Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Invoice-99007553423-protected.pdf

Overview

General Information

Sample name:Invoice-99007553423-protected.pdf
Analysis ID:1562549
MD5:4b5b6a995b28e9d001e56750638cf8ff
SHA1:0846cb53bc66c3b5318e8dc7aaecc36a685ac3d4
SHA256:8554f6f8c3e332d8d5cd7cb590d2a6a7b807b8d0687b936b0cb135f894ab8f44
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Suricata IDS alerts for network traffic
Detected suspicious crossdomain redirect
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PDF is encrypted
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 6920 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice-99007553423-protected.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7164 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 1584 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1596,i,8020745808425525885,16505214166468817739,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • chrome.exe (PID: 7624 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://docsend.com/view/56inautdeqg9u24z MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 7828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1796,i,15517705290574181271,3642829044831546140,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-25T17:56:10.753783+010020573331Successful Credential Theft Detected192.168.2.1749718162.241.60.177443TCP
2024-11-25T17:56:40.584028+010020573331Successful Credential Theft Detected192.168.2.1749725162.241.60.177443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://miportalseguro.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL]SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://miportalseguro.com/wp-content/uploads/2020/08/cropped-mps-logo-favicon-1-32x32.pngAvira URL Cloud: Label: malware
Source: https://miportalseguro.com/favicon.icoAvira URL Cloud: Label: malware
Source: unknownHTTPS traffic detected: 2.20.204.113:443 -> 192.168.2.17:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.20.204.113:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49712 version: TLS 1.2

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2057333 - Severity 1 - ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08 : 192.168.2.17:49718 -> 162.241.60.177:443
Source: Network trafficSuricata IDS: 2057333 - Severity 1 - ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08 : 192.168.2.17:49725 -> 162.241.60.177:443
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: docsend.com to https://miportalseguro.com/m/?c3y9bzm2nv8xx25vbszyyw5kpvlwslppvuu9jnvpzd1vu0vsmdyxmtiwmjrvmdyxmta2mdg=n0123n[email]
Source: Joe Sandbox ViewIP Address: 23.195.76.153 23.195.76.153
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 18.173.205.79 18.173.205.79
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=K27R7bM8HFt1gR7&MD=2l3Ds8of HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=K27R7bM8HFt1gR7&MD=2l3Ds8of HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /view/56inautdeqg9u24z HTTP/1.1Host: docsend.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL] HTTP/1.1Host: miportalseguro.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: miportalseguro.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://miportalseguro.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL]Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2020/08/cropped-mps-logo-favicon-1-32x32.png HTTP/1.1Host: miportalseguro.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://miportalseguro.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL]Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2020/08/cropped-mps-logo-favicon-1-32x32.png HTTP/1.1Host: miportalseguro.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL] HTTP/1.1Host: miportalseguro.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: miportalseguro.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://miportalseguro.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL]Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: miportalseguro.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 2.20.204.113:443 -> 192.168.2.17:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.20.204.113:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: classification engineClassification label: mal56.winPDF@30/45@9/11
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-25 11-55-12-191.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice-99007553423-protected.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1596,i,8020745808425525885,16505214166468817739,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://docsend.com/view/56inautdeqg9u24z
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1796,i,15517705290574181271,3642829044831546140,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://docsend.com/view/56inautdeqg9u24zJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1596,i,8020745808425525885,16505214166468817739,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1796,i,15517705290574181271,3642829044831546140,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Invoice-99007553423-protected.pdfInitial sample: PDF keyword /JS count = 0
Source: Invoice-99007553423-protected.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Invoice-99007553423-protected.pdfInitial sample: PDF keyword /Encrypt count = 2
Source: Invoice-99007553423-protected.pdfInitial sample: PDF keyword stream count = 25
Source: Invoice-99007553423-protected.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Invoice-99007553423-protected.pdfInitial sample: PDF keyword /Encrypt
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Invoice-99007553423-protected.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://miportalseguro.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL]100%SlashNextCredential Stealing type: Phishing & Social Engineering
https://miportalseguro.com/wp-content/uploads/2020/08/cropped-mps-logo-favicon-1-32x32.png100%Avira URL Cloudmalware
https://miportalseguro.com/favicon.ico100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.181.68
truefalse
    		high
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    		84.201.208.101
    		truefalse
      		high
      miportalseguro.com
      		162.241.60.177
      		truefalse
        		high
        x1.i.lencr.org
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://docsend.com/view/56inautdeqg9u24zfalse
            		high
            https://miportalseguro.com/wp-content/uploads/2020/08/cropped-mps-logo-favicon-1-32x32.pngtrue
            • Avira URL Cloud: malware
            		unknown
            https://miportalseguro.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL]true
            • SlashNext: Credential Stealing type: Phishing & Social Engineering
            		unknown
            https://miportalseguro.com/favicon.icotrue
            • Avira URL Cloud: malware
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              162.241.60.177
              		miportalseguro.comUnited States
              		46606UNIFIEDLAYER-AS-1USfalse
              23.195.76.153
              		unknownUnited States
              		2914NTT-COMMUNICATIONS-2914USfalse
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              18.173.205.79
              		unknownUnited States
              		3MIT-GATEWAYSUSfalse
              142.250.181.68
              		www.google.comUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.2.17
              192.168.2.8
              192.168.2.7
              192.168.2.9
              192.168.2.11
              192.168.2.10

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1562549
              Start date and time:2024-11-25 17:54:39 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 4m 16s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsinteractivecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:21
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:Invoice-99007553423-protected.pdf
              Detection:MAL
              Classification:mal56.winPDF@30/45@9/11
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              Cookbook Comments:
              • Found application associated with file extension: .pdf

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
              • Excluded IPs from analysis (whitelisted): 2.20.204.142, 54.227.187.23, 52.202.204.11, 23.22.254.206, 52.5.13.197, 172.64.41.3, 162.159.61.3, 84.201.208.101, 23.32.238.19, 2.19.198.209, 2.19.198.200, 23.32.238.25, 2.19.198.210, 23.32.238.24, 23.32.238.51, 2.19.198.202, 23.32.238.35, 23.195.39.65, 2.19.198.201, 23.32.238.59, 23.32.238.48, 2.19.198.192, 23.32.238.74, 23.32.238.81, 23.32.238.82, 23.32.238.75, 216.58.208.227, 74.125.205.84, 172.217.19.238, 34.104.35.123, 192.229.221.95, 23.32.238.27, 23.54.81.169, 23.54.81.176, 23.32.238.40, 23.32.238.42, 2.19.198.82, 172.217.17.35, 23.32.238.73
              • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, docsend.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
              • Not all processes where analyzed, report is missing behavior information
              • VT rate limit hit for: Invoice-99007553423-protected.pdf

              Simulations

              Behavior and APIs

              TimeTypeDescription
              11:55:25API Interceptor2x Sleep call for process: AcroCEF.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              239.255.255.250https://clickme.thryv.com/ls/click?upn=u001.dxrPihnXBHUGsddmpkmwUOT9H2uuoftUJgS1ImyDp5PjZ7uor3Bx5LY8846lufrxOd-2B-2FCl5NSKC1v9uXskdIrA-3D-3DPV4X_Uxfyb-2FV90WCSGuHCd77YDe2QH-2FfxD2e5Op8ULStuWwSYUM08QLuqWk0rbdQO8p2GP5XR1Nwn9dFZi5DaOMyz92mdTvaHywQzrJIxcHTOEjrrUNll1a6cdLHKylkZo7LdScnRC-2F7iC6hnMEdduqsWXASxbd-2BZeaoWZvCDaIudlukgt9S3uZsKQeBP86XSjGCyt8CMjRvxL6j1Dyr0eym46qao7knFO6iIo9LZAeoxbyu5E6pzhyc9-2F2VP-2BlZM3Ea-2B-2FiBNpyPNxcoMEQ2om5Ig-2F7RZ8WTAt-2F5MxtsslPlJve5tzpsISP74pi-2B8USUpl-2BAaEmzHGUoeKWRMyxJH35FiSw-3D-3DGet hashmaliciousUnknownBrowse
                Encrypt DOC2024.11.19.1983928 shared with you! (203 KB).msgGet hashmaliciousUnknownBrowse
                  AccountDocuments - christinal.docxGet hashmaliciousUnknownBrowse
                    https://ymcajeffco-my.sharepoint.com/:u:/g/personal/rcampbell_mtvernonymca_org/Eb_PxgSrk7VCrlppYfmkXowB9vCdCR2cgdVG8AQkH7BcbQ?e=b9efJ2Get hashmaliciousHTMLPhisherBrowse
                      https://app.smartsheet.com/b/form/40653cfc74264be5801922c41bc80ae9Get hashmaliciousUnknownBrowse
                        https://protection.cloze.email/r/EKJc7NAc1aGPd0140vt6MnJzYkpI4pQCyldpUEBtdFT8T8dhNmmHodcXxvKddJW4AhfqaDIQj32BX0HxSGbmPeDqDQs/n/SlBNQ05FV1NMRVRURVI/y52l9ppb.r.ap-northeast-1.awstrack.me/L0/https:%2F%2Fcloudprotectionc5f91e84a2b3d9e748f2a1d9b7e5f0c4a2b3d9e7a5pages.dynamixs.workers.dev%2F/1/010601933048cf65-492c630f-d6b3-471e-a31f-bf186231f1e8-000000/SL9CcqykWh2mQIC7eGiOMwzMSpk=185Get hashmaliciousUnknownBrowse
                          https://eastmancuts.jimdosite.com/Get hashmaliciousUnknownBrowse
                            http://ti-17-0.914trk.comGet hashmaliciousUnknownBrowse
                              https://www.google.com/url?q=https://clickme.thryv.com/ls/click?upn%3Du001.3HlspJ5fg-2BP4CQkV7GSVhvWTpgC6w0k7sA8b2Z9JBYU9BEMXtqHWLHW9PPcpforJszQ3_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQiOVUz527Ewi1t813S-2FHejAJLe09fD2VqgM8mtwuQZA9i83VLkCPF4iItCSPXKUpNgWQKWxjEO6jlBp5GYVLghrpKcDuea5GONmLMVlbh4fQe7dtjhTFxxxExxfN1kv5tnx1PPl9DjYIyE468wz1qa1Z-2FWJgZrJbIFEpqhd4o5tGGyUoiPcIot5l2j9dpjy7QKj99ZiCz-2BBLi5dHUIl8gC4RxZBl-2FMaH4IZlQyWpqM-2BtZ9uE3ezFUl2fORMwAp4lQk-3D%23Cjanetrosenbach@imageindustries.com&source=gmail-imap&ust=1733149343000000&usg=AOvVaw1uIAp-JnZbTlkY9Td9ZLJjGet hashmaliciousHTMLPhisherBrowse
                                http://nakheel.com.staffrecords-2024auaqc-iqodlfdhb.copypremium.com/?staffrecords/2024/=c2FiaWthLmFiaWRAbmFraGVlbC5jb20=Get hashmaliciousUnknownBrowse
                                  18.173.205.79f5dc5302-022c-8bef-7a8e-e20ea821f59b.emlGet hashmaliciousHTMLPhisherBrowse
                                    Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
                                      Douglas County Government.pdfGet hashmaliciousUnknownBrowse
                                        Douglas County Government.pdfGet hashmaliciousHtmlDropperBrowse
                                          https://docsend.com/view/yw8rtf7gp9v6uesgGet hashmaliciousUnknownBrowse
                                            WOT0089836_Electrical_Single_Line_diagram%2C_lighting__RR_docx_3461849704.pdfGet hashmaliciousUnknownBrowse
                                              https://axiomrealtors.in/03%20REFUND%20-%20Overpaid%20Invoice.pdfGet hashmaliciousHTMLPhisherBrowse
                                                https://docsend.com/view/mdchukx3ui72iuwyGet hashmaliciousHTMLPhisherBrowse
                                                  https://docsend.com/view/49u982997khj6ptvGet hashmaliciousUnknownBrowse
                                                    162.241.60.177https://docsend.com/view/8bzvs74qq8k89vmwGet hashmaliciousUnknownBrowse
                                                      23.195.76.153Kellyb Timesheet Report.pdfGet hashmaliciousHTMLPhisherBrowse
                                                        Demande de proposition du Fondation qu#U00e9b#U00e9coise du cancer.pdfGet hashmaliciousUnknownBrowse
                                                          Atlanta Office Interiors #024-010.pdfGet hashmaliciousUnknownBrowse
                                                            Contract_Agreement_Monday October 2024.pdfGet hashmaliciousUnknownBrowse
                                                              Open 99 Restaurants Benefits Enrollment.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                DOC-72212087.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                  [EXTERNAL] Complete with AdobeSignPDF_ Approve and Sign TRCOT.emlGet hashmaliciousUnknownBrowse
                                                                    Secured Doc-[uiC-22723].pdfGet hashmaliciousHTMLPhisherBrowse
                                                                      Secured Doc-[qnz-33059].pdfGet hashmaliciousHTMLPhisherBrowse

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        miportalseguro.comhttps://docsend.com/view/8bzvs74qq8k89vmwGet hashmaliciousUnknownBrowse
                                                                        • 162.241.60.177
                                                                        default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdocx005.docxopendir.docGet hashmaliciousUnknownBrowse
                                                                        • 84.201.208.100
                                                                        file (1).txt.batGet hashmaliciousUnknownBrowse
                                                                        • 217.20.59.36
                                                                        canva.batGet hashmaliciousUnknownBrowse
                                                                        • 217.20.59.34
                                                                        file.exeGet hashmaliciousStealcBrowse
                                                                        • 84.201.211.21
                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                        • 84.201.211.23
                                                                        1732382826559c62d8b84c02e95636f46212b9f803082b7868187644fff4926ca8a53349c1874.dat-decoded.exeGet hashmaliciousLummaCBrowse
                                                                        • 84.201.211.34
                                                                        file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                        • 217.20.59.37
                                                                        https://identitys.fraudguard.es/SSA_Updated_StatementGet hashmaliciousScreenConnect ToolBrowse
                                                                        • 217.20.59.35
                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                        • 217.20.56.100
                                                                        bootstraper.exeGet hashmaliciousUnknownBrowse
                                                                        • 217.20.56.102

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        UNIFIEDLAYER-AS-1UShttps://clickme.thryv.com/ls/click?upn=u001.dxrPihnXBHUGsddmpkmwUOT9H2uuoftUJgS1ImyDp5PjZ7uor3Bx5LY8846lufrxOd-2B-2FCl5NSKC1v9uXskdIrA-3D-3DPV4X_Uxfyb-2FV90WCSGuHCd77YDe2QH-2FfxD2e5Op8ULStuWwSYUM08QLuqWk0rbdQO8p2GP5XR1Nwn9dFZi5DaOMyz92mdTvaHywQzrJIxcHTOEjrrUNll1a6cdLHKylkZo7LdScnRC-2F7iC6hnMEdduqsWXASxbd-2BZeaoWZvCDaIudlukgt9S3uZsKQeBP86XSjGCyt8CMjRvxL6j1Dyr0eym46qao7knFO6iIo9LZAeoxbyu5E6pzhyc9-2F2VP-2BlZM3Ea-2B-2FiBNpyPNxcoMEQ2om5Ig-2F7RZ8WTAt-2F5MxtsslPlJve5tzpsISP74pi-2B8USUpl-2BAaEmzHGUoeKWRMyxJH35FiSw-3D-3DGet hashmaliciousUnknownBrowse
                                                                        • 192.185.214.89
                                                                        AccountDocuments - christinal.docxGet hashmaliciousUnknownBrowse
                                                                        • 192.185.181.6
                                                                        https://www.google.com/url?q=https://clickme.thryv.com/ls/click?upn%3Du001.3HlspJ5fg-2BP4CQkV7GSVhvWTpgC6w0k7sA8b2Z9JBYU9BEMXtqHWLHW9PPcpforJszQ3_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQiOVUz527Ewi1t813S-2FHejAJLe09fD2VqgM8mtwuQZA9i83VLkCPF4iItCSPXKUpNgWQKWxjEO6jlBp5GYVLghrpKcDuea5GONmLMVlbh4fQe7dtjhTFxxxExxfN1kv5tnx1PPl9DjYIyE468wz1qa1Z-2FWJgZrJbIFEpqhd4o5tGGyUoiPcIot5l2j9dpjy7QKj99ZiCz-2BBLi5dHUIl8gC4RxZBl-2FMaH4IZlQyWpqM-2BtZ9uE3ezFUl2fORMwAp4lQk-3D%23Cjanetrosenbach@imageindustries.com&source=gmail-imap&ust=1733149343000000&usg=AOvVaw1uIAp-JnZbTlkY9Td9ZLJjGet hashmaliciousHTMLPhisherBrowse
                                                                        • 192.185.113.79
                                                                        RICHIESTA D'OFFERTA.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                        • 192.254.225.136
                                                                        Annual_Q4_Benefits_&_Bonus_for_Ed.riley#IyNURVhUTlVNUkFORE9NNDUjIw==.docxGet hashmaliciousHTMLPhisherBrowse
                                                                        • 108.179.192.137
                                                                        fat098765678900.bat.exeGet hashmaliciousAgentTeslaBrowse
                                                                        • 162.241.62.63
                                                                        3e5cb809-f546-fb3c-b0e3-5de228b453ab.emlGet hashmaliciousHTMLPhisherBrowse
                                                                        • 108.179.192.137
                                                                        3e5cb809-f546-fb3c-b0e3-5de228b453ab.emlGet hashmaliciousHTMLPhisherBrowse
                                                                        • 108.179.192.137
                                                                        loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                        • 192.254.239.1
                                                                        CHARIKLIA JUNIOR DETAILS (1) (1).pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                        • 50.87.144.157
                                                                        MIT-GATEWAYSUSfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                        • 18.164.116.57
                                                                        la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                                                        • 19.5.240.43
                                                                        la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                        • 19.111.220.99
                                                                        la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                        • 18.54.45.190
                                                                        la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                        • 19.89.141.231
                                                                        la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                        • 18.126.77.132
                                                                        la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                        • 19.199.93.72
                                                                        la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                        • 18.120.201.114
                                                                        la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                        • 19.237.163.131
                                                                        la.bot.arm6.elfGet hashmaliciousUnknownBrowse
                                                                        • 19.164.247.168
                                                                        NTT-COMMUNICATIONS-2914USla.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                                                        • 216.42.68.65
                                                                        la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                        • 205.11.88.171
                                                                        la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                        • 207.55.169.62
                                                                        la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                        • 198.173.230.56
                                                                        loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                        • 207.58.17.43
                                                                        loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                        • 198.66.165.214
                                                                        apep.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                        • 205.30.240.186
                                                                        apep.m68k.elfGet hashmaliciousUnknownBrowse
                                                                        • 198.139.29.89
                                                                        apep.arm.elfGet hashmaliciousUnknownBrowse
                                                                        • 205.22.190.7
                                                                        apep.x86.elfGet hashmaliciousMiraiBrowse
                                                                        • 128.121.51.118

                                                                        JA3 Fingerprints

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        28a2c9bd18a11de089ef85a160da29e4https://clickme.thryv.com/ls/click?upn=u001.dxrPihnXBHUGsddmpkmwUOT9H2uuoftUJgS1ImyDp5PjZ7uor3Bx5LY8846lufrxOd-2B-2FCl5NSKC1v9uXskdIrA-3D-3DPV4X_Uxfyb-2FV90WCSGuHCd77YDe2QH-2FfxD2e5Op8ULStuWwSYUM08QLuqWk0rbdQO8p2GP5XR1Nwn9dFZi5DaOMyz92mdTvaHywQzrJIxcHTOEjrrUNll1a6cdLHKylkZo7LdScnRC-2F7iC6hnMEdduqsWXASxbd-2BZeaoWZvCDaIudlukgt9S3uZsKQeBP86XSjGCyt8CMjRvxL6j1Dyr0eym46qao7knFO6iIo9LZAeoxbyu5E6pzhyc9-2F2VP-2BlZM3Ea-2B-2FiBNpyPNxcoMEQ2om5Ig-2F7RZ8WTAt-2F5MxtsslPlJve5tzpsISP74pi-2B8USUpl-2BAaEmzHGUoeKWRMyxJH35FiSw-3D-3DGet hashmaliciousUnknownBrowse
                                                                        • 4.245.163.56
                                                                        • 52.149.20.212
                                                                        • 2.20.204.113
                                                                        https://app.smartsheet.com/b/form/40653cfc74264be5801922c41bc80ae9Get hashmaliciousUnknownBrowse
                                                                        • 4.245.163.56
                                                                        • 52.149.20.212
                                                                        • 2.20.204.113
                                                                        https://eastmancuts.jimdosite.com/Get hashmaliciousUnknownBrowse
                                                                        • 4.245.163.56
                                                                        • 52.149.20.212
                                                                        • 2.20.204.113
                                                                        https://www.google.com/url?q=https://clickme.thryv.com/ls/click?upn%3Du001.3HlspJ5fg-2BP4CQkV7GSVhvWTpgC6w0k7sA8b2Z9JBYU9BEMXtqHWLHW9PPcpforJszQ3_jzclrAiO28PBUU1ZLf2yC1YJEF5Rt8zDnz4yKbEuFqXf3c0fVOhzL2fXxOYix3CjCrzlLwoIPSXb9PavK50mtpdK-2FWF7thydb3q6E5ptEQiOVUz527Ewi1t813S-2FHejAJLe09fD2VqgM8mtwuQZA9i83VLkCPF4iItCSPXKUpNgWQKWxjEO6jlBp5GYVLghrpKcDuea5GONmLMVlbh4fQe7dtjhTFxxxExxfN1kv5tnx1PPl9DjYIyE468wz1qa1Z-2FWJgZrJbIFEpqhd4o5tGGyUoiPcIot5l2j9dpjy7QKj99ZiCz-2BBLi5dHUIl8gC4RxZBl-2FMaH4IZlQyWpqM-2BtZ9uE3ezFUl2fORMwAp4lQk-3D%23Cjanetrosenbach@imageindustries.com&source=gmail-imap&ust=1733149343000000&usg=AOvVaw1uIAp-JnZbTlkY9Td9ZLJjGet hashmaliciousHTMLPhisherBrowse
                                                                        • 4.245.163.56
                                                                        • 52.149.20.212
                                                                        • 2.20.204.113
                                                                        http://nakheel.com.staffrecords-2024auaqc-iqodlfdhb.copypremium.com/?staffrecords/2024/=c2FiaWthLmFiaWRAbmFraGVlbC5jb20=Get hashmaliciousUnknownBrowse
                                                                        • 4.245.163.56
                                                                        • 52.149.20.212
                                                                        • 2.20.204.113
                                                                        http://esaleerugs.comGet hashmaliciousUnknownBrowse
                                                                        • 4.245.163.56
                                                                        • 52.149.20.212
                                                                        • 2.20.204.113
                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                        • 4.245.163.56
                                                                        • 52.149.20.212
                                                                        • 2.20.204.113
                                                                        Annual_Q4_Benefits_&_Bonus_for_Ed.riley#IyNURVhUTlVNUkFORE9NNDUjIw==.docxGet hashmaliciousHTMLPhisherBrowse
                                                                        • 4.245.163.56
                                                                        • 52.149.20.212
                                                                        • 2.20.204.113
                                                                        https://vectaire.doclawfederal.com/uDLtT/Get hashmaliciousHTMLPhisherBrowse
                                                                        • 4.245.163.56
                                                                        • 52.149.20.212
                                                                        • 2.20.204.113
                                                                        https://esaleerugs.comGet hashmaliciousUnknownBrowse
                                                                        • 4.245.163.56
                                                                        • 52.149.20.212
                                                                        • 2.20.204.113

                                                                        Dropped Files

                                                                        No context

                                                                        Created / dropped Files

                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:ASCII text
                                                                        Category:dropped
                                                                        Size (bytes):294
                                                                        Entropy (8bit):5.172435858452183
                                                                        Encrypted:false
                                                                        SSDEEP:6:HApv+t+q2PsHO2nKuAl9OmbnIFUt8YApvrZmw+YApv7VkwOsHO2nKuAl9OmbjLJ:gRPvkHVHAahFUt87Rr/+7Rh51HVHAaSJ
                                                                        MD5:7B294CBFA4E48D79B5E55E9BB5BF04BF
                                                                        SHA1:1661A99BC3E281D3743CB3174D4CFCDC3D4F3832
                                                                        SHA-256:E8520D4619E2B40048843C877E308343831604443DB51BD515098A9B88FD8F0E
                                                                        SHA-512:C3AF06A7E31A61CF9F7431C0EF15F91AEDD060D1409F0B79C5E9F1C4349D7D91DCCF9D63A0CF7645A7C8533939E4B3FDBCD0CB53C47E034EE97A956971FEE3B7
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:2024/11/25-11:55:12.906 1818 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/25-11:55:12.909 1818 Recovering log #3.2024/11/25-11:55:12.909 1818 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:ASCII text
                                                                        Category:dropped
                                                                        Size (bytes):294
                                                                        Entropy (8bit):5.172435858452183
                                                                        Encrypted:false
                                                                        SSDEEP:6:HApv+t+q2PsHO2nKuAl9OmbnIFUt8YApvrZmw+YApv7VkwOsHO2nKuAl9OmbjLJ:gRPvkHVHAahFUt87Rr/+7Rh51HVHAaSJ
                                                                        MD5:7B294CBFA4E48D79B5E55E9BB5BF04BF
                                                                        SHA1:1661A99BC3E281D3743CB3174D4CFCDC3D4F3832
                                                                        SHA-256:E8520D4619E2B40048843C877E308343831604443DB51BD515098A9B88FD8F0E
                                                                        SHA-512:C3AF06A7E31A61CF9F7431C0EF15F91AEDD060D1409F0B79C5E9F1C4349D7D91DCCF9D63A0CF7645A7C8533939E4B3FDBCD0CB53C47E034EE97A956971FEE3B7
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:2024/11/25-11:55:12.906 1818 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/25-11:55:12.909 1818 Recovering log #3.2024/11/25-11:55:12.909 1818 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:ASCII text
                                                                        Category:dropped
                                                                        Size (bytes):335
                                                                        Entropy (8bit):5.163348464038462
                                                                        Encrypted:false
                                                                        SSDEEP:6:HApvVVQQ+q2PsHO2nKuAl9Ombzo2jMGIFUt8YApvWgZmw+YApvAiQVkwOsHO2nK3:gRViVvkHVHAa8uFUt87RWg/+7RAiI512
                                                                        MD5:EB708452D9C0AFBDED9ACD21912F9858
                                                                        SHA1:5350628AE9B62AC92AED49C84A524378DDF3BF5C
                                                                        SHA-256:D5AD5AE1C70354E0B846C91BD05E9E891A6004FB2D612FB7FED412435F480FB1
                                                                        SHA-512:A3B0B3C2B440D16C95A5AA0A0D3B677EA104B09F84CD818F5E03F58B3CEFC4D7DC0F04F264F7DD9B107953AF6664F3B12D30F864AC35F1661146DAF5A46FFD34
                                                                        Malicious:false
                                                                        Preview:2024/11/25-11:55:12.796 828 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/25-11:55:12.800 828 Recovering log #3.2024/11/25-11:55:12.801 828 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:ASCII text
                                                                        Category:dropped
                                                                        Size (bytes):335
                                                                        Entropy (8bit):5.163348464038462
                                                                        Encrypted:false
                                                                        SSDEEP:6:HApvVVQQ+q2PsHO2nKuAl9Ombzo2jMGIFUt8YApvWgZmw+YApvAiQVkwOsHO2nK3:gRViVvkHVHAa8uFUt87RWg/+7RAiI512
                                                                        MD5:EB708452D9C0AFBDED9ACD21912F9858
                                                                        SHA1:5350628AE9B62AC92AED49C84A524378DDF3BF5C
                                                                        SHA-256:D5AD5AE1C70354E0B846C91BD05E9E891A6004FB2D612FB7FED412435F480FB1
                                                                        SHA-512:A3B0B3C2B440D16C95A5AA0A0D3B677EA104B09F84CD818F5E03F58B3CEFC4D7DC0F04F264F7DD9B107953AF6664F3B12D30F864AC35F1661146DAF5A46FFD34
                                                                        Malicious:false
                                                                        Preview:2024/11/25-11:55:12.796 828 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/25-11:55:12.800 828 Recovering log #3.2024/11/25-11:55:12.801 828 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\21306c24-67c0-4122-bffd-c3caa500821c.tmp

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:JSON data
                                                                        Category:dropped
                                                                        Size (bytes):384
                                                                        Entropy (8bit):4.932552339462053
                                                                        Encrypted:false
                                                                        SSDEEP:6:YHpoueHOJ3/QBR+gR8+eqq5KL1SsDHF4R8H2a9a1o3/QBR70S7PMVKJTnMRKXk1Y:YH/um3RA8sq01SsBd2caq3QH7E4TX
                                                                        MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
                                                                        SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
                                                                        SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
                                                                        SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
                                                                        Malicious:false
                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:JSON data
                                                                        Category:dropped
                                                                        Size (bytes):384
                                                                        Entropy (8bit):4.932552339462053
                                                                        Encrypted:false
                                                                        SSDEEP:6:YHpoueHOJ3/QBR+gR8+eqq5KL1SsDHF4R8H2a9a1o3/QBR70S7PMVKJTnMRKXk1Y:YH/um3RA8sq01SsBd2caq3QH7E4TX
                                                                        MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
                                                                        SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
                                                                        SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
                                                                        SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
                                                                        Malicious:false
                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5cbe5e.TMP (copy)

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:JSON data
                                                                        Category:dropped
                                                                        Size (bytes):384
                                                                        Entropy (8bit):4.932552339462053
                                                                        Encrypted:false
                                                                        SSDEEP:6:YHpoueHOJ3/QBR+gR8+eqq5KL1SsDHF4R8H2a9a1o3/QBR70S7PMVKJTnMRKXk1Y:YH/um3RA8sq01SsBd2caq3QH7E4TX
                                                                        MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
                                                                        SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
                                                                        SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
                                                                        SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
                                                                        Malicious:false
                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a0654c33-9d4a-462c-90a9-75f0940537c1.tmp

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:JSON data
                                                                        Category:modified
                                                                        Size (bytes):476
                                                                        Entropy (8bit):4.955702495524328
                                                                        Encrypted:false
                                                                        SSDEEP:12:YH/um3RA8sq2nsBdOg2HfZHAcaq3QYiubEP7E4TX:Y2sRdsFIdMHVr3QYhbY7n7
                                                                        MD5:B4DF726D7C9E91659F7D4091807C370C
                                                                        SHA1:4B2980E63CCDA82C67CA7A86915CEA53EFD2CC33
                                                                        SHA-256:F1B3761A5512011BC4AC8155FDDCDC8EBE23B70C210F670DC2ADF201D0972316
                                                                        SHA-512:58887FB1D6EC2BFDE968F137305AADD4AE213E60FFC7CF2B6F055F3FB82B314DFA8FFBDE52B40B9A4A882F44D7889742164F1653F57618859DA2F91E41BF33CB
                                                                        Malicious:false
                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377113722766192","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":667267},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):6268
                                                                        Entropy (8bit):5.242614965558648
                                                                        Encrypted:false
                                                                        SSDEEP:192:TUi8h+F8Aj8DRCGwtqzmsLnNreR2ZpjRe4I8qr9jnNI92D3jC+3ETKEAE8Pbl:jX8eQ0
                                                                        MD5:8CB0A0656CE9ED3092EC7163557FDDF0
                                                                        SHA1:C304E0F2590400A64622648FAD7B3564CFCEBFC4
                                                                        SHA-256:B28DB7BCB64321D0AE5101B5DE48A77760A71605139DFDE24A3C642D13E9EE70
                                                                        SHA-512:F702236CF18EA0CDA30395499690626B72A8E039E6F4FE29B966AA1EE2590E4EDAD038C2E5A6B2F4AD304AE053F4A786D30C13ACF33D4E8B2449A12AD26BF908
                                                                        Malicious:false
                                                                        Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:ASCII text
                                                                        Category:dropped
                                                                        Size (bytes):323
                                                                        Entropy (8bit):5.169300114867933
                                                                        Encrypted:false
                                                                        SSDEEP:6:HApvyQ+q2PsHO2nKuAl9OmbzNMxIFUt8YApvzgZmw+YApvsAQVkwOsHO2nKuAl9c:gRyVvkHVHAa8jFUt87Rzg/+7RNI51HVv
                                                                        MD5:E151107498CA3674A22BD0B04CEB5782
                                                                        SHA1:27854353D0955B2087AABAC589C00B17477A2554
                                                                        SHA-256:E4E066A5E78BD1E3D9B59C31912C8671DFAB77595B5D7C8BD94BD96114C59298
                                                                        SHA-512:7FF22D1864D53B74A67E57C870C15092F46EA29C5734990E859D893AF5F70E82469FA605C6EDDBBB4F465A732AB7325497398FA4F9641106B49491253062A08B
                                                                        Malicious:false
                                                                        Preview:2024/11/25-11:55:12.949 828 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/25-11:55:12.951 828 Recovering log #3.2024/11/25-11:55:12.953 828 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:ASCII text
                                                                        Category:dropped
                                                                        Size (bytes):323
                                                                        Entropy (8bit):5.169300114867933
                                                                        Encrypted:false
                                                                        SSDEEP:6:HApvyQ+q2PsHO2nKuAl9OmbzNMxIFUt8YApvzgZmw+YApvsAQVkwOsHO2nKuAl9c:gRyVvkHVHAa8jFUt87Rzg/+7RNI51HVv
                                                                        MD5:E151107498CA3674A22BD0B04CEB5782
                                                                        SHA1:27854353D0955B2087AABAC589C00B17477A2554
                                                                        SHA-256:E4E066A5E78BD1E3D9B59C31912C8671DFAB77595B5D7C8BD94BD96114C59298
                                                                        SHA-512:7FF22D1864D53B74A67E57C870C15092F46EA29C5734990E859D893AF5F70E82469FA605C6EDDBBB4F465A732AB7325497398FA4F9641106B49491253062A08B
                                                                        Malicious:false
                                                                        Preview:2024/11/25-11:55:12.949 828 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/25-11:55:12.951 828 Recovering log #3.2024/11/25-11:55:12.953 828 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):86016
                                                                        Entropy (8bit):4.444848783566435
                                                                        Encrypted:false
                                                                        SSDEEP:384:yeZci5t3iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:Fcs3OazzU89UTTgUL
                                                                        MD5:C260A249C82E7E6153FC2EBA47A0BFDC
                                                                        SHA1:7A80E5CD90934BD6AE7D3885DE25E95D690851CF
                                                                        SHA-256:A35BEE987C9B8FC29E60A1FB6C434A51E56905AD34255E84144F2B69644D515C
                                                                        SHA-512:8A09E871661D2DD91F97AA3BFB814196890A4B0639AA14938BE164E56941418568BCC0479A65728C71F37CE64111EA48828E87814164A2B440BF848498F27CFF
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:SQLite Rollback Journal
                                                                        Category:dropped
                                                                        Size (bytes):8720
                                                                        Entropy (8bit):3.7686627582405245
                                                                        Encrypted:false
                                                                        SSDEEP:48:7MqAjioyV+ioyloy1Cioy16oy1WKOioy1noy1AYoy1Wioy11ioyeioyBoy1noy10:7xqu+/iX2jiPb9IVXEBodRBkU
                                                                        MD5:C51B072CC08551D5B2CCD3F725FCD4EE
                                                                        SHA1:9C91D2277C5DB75848963E9174BFF7CC65136170
                                                                        SHA-256:7FF0F4CBEBE0BF58A9771A61117B377CB2CC46557D857D94137AE37CD195F77B
                                                                        SHA-512:1C513F6A4DE01ECA8235FA9EA7FD4746F7531297688983331FA8C10911CFB440BFE3A6FB477F0985000E385E94EFC6DF7F185BCA7EB33C53781579AB7741A86D
                                                                        Malicious:false
                                                                        Preview:.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:Certificate, Version=3
                                                                        Category:dropped
                                                                        Size (bytes):1391
                                                                        Entropy (8bit):7.705940075877404
                                                                        Encrypted:false
                                                                        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                        Malicious:false
                                                                        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                        Category:dropped
                                                                        Size (bytes):71954
                                                                        Entropy (8bit):7.996617769952133
                                                                        Encrypted:true
                                                                        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                        Malicious:false
                                                                        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):192
                                                                        Entropy (8bit):2.7673182398396405
                                                                        Encrypted:false
                                                                        SSDEEP:3:kkFkl8xqa+kPtfllXlE/HT8kWlltNNX8RolJuRdxLlGB9lQRYwpDdt:kKlxhbPeT8B7NMa8RdWBwRd
                                                                        MD5:C42CB3A715B02A775ED8B32B078573EF
                                                                        SHA1:F05A843D37370DC97F45566448C7ED61604F1FFF
                                                                        SHA-256:89E671FF6DC8892D3CE493322BE4BD383EB82F3AD41B676738A6B6CB4F20FC3D
                                                                        SHA-512:8170DDD0C0AA438D2B1A91B0983C6434318BF52DEA9FB4F781DDC50F0FEBAFE5AAB75417EDFE7896A461A98CAABEF0E8658B48B465B46FF7AB4EE8FA134E62CC
                                                                        Malicious:false
                                                                        Preview:p...... ............Z?..(....................................................... ..........W.....|..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:data
                                                                        Category:modified
                                                                        Size (bytes):328
                                                                        Entropy (8bit):3.150184159866505
                                                                        Encrypted:false
                                                                        SSDEEP:6:kKa+M/L9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:9siDnLNkPlE99SNxAhUe/3
                                                                        MD5:D422D0BD23CA082C03124367EBC6B6A6
                                                                        SHA1:6AFF58A418CA0FDF9957032BB5959655AE7D7F5A
                                                                        SHA-256:91AF43443A5B5F02602D858B8C91EA8C8C3E79520D8EFB3C651E6C8C1EA5CF59
                                                                        SHA-512:257F46753E4DFCDAA70BE40CF837FFDAB37DAB307A1328EC0F0BDCDBEC0832F7C34B8965FFF28BF6F01D41DC5095DE92977DD426065651FDAB8F43722A000888
                                                                        Malicious:false
                                                                        Preview:p...... ............Z?..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7020

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:PostScript document text
                                                                        Category:dropped
                                                                        Size (bytes):1233
                                                                        Entropy (8bit):5.233980037532449
                                                                        Encrypted:false
                                                                        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                        MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                        Malicious:false
                                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:PostScript document text
                                                                        Category:dropped
                                                                        Size (bytes):1233
                                                                        Entropy (8bit):5.233980037532449
                                                                        Encrypted:false
                                                                        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                        MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                        Malicious:false
                                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:PostScript document text
                                                                        Category:dropped
                                                                        Size (bytes):10880
                                                                        Entropy (8bit):5.214360287289079
                                                                        Encrypted:false
                                                                        SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                        MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                        SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                        SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                        SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                        Malicious:false
                                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7020

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:PostScript document text
                                                                        Category:dropped
                                                                        Size (bytes):10880
                                                                        Entropy (8bit):5.214360287289079
                                                                        Encrypted:false
                                                                        SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                        MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                        SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                        SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                        SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                        Malicious:false
                                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):4
                                                                        Entropy (8bit):0.8112781244591328
                                                                        Encrypted:false
                                                                        SSDEEP:3:e:e
                                                                        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                        Malicious:false
                                                                        Preview:....

                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:JSON data
                                                                        Category:dropped
                                                                        Size (bytes):2145
                                                                        Entropy (8bit):5.066729716043762
                                                                        Encrypted:false
                                                                        SSDEEP:48:YVQYXUgJIO199uhrbhCnPiz7JQTJL0cU8/Yv/QMaL:EUgDu9dH7sJLRtw3QMQ
                                                                        MD5:FDAF800F2425847794089C7B47F55454
                                                                        SHA1:726BE60AD47A6F9B7BAE527A0CC826178D5E1802
                                                                        SHA-256:D9316947607F51C6A30A5E774952FB0D33210AD1A34241CA3F6D87FE20D00908
                                                                        SHA-512:B950AE6DE1385201431FCCFBBF3F2058D9F614E46DC355D5B1CC2003BAFC598C12401E4C4193E2B3A0F3A234AECDAAA9526D8F3F183DEBBA5B4CF442145FCD67
                                                                        Malicious:false
                                                                        Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1732553713000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"d0ada70ae07a10b13ce1a51227edb82a","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696586972000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a7d5f1623758b44a6bb1af710a205b8e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696586967000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b0f98dc45482391504041ce5d4455f67","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696586967000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"9eb8200575456615765dda2e131b71fc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696585522000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"2041266456e181a98e8e0a84e20ab5ca","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696585522000},{"id":"DC_Reader_Edit_LHP_Banner"

                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
                                                                        Category:dropped
                                                                        Size (bytes):12288
                                                                        Entropy (8bit):1.3580726933158644
                                                                        Encrypted:false
                                                                        SSDEEP:48:TVl2GL7msncRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22Lo5BvPq:vVmssZnrF7tS
                                                                        MD5:444AAC7CA602DC102B9C66DBA5C5F682
                                                                        SHA1:3E000E073FE6F01B2F2CCDAA6DEC19B09B1DB4FC
                                                                        SHA-256:4A78D28D1EB569AE692C08AE50CA18188D13A7E3BD46A7A96F302B6D4682D9BE
                                                                        SHA-512:3692C17F20A1FDD7D027A35AC510B71897BEFF6A1F98334A96F44FCABE59423CD077D3C764CC6B6EFF168E4A5AFFBEEDDB24A45A04C93DAF7146FC29A4C21001
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:SQLite Rollback Journal
                                                                        Category:dropped
                                                                        Size (bytes):8720
                                                                        Entropy (8bit):1.8312724291647025
                                                                        Encrypted:false
                                                                        SSDEEP:48:7MQWcRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22LhBvPxc1qll2GL7msY:7tZnrFItMqVmsY
                                                                        MD5:A0E9CE5412F1E918E6FAAC78FB735148
                                                                        SHA1:D1457ED685C43DACA5D919BF5ECEBEA26C695DDB
                                                                        SHA-256:48BDD15BB433409751C946E16CE3F19BC49F3AD5DBE838976712783ED1B094E4
                                                                        SHA-512:B8E067D7973B2454ABAA5675FE0EF8207B0521551B810B61C7793A47693DF6B7C80069271439EE5A5A84A68511355D5010F6F61DEA405455C9067AB52BE50D4E
                                                                        Malicious:false
                                                                        Preview:.... .c.......RH......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):66726
                                                                        Entropy (8bit):5.392739213842091
                                                                        Encrypted:false
                                                                        SSDEEP:768:RNOpblrU6TBH44ADKZEg+/lFK1UH60UWld9QG6fgdBjIYyu:6a6TZ44ADE8lc1Ua0Uw5IK
                                                                        MD5:713C7D3D944C684B7A77AACE3A1D0930
                                                                        SHA1:8E23D56EBF013B721BCD7F05F405ADB3F275FC0C
                                                                        SHA-256:A5F7CA9AD97621FB7E70E60F9AC0D1C4B94DC30AAF0865845E2F48D40F5CFD06
                                                                        SHA-512:DCF8B1C7EC86F5DB15163AA0CDBCC77FA33B9D3020E0066A9B9EAF961D354D2637C2BEF273E3CE74B39C9915E14211C92E4253F5557DE59E8DF643EB7A5EBA57
                                                                        Malicious:false
                                                                        Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                                        C:\Users\user\AppData\Local\Temp\MSIba379.LOG

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):246
                                                                        Entropy (8bit):3.4917080724083283
                                                                        Encrypted:false
                                                                        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8fv4H:Qw946cPbiOxDlbYnuRKZH
                                                                        MD5:9D7ACDF887CD80DB29045A897388DDDD
                                                                        SHA1:E6B7859FD905500E20055B1FBB47207E071B3E2E
                                                                        SHA-256:8B47807A3F28B3E36E62F7EE9339D7C761F6FE3BDC9103AA407A5D37E7845547
                                                                        SHA-512:6CDA783196279E04E64C75BFA02F44218347ABFAB5435363A4AD1C093DEED7A745DE403D1573B71EA4F1FAB493F2136A170825AF39C1A286D154FCEC32A96210
                                                                        Malicious:false
                                                                        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.1.1./.2.0.2.4. . .1.1.:.5.5.:.1.7. .=.=.=.....

                                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-25 11-55-12-191.log

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:ASCII text, with very long lines (393)
                                                                        Category:dropped
                                                                        Size (bytes):16525
                                                                        Entropy (8bit):5.359827924713262
                                                                        Encrypted:false
                                                                        SSDEEP:384:yNDmLJAZYTtvEcrd/GVMimVRMTzpCeb9sJVPbvHktuFKr4Bnk2DfNSNq8iwyhZ9u:bAPaRH9E3/
                                                                        MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
                                                                        SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
                                                                        SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
                                                                        SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
                                                                        Malicious:false
                                                                        Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):15114
                                                                        Entropy (8bit):5.379658170058437
                                                                        Encrypted:false
                                                                        SSDEEP:384:uCmrxxo0LlmDUQ627GoDYS/Gfgfk9qqxYii9zdPlNdA5839wYafeHMEVsTVWNM0j:MKPr
                                                                        MD5:DA719EEF624B83DE1B181D28D101377D
                                                                        SHA1:BDEAB253075C54AC29E34F67F30A4A2FD0257A27
                                                                        SHA-256:3D1990096EAD1B9ECF1B3E2DABC7B2C8643C8214B748B7911991C7A444ECD242
                                                                        SHA-512:4928694DB2360FC851CA616C74FF60E323A6B9804D4A0A06F1CB05C977D33812E04AA598348D348DB25E22FFDEC7D1C9C3C55EAAA64EFB2A98593C0106351982
                                                                        Malicious:false
                                                                        Preview:SessionID=53ffb90f-8b29-488b-96cf-7f48d0a998ca.1732553712203 Timestamp=2024-11-25T11:55:12:203-0500 ThreadID=6232 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=53ffb90f-8b29-488b-96cf-7f48d0a998ca.1732553712203 Timestamp=2024-11-25T11:55:12:205-0500 ThreadID=6232 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=53ffb90f-8b29-488b-96cf-7f48d0a998ca.1732553712203 Timestamp=2024-11-25T11:55:12:205-0500 ThreadID=6232 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=53ffb90f-8b29-488b-96cf-7f48d0a998ca.1732553712203 Timestamp=2024-11-25T11:55:12:205-0500 ThreadID=6232 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=53ffb90f-8b29-488b-96cf-7f48d0a998ca.1732553712203 Timestamp=2024-11-25T11:55:12:206-0500 ThreadID=6232 Component=ngl-lib_NglAppLib Description="SetConf

                                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):35721
                                                                        Entropy (8bit):5.421758487740409
                                                                        Encrypted:false
                                                                        SSDEEP:192:fcbmI6ccb9cb+IqccbdcbIIl3cbXcbWIS+cb4cbIIJzcbhbcb+IEUz7cbF:g6sqGlVS/JnEt
                                                                        MD5:C1A97E583EE405FFA459A53D8E476A7C
                                                                        SHA1:346E6A009ECD9B4DA58E413C3AA36652F2143723
                                                                        SHA-256:336D84FA628F792780632F1DCE1C703285A43B17256DFD53CA69658CA25A10D0
                                                                        SHA-512:3A86E2EB10C93D1CFFBB7D079F9C05B8DDD8E577691ECC97A76255737673F88FA13D906DEF924D8E08379113BB43EA5E49C7F3F1D8D1F265E59D9BECA9D6DA3B
                                                                        Malicious:false
                                                                        Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

                                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\00802789-aef0-452e-80c9-8955c9dd1a74.tmp

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                        Category:dropped
                                                                        Size (bytes):758601
                                                                        Entropy (8bit):7.98639316555857
                                                                        Encrypted:false
                                                                        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                        MD5:3A49135134665364308390AC398006F1
                                                                        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                        Malicious:false
                                                                        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\4d8e29c6-b8c4-46c5-a120-2295cb808edb.tmp

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                        Category:dropped
                                                                        Size (bytes):1407294
                                                                        Entropy (8bit):7.97605879016224
                                                                        Encrypted:false
                                                                        SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZ4ZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLaGZ48
                                                                        MD5:1D64D25345DD73F100517644279994E6
                                                                        SHA1:DE807F82098D469302955DCBE1A963CD6E887737
                                                                        SHA-256:0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
                                                                        SHA-512:C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
                                                                        Malicious:false
                                                                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\77534770-1daa-4164-8060-f611f8fbdbd1.tmp

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                        Category:dropped
                                                                        Size (bytes):386528
                                                                        Entropy (8bit):7.9736851559892425
                                                                        Encrypted:false
                                                                        SSDEEP:6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m
                                                                        MD5:774036904FF86EB19FCE18B796528E1E
                                                                        SHA1:2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
                                                                        SHA-256:D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
                                                                        SHA-512:9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
                                                                        Malicious:false
                                                                        Preview:...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

                                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\cc163faa-d5cb-43d2-9ba4-d64985781a0f.tmp

                                                                        Download File
                                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                        Category:dropped
                                                                        Size (bytes):1419751
                                                                        Entropy (8bit):7.976496077007677
                                                                        Encrypted:false
                                                                        SSDEEP:24576:/x0WL07oDGZswYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:J0WLxDGZswZGM3mlind9i4ufFXpAXkru
                                                                        MD5:1A39CAAE4C5F8AD2A98F0756FFCBA562
                                                                        SHA1:279F2B503A0B10E257674D31532B01EA7DE0473F
                                                                        SHA-256:57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95
                                                                        SHA-512:73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99
                                                                        Malicious:false
                                                                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                        Download File
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:56:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                        Category:dropped
                                                                        Size (bytes):2677
                                                                        Entropy (8bit):3.994589307434448
                                                                        Encrypted:false
                                                                        SSDEEP:48:8GydqZTNj7emHsidAKZdA1JehwiZUklqehekJy+3:8GJIF/Yy
                                                                        MD5:D6A463CBE671A1C97DCF320B3F3C31FF
                                                                        SHA1:04F7370AC003022990FBBDAD175BD8DA514BD9AD
                                                                        SHA-256:528A14CB304617D2D214D8144D8C24F715248A2978ACC61FE81ED8D3B5C972C1
                                                                        SHA-512:4A021C2196E95B4D9A2C1DC895761F423600C14AC960C30697DD21FC4623AB750128DD948E6B83F4E7C771345CD19E55B877ECD5586A1B196BF4B012A59384F9
                                                                        Malicious:false
                                                                        Preview:L..................F.@.. ...$+.,........Z?......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IyY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VyY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VyY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VyY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                        Download File
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:56:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                        Category:dropped
                                                                        Size (bytes):2679
                                                                        Entropy (8bit):4.006961618070605
                                                                        Encrypted:false
                                                                        SSDEEP:48:8HzydqZTNj7emHsidAKZdA10eh/iZUkAQkqehvkJy+2:8HzJIv9Q0Yy
                                                                        MD5:FB5854E138018F6F26FD6B23E0785613
                                                                        SHA1:B45A92C973DA0C96D1708496C95ADF3C2AD965F0
                                                                        SHA-256:8A5970C9105E594280EC7909D8EE09BDFFA11D6C7A6D3AF11CCA6C36C2939609
                                                                        SHA-512:F7699718D6EE9979D36C58E547F404198EB281AA459BB159F91FF78DEF65805E7E5207F5E9D7A04D620B0066AC94ADDB946F90B0CB493130FCDBF2D69BEA78F7
                                                                        Malicious:false
                                                                        Preview:L..................F.@.. ...$+.,....o6..Z?......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IyY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VyY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VyY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VyY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                        Download File
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                        Category:dropped
                                                                        Size (bytes):2693
                                                                        Entropy (8bit):4.016917777191534
                                                                        Encrypted:false
                                                                        SSDEEP:48:8eydqZTNj7ejHsidAKZdA14tIeh7sFiZUkmgqeh7s9kJy+BX:8eJI4njYy
                                                                        MD5:7F922C6E88D1F8912958B97264DB2F91
                                                                        SHA1:014C4330FB02B9C05B56CAB8C66B11B04B94E931
                                                                        SHA-256:83724F334DACF5F3D5E1136C85D6BB16A7846FDBEFB3DF604E1B2C5AE9B27A58
                                                                        SHA-512:47E774020813A8852BBE9CB0E1D4D50670A7DE608510C0E2A6C6563AC847A67CE0CDB08603914881965DCF3C5607D8A2E64F9D1755AB729C651C1C781D625CE1
                                                                        Malicious:false
                                                                        Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IyY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VyY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VyY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                        Download File
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:56:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                        Category:dropped
                                                                        Size (bytes):2681
                                                                        Entropy (8bit):4.0087265368078695
                                                                        Encrypted:false
                                                                        SSDEEP:48:8OydqZTNj7emHsidAKZdA1behDiZUkwqehLkJy+R:8OJIclYy
                                                                        MD5:3BC8FD7EFFB12397001A916ADE06164E
                                                                        SHA1:0BA1B23FFC709DAB02E627CDFC73941ACE1BF1B2
                                                                        SHA-256:F6DAA4054CD96D7EDC84AD510A43C9BB8D39B57809A2CD80E9248F63F2720AC7
                                                                        SHA-512:704B63A7FAB4B2B187FA87EED127E88EDB076367810B189A7281A601BAAFF3D4F9085939F0627A28DBDDD1D2A4A0DBF062E0DF6168B6E0742CA3E30F9FB1F443
                                                                        Malicious:false
                                                                        Preview:L..................F.@.. ...$+.,....^`..Z?......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IyY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VyY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VyY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VyY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                        Download File
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:56:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                        Category:dropped
                                                                        Size (bytes):2681
                                                                        Entropy (8bit):3.996284715978148
                                                                        Encrypted:false
                                                                        SSDEEP:48:8IgydqZTNj7emHsidAKZdA1VehBiZUk1W1qehRkJy+C:8IgJIM9xYy
                                                                        MD5:65BC50CA481F0A4A290CA9471F64AD8D
                                                                        SHA1:2F5A50F2C1AF5FDEAD408FBE6C40201C78B6CB92
                                                                        SHA-256:885F7A6811711807C2207D40401E883A4A809F3580ACE6988432A1F2D0E52280
                                                                        SHA-512:44D8A99DDEFD9BF3FF7694F60B03D136579A039B74371ECD8E1DE21245D27C4AC4A6FDDF251FE76C225730A6DF8D63524A1ECB4CDFE1BD64E81772AC50D37AAA
                                                                        Malicious:false
                                                                        Preview:L..................F.@.. ...$+.,....l!..Z?......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IyY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VyY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VyY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VyY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                        Download File
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:56:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                        Category:dropped
                                                                        Size (bytes):2683
                                                                        Entropy (8bit):4.007610671329324
                                                                        Encrypted:false
                                                                        SSDEEP:48:8AydqZTNj7emHsidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbjkJy+yT+:8AJImTTTbxWOvTbjYy7T
                                                                        MD5:7FE1344CF86DA4A3A2BB941CBD256F29
                                                                        SHA1:8D524D6EC22129F4675CE19F477E4E8DAA3271FE
                                                                        SHA-256:C1916803A8E5F5C79EB7141D9437302E7B2E7C200F81C92DA3E5B014CD27B59C
                                                                        SHA-512:CDB75FE4AA36498876130DCB6BBF0C5CC00D193994E7C50767AB14F1481DD3909A16F5075FEC1C1C39907370D401B3747CBD158D795B688F85A0E7E577B12458
                                                                        Malicious:false
                                                                        Preview:L..................F.@.. ...$+.,........Z?......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IyY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VyY......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VyY.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VyY.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                        Chrome Cache Entry: 148

                                                                        Download File
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:RIFF (little-endian) data, Web/P image
                                                                        Category:downloaded
                                                                        Size (bytes):702
                                                                        Entropy (8bit):7.564376283812688
                                                                        Encrypted:false
                                                                        SSDEEP:12:QPWpnDSm2Ji+3pwiWMhOY3LkQi9Y2n781Ulu8mXCbUbdYYdUW/nuUcFIhYI2p:QOpV2f5wiWMhJ3LfR27oX3bdY4l/ujVT
                                                                        MD5:DC1F7BB627EB282687A068FE218A7A1A
                                                                        SHA1:D15B7BBE4BA601D295F0D47590FF02F805CAABF9
                                                                        SHA-256:054D338F93E65FD3897D5B81E6342CEC72F38393052054515F19363C13EDABBD
                                                                        SHA-512:E6A8517B9DBACBE73AFE883F004DC29F51E5FC9A8E56EE5B941EC88CFA6B94A39C8EA98D722AD6577325427BC7E624AD18CB3C3CABE5D99A8FA41AA1D880545B
                                                                        Malicious:false
                                                                        URL:https://miportalseguro.com/wp-content/uploads/2020/08/cropped-mps-logo-favicon-1-32x32.png
                                                                        Preview:RIFF....WEBPVP8X..............ALPH.....'..m..}...?h.)".?O..(`\bA0D.&.0..d......6.$E.cf......m.....H..3..z.........;.g%....%..n)JVqvTMT......?...W.,.C{w...1..2........p.....VP8 ....p....* . .>M..D$"!....@...N...o......O..#. <.~..u...y[..|....C..E..:>:.._.^..........@..>?..+."_P...D(V.O.M....N.),{...8..8... M.~........}*...q..(.D.=.CA.......eT..;..........o#.Sz,o..s....2..........y.C...b..........>.^C...6....U.\.E{D...tV........U.>....b...s...../....x..d...=[.B...M...;..+#Ic..k.-..OJ.._z....E.:`....=..b...K....QSx......OCf<eE...<...~W.F:\.....0........|.........9.jm3V........E.....Z.W>|(..]......y..9....B.......e|.g.p.....T.Mz.z.t.S[..92u..L.{..c.y.StY)._..

                                                                        Chrome Cache Entry: 149

                                                                        Download File
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:very short file (no magic)
                                                                        Category:downloaded
                                                                        Size (bytes):1
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:3:v:v
                                                                        MD5:68B329DA9893E34099C7D8AD5CB9C940
                                                                        SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                                                                        SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                                                                        SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                                                                        Malicious:false
                                                                        URL:https://miportalseguro.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL]
                                                                        Preview:.

                                                                        Chrome Cache Entry: 150

                                                                        Download File
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                        Category:dropped
                                                                        Size (bytes):1030
                                                                        Entropy (8bit):7.775841244656435
                                                                        Encrypted:false
                                                                        SSDEEP:24:2IzKGH4I2vGUrYKbFpycnaVffCo3XBQV4rvN9g9tV9Q1x9snq:2WYI2vZrZyW6fCo3aGxaBq9
                                                                        MD5:E76E5AE1E6257117070828003405802B
                                                                        SHA1:CCD346D7616387A01F749C6826D721FE627736DD
                                                                        SHA-256:59122B52A5A91B4046978FEE9C0D68BC6F1C35C58A95066D9219218C780CB05A
                                                                        SHA-512:676B535658B7D18953FF34654A4E1BD39C7AC2AA838711354D16B9F925F66AE4A2A505433ABFF36FD30ADB7C8F3980B6195AE5517EAAA8652A7E9924CDEC9DB1
                                                                        Malicious:false
                                                                        Preview:.PNG........IHDR... ... .....szz.....pHYs..........+......IDATX..[l.e.....^vK....4...jKkA...DA...-jk.G(QcB.i....4.CZb4.....h..I.Jy.KB.["R6..n......6lob.....2....9...a...;ov~.SE....b._fJ....${.O..=5.:.....m...J.....d!25..DdQY.w{]..@t...9...v.#..:rG..o..&...b..k... .3z.........3?$.*.>..../..`.!.d........JC4:'.......h..........PU.9.23..S...|>....:r...C......*.&.0U/c..FD......-..U...0_~.y.MHO.4....m..). .......SL..W*1...EIU.eK..i@V?..=....I]z...0w.bY.."p..,..l.dgc.,D.~v.9...A....}...A~>..%....X.......5..."f ....Xb...h$....%..mCZ.Rt;Vu.v.f.....f...-..c.....W..t&.....C....A.7..r.=z.e.....g.Vd."0.=y.m=6....0..`.mB[[..B.].C.+1/.....=|.),$.f-2F....b^......sn.A].F.nD..M...9.....7`.Y...|...p..........??|.T.+.p..8.....~......!.. ..j.h....N.ao.,]..8.....lE...J..t...887Z.X.....7.AJK..mh...q......vw..@...v..d\MA......!..O.{f...iI....?....B.?K...&#ee....N;...2O..i<...=..`.~....)*..<.:d....P..o..^..]....I..U...0.s:.X..b=x.5.......I....D ';..Z....

                                                                        Static File Info

                                                                        General

                                                                        File type:PDF document, version 1.6 (zip deflate encoded)
                                                                        Entropy (8bit):7.9010278573426875
                                                                        TrID:
                                                                        • Adobe Portable Document Format (5005/1) 100.00%
                                                                        File name:Invoice-99007553423-protected.pdf
                                                                        File size:28'566 bytes
                                                                        MD5:4b5b6a995b28e9d001e56750638cf8ff
                                                                        SHA1:0846cb53bc66c3b5318e8dc7aaecc36a685ac3d4
                                                                        SHA256:8554f6f8c3e332d8d5cd7cb590d2a6a7b807b8d0687b936b0cb135f894ab8f44
                                                                        SHA512:f55e806e866a6fa7242db7d4f715888c252fe6aa2964a8051bfc6fedc2e55b6db9d3dbe53235d9b41e7e7902ab39a90a834de9c2a5ede395094cc0b288644e3b
                                                                        SSDEEP:768:/uPVywHK1IpU5O4CQHqiBY1uHNdQoK9PkRuwM:/Cy6K1XO4ro1uHs7e+
                                                                        TLSH:8CD2D08CDB3688EDEC51BD707236639A86CBC1DF2149352E250A85CB3306F259634DFA
                                                                        File Content Preview:%PDF-1.6.%......116 0 obj.<</Linearized 1/L 28566/O 119/E 22464/N 1/T 28238/H [ 517 198]>>.endobj. .137 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Encrypt 117 0 R/Filter/FlateDecode/ID[<85034C825FBBB2110A0067458B6BC623><DE064C825FBBB2

                                                                        File Icon

                                                                        Icon Hash:62cc8caeb29e8ae0

                                                                        Static PDF Info

                                                                        General

                                                                        Header:%PDF-1.6
                                                                        Total Entropy:7.901028
                                                                        Total Bytes:28566
                                                                        Stream Entropy:7.991244
                                                                        Stream Bytes:24372
                                                                        Entropy outside Streams:5.357832
                                                                        Bytes outside Streams:4194
                                                                        Number of EOF found:2
                                                                        Bytes after EOF:

                                                                        Keywords Statistics

                                                                        NameCount
                                                                        obj29
                                                                        endobj29
                                                                        stream25
                                                                        endstream25
                                                                        xref0
                                                                        trailer0
                                                                        startxref2
                                                                        /Page1
                                                                        /Encrypt2
                                                                        /ObjStm5
                                                                        /URI0
                                                                        /JS0
                                                                        /JavaScript0
                                                                        /AA0
                                                                        /OpenAction0
                                                                        /AcroForm0
                                                                        /JBIG2Decode0
                                                                        /RichMedia0
                                                                        /Launch0
                                                                        /EmbeddedFile0

                                                                        Network Behavior

                                                                        Suricata IDS Alerts

                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                        2024-11-25T17:56:10.753783+01002057333ET PHISHING MAMBA Credential Phish Landing Page 2024-11-081192.168.2.1749718162.241.60.177443TCP
                                                                        2024-11-25T17:56:40.584028+01002057333ET PHISHING MAMBA Credential Phish Landing Page 2024-11-081192.168.2.1749725162.241.60.177443TCP

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 25, 2024 17:55:11.592195034 CET49677443192.168.2.17204.79.197.200
                                                                        Nov 25, 2024 17:55:11.592199087 CET49678443192.168.2.17204.79.197.200
                                                                        Nov 25, 2024 17:55:11.592199087 CET49676443192.168.2.17204.79.197.200
                                                                        Nov 25, 2024 17:55:19.180535078 CET49675443192.168.2.17204.79.197.203
                                                                        Nov 25, 2024 17:55:19.484077930 CET49675443192.168.2.17204.79.197.203
                                                                        Nov 25, 2024 17:55:20.091058016 CET49675443192.168.2.17204.79.197.203
                                                                        Nov 25, 2024 17:55:21.304042101 CET49675443192.168.2.17204.79.197.203
                                                                        Nov 25, 2024 17:55:21.440826893 CET49702443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:21.440886021 CET443497022.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:21.440977097 CET49702443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:21.442811012 CET49702443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:21.442826033 CET443497022.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:21.957520962 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:21.957566977 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:21.957645893 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:21.959043026 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:21.959053993 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:22.851063013 CET443497022.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:22.851142883 CET49702443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:22.853189945 CET49702443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:22.853202105 CET443497022.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:22.853456974 CET443497022.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:22.893270016 CET49702443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:22.935336113 CET443497022.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:23.266680002 CET49705443192.168.2.1723.195.76.153
                                                                        Nov 25, 2024 17:55:23.266725063 CET4434970523.195.76.153192.168.2.17
                                                                        Nov 25, 2024 17:55:23.266803980 CET49705443192.168.2.1723.195.76.153
                                                                        Nov 25, 2024 17:55:23.266971111 CET49705443192.168.2.1723.195.76.153
                                                                        Nov 25, 2024 17:55:23.266988993 CET4434970523.195.76.153192.168.2.17
                                                                        Nov 25, 2024 17:55:23.331396103 CET49680443192.168.2.1720.189.173.13
                                                                        Nov 25, 2024 17:55:23.378563881 CET443497022.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:23.378638983 CET443497022.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:23.378767014 CET49702443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:23.378813028 CET49702443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:23.378833055 CET443497022.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:23.378851891 CET49702443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:23.378859043 CET443497022.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:23.415179014 CET49706443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:23.415220976 CET443497062.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:23.415329933 CET49706443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:23.415657043 CET49706443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:23.415668964 CET443497062.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:23.632071018 CET49680443192.168.2.1720.189.173.13
                                                                        Nov 25, 2024 17:55:23.712106943 CET49675443192.168.2.17204.79.197.203
                                                                        Nov 25, 2024 17:55:23.820946932 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:23.821341991 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:23.823982000 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:23.823992014 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:23.824243069 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:23.872039080 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:24.240065098 CET49680443192.168.2.1720.189.173.13
                                                                        Nov 25, 2024 17:55:24.816955090 CET443497062.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:24.817081928 CET49706443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:24.818388939 CET49706443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:24.818399906 CET443497062.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:24.818651915 CET443497062.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:24.819792986 CET49706443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:24.859842062 CET4434970523.195.76.153192.168.2.17
                                                                        Nov 25, 2024 17:55:24.860343933 CET49705443192.168.2.1723.195.76.153
                                                                        Nov 25, 2024 17:55:24.860358953 CET4434970523.195.76.153192.168.2.17
                                                                        Nov 25, 2024 17:55:24.861380100 CET4434970523.195.76.153192.168.2.17
                                                                        Nov 25, 2024 17:55:24.861450911 CET49705443192.168.2.1723.195.76.153
                                                                        Nov 25, 2024 17:55:24.863687992 CET49705443192.168.2.1723.195.76.153
                                                                        Nov 25, 2024 17:55:24.863754034 CET4434970523.195.76.153192.168.2.17
                                                                        Nov 25, 2024 17:55:24.863892078 CET49705443192.168.2.1723.195.76.153
                                                                        Nov 25, 2024 17:55:24.867331028 CET443497062.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:24.907334089 CET4434970523.195.76.153192.168.2.17
                                                                        Nov 25, 2024 17:55:24.914052010 CET49705443192.168.2.1723.195.76.153
                                                                        Nov 25, 2024 17:55:24.914077044 CET4434970523.195.76.153192.168.2.17
                                                                        Nov 25, 2024 17:55:24.959075928 CET49705443192.168.2.1723.195.76.153
                                                                        Nov 25, 2024 17:55:25.229336977 CET4434970523.195.76.153192.168.2.17
                                                                        Nov 25, 2024 17:55:25.229412079 CET4434970523.195.76.153192.168.2.17
                                                                        Nov 25, 2024 17:55:25.229500055 CET49705443192.168.2.1723.195.76.153
                                                                        Nov 25, 2024 17:55:25.230006933 CET49705443192.168.2.1723.195.76.153
                                                                        Nov 25, 2024 17:55:25.230025053 CET4434970523.195.76.153192.168.2.17
                                                                        Nov 25, 2024 17:55:25.334822893 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:25.379329920 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:25.452178001 CET49680443192.168.2.1720.189.173.13
                                                                        Nov 25, 2024 17:55:25.540842056 CET443497062.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:25.541306019 CET443497062.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:25.541650057 CET49706443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:25.541821957 CET49706443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:25.541821957 CET49706443192.168.2.172.20.204.113
                                                                        Nov 25, 2024 17:55:25.541836023 CET443497062.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:25.541842937 CET443497062.20.204.113192.168.2.17
                                                                        Nov 25, 2024 17:55:25.952068090 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:25.952109098 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:25.952119112 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:25.952131987 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:25.952203989 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:25.952231884 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:25.952263117 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:25.952292919 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:25.952358961 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:25.974731922 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:25.974863052 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:25.974864960 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:25.974937916 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:27.469279051 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:27.469307899 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:27.469325066 CET49703443192.168.2.174.245.163.56
                                                                        Nov 25, 2024 17:55:27.469336987 CET443497034.245.163.56192.168.2.17
                                                                        Nov 25, 2024 17:55:27.857075930 CET49680443192.168.2.1720.189.173.13
                                                                        Nov 25, 2024 17:55:28.513307095 CET49675443192.168.2.17204.79.197.203
                                                                        Nov 25, 2024 17:55:31.786421061 CET4968280192.168.2.17192.229.211.108
                                                                        Nov 25, 2024 17:55:32.089315891 CET4968280192.168.2.17192.229.211.108
                                                                        Nov 25, 2024 17:55:32.662182093 CET49680443192.168.2.1720.189.173.13
                                                                        Nov 25, 2024 17:55:32.694163084 CET4968280192.168.2.17192.229.211.108
                                                                        Nov 25, 2024 17:55:33.906152964 CET4968280192.168.2.17192.229.211.108
                                                                        Nov 25, 2024 17:55:36.314199924 CET4968280192.168.2.17192.229.211.108
                                                                        Nov 25, 2024 17:55:38.126136065 CET49675443192.168.2.17204.79.197.203
                                                                        Nov 25, 2024 17:55:41.121350050 CET4968280192.168.2.17192.229.211.108
                                                                        Nov 25, 2024 17:55:42.272206068 CET49680443192.168.2.1720.189.173.13
                                                                        Nov 25, 2024 17:55:50.731224060 CET4968280192.168.2.17192.229.211.108
                                                                        Nov 25, 2024 17:56:04.004808903 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:04.004848003 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:04.004934072 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:04.005422115 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:04.005436897 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:05.626744032 CET49716443192.168.2.1718.173.205.79
                                                                        Nov 25, 2024 17:56:05.626790047 CET4434971618.173.205.79192.168.2.17
                                                                        Nov 25, 2024 17:56:05.626884937 CET49716443192.168.2.1718.173.205.79
                                                                        Nov 25, 2024 17:56:05.627085924 CET49716443192.168.2.1718.173.205.79
                                                                        Nov 25, 2024 17:56:05.627108097 CET4434971618.173.205.79192.168.2.17
                                                                        Nov 25, 2024 17:56:05.777429104 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:05.777575970 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:05.781814098 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:05.781826973 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:05.782134056 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:05.791249037 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:05.835336924 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:06.497188091 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:06.497219086 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:06.497239113 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:06.497312069 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:06.497339010 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:06.497360945 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:06.497385025 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:06.542828083 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:06.542886019 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:06.542916059 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:06.542929888 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:06.542953014 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:06.542979956 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:06.543009043 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:06.543071985 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:06.543087959 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:06.543097973 CET49712443192.168.2.1752.149.20.212
                                                                        Nov 25, 2024 17:56:06.543103933 CET4434971252.149.20.212192.168.2.17
                                                                        Nov 25, 2024 17:56:07.278815031 CET4434971618.173.205.79192.168.2.17
                                                                        Nov 25, 2024 17:56:07.279197931 CET49716443192.168.2.1718.173.205.79
                                                                        Nov 25, 2024 17:56:07.279232025 CET4434971618.173.205.79192.168.2.17
                                                                        Nov 25, 2024 17:56:07.280297041 CET4434971618.173.205.79192.168.2.17
                                                                        Nov 25, 2024 17:56:07.280381918 CET49716443192.168.2.1718.173.205.79
                                                                        Nov 25, 2024 17:56:07.281469107 CET49716443192.168.2.1718.173.205.79
                                                                        Nov 25, 2024 17:56:07.281539917 CET4434971618.173.205.79192.168.2.17
                                                                        Nov 25, 2024 17:56:07.281734943 CET49716443192.168.2.1718.173.205.79
                                                                        Nov 25, 2024 17:56:07.281747103 CET4434971618.173.205.79192.168.2.17
                                                                        Nov 25, 2024 17:56:07.334335089 CET49716443192.168.2.1718.173.205.79
                                                                        Nov 25, 2024 17:56:08.144500971 CET4434971618.173.205.79192.168.2.17
                                                                        Nov 25, 2024 17:56:08.144526958 CET4434971618.173.205.79192.168.2.17
                                                                        Nov 25, 2024 17:56:08.144535065 CET4434971618.173.205.79192.168.2.17
                                                                        Nov 25, 2024 17:56:08.144614935 CET49716443192.168.2.1718.173.205.79
                                                                        Nov 25, 2024 17:56:08.144684076 CET4434971618.173.205.79192.168.2.17
                                                                        Nov 25, 2024 17:56:08.146972895 CET49716443192.168.2.1718.173.205.79
                                                                        Nov 25, 2024 17:56:08.147036076 CET4434971618.173.205.79192.168.2.17
                                                                        Nov 25, 2024 17:56:08.147093058 CET49716443192.168.2.1718.173.205.79
                                                                        Nov 25, 2024 17:56:08.751012087 CET49718443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:08.751066923 CET44349718162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:08.751163006 CET49718443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:08.751384974 CET49718443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:08.751403093 CET44349718162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:10.076986074 CET49719443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:56:10.077039957 CET44349719142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:56:10.077234983 CET49719443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:56:10.077405930 CET49719443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:56:10.077424049 CET44349719142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:56:10.092607975 CET44349718162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:10.092947960 CET49718443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:10.092977047 CET44349718162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:10.094014883 CET44349718162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:10.094185114 CET49718443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:10.095422029 CET49718443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:10.095489025 CET44349718162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:10.095758915 CET49718443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:10.095773935 CET44349718162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:10.142437935 CET49718443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:10.753797054 CET44349718162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:10.754070997 CET44349718162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:10.754151106 CET49718443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:10.755306005 CET49718443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:10.755357981 CET44349718162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:10.809552908 CET49721443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:10.809592009 CET44349721162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:10.809710979 CET49721443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:10.809921026 CET49721443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:10.809936047 CET44349721162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:11.870750904 CET44349719142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:56:11.871052027 CET49719443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:56:11.871083021 CET44349719142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:56:11.872730970 CET44349719142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:56:11.872818947 CET49719443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:56:11.874234915 CET49719443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:56:11.874319077 CET44349719142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:56:11.920329094 CET49719443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:56:11.920342922 CET44349719142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:56:11.967335939 CET49719443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:56:12.166537046 CET44349721162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:12.166867018 CET49721443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:12.166893005 CET44349721162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:12.167251110 CET44349721162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:12.167640924 CET49721443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:12.167696953 CET44349721162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:12.167819023 CET49721443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:12.211338043 CET44349721162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:15.111176014 CET44349721162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:15.111289978 CET44349721162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:15.111488104 CET49721443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:15.111955881 CET49721443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:15.111970901 CET44349721162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:15.113912106 CET49723443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:15.113940001 CET44349723162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:15.114037991 CET49723443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:15.114650011 CET49723443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:15.114665031 CET44349723162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:16.433842897 CET44349723162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:16.434237957 CET49723443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:16.434256077 CET44349723162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:16.434710026 CET44349723162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:16.435086012 CET49723443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:16.435154915 CET44349723162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:16.435251951 CET49723443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:16.479336023 CET44349723162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:16.925220013 CET44349723162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:16.925342083 CET44349723162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:16.925451994 CET49723443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:16.926418066 CET49723443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:16.926443100 CET44349723162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:17.116630077 CET49724443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:17.116682053 CET44349724162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:17.116786957 CET49724443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:17.117059946 CET49724443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:17.117074013 CET44349724162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:18.476985931 CET44349724162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:18.477335930 CET49724443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:18.477376938 CET44349724162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:18.478436947 CET44349724162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:18.478517056 CET49724443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:18.478873014 CET49724443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:18.478941917 CET44349724162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:18.479033947 CET49724443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:18.479043961 CET44349724162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:18.526410103 CET49724443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:18.954076052 CET44349724162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:18.954180002 CET44349724162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:18.954276085 CET49724443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:18.955408096 CET49724443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:18.955434084 CET44349724162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:21.549953938 CET44349719142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:56:21.550117970 CET44349719142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:56:21.550200939 CET49719443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:56:21.615257025 CET49719443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:56:21.615283012 CET44349719142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:56:38.497454882 CET49725443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:38.497500896 CET44349725162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:38.497595072 CET49725443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:38.497731924 CET49726443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:38.497836113 CET44349726162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:38.497910976 CET49726443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:38.497936964 CET49725443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:38.497948885 CET44349725162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:38.498092890 CET49726443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:38.498107910 CET44349726162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:39.759463072 CET44349725162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:39.793726921 CET49725443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:39.793744087 CET44349725162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:39.794433117 CET44349725162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:39.795330048 CET49725443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:39.795669079 CET44349725162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:39.795788050 CET49725443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:39.843353987 CET44349725162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:39.860616922 CET44349726162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:39.862031937 CET49726443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:39.862063885 CET44349726162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:39.862462997 CET44349726162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:39.866018057 CET49726443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:39.866106033 CET44349726162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:39.915465117 CET49726443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:40.242722988 CET49690443192.168.2.17204.79.197.200
                                                                        Nov 25, 2024 17:56:40.368787050 CET44349690204.79.197.200192.168.2.17
                                                                        Nov 25, 2024 17:56:40.563319921 CET44349690204.79.197.200192.168.2.17
                                                                        Nov 25, 2024 17:56:40.563420057 CET49690443192.168.2.17204.79.197.200
                                                                        Nov 25, 2024 17:56:40.565443039 CET49690443192.168.2.17204.79.197.200
                                                                        Nov 25, 2024 17:56:40.565845966 CET49690443192.168.2.17204.79.197.200
                                                                        Nov 25, 2024 17:56:40.566114902 CET49690443192.168.2.17204.79.197.200
                                                                        Nov 25, 2024 17:56:40.566236973 CET49690443192.168.2.17204.79.197.200
                                                                        Nov 25, 2024 17:56:40.584518909 CET44349725162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:40.584613085 CET44349725162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:40.584662914 CET49725443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:40.585298061 CET49725443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:40.585321903 CET44349725162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:40.607692003 CET49726443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:40.651343107 CET44349726162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:40.686568022 CET44349690204.79.197.200192.168.2.17
                                                                        Nov 25, 2024 17:56:40.686868906 CET44349690204.79.197.200192.168.2.17
                                                                        Nov 25, 2024 17:56:40.686943054 CET44349690204.79.197.200192.168.2.17
                                                                        Nov 25, 2024 17:56:40.687119007 CET44349690204.79.197.200192.168.2.17
                                                                        Nov 25, 2024 17:56:40.687251091 CET44349690204.79.197.200192.168.2.17
                                                                        Nov 25, 2024 17:56:40.799061060 CET44349690204.79.197.200192.168.2.17
                                                                        Nov 25, 2024 17:56:40.799134016 CET49690443192.168.2.17204.79.197.200
                                                                        Nov 25, 2024 17:56:40.799216986 CET49690443192.168.2.17204.79.197.200
                                                                        Nov 25, 2024 17:56:40.926460981 CET44349690204.79.197.200192.168.2.17
                                                                        Nov 25, 2024 17:56:40.990384102 CET44349690204.79.197.200192.168.2.17
                                                                        Nov 25, 2024 17:56:40.990514040 CET49690443192.168.2.17204.79.197.200
                                                                        Nov 25, 2024 17:56:41.350531101 CET44349726162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:41.351079941 CET49726443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:56:41.351174116 CET44349726162.241.60.177192.168.2.17
                                                                        Nov 25, 2024 17:56:41.351252079 CET49726443192.168.2.17162.241.60.177
                                                                        Nov 25, 2024 17:57:09.985167027 CET49728443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:57:09.985213995 CET44349728142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:57:09.985306978 CET49728443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:57:09.985557079 CET49728443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:57:09.985575914 CET44349728142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:57:11.769241095 CET44349728142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:57:11.769649029 CET49728443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:57:11.769665956 CET44349728142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:57:11.770133018 CET44349728142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:57:11.770446062 CET49728443192.168.2.17142.250.181.68
                                                                        Nov 25, 2024 17:57:11.770518064 CET44349728142.250.181.68192.168.2.17
                                                                        Nov 25, 2024 17:57:11.824686050 CET49728443192.168.2.17142.250.181.68

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 25, 2024 17:55:23.978770971 CET5261653192.168.2.171.1.1.1
                                                                        Nov 25, 2024 17:55:39.669004917 CET5079253192.168.2.171.1.1.1
                                                                        Nov 25, 2024 17:55:59.105073929 CET6229153192.168.2.171.1.1.1
                                                                        Nov 25, 2024 17:56:05.535938978 CET53500871.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:56:05.588500023 CET53638121.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:56:05.763183117 CET53624371.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:56:08.149892092 CET6131453192.168.2.171.1.1.1
                                                                        Nov 25, 2024 17:56:08.150183916 CET5567153192.168.2.171.1.1.1
                                                                        Nov 25, 2024 17:56:08.508440971 CET53550511.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:56:08.744455099 CET53556711.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:56:08.750442028 CET53613141.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:56:09.926510096 CET6059753192.168.2.171.1.1.1
                                                                        Nov 25, 2024 17:56:09.926785946 CET6310453192.168.2.171.1.1.1
                                                                        Nov 25, 2024 17:56:10.069664955 CET53631041.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:56:10.075951099 CET53605971.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:56:16.929104090 CET5320653192.168.2.171.1.1.1
                                                                        Nov 25, 2024 17:56:16.929267883 CET6515053192.168.2.171.1.1.1
                                                                        Nov 25, 2024 17:56:17.114351034 CET53532061.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:56:17.116007090 CET53651501.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:56:20.556304932 CET138138192.168.2.17192.168.2.255
                                                                        Nov 25, 2024 17:56:25.559606075 CET53654601.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:56:44.496368885 CET53579111.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:57:05.542321920 CET53553481.1.1.1192.168.2.17
                                                                        Nov 25, 2024 17:57:07.196166992 CET53538801.1.1.1192.168.2.17

                                                                        ICMP Packets

                                                                        TimestampSource IPDest IPChecksumCodeType
                                                                        Nov 25, 2024 17:56:05.763385057 CET192.168.2.171.1.1.1c23b(Port unreachable)Destination Unreachable

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        Nov 25, 2024 17:55:23.978770971 CET192.168.2.171.1.1.10xeb08Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:39.669004917 CET192.168.2.171.1.1.10x1c1fStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:59.105073929 CET192.168.2.171.1.1.10x502eStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:56:08.149892092 CET192.168.2.171.1.1.10xa8f2Standard query (0)miportalseguro.comA (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:56:08.150183916 CET192.168.2.171.1.1.10xfa0Standard query (0)miportalseguro.com65IN (0x0001)false
                                                                        Nov 25, 2024 17:56:09.926510096 CET192.168.2.171.1.1.10x4aceStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:56:09.926785946 CET192.168.2.171.1.1.10xf548Standard query (0)www.google.com65IN (0x0001)false
                                                                        Nov 25, 2024 17:56:16.929104090 CET192.168.2.171.1.1.10xe7dcStandard query (0)miportalseguro.comA (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:56:16.929267883 CET192.168.2.171.1.1.10xc521Standard query (0)miportalseguro.com65IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Nov 25, 2024 17:55:22.662729979 CET1.1.1.1192.168.2.170xc5bdNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:22.662729979 CET1.1.1.1192.168.2.170xc5bdNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.208.101A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:22.662729979 CET1.1.1.1192.168.2.170xc5bdNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.211.19A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:22.662729979 CET1.1.1.1192.168.2.170xc5bdNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.56.99A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:22.662729979 CET1.1.1.1192.168.2.170xc5bdNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.211.18A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:22.662729979 CET1.1.1.1192.168.2.170xc5bdNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.208.70A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:22.662729979 CET1.1.1.1192.168.2.170xc5bdNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.59.36A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:22.662729979 CET1.1.1.1192.168.2.170xc5bdNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.56.101A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:22.662729979 CET1.1.1.1192.168.2.170xc5bdNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.208.67A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:24.198349953 CET1.1.1.1192.168.2.170xeb08No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:40.126272917 CET1.1.1.1192.168.2.170x1c1fNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 25, 2024 17:55:59.249277115 CET1.1.1.1192.168.2.170x502eNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 25, 2024 17:56:08.750442028 CET1.1.1.1192.168.2.170xa8f2No error (0)miportalseguro.com162.241.60.177A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:56:10.069664955 CET1.1.1.1192.168.2.170xf548No error (0)www.google.com65IN (0x0001)false
                                                                        Nov 25, 2024 17:56:10.075951099 CET1.1.1.1192.168.2.170x4aceNo error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
                                                                        Nov 25, 2024 17:56:17.114351034 CET1.1.1.1192.168.2.170xe7dcNo error (0)miportalseguro.com162.241.60.177A (IP address)IN (0x0001)false

                                                                        HTTP Request Dependency Graph

                                                                        • fs.microsoft.com
                                                                        • armmf.adobe.com
                                                                        • slscr.update.microsoft.com
                                                                        • docsend.com
                                                                        • miportalseguro.com
                                                                        • https:

                                                                        HTTPS Proxied Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.17497022.20.204.113443
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 16:55:22 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                        Connection: Keep-Alive
                                                                        Accept: */*
                                                                        Accept-Encoding: identity
                                                                        User-Agent: Microsoft BITS/7.8
                                                                        Host: fs.microsoft.com
                                                                        2024-11-25 16:55:23 UTC478INHTTP/1.1 200 OK
                                                                        Content-Type: application/octet-stream
                                                                        Server: Kestrel
                                                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                        X-Ms-ApiVersion: Distribute 1.2
                                                                        X-Ms-Region: prod-eus-z1
                                                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                        X-OSID: 2
                                                                        X-CID: 2
                                                                        X-CCC: GB
                                                                        Cache-Control: public, max-age=59852
                                                                        Date: Mon, 25 Nov 2024 16:55:23 GMT
                                                                        Connection: close
                                                                        X-CID: 2


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.2.17497062.20.204.113443
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 16:55:24 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                        Connection: Keep-Alive
                                                                        Accept: */*
                                                                        Accept-Encoding: identity
                                                                        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                        Range: bytes=0-2147483646
                                                                        User-Agent: Microsoft BITS/7.8
                                                                        Host: fs.microsoft.com
                                                                        2024-11-25 16:55:25 UTC534INHTTP/1.1 200 OK
                                                                        Content-Type: application/octet-stream
                                                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                        ApiVersion: Distribute 1.1
                                                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                        X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                                                                        Cache-Control: public, max-age=59879
                                                                        Date: Mon, 25 Nov 2024 16:55:25 GMT
                                                                        Content-Length: 55
                                                                        Connection: close
                                                                        X-CID: 2
                                                                        2024-11-25 16:55:25 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        2192.168.2.174970523.195.76.1534431584C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 16:55:24 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                                        Host: armmf.adobe.com
                                                                        Connection: keep-alive
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                                        Sec-Fetch-Site: same-origin
                                                                        Sec-Fetch-Mode: no-cors
                                                                        Sec-Fetch-Dest: empty
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        If-None-Match: "78-5faa31cce96da"
                                                                        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                                                        2024-11-25 16:55:25 UTC198INHTTP/1.1 304 Not Modified
                                                                        Content-Type: text/plain; charset=UTF-8
                                                                        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                                        ETag: "78-5faa31cce96da"
                                                                        Date: Mon, 25 Nov 2024 16:55:25 GMT
                                                                        Connection: close


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        3192.168.2.17497034.245.163.56443
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 16:55:25 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=K27R7bM8HFt1gR7&MD=2l3Ds8of HTTP/1.1
                                                                        Connection: Keep-Alive
                                                                        Accept: */*
                                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                        Host: slscr.update.microsoft.com
                                                                        2024-11-25 16:55:25 UTC560INHTTP/1.1 200 OK
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        Content-Type: application/octet-stream
                                                                        Expires: -1
                                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                        MS-CorrelationId: f6bcbb80-6e7e-474f-bcf3-ae261784caa9
                                                                        MS-RequestId: 966c20cc-f4b0-467a-81b1-358f43e03885
                                                                        MS-CV: DxYotaYl5EunTDD9.0
                                                                        X-Microsoft-SLSClientCache: 2880
                                                                        Content-Disposition: attachment; filename=environment.cab
                                                                        X-Content-Type-Options: nosniff
                                                                        Date: Mon, 25 Nov 2024 16:55:24 GMT
                                                                        Connection: close
                                                                        Content-Length: 24490
                                                                        2024-11-25 16:55:25 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                        2024-11-25 16:55:25 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        4192.168.2.174971252.149.20.212443
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 16:56:05 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=K27R7bM8HFt1gR7&MD=2l3Ds8of HTTP/1.1
                                                                        Connection: Keep-Alive
                                                                        Accept: */*
                                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                        Host: slscr.update.microsoft.com
                                                                        2024-11-25 16:56:06 UTC560INHTTP/1.1 200 OK
                                                                        Cache-Control: no-cache
                                                                        Pragma: no-cache
                                                                        Content-Type: application/octet-stream
                                                                        Expires: -1
                                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                        ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                        MS-CorrelationId: 1499a3f6-76d1-4d6b-a326-d0a6ee6191ba
                                                                        MS-RequestId: 8f9ca99e-da3e-4ff2-b987-08cdfdb9c908
                                                                        MS-CV: XQYAnquK3UaPmUwY.0
                                                                        X-Microsoft-SLSClientCache: 1440
                                                                        Content-Disposition: attachment; filename=environment.cab
                                                                        X-Content-Type-Options: nosniff
                                                                        Date: Mon, 25 Nov 2024 16:56:05 GMT
                                                                        Connection: close
                                                                        Content-Length: 30005
                                                                        2024-11-25 16:56:06 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                        Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                        2024-11-25 16:56:06 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                        Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        5192.168.2.174971618.173.205.794437828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 16:56:07 UTC675OUTGET /view/56inautdeqg9u24z HTTP/1.1
                                                                        Host: docsend.com
                                                                        Connection: keep-alive
                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                        sec-ch-ua-mobile: ?0
                                                                        sec-ch-ua-platform: "Windows"
                                                                        Upgrade-Insecure-Requests: 1
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Sec-Fetch-Site: none
                                                                        Sec-Fetch-Mode: navigate
                                                                        Sec-Fetch-User: ?1
                                                                        Sec-Fetch-Dest: document
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        2024-11-25 16:56:08 UTC5987INHTTP/1.1 302 Found
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Server: Cowboy
                                                                        Date: Mon, 25 Nov 2024 16:56:07 GMT
                                                                        Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1732553767&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=NIwIh6OHgIgpP6yASMjpZ%2B23B8QK3fH1%2F7X1tyisg%2Fk%3D"}]}
                                                                        Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1732553767&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=NIwIh6OHgIgpP6yASMjpZ%2B23B8QK3fH1%2F7X1tyisg%2Fk%3D
                                                                        Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
                                                                        Via: 1.1 vegur, 1.1 7f26f4279546775ace8410d89a15a960.cloudfront.net (CloudFront)
                                                                        X-Frame-Options: SAMEORIGIN
                                                                        X-Xss-Protection: 0
                                                                        X-Content-Type-Options: nosniff
                                                                        X-Download-Options: noopen
                                                                        X-Permitted-Cross-Domain-Policies: none
                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                        Location: https://miportalseguro.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL]
                                                                        Cache-Control: no-cache
                                                                        Content-Security-Policy: connect-src 'self' blob: https://assets.docsend.com https://d1ng9lshxk6v9w.cloudfront.net https://*.previews.dropboxusercontent.com/*/p.m3u8 https://*.dropboxusercontent.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://*.intercomcdn.com https://uploads.intercomusercontent.com https://sessions.bugsnag.com https://notify.bugsnag.com https://featuregates.org https://events.statsigapi.net https://browser-intake-datadoghq.com https://browser-intake-us3-datadoghq.com https://browser-intake-us5-datadoghq.com https://*.kissmetrics.com https://*.kissmetrics.io https://api.segment.io https://cdn.segment.com https://events.statsigapi.net/v1/rgstr https://statsigapi.net/v1/sdk_exception https://*.id.opendns.com https://www.googl [TRUNCATED]
                                                                        Set-Cookie: _v_=lSdpeMivF7ztWT2%2BBH7UGQURgu7g7Gt6x%2FMlHYfxiiucnf00Z4N4UPWZWR1nxcCBUDRGZMjVwE5c9ogPyLOQ89Nrki9JrwRHk8tWVrOzHT2DbYKzrA%3D%3D--5cEbip9l9tPewBQd--7C6ICel2idEGUJcTi9IjIg%3D%3D; domain=.docsend.com; path=/; expires=Tue, 25 Nov 2025 16:56:07 GMT; SameSite=None; secure
                                                                        Set-Cookie: _us_=eyJfcmFpbHMiOnsibWVzc2FnZSI6IkluWnBaWGRsWkNCa2IyTWkiLCJleHAiOm51bGwsInB1ciI6ImNvb2tpZS5fdXNfIn19--d99e89135b29409ec95f7b01021ec543a463b2ba; domain=.docsend.com; path=/; expires=Fri, 25 Nov 2044 16:56:07 GMT; SameSite=None; secure
                                                                        Set-Cookie: _dss_=9c7b4515daa35cbba11b0d94714cf68a; domain=.docsend.com; path=/; secure; HttpOnly; SameSite=None
                                                                        X-Request-Id: e2677973-21d7-43db-a536-22539450cf63
                                                                        X-Runtime: 0.165802
                                                                        Vary: Accept-Encoding, Origin
                                                                        Strict-Transport-Security: max-age=31556952; includeSubDomains; preload
                                                                        X-Cache: Miss from cloudfront
                                                                        X-Amz-Cf-Pop: FRA56-P12
                                                                        X-Amz-Cf-Id: x2Vc94ThVhHPteLXI4oNIdYi7MBTbUPalGC3a-Z3wC8gZsgVl016yw==
                                                                        2024-11-25 16:56:08 UTC187INData Raw: 62 35 0d 0a 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 69 70 6f 72 74 61 6c 73 65 67 75 72 6f 2e 63 6f 6d 2f 6d 2f 3f 63 33 59 39 62 7a 4d 32 4e 56 38 78 58 32 35 76 62 53 5a 79 59 57 35 6b 50 56 6c 57 53 6c 70 50 56 55 55 39 4a 6e 56 70 5a 44 31 56 55 30 56 53 4d 44 59 78 4d 54 49 77 4d 6a 52 56 4d 44 59 78 4d 54 41 32 4d 44 67 3d 4e 30 31 32 33 4e 5b 45 4d 41 49 4c 5d 22 3e 72 65 64 69 72 65 63 74 65 64 3c 2f 61 3e 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                        Data Ascii: b5<html><body>You are being <a href="https://miportalseguro.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL]">redirected</a>.</body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        6192.168.2.1749718162.241.60.1774437828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 16:56:10 UTC749OUTGET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL] HTTP/1.1
                                                                        Host: miportalseguro.com
                                                                        Connection: keep-alive
                                                                        Upgrade-Insecure-Requests: 1
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Sec-Fetch-Site: none
                                                                        Sec-Fetch-Mode: navigate
                                                                        Sec-Fetch-User: ?1
                                                                        Sec-Fetch-Dest: document
                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                        sec-ch-ua-mobile: ?0
                                                                        sec-ch-ua-platform: "Windows"
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        2024-11-25 16:56:10 UTC208INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 16:56:10 GMT
                                                                        Server: Apache
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade, close
                                                                        Vary: Accept-Encoding
                                                                        Transfer-Encoding: chunked
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        2024-11-25 16:56:10 UTC11INData Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 10


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        7192.168.2.1749721162.241.60.1774437828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 16:56:12 UTC680OUTGET /favicon.ico HTTP/1.1
                                                                        Host: miportalseguro.com
                                                                        Connection: keep-alive
                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                        sec-ch-ua-mobile: ?0
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                        sec-ch-ua-platform: "Windows"
                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                        Sec-Fetch-Site: same-origin
                                                                        Sec-Fetch-Mode: no-cors
                                                                        Sec-Fetch-Dest: image
                                                                        Referer: https://miportalseguro.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL]
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        2024-11-25 16:56:15 UTC410INHTTP/1.1 302 Found
                                                                        Date: Mon, 25 Nov 2024 16:56:12 GMT
                                                                        Server: Apache
                                                                        Access-Control-Allow-Origin: *
                                                                        Link: <https://miportalseguro.com/wp-json/>; rel="https://api.w.org/"
                                                                        X-Redirect-By: WordPress
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade, close
                                                                        Location: https://miportalseguro.com/wp-content/uploads/2020/08/cropped-mps-logo-favicon-1-32x32.png
                                                                        Content-Length: 0
                                                                        Content-Type: text/html; charset=UTF-8


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        8192.168.2.1749723162.241.60.1774437828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 16:56:16 UTC732OUTGET /wp-content/uploads/2020/08/cropped-mps-logo-favicon-1-32x32.png HTTP/1.1
                                                                        Host: miportalseguro.com
                                                                        Connection: keep-alive
                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                        sec-ch-ua-mobile: ?0
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                        sec-ch-ua-platform: "Windows"
                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                        Sec-Fetch-Site: same-origin
                                                                        Sec-Fetch-Mode: no-cors
                                                                        Sec-Fetch-Dest: image
                                                                        Referer: https://miportalseguro.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL]
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        2024-11-25 16:56:16 UTC300INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 16:56:16 GMT
                                                                        Server: Apache
                                                                        Vary: Accept
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade, close
                                                                        Last-Modified: Thu, 06 Jan 2022 19:01:44 GMT
                                                                        Accept-Ranges: bytes
                                                                        Content-Length: 702
                                                                        X-WebP-Express: Redirected directly to existing webp
                                                                        Content-Type: image/webp
                                                                        2024-11-25 16:56:16 UTC702INData Raw: 52 49 46 46 b6 02 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 1f 00 00 1f 00 00 41 4c 50 48 89 00 00 00 01 27 a1 b8 6d db a8 c8 7d bf 8b ee 3f 68 d0 29 22 e6 3f 4f 10 04 28 60 5c 62 41 30 44 80 26 86 30 8f 09 64 0d 10 c4 10 f0 e1 36 92 24 45 ea 63 66 e6 bb ff f6 df c7 e7 6d f5 a5 88 fe 0b 48 92 a4 33 00 bc 7a a4 91 b5 f1 01 c0 ca 0e 1a 3b d3 67 25 15 f7 10 c1 25 c5 c5 6e 29 4a 56 71 76 54 4d 54 cd 14 fd 03 ba 89 3f 1a c4 d9 57 e2 2c dc 43 7b 77 91 de 95 ef 31 80 fc 32 7f 8b f0 12 b4 9b d1 b7 a1 70 00 00 00 00 00 56 50 38 20 06 02 00 00 70 0d 00 9d 01 2a 20 00 20 00 3e 4d 1c 8c 44 24 22 21 9b fa ac 00 40 04 c4 b6 00 4e 9c a0 a9 6f 06 fe 81 f8 ab cb 4f 90 1e 23 1d 20 3c c0 7e aa ee b0 75 8e fa 00 79 5b fe a3 7c 1e fe cc fa 43 d1 b3 c5 45 f8 c7 3a
                                                                        Data Ascii: RIFFWEBPVP8XALPH'm}?h)"?O(`\bA0D&0d6$EcfmH3z;g%%n)JVqvTMT?W,C{w12pVP8 p* >MD$"!@NoO# <~uy[|CE:


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        9192.168.2.1749724162.241.60.1774437828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 16:56:18 UTC405OUTGET /wp-content/uploads/2020/08/cropped-mps-logo-favicon-1-32x32.png HTTP/1.1
                                                                        Host: miportalseguro.com
                                                                        Connection: keep-alive
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                        Accept: */*
                                                                        Sec-Fetch-Site: none
                                                                        Sec-Fetch-Mode: cors
                                                                        Sec-Fetch-Dest: empty
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        2024-11-25 16:56:18 UTC246INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 16:56:18 GMT
                                                                        Server: Apache
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade, close
                                                                        Last-Modified: Thu, 06 Aug 2020 21:53:49 GMT
                                                                        Accept-Ranges: bytes
                                                                        Content-Length: 1030
                                                                        Vary: Accept
                                                                        Content-Type: image/png
                                                                        2024-11-25 16:56:18 UTC1030INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 03 b8 49 44 41 54 58 85 ed 97 5b 6c 14 65 14 c7 7f e7 9b dd 5e 76 4b db 90 aa c5 06 34 80 11 1f 6a 4b 6b 41 13 eb b5 82 80 44 41 13 83 e2 2d 6a 6b bd 47 28 51 63 42 88 69 88 01 83 d7 34 12 43 5a 62 34 c4 92 18 b1 91 07 68 e4 16 49 0b 4a 79 a1 4b 42 b1 5b 22 52 36 92 d0 6e b3 dd dd 99 e3 c3 f6 36 6c 6f 62 e9 be f8 7f 9a ef 32 df ff f7 9d 39 df cc 19 61 84 e2 f5 3b 6f 76 7e dc 53 45 f7 c5 87 b1 ed 62 2e 5f 66 4a e4 f3 81 cf 17 24 7b c6 4f e6 9e f2 8f 3d 35 eb 3a 06 87 04 c0 b1 6d 13 7f f2 a9 4a 02 a7 b7 10 89 64 21 32 35 c6 a3 c3 44 64 51 59 b5 77 7b 5d fd 10 40 74 d5 13 eb 39 d5 be 05 c7 b9
                                                                        Data Ascii: PNGIHDR szzpHYs+IDATX[le^vK4jKkADA-jkG(QcBi4CZb4hIJyKB["R6n6lob29a;ov~SEb._fJ${O=5:mJd!25DdQYw{]@t9


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        10192.168.2.1749725162.241.60.1774437828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 16:56:39 UTC775OUTGET /m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL] HTTP/1.1
                                                                        Host: miportalseguro.com
                                                                        Connection: keep-alive
                                                                        Cache-Control: max-age=0
                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                        sec-ch-ua-mobile: ?0
                                                                        sec-ch-ua-platform: "Windows"
                                                                        Upgrade-Insecure-Requests: 1
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Sec-Fetch-Site: none
                                                                        Sec-Fetch-Mode: navigate
                                                                        Sec-Fetch-User: ?1
                                                                        Sec-Fetch-Dest: document
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        2024-11-25 16:56:40 UTC208INHTTP/1.1 200 OK
                                                                        Date: Mon, 25 Nov 2024 16:56:40 GMT
                                                                        Server: Apache
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade, close
                                                                        Vary: Accept-Encoding
                                                                        Transfer-Encoding: chunked
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        2024-11-25 16:56:40 UTC11INData Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 10


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        11192.168.2.1749726162.241.60.1774437828C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-25 16:56:40 UTC680OUTGET /favicon.ico HTTP/1.1
                                                                        Host: miportalseguro.com
                                                                        Connection: keep-alive
                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                        sec-ch-ua-mobile: ?0
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                        sec-ch-ua-platform: "Windows"
                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                        Sec-Fetch-Site: same-origin
                                                                        Sec-Fetch-Mode: no-cors
                                                                        Sec-Fetch-Dest: image
                                                                        Referer: https://miportalseguro.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVlWSlpPVUU9JnVpZD1VU0VSMDYxMTIwMjRVMDYxMTA2MDg=N0123N[EMAIL]
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        2024-11-25 16:56:41 UTC410INHTTP/1.1 302 Found
                                                                        Date: Mon, 25 Nov 2024 16:56:40 GMT
                                                                        Server: Apache
                                                                        Access-Control-Allow-Origin: *
                                                                        Link: <https://miportalseguro.com/wp-json/>; rel="https://api.w.org/"
                                                                        X-Redirect-By: WordPress
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade, close
                                                                        Location: https://miportalseguro.com/wp-content/uploads/2020/08/cropped-mps-logo-favicon-1-32x32.png
                                                                        Content-Length: 0
                                                                        Content-Type: text/html; charset=UTF-8


                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:11:55:08
                                                                        Start date:25/11/2024
                                                                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice-99007553423-protected.pdf"
                                                                        Imagebase:0x7ff7c5b40000
                                                                        File size:5'641'176 bytes
                                                                        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:2
                                                                        Start time:11:55:12
                                                                        Start date:25/11/2024
                                                                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                        Imagebase:0x7ff6e1570000
                                                                        File size:3'581'912 bytes
                                                                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:3
                                                                        Start time:11:55:12
                                                                        Start date:25/11/2024
                                                                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1596,i,8020745808425525885,16505214166468817739,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                        Imagebase:0x7ff6e1570000
                                                                        File size:3'581'912 bytes
                                                                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:15
                                                                        Start time:11:56:01
                                                                        Start date:25/11/2024
                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://docsend.com/view/56inautdeqg9u24z
                                                                        Imagebase:0x7ff7d6f10000
                                                                        File size:3'242'272 bytes
                                                                        MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:16
                                                                        Start time:11:56:04
                                                                        Start date:25/11/2024
                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1796,i,15517705290574181271,3642829044831546140,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                        Imagebase:0x7ff7d6f10000
                                                                        File size:3'242'272 bytes
                                                                        MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        Disassembly

                                                                        No disassembly