33 59 4c 6a 56 70 61 31 55 75 73 62 74 39 79 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 63 64 34 30 63 34 39 66 34 35 31 66 37 33 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 58 39 31 72 6a 68 64 48 4b 36 73 4c 44 50 58 4d 70 5a 54 32 2b 71 74 78 35 77 31 32 79 50 4c 76 69 62 70 75 37 4c 6a 77 77 4a 37 51 33 43 32 6e 59 7a 58 63 79 43 4f 42 50 68 56 32 49 37 6c 50 2f 70 49 62 71 31 55 63 7a 49 47 66 2b 38 77 63 32 71 4c 47 50 75 4d 62 46 6e 4f 31 77 37 46 39 75 55 4d 51 73 76 30 6c 4f 6e 55
                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: m3YLjVpa1Uusbt9y.2Context: 8cd40c49f451f738<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfUX91rjhdHK6sLDPXMpZT2+qtx5w12yPLvibpu7LjwwJ7Q3C2nYzXcyCOBPhV2I7lP/pIbq1UczIGf+8wc2qLGPuMbFnO1w7F9uUMQsv0lOnU
                                                                                                  2024-09-27 14:42:44 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6d 33 59 4c 6a 56 70 61 31 55 75 73 62 74 39 79 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 63 64 34 30 63 34 39 66 34 35 31 66 37 33 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: m3YLjVpa1Uusbt9y.3Context: 8cd40c49f451f738<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                  2024-09-27 14:42:45 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                  2024-09-27 14:42:45 UTC58INData Raw: 4d 53 2d 43 56 3a 20 44 70 52 62 51 71 47 47 4b 55 2b 33 6a 2f 52 42 32 6e 50 6d 43 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                  Data Ascii: MS-CV: DpRbQqGGKU+3j/RB2nPmCw.0Payload parsing failed.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  21192.168.2.64975320.7.1.246443
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-09-27 14:43:26 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 75 65 57 50 6a 4b 4b 54 4c 30 69 7a 68 4e 44 35 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 38 63 38 33 31 31 31 65 37 61 35 65 65 64 63 0d 0a 0d 0a
                                                                                                  Data Ascii: CNT 1 CON 305MS-CV: ueWPjKKTL0izhND5.1Context: 88c83111e7a5eedc
                                                                                                  2024-09-27 14:43:26 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                  Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                  2024-09-27 14:43:26 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 75 65 57 50 6a 4b 4b 54 4c 30 69 7a 68 4e 44 35 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 38 63 38 33 31 31 31 65 37 61 35 65 65 64 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 55 58 39 31 72 6a 68 64 48 4b 36 73 4c 44 50 58 4d 70 5a 54 32 2b 71 74 78 35 77 31 32 79 50 4c 76 69 62 70 75 37 4c 6a 77 77 4a 37 51 33 43 32 6e 59 7a 58 63 79 43 4f 42 50 68 56 32 49 37 6c 50 2f 70 49 62 71 31 55 63 7a 49 47 66 2b 38 77 63 32 71 4c 47 50 75 4d 62 46 6e 4f 31 77 37 46 39 75 55 4d 51 73 76 30 6c 4f 6e 55
                                                                                                  Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ueWPjKKTL0izhND5.2Context: 88c83111e7a5eedc<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAfUX91rjhdHK6sLDPXMpZT2+qtx5w12yPLvibpu7LjwwJ7Q3C2nYzXcyCOBPhV2I7lP/pIbq1UczIGf+8wc2qLGPuMbFnO1w7F9uUMQsv0lOnU
                                                                                                  2024-09-27 14:43:26 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 75 65 57 50 6a 4b 4b 54 4c 30 69 7a 68 4e 44 35 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 38 63 38 33 31 31 31 65 37 61 35 65 65 64 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                  Data Ascii: BND 3 CON\WNS 0 197MS-CV: ueWPjKKTL0izhND5.3Context: 88c83111e7a5eedc<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                  2024-09-27 14:43:26 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                  Data Ascii: 202 1 CON 58
                                                                                                  2024-09-27 14:43:26 UTC58INData Raw: 4d 53 2d 43 56 3a 20 38 48 36 75 4c 32 6a 64 47 45 53 35 31 31 4b 78 67 77 2b 61 75 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                  Data Ascii: MS-CV: 8H6uL2jdGES511Kxgw+auQ.0Payload parsing failed.


                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  General

                                                                                                  Target ID:0
                                                                                                  Start time:10:40:11
                                                                                                  Start date:27/09/2024
                                                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Payout_receipt.pdf"
                                                                                                  Imagebase:0x7ff651090000
                                                                                                  File size:5'641'176 bytes
                                                                                                  MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:2
                                                                                                  Start time:10:40:12
                                                                                                  Start date:27/09/2024
                                                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                                                  Imagebase:0x7ff70df30000
                                                                                                  File size:3'581'912 bytes
                                                                                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:4
                                                                                                  Start time:10:40:13
                                                                                                  Start date:27/09/2024
                                                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1704,i,18440606700539718416,14801587109196978139,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                                                  Imagebase:0x7ff70df30000
                                                                                                  File size:3'581'912 bytes
                                                                                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:6
                                                                                                  Start time:10:40:14
                                                                                                  Start date:27/09/2024
                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://main.d3engbxc9elyir.amplifyapp.com/
                                                                                                  Imagebase:0x7ff684c40000
                                                                                                  File size:3'242'272 bytes
                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:8
                                                                                                  Start time:10:40:15
                                                                                                  Start date:27/09/2024
                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=2012,i,18386076530219394762,12710799648275093929,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                  Imagebase:0x7ff684c40000
                                                                                                  File size:3'242'272 bytes
                                                                                                  MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:false

                                                                                                  Disassembly

                                                                                                  No disassembly