Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
may-document_71837433.pdf

Overview

General Information

Sample name:may-document_71837433.pdf
Analysis ID:1438533
MD5:ec973141e5b56a0dbb775f21a6c25dfc
SHA1:40472c824cda807286f4cece552b3138aba30088
SHA256:0b9b240c69ba1cd5c06b160021798f3b0ddfd855aad6fd6aeda421a79341b7f4
Tags:2222admin888DarkGatepdf
Infos:

Detection

Phisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Phisher
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 1892 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\may-document_71837433.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2716 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5316 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1580,i,7145348183962323435,6305329400522768354,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 6768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://afarm.net/uxz1b" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 8008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1988,i,15417379012499189400,2625528048342565880,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_205JoeSecurity_Phisher_1Yara detected PhisherJoe Security
    dropped/chromecache_204JoeSecurity_Phisher_1Yara detected PhisherJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Yara detected Phisher
      Source: Yara matchFile source: dropped/chromecache_205, type: DROPPED
      Source: Yara matchFile source: dropped/chromecache_204, type: DROPPED
      Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49743 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49744 version: TLS 1.2
      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
      Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
      Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
      Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49743 version: TLS 1.0
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 104.125.88.106
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
      Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
      Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
      Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
      Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=wYEwuzH7hfdGfp4&MD=5t5GxPLc HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
      Source: global trafficHTTP traffic detected: GET /uxz1b HTTP/1.1Host: afarm.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: afarm.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://afarm.net/uxz1bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: wercosliuhqgheirn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://afarm.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /wp-content/plugins/image-hover-effects-addon-for-elementor/download.php HTTP/1.1Host: moarhofhechtl.atConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://afarm.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=wYEwuzH7hfdGfp4&MD=5t5GxPLc HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
      Source: global trafficDNS traffic detected: DNS query: afarm.net
      Source: global trafficDNS traffic detected: DNS query: wercosliuhqgheirn.com
      Source: global trafficDNS traffic detected: DNS query: moarhofhechtl.at
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: unknownHTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1715192343318&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 18:19:43 GMTContent-Type: text/html; charset=UTF-8Content-Length: 71Connection: closeLast-Modified: Wed, 08 May 2024 14:29:10 GMTETag: "47-617f220359aa3"Accept-Ranges: bytes
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 May 2024 18:19:44 GMTContent-Type: text/html; charset=UTF-8Content-Length: 71Connection: closeLast-Modified: Wed, 08 May 2024 14:29:10 GMTETag: "47-617f220359aa3"Accept-Ranges: bytes
      Source: may-document_71837433.pdfString found in binary or memory: https://afarm.net/uxz1b)
      Source: chromecache_205.9.dr, chromecache_204.9.drString found in binary or memory: https://wercosliuhqgheirn.com/
      Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownHTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49744 version: TLS 1.2
      Source: classification engineClassification label: mal48.phis.winPDF@42/54@8/11
      Source: may-document_71837433.pdfInitial sample: https://afarm.net/uxz1b
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4088Jump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-08 20-19-18-626.logJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\may-document_71837433.pdf"
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1580,i,7145348183962323435,6305329400522768354,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://afarm.net/uxz1b"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1988,i,15417379012499189400,2625528048342565880,262144 /prefetch:8
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1580,i,7145348183962323435,6305329400522768354,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1988,i,15417379012499189400,2625528048342565880,262144 /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: Google Drive.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: YouTube.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Sheets.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Gmail.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Slides.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Docs.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: may-document_71837433.pdfInitial sample: PDF keyword /JS count = 0
      Source: may-document_71837433.pdfInitial sample: PDF keyword /JavaScript count = 0
      Source: may-document_71837433.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure1
      Spearphishing Link      		Windows Management Instrumentation1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		1
      Masquerading      		OS Credential Dumping1
      System Information Discovery      		Remote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1438533 Sample: may-document_71837433.pdf Startdate: 08/05/2024 Architecture: WINDOWS Score: 48 34 Yara detected Phisher 2->34 7 chrome.exe 18 2->7         started        10 Acrobat.exe 18 63 2->10         started        process3 dnsIp4 22 192.168.2.13 unknown unknown 7->22 24 192.168.2.15 unknown unknown 7->24 26 4 other IPs or domains 7->26 12 chrome.exe 7->12         started        15 AcroCEF.exe 104 10->15         started        process5 dnsIp6 28 www.google.com 142.250.69.196, 443, 49731, 49746 GOOGLEUS United States 12->28 30 moarhofhechtl.at 192.36.38.142, 443, 49730 EDIS-AS-EUAT Sweden 12->30 32 2 other IPs or domains 12->32 17 AcroCEF.exe 2 15->17         started        process7 dnsIp8 20 173.222.196.143, 443, 49714 AKAMAI-ASUS United States 17->20

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      may-document_71837433.pdf0%ReversingLabs

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://wercosliuhqgheirn.com/0%Avira URL Cloudsafe
      https://afarm.net/favicon.ico0%Avira URL Cloudsafe
      https://moarhofhechtl.at/wp-content/plugins/image-hover-effects-addon-for-elementor/download.php0%Avira URL Cloudsafe
      https://afarm.net/uxz1b)0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      afarm.net
      		193.3.19.64
      		truefalse
        		unknown
        www.google.com
        		142.250.69.196
        		truefalse
          		high
          moarhofhechtl.at
          		192.36.38.142
          		truefalse
            		unknown
            wercosliuhqgheirn.com
            		45.61.138.43
            		truefalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://afarm.net/favicon.icofalse
              • Avira URL Cloud: safe
              		unknown
              https://wercosliuhqgheirn.com/false
              • Avira URL Cloud: safe
              		unknown
              https://moarhofhechtl.at/wp-content/plugins/image-hover-effects-addon-for-elementor/download.phpfalse
              • Avira URL Cloud: safe
              		unknown
              https://afarm.net/uxz1bfalse
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://afarm.net/uxz1b)may-document_71837433.pdffalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                193.3.19.64
                		afarm.netDenmark
                		2107ARNES-NETAcademicandResearchNetworkofSloveniaSIfalse
                45.61.138.43
                		wercosliuhqgheirn.comUnited States
                		40676AS40676USfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                173.222.196.143
                		unknownUnited States
                		16625AKAMAI-ASUSfalse
                142.250.69.196
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                192.36.38.142
                		moarhofhechtl.atSweden
                		57169EDIS-AS-EUATfalse

                Private

                IP
                192.168.2.4
                192.168.2.5
                192.168.2.13
                192.168.2.23
                192.168.2.15

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1438533
                Start date and time:2024-05-08 20:18:31 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 5m 32s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowspdfcookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:13
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:may-document_71837433.pdf
                Detection:MAL
                Classification:mal48.phis.winPDF@42/54@8/11
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Found application associated with file extension: .pdf
                • Found PDF document
                • Close Viewer

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 104.125.88.137, 54.227.187.23, 23.22.254.206, 52.202.204.11, 52.5.13.197, 172.64.41.3, 162.159.61.3, 23.41.4.201, 23.41.4.213, 23.32.75.27, 199.232.214.172, 192.229.211.108, 142.251.211.227, 142.251.211.238, 142.250.99.84, 34.104.35.123, 104.98.118.169, 142.251.211.234, 142.250.69.202, 142.251.33.106, 172.217.14.234, 142.251.215.234, 142.251.33.74, 142.250.217.106, 142.250.217.74, 172.217.14.202, 142.250.217.67, 142.250.69.206
                • Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtSetInformationFile calls found.
                • VT rate limit hit for: may-document_71837433.pdf

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                239.255.255.250https://www.googleadservices.com/pagead/aclk?sa=L&ai=CEPSIY7k7Zpu1AY3rkPIP8q21mAvP_pi8d4PY85XiEsq6jPG-ARABIPT5xiVgyeaGi7ykoBqgAcCz_YIDyAEC4AIAqAMByAMIqgSdAk_QZfhjp8EKKRw8Ud-sac3T3jbhfjxjJ1sRhgU3SOjAuI5huqeTvemsIazylmO5A9WU45_edGutcUqL46MvuNtxU89a64S7xhljcSlyUs-dysnWLJ2j0jUpH_gKnco9owTuaX1dg-lH7IYSpQI3MKj-Dr00v1SC_8ZhuzoINVR1E2pcblzJpyD5_udwujRkOY3Fao0Lt8Mai9Sq-EbJfdXMijbwOeNV94FwcwlSMZ7he13IkHy_a1HexFAPvo5qqjQXKG7VuYCajYpF3q5URq0loIuDY5WXWNc5RPV77yzvPDM2ytOukuK76vBmfoFdcFIyWUc5xZIVsm9dr8SzjJNE1z63RwDOkXHpq4VxrPcl1gRfUlqaUGyYeMbOoMAEp9WvltcE4AQBiAWQgcDhTpAGAaAGAoAHqMyCfYgHAZAHAqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB_jCsQKoB_vCsQLYBwHSCCcIABACGB0yAQA6Dp_QgICAgASAwICAgKAoSL39wTpYjsuajM3-hQOxCUbAF_v0mAHVgAoDmAsByAsBqg0CVVPIDQHiDRMIlf2ajM3-hQMVjTVECB3yVg2z2BMM0BUB-BYBgBcBshgJEgLeaBgCIgEA6BgB&ae=1&gclid=Cj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcB&num=1&cid=CAQSQwB7FLtqgUEuOym-5Tn68arUiPJ1jdwPgw46Y6zUHfAkI3hTIEhGQzVeYafsm9LBj6pxutwTRiLFJPhCq9OvYdD7CqQYAQ&sig=AOD64_2G4fRbd2sH1E5jnf1iXQS4SW_Q2g&client=ca-pub-6396844742497208&rf=5&nx=CLICK_X&ny=CLICK_Y&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)&uaw=UACH(wow64)&uafvl=UACH(fullVersionList)&nb=2&adurl=https://browsingwithwave.com/%3Fsrc%3Dd-aff16-cp21142438032%26ob%3Dobgcobedobem%26dvc%3Dc%26k%3D%26crt%3D695418066867%26adp%3D%26plc%3D%26tgt%3D%26sl%3D%26cpd%3D21142438032%26iid%3Dwav%26gclid%3DCj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcBGet hashmaliciousUnknownBrowse
                  https://app.degoo.com/share/0qvXztVGLoa7G-ff4OcNewGet hashmaliciousUnknownBrowse
                    https://t.co/yKnQGIBNmnGet hashmaliciousHTMLPhisherBrowse
                      https://tools.darvin.de/info?url_short=LindahumphGet hashmaliciousHTMLPhisherBrowse
                        https://tools.darvin.de/info?url_short=LindahumphGet hashmaliciousHTMLPhisherBrowse
                          https://flow.page/dramsdocsGet hashmaliciousUnknownBrowse
                            https://chs.caGet hashmaliciousUnknownBrowse
                              https://vk.com/away.php?to=https://sigtn.com////////utils/emt.cfm?client_id=9195153%26campaign_id=73466%26link=neoparts.com.br/dayo/ljdr/YWxvay5hdHJpQG1hcmluYWJheXNhbmRzLmNvbQ==$Get hashmaliciousUnknownBrowse
                                https://vk.com/away.php?to=https://sigtn.com////////utils/emt.cfm?client_id=9195153%26campaign_id=73466%26link=neoparts.com.br/dayo/ovu5/ZGVlbWEuYW1tYXJAYmVpbi5jb20=$Get hashmaliciousUnknownBrowse
                                  https://flow.page/sedicadocsGet hashmaliciousUnknownBrowse
                                    173.222.196.143https://johnsonme.com/wp-content/uploads/E-Catalogue-JTSP.pdfGet hashmaliciousUnknownBrowse

                                      Domains

                                      No context

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      ARNES-NETAcademicandResearchNetworkofSloveniaSIH0RZizYUEv.elfGet hashmaliciousMiraiBrowse
                                      • 212.235.241.106
                                      https://goo.su/l1bfUYRGet hashmaliciousUnknownBrowse
                                      • 193.3.184.210
                                      sora.arm.elfGet hashmaliciousMiraiBrowse
                                      • 95.87.151.52
                                      tajma.arm7-20240422-0539.elfGet hashmaliciousMirai, OkiruBrowse
                                      • 193.2.250.238
                                      https://ssededeer3e.tilda.ws/Get hashmaliciousUnknownBrowse
                                      • 193.3.17.197
                                      g6W1NW8Q8t.elfGet hashmaliciousUnknownBrowse
                                      • 194.249.220.5
                                      Aik8dnxKqV.elfGet hashmaliciousMiraiBrowse
                                      • 95.87.151.73
                                      https://abhyanga.de/phpAds/adclick.php?bannerid=43&zoneid=2&source=&dest=//dev13.info/wefkerweifoj32ewdsGet hashmaliciousPhisherBrowse
                                      • 193.3.19.52
                                      mg7INGUtNT.elfGet hashmaliciousMiraiBrowse
                                      • 194.249.100.5
                                      mips.elfGet hashmaliciousMiraiBrowse
                                      • 153.5.125.180
                                      EDIS-AS-EUATMcb5K3TOWT.exeGet hashmaliciousUnknownBrowse
                                      • 192.36.38.33
                                      987123.exeGet hashmaliciousLummaC, Eternity Stealer, LummaC Stealer, SmokeLoader, Stealc, zgRATBrowse
                                      • 192.36.38.33
                                      16GAuqLUFK.exeGet hashmaliciousGlupteba, RedLine, SmokeLoader, StealcBrowse
                                      • 192.36.38.33
                                      NBHEkIKDCr.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5SystemzBrowse
                                      • 192.36.38.33
                                      file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                      • 192.36.38.33
                                      XqmbvBWVRN.elfGet hashmaliciousMiraiBrowse
                                      • 37.235.56.176
                                      Q9WWwskOzG.elfGet hashmaliciousMiraiBrowse
                                      • 151.236.13.222
                                      Document_Scan_482.jsGet hashmaliciousIcedIDBrowse
                                      • 151.236.9.176
                                      qwb3x7yFdW.elfGet hashmaliciousMiraiBrowse
                                      • 151.236.13.224
                                      9fXSSSJdYd.elfGet hashmaliciousMiraiBrowse
                                      • 151.236.13.220
                                      AS40676UShttp://langke.line.pmGet hashmaliciousUnknownBrowse
                                      • 41.216.188.153
                                      f1mOxd29oQ.elfGet hashmaliciousGafgytBrowse
                                      • 41.216.182.132
                                      aduLTc2Dny.elfGet hashmaliciousMiraiBrowse
                                      • 107.177.50.177
                                      GdWjbaG5C4.elfGet hashmaliciousGafgytBrowse
                                      • 41.216.182.132
                                      KlVeKmZ7H7.elfGet hashmaliciousGafgytBrowse
                                      • 41.216.182.132
                                      868Y2u9RNy.elfGet hashmaliciousMirai, GafgytBrowse
                                      • 41.216.182.132
                                      MhwrGJUwv6.elfGet hashmaliciousGafgytBrowse
                                      • 41.216.182.132
                                      045ROMgl29.elfGet hashmaliciousGafgytBrowse
                                      • 41.216.182.132
                                      Gb5Zd5Ird3.elfGet hashmaliciousMiraiBrowse
                                      • 185.251.116.20
                                      Tw6PiXhrrV.elfGet hashmaliciousUnknownBrowse
                                      • 107.169.30.104
                                      AKAMAI-ASUShttps://www.googleadservices.com/pagead/aclk?sa=L&ai=CEPSIY7k7Zpu1AY3rkPIP8q21mAvP_pi8d4PY85XiEsq6jPG-ARABIPT5xiVgyeaGi7ykoBqgAcCz_YIDyAEC4AIAqAMByAMIqgSdAk_QZfhjp8EKKRw8Ud-sac3T3jbhfjxjJ1sRhgU3SOjAuI5huqeTvemsIazylmO5A9WU45_edGutcUqL46MvuNtxU89a64S7xhljcSlyUs-dysnWLJ2j0jUpH_gKnco9owTuaX1dg-lH7IYSpQI3MKj-Dr00v1SC_8ZhuzoINVR1E2pcblzJpyD5_udwujRkOY3Fao0Lt8Mai9Sq-EbJfdXMijbwOeNV94FwcwlSMZ7he13IkHy_a1HexFAPvo5qqjQXKG7VuYCajYpF3q5URq0loIuDY5WXWNc5RPV77yzvPDM2ytOukuK76vBmfoFdcFIyWUc5xZIVsm9dr8SzjJNE1z63RwDOkXHpq4VxrPcl1gRfUlqaUGyYeMbOoMAEp9WvltcE4AQBiAWQgcDhTpAGAaAGAoAHqMyCfYgHAZAHAqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB_jCsQKoB_vCsQLYBwHSCCcIABACGB0yAQA6Dp_QgICAgASAwICAgKAoSL39wTpYjsuajM3-hQOxCUbAF_v0mAHVgAoDmAsByAsBqg0CVVPIDQHiDRMIlf2ajM3-hQMVjTVECB3yVg2z2BMM0BUB-BYBgBcBshgJEgLeaBgCIgEA6BgB&ae=1&gclid=Cj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcB&num=1&cid=CAQSQwB7FLtqgUEuOym-5Tn68arUiPJ1jdwPgw46Y6zUHfAkI3hTIEhGQzVeYafsm9LBj6pxutwTRiLFJPhCq9OvYdD7CqQYAQ&sig=AOD64_2G4fRbd2sH1E5jnf1iXQS4SW_Q2g&client=ca-pub-6396844742497208&rf=5&nx=CLICK_X&ny=CLICK_Y&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)&uaw=UACH(wow64)&uafvl=UACH(fullVersionList)&nb=2&adurl=https://browsingwithwave.com/%3Fsrc%3Dd-aff16-cp21142438032%26ob%3Dobgcobedobem%26dvc%3Dc%26k%3D%26crt%3D695418066867%26adp%3D%26plc%3D%26tgt%3D%26sl%3D%26cpd%3D21142438032%26iid%3Dwav%26gclid%3DCj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcBGet hashmaliciousUnknownBrowse
                                      • 23.34.172.65
                                      yyyyyyyyyyyy.msgGet hashmaliciousDarkGate, MailPassViewBrowse
                                      • 23.192.208.109
                                      Proce.zipGet hashmaliciousUnknownBrowse
                                      • 23.192.208.109
                                      file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                      • 23.195.238.96
                                      https://sivaspastane.com/Notion-x86.msixGet hashmaliciousUnknownBrowse
                                      • 96.7.158.101
                                      windows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                      • 104.96.203.40
                                      windows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousUnknownBrowse
                                      • 96.7.158.101
                                      invoice cum packing list #4_fdp.Scr.exeGet hashmaliciousRemcos, PrivateLoader, PureLog StealerBrowse
                                      • 96.7.156.186
                                      YvPa06OoUd.elfGet hashmaliciousMiraiBrowse
                                      • 23.44.181.43
                                      bRlvBJEl6T.exeGet hashmaliciousVidarBrowse
                                      • 23.195.238.96

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      1138de370e523e824bbca92d049a3777https://app.degoo.com/share/0qvXztVGLoa7G-ff4OcNewGet hashmaliciousUnknownBrowse
                                      • 23.1.237.91
                                      https://chs.caGet hashmaliciousUnknownBrowse
                                      • 23.1.237.91
                                      https://vk.com/away.php?to=https://sigtn.com////////utils/emt.cfm?client_id=9195153%26campaign_id=73466%26link=neoparts.com.br/dayo/ovu5/ZGVlbWEuYW1tYXJAYmVpbi5jb20=$Get hashmaliciousUnknownBrowse
                                      • 23.1.237.91
                                      https://flow.page/sedicadocsGet hashmaliciousUnknownBrowse
                                      • 23.1.237.91
                                      https://royal-visit.com/Get hashmaliciousUnknownBrowse
                                      • 23.1.237.91
                                      c#Uc0ac.htmlGet hashmaliciousUnknownBrowse
                                      • 23.1.237.91
                                      https://download.filezilla-project.org/client/FileZilla_3.67.0_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
                                      • 23.1.237.91
                                      https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:4dce00b4-a0e3-4ea4-971a-87159cefdb06Get hashmaliciousUnknownBrowse
                                      • 23.1.237.91
                                      kargonuzu do#U011frulay#U0131n_05082024-Ref_#0123647264823.exeGet hashmaliciousFormBookBrowse
                                      • 23.1.237.91
                                      https://url.us.m.mimecastprotect.com/s/LOTCCXD9yEtpw99u6JYxu?domain=urldefense.proofpoint.comGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                      • 23.1.237.91
                                      28a2c9bd18a11de089ef85a160da29e4https://app.degoo.com/share/0qvXztVGLoa7G-ff4OcNewGet hashmaliciousUnknownBrowse
                                      • 52.165.165.26
                                      • 104.125.88.106
                                      https://t.co/yKnQGIBNmnGet hashmaliciousHTMLPhisherBrowse
                                      • 52.165.165.26
                                      • 104.125.88.106
                                      https://tools.darvin.de/info?url_short=LindahumphGet hashmaliciousHTMLPhisherBrowse
                                      • 52.165.165.26
                                      • 104.125.88.106
                                      https://tools.darvin.de/info?url_short=LindahumphGet hashmaliciousHTMLPhisherBrowse
                                      • 52.165.165.26
                                      • 104.125.88.106
                                      https://flow.page/dramsdocsGet hashmaliciousUnknownBrowse
                                      • 52.165.165.26
                                      • 104.125.88.106
                                      https://chs.caGet hashmaliciousUnknownBrowse
                                      • 52.165.165.26
                                      • 104.125.88.106
                                      https://vk.com/away.php?to=https://sigtn.com////////utils/emt.cfm?client_id=9195153%26campaign_id=73466%26link=neoparts.com.br/dayo/ovu5/ZGVlbWEuYW1tYXJAYmVpbi5jb20=$Get hashmaliciousUnknownBrowse
                                      • 52.165.165.26
                                      • 104.125.88.106
                                      https://flow.page/sedicadocsGet hashmaliciousUnknownBrowse
                                      • 52.165.165.26
                                      • 104.125.88.106
                                      https://flow.page/dolphdocsGet hashmaliciousUnknownBrowse
                                      • 52.165.165.26
                                      • 104.125.88.106
                                      https://flow.page/clipasdfGet hashmaliciousUnknownBrowse
                                      • 52.165.165.26
                                      • 104.125.88.106

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.196792844934604
                                      Encrypted:false
                                      SSDEEP:6:DXIQ+q2P92nKuAl9OmbnIFUt86XIdWZmw+6XIQVkwO92nKuAl9OmbjLJ:DV+v4HAahFUt86+W/+6VV5LHAaSJ
                                      MD5:4CA354FB1C35514E8DC98B71B321B90E
                                      SHA1:B30E1BB47360374B4341BC22A3C16F9DC3815DCE
                                      SHA-256:3D1EFDBB65F151A9ED7EDF0CC3BEE17F59BA87F8BFE1404C1BED990032E6F66F
                                      SHA-512:983447FF1C4E53207C5C3087F78CFEFD56A4750AC28D33E0CB3260DB132479D272061E7F550D130D87672E8485D9EC71B5936715CB05E1A8080E89D8646C5813
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/05/08-20:19:16.221 17cc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/08-20:19:16.221 17cc Recovering log #3.2024/05/08-20:19:16.221 17cc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.196792844934604
                                      Encrypted:false
                                      SSDEEP:6:DXIQ+q2P92nKuAl9OmbnIFUt86XIdWZmw+6XIQVkwO92nKuAl9OmbjLJ:DV+v4HAahFUt86+W/+6VV5LHAaSJ
                                      MD5:4CA354FB1C35514E8DC98B71B321B90E
                                      SHA1:B30E1BB47360374B4341BC22A3C16F9DC3815DCE
                                      SHA-256:3D1EFDBB65F151A9ED7EDF0CC3BEE17F59BA87F8BFE1404C1BED990032E6F66F
                                      SHA-512:983447FF1C4E53207C5C3087F78CFEFD56A4750AC28D33E0CB3260DB132479D272061E7F550D130D87672E8485D9EC71B5936715CB05E1A8080E89D8646C5813
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/05/08-20:19:16.221 17cc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/08-20:19:16.221 17cc Recovering log #3.2024/05/08-20:19:16.221 17cc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):338
                                      Entropy (8bit):5.184115013323263
                                      Encrypted:false
                                      SSDEEP:6:DXV9+q2P92nKuAl9Ombzo2jMGIFUt86XqCH3JZmw+6XqCH39VkwO92nKuAl9OmbX:DGv4HAa8uFUt86H5/+6HT5LHAa8RJ
                                      MD5:B69F39CCA0691C104890389462A45B50
                                      SHA1:A9B886511032460DAC7ADA266E823C501505DEA9
                                      SHA-256:766FE51FD13B9473E94D040F32D5298E1C55B8F0F919235877E1DEA7B87FD90D
                                      SHA-512:46EA1074E990E5BB3178CEC493A970F813426CFE13590067274CFF526A519BA4CEC2CC9FEAF2519F14811447FAFA92F8515E694EAFBF776249F4DB9BB7B87F4F
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/05/08-20:19:16.287 1c08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/08-20:19:16.289 1c08 Recovering log #3.2024/05/08-20:19:16.289 1c08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):338
                                      Entropy (8bit):5.184115013323263
                                      Encrypted:false
                                      SSDEEP:6:DXV9+q2P92nKuAl9Ombzo2jMGIFUt86XqCH3JZmw+6XqCH39VkwO92nKuAl9OmbX:DGv4HAa8uFUt86H5/+6HT5LHAa8RJ
                                      MD5:B69F39CCA0691C104890389462A45B50
                                      SHA1:A9B886511032460DAC7ADA266E823C501505DEA9
                                      SHA-256:766FE51FD13B9473E94D040F32D5298E1C55B8F0F919235877E1DEA7B87FD90D
                                      SHA-512:46EA1074E990E5BB3178CEC493A970F813426CFE13590067274CFF526A519BA4CEC2CC9FEAF2519F14811447FAFA92F8515E694EAFBF776249F4DB9BB7B87F4F
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/05/08-20:19:16.287 1c08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/08-20:19:16.289 1c08 Recovering log #3.2024/05/08-20:19:16.289 1c08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):508
                                      Entropy (8bit):5.0533356724262175
                                      Encrypted:false
                                      SSDEEP:12:YH/um3RA8sqZcrWPsBdOg2HTAcaq3QYiubxnP7E4T3OF+:Y2sRds1vdMHX3QYhbxP7nbI+
                                      MD5:4798608D772F97ED47C7EB31A3F08A9C
                                      SHA1:3FE85E4D3720B855EEAC5D6A5B623F0ED23D8F5C
                                      SHA-256:16A23E37DC64718455F1878CBBF4FB2A313D1F02960CD9FFB61E3B1CEC948FC4
                                      SHA-512:C6F895FF19FBDCB70EBDD3D37868A946F0DC900A459DAAEBA8D1E7CDA36498CED85659D9B55BC9135EB1EA0AB93ECEF1BF0B514923A26C023773434E3D416315
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13359752368295645","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":164751},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\fe39255a-fcad-4cf6-acba-88642d2d5052.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):508
                                      Entropy (8bit):5.0533356724262175
                                      Encrypted:false
                                      SSDEEP:12:YH/um3RA8sqZcrWPsBdOg2HTAcaq3QYiubxnP7E4T3OF+:Y2sRds1vdMHX3QYhbxP7nbI+
                                      MD5:4798608D772F97ED47C7EB31A3F08A9C
                                      SHA1:3FE85E4D3720B855EEAC5D6A5B623F0ED23D8F5C
                                      SHA-256:16A23E37DC64718455F1878CBBF4FB2A313D1F02960CD9FFB61E3B1CEC948FC4
                                      SHA-512:C6F895FF19FBDCB70EBDD3D37868A946F0DC900A459DAAEBA8D1E7CDA36498CED85659D9B55BC9135EB1EA0AB93ECEF1BF0B514923A26C023773434E3D416315
                                      Malicious:false
                                      Reputation:low
                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13359752368295645","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":164751},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4509
                                      Entropy (8bit):5.234723558388541
                                      Encrypted:false
                                      SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUTx+xldl2xZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLA
                                      MD5:A8409F69BC7372809DB8E8CD2AED296C
                                      SHA1:F74054689E81754FC9CCAE0EDE6935A424F72766
                                      SHA-256:2A335FECBD3303CC470BAAA304786A99ED5AB9864C9F42537BF7D5FA01191797
                                      SHA-512:5B69E162C81819A18FCBA04E83669E0E2EDDF2C6C6017E380C6CFBE58C981A66AEB265FD25D12398D98DAF6E54042B6A41034E0A5F092B2206F28D64F04D5D53
                                      Malicious:false
                                      Reputation:low
                                      Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):326
                                      Entropy (8bit):5.1738082384071316
                                      Encrypted:false
                                      SSDEEP:6:DXJl39+q2P92nKuAl9OmbzNMxIFUt86XJ33NJZmw+6XJW9VkwO92nKuAl9OmbzNq:D0v4HAa8jFUt86lX/+625LHAa84J
                                      MD5:27933FD8A5A33A93403C8D1DCF89B46F
                                      SHA1:6E663EAA430BBA1C5D893C548D7F0147B3AE918A
                                      SHA-256:27B8B914BE28F537518F370660BE93C8B2A2FDFCC1AB9248FEFAD0511CCAFA6D
                                      SHA-512:F72CD7A845D600E9DB2F15AE8E1D9972160BD732CEE75FD463ADFE58F9CEF5A14B2A5EC202AA3752B384C34F06EA5B44174A28CA35ADC81F3BEF527A796CB766
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/05/08-20:19:16.919 1c08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/08-20:19:16.920 1c08 Recovering log #3.2024/05/08-20:19:16.921 1c08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):326
                                      Entropy (8bit):5.1738082384071316
                                      Encrypted:false
                                      SSDEEP:6:DXJl39+q2P92nKuAl9OmbzNMxIFUt86XJ33NJZmw+6XJW9VkwO92nKuAl9OmbzNq:D0v4HAa8jFUt86lX/+625LHAa84J
                                      MD5:27933FD8A5A33A93403C8D1DCF89B46F
                                      SHA1:6E663EAA430BBA1C5D893C548D7F0147B3AE918A
                                      SHA-256:27B8B914BE28F537518F370660BE93C8B2A2FDFCC1AB9248FEFAD0511CCAFA6D
                                      SHA-512:F72CD7A845D600E9DB2F15AE8E1D9972160BD732CEE75FD463ADFE58F9CEF5A14B2A5EC202AA3752B384C34F06EA5B44174A28CA35ADC81F3BEF527A796CB766
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/05/08-20:19:16.919 1c08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/08-20:19:16.920 1c08 Recovering log #3.2024/05/08-20:19:16.921 1c08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240508181920Z-155.bmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PC bitmap, Windows 3.x format, 164 x -115 x 32, cbSize 75494, bits offset 54
                                      Category:dropped
                                      Size (bytes):75494
                                      Entropy (8bit):1.1226539018605335
                                      Encrypted:false
                                      SSDEEP:96:ohtm0UAkQXGovqw0TJ6tHZQfbDFa6Rt4i:utFUAPZvqw0ItHZQfbI6DB
                                      MD5:2FAF59957062B43E1CB643C60760A0FF
                                      SHA1:1B0B91AF1FF74FC200EED9C349B50430EE94666D
                                      SHA-256:7B8606D4E5A49CA530E70BB1EC0DC5A8F308F47E7B0BB606E0205BC90116C103
                                      SHA-512:6B664F6B230400CDA8E15F877F4117D25D703C2E3AA44A42ECE7BDD18A13A519B5810251330A0DB2A71E6D5CCE83A4AF85154C6A35742CECF5042151E87D1C2D
                                      Malicious:false
                                      Preview:BM.&......6...(............. .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4088

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):185099
                                      Entropy (8bit):5.182478651346149
                                      Encrypted:false
                                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):185099
                                      Entropy (8bit):5.182478651346149
                                      Encrypted:false
                                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):228346
                                      Entropy (8bit):3.3890581331110528
                                      Encrypted:false
                                      SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:DPCaJ/3AYvYwgXFoL+sn
                                      MD5:BAE090D23B1C0D4F6DC247F0080D349E
                                      SHA1:8A7AAD52A54F9A3CCEF3CE323F6BBD5B2B530461
                                      SHA-256:D7D3096317CF32DBEDF75D85390FE89A96170D44C09B2F6D164036064F506AE3
                                      SHA-512:208136EBA10544EA5EADA1C32EADFD8066047A9D851FF95BADF9938D40AFA1771003C2725DB8C78991E700C73FA2FC3C9F3CC3712B3332E4CF6F8DDE0E539130
                                      Malicious:false
                                      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):295
                                      Entropy (8bit):5.338082506610002
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJM3g98kUwPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGMbLUkee9
                                      MD5:E97AF4F35766686EECA51673AA1020CD
                                      SHA1:83830A30C223F98902B42BB82CCC01D2CA329548
                                      SHA-256:3C3D66EE72D73A63B41E4ADEF83D354308AC3DA3FA9F213739A07EDFEE3D6569
                                      SHA-512:3EA98446324B58B6F64B0CD7179A58664A7610F1834BE28996A7F1E0AF82C4EAF413A26618E1D35BE5F6B5A5B9D6DE72505EC884B29B471C168FD10C090E4083
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.274120382190146
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfBoTfXpnrPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGWTfXcUkee9
                                      MD5:273F9444DB9DFF5290FCA7490C536A52
                                      SHA1:4B919236D74875EFCF63C0F8E28D893F348AA0B4
                                      SHA-256:F5350D739E63F13EFBE93966F1E888A118A481BB7612E15A31C1525BB59582A8
                                      SHA-512:75ABA52D2ECAE60225ACEE1944C62A2F39D5107A718CA32FDA419DC8A3B5067B992301A17786D6FCC85246662AC69574CD6CC55046915832873DD9AB39A8D635
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.2541380990065045
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfBD2G6UpnrPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGR22cUkee9
                                      MD5:9710DB244ED0CBDACC149725C669C51A
                                      SHA1:D1C16C71A50280E510332A26026EF2BA1C319AD5
                                      SHA-256:4CBFE9BE4CB812F4730583F5694C569386795E200906C6C6B6839EFED69F7075
                                      SHA-512:1FE1E9B4D8540D5A9B01D8F9881F84A53C7257C6AC927F6164EB8AD02895754815F6D61921FE24F144E21479B8BEA25674E9AF2D25625FF0C961D15EE75EE474
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):285
                                      Entropy (8bit):5.316088335853159
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfPmwrPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGH56Ukee9
                                      MD5:1EA3502B4F83F69ED1315C9F2ACDE9C3
                                      SHA1:27B3F8FD766B15913572C080E520774EC97AA517
                                      SHA-256:43419CA5BFE58DB6B79D88ACCEBA2E1B96ACFE1553AE41B0482FDF3CC4B78B43
                                      SHA-512:EA271BFC4DEDE8E5908C4798D170FF223D57A694AAF33F407FF9733AB247CD8281F7B577C06766E469084C4607EDA256A7B5C8E0EC70F5F708A5570AE2E02DDF
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):292
                                      Entropy (8bit):5.271656481869867
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfJWCtMdPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGBS8Ukee9
                                      MD5:8AB6E45D880A077FC92936F34898A05B
                                      SHA1:9A54E6E3FD7AC1D19855323858221CD34260CAAB
                                      SHA-256:2F6C41967D57521A870AC744D6E0C41EC7716D4D6DA18667B936BEABDB018855
                                      SHA-512:68FDD46A2FA77E14EF9DA0B40F2302DD1C426DF76ECBD5DEB6F01962F037358C6098DD0C77E87244468EBBFA1AA4B5C778E146BD2B4BEA4A55E9BA77BA04C73F
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.259064745094881
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJf8dPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGU8Ukee9
                                      MD5:F2561E7ED05F7FB4405DD7B42EA923BD
                                      SHA1:45B22E9BEC0695371DC0A62C4218C5ED3571EFC0
                                      SHA-256:6B25630805BBC94A79708C3026AF06C0D98F557DBEB38404EF813BDA694B7B56
                                      SHA-512:0F290181816F527C9B0F1FDE383D2EBF2A0BEF9EC06A848CEB9E2899EAE452094DE1D85893D7B8FC1FEC5DC2ACAA11FFED20D981EB15A6271D1FE88BF13CC35B
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):292
                                      Entropy (8bit):5.260214725918802
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfQ1rPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGY16Ukee9
                                      MD5:D0FA3C048FCCAC6A130A5CFFC62C5721
                                      SHA1:25EA54545E8CC63AC1AC5297D0244347F129BA43
                                      SHA-256:BD378310C9ADB86A10E35A1EAFA0987E722C6751BCEA8510D9F4553EE30439F7
                                      SHA-512:E32F703F0D0839AFAC64B1335E1D9F1E2C686137E6DEC1B3E892C491B554338223802DCB6103324F606BB1DD10E2287B499658588E5DE54D15A18E981EC2181F
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.278525950154187
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfFldPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGz8Ukee9
                                      MD5:E76E8A0946765B8D91AEFA3BD5ECF6F1
                                      SHA1:017CE91276E285879391D13B9CF722FDC681355B
                                      SHA-256:6251597606115600C3A1D6C3E42BCA1EEC62E4A814B04E06B91BF50138BB5A4E
                                      SHA-512:B530DFFF6B41A02FF0E4ADE0C2FCF2BBDC739E76E9AEEEEB5227B611620F69639A551A43FB3B73982798ED7FD53DFE39FBF3F3CB0C3DF27E01BE7947632335DF
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1372
                                      Entropy (8bit):5.733039046974053
                                      Encrypted:false
                                      SSDEEP:24:Yv6XtLvHzvijKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNd:Yv2HzajEgigrNt0wSJn+ns8cvFJH
                                      MD5:C7A6983160DDB19F7C1E32FB063A76BF
                                      SHA1:22A174061A11B37D9CBAF74A6FC8F32C4023F81C
                                      SHA-256:B975106B08CA9E891779439F5B7C4BF7B13A7BC8DDCEB730042D6275F45EF1F5
                                      SHA-512:9582598CB380FD3C77FCAAECC3B1C18CA4C2E14A4C1668CFDBD4D76550517D7930F2A14539E7F6184887779AB240E184EEF75177B542B6B9472837CFFDDB0C11
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.265440727179031
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfYdPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGg8Ukee9
                                      MD5:EC599303201C0F9554D491040B300399
                                      SHA1:4A6B39D03EEDF501DE1ED96399472F7BF8648B8F
                                      SHA-256:1723C1E7124F07F774D07D0F2811771A2AD81D555611C1FDAEF5BB51C70168FB
                                      SHA-512:4D3513356071A646F7C86234425645B4B38FA21F4D6BB0FBAE892ED3117E4D7BE1B046719984C72B0458204953919695DF11D61EB472FE6B83B44607A6C0FC42
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1395
                                      Entropy (8bit):5.766711213681808
                                      Encrypted:false
                                      SSDEEP:24:Yv6XtLvHzvi+rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNl:Yv2Hza+HgDv3W2aYQfgB5OUupHrQ9FJj
                                      MD5:C747E9208750688CAD2FFB70E888166F
                                      SHA1:6FCF4EBFF515E6198AFBDED6A3FE9FF63C13A3B7
                                      SHA-256:1D4EB851DE89D68516B4C9D3733E2E3B56416EE00F6A1D815C3D23BFA5B1F114
                                      SHA-512:2CE7715CCBED0F844B6322DC9806F6F5B49F498FCF23A90D67ED29799B85C91DA80F00639CC7C32E13734E410C06085D18F9600B73E87220848520817106498B
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):291
                                      Entropy (8bit):5.249225345628296
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfbPtdPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGDV8Ukee9
                                      MD5:DB80C5BCB1622A6AAD2CB9297DBA3B43
                                      SHA1:322A1265002BA302F24E286D20DC61AE925B9875
                                      SHA-256:A64C7305E39C7FE9C2E32FDDF0C3F436AB70BC8C83140F71611BC8147EA3429F
                                      SHA-512:33D9D952CE623CE0074705062F5D8FD9ED8513BD8CBCA794D77D873F6F4B6DCD996E3DA62A2E516D82A6AD1F58C7A3F7AC6EC1599BDAFB9A05C96C9D6CC9C63B
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):287
                                      Entropy (8bit):5.250716078553701
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJf21rPeUkwRe9:YvXKXtLvHAYdUYpW7HJVG+16Ukee9
                                      MD5:A414A2212987FF1B9D7956C1A2D6716D
                                      SHA1:81A495F6BB79D2CF914E6C6E364F0F1318BBCE9F
                                      SHA-256:CED94D808EC920018ECFCAF9337139A85F98DD2CAC1681705E1EDB75116ABCF4
                                      SHA-512:85E80740C0ADC3D3F3CDF1ECEE873B480D44BC69395D5DB80B543A104FDD583144695E61C4FDA756AD7FEF34EDF424A8EF23CEB502A26B75D94FA88197DF1E0E
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.272816193022345
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfbpatdPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGVat8Ukee9
                                      MD5:14645BD56B11B220B34843D76F141E67
                                      SHA1:85F85BE11BCF89F4A4F2C9E881B9BF4922407E99
                                      SHA-256:9748AEEE44474CB87E50060F107402B39C33CA36C0B28B5D248D15050104E591
                                      SHA-512:68A8CA28F01E2E50064F0096E064B298077AF63B94F50424153606FDDEB5ACEEC19C4020EA23135EF3BBA7B3CEF9C7416AC6D8095B8DF8E18B10F103F6E7C59D
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):286
                                      Entropy (8bit):5.225459758334763
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXtlFvHADEhnx+FIbRI6XVW7+0Y8nUQeoAvJfshHHrPeUkwRe9:YvXKXtLvHAYdUYpW7HJVGUUUkee9
                                      MD5:CCCE333E291E396A10DB4FE0E2ADDF81
                                      SHA1:6539B93470463B705439EA1165433092162028EB
                                      SHA-256:2A5547D18BD77406613B2CF07DCF22FD77846EC317ED7DF44F484078E8D09F78
                                      SHA-512:F143BDC69411BD31843033C32BE2E30B4ED8E4F72A95466F3A4AED8E82C6BD934D6B5B11CE7AB5F241D7E838F426539755AAD58789950EAB1077FAA6B6E6FA3D
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):782
                                      Entropy (8bit):5.3620302959449155
                                      Encrypted:false
                                      SSDEEP:12:YvXKXtLvHAYdUYpW7HJVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWp:Yv6XtLvHzvi7168CgEXX5kcIfANhc
                                      MD5:DBC8B2CEF1DED2E7029ED6B970C5945C
                                      SHA1:6A4C3AD4A9C2AA3AD6B64B005A04A495C62CB3CA
                                      SHA-256:053690B84E50E0CA918EC963DB60528AD426D408019BD06801CE799BD659001C
                                      SHA-512:7254961C8C87A04C9387DEE33B1EAAB034D093584292C70E7145BF1C8ED3EA2B478430597AECEF73DF0658DE161ABB610BEC33639D7C3B4080F44DDE9D952D98
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"f90deb0e-ba9d-43b5-bb81-3eefa9a76434","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1715368193150,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1715192363192}}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4
                                      Entropy (8bit):0.8112781244591328
                                      Encrypted:false
                                      SSDEEP:3:e:e
                                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                      Malicious:false
                                      Preview:....

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):2814
                                      Entropy (8bit):5.134362860941962
                                      Encrypted:false
                                      SSDEEP:24:YTwst/AUCGpkqxNeklSG2PHVZsvaDVOaysv8JPYrs73UjKXU1sj0Sta5og32prPN:Yptpk2YG2tj8JSh1+a9qrPIYteHo91J
                                      MD5:A00A7BCB2A7ED229633A48C7CEDFCB99
                                      SHA1:F38F16E02C7DB27052DD9D3B53B49675676DB25F
                                      SHA-256:135FBBBA8E934ED0883A984AA99AFAADC8F710AD39E4E1125F88BA5DBAC65143
                                      SHA-512:F061C7FE80D9BCF07F2001F02002DBE17795FFA374BE012B091E73B5E80EDF1808D782B763ED67541C113F5B4596EA2BA54090573C74853EA874C822176E0458
                                      Malicious:false
                                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"89a2edd1ee89d73ee4f0374cb9b28753","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1715192362000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"b5f71e4780dd50ecc43adc8921bca8e0","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1715192362000},{"id":"Edit_InApp_Aug2020","info":{"dg":"7083dac94961edb75bf6761b45130446","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1715192362000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"dd743b12fb504a9bd2c7b902905621e2","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1715192362000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"3473ed5846a0c0ceda8cad7e74b28006","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1715192362000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"ce82e9045e83948214dfadbaaa44009c","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1715192362000},

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                      Category:dropped
                                      Size (bytes):12288
                                      Entropy (8bit):0.9856165876895621
                                      Encrypted:false
                                      SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpeJ0V4zJwtNBwtNbRZ6bRZ4/J0VF:TVl2GL7ms6ggOVpeJ0uzutYtp6P8J0/
                                      MD5:F7D66E33B07E2B4F2DCC0FC8E6B606F1
                                      SHA1:82FF8644E71B5A2B778BC8092A56BFB98231D7DC
                                      SHA-256:6786C12A1100F4F7D19BC2F685461BFAE0F26865C60C85312786865FBE4E551D
                                      SHA-512:D94937F31B5802011BA4030B451BD9904746FEAF601E4E66DEE76C1DC050744E068D824918F75B523E8978F7935F8549A3D4BC97FC5D67536278E4AB95FD7426
                                      Malicious:false
                                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite Rollback Journal
                                      Category:dropped
                                      Size (bytes):8720
                                      Entropy (8bit):1.3392773421406607
                                      Encrypted:false
                                      SSDEEP:48:7MtPGgOVpeJ0VzutYtp6PM6qll2GL7msN:7wOVpcLaMqVmsN
                                      MD5:C8C686D29BD0ADA47635DBB020B50991
                                      SHA1:993BADA836D346BB4B85A26CA82F50A1DCE110C1
                                      SHA-256:46B8304F8C38AE604BCA44BA30BD27A190223C93F4715A96A5C6D22BFB4CA36C
                                      SHA-512:1E5EC61BE509F8F0F495A409EEED5882916199F252CD1F6D9A328A0AB5BBB2EACBEFDD5B010690985CE030EA87B0C4E46940093F16E623F35FD06F0FCC524266
                                      Malicious:false
                                      Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\MSIc32b6.LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):246
                                      Entropy (8bit):3.524398495091119
                                      Encrypted:false
                                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8eou:Qw946cPbiOxDlbYnuRKJ
                                      MD5:6447BFE78F2A1163187A7A2BAAF2B8C0
                                      SHA1:CBAF35F8983945D9815D44C2C1DBCD4BDB4F35FA
                                      SHA-256:D270B8A839B31D4C0BCE3B00CC711538C56F5858B2E83EC37F581A71B01EEF45
                                      SHA-512:05708CE6439D66AC958CE688B7B7F20933DF755A7CC455041F4770DC9D8EC61AF116F324C9921C369B9AA5B76244E6CFD0489653EF7D6DF8730C9ECF7F2FED34
                                      Malicious:false
                                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.8./.0.5./.2.0.2.4. . .2.0.:.1.9.:.2.4. .=.=.=.....

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-08 20-19-18-626.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with very long lines (393)
                                      Category:dropped
                                      Size (bytes):16525
                                      Entropy (8bit):5.376360055978702
                                      Encrypted:false
                                      SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                                      MD5:1336667A75083BF81E2632FABAA88B67
                                      SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                                      SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                                      SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                                      Malicious:false
                                      Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):16603
                                      Entropy (8bit):5.3639772613039955
                                      Encrypted:false
                                      SSDEEP:384:jSOzmivWDm87gfrGd56YdLGW5C+NkIbR6eCk4vcJghvRWrOw5IugtgJ8P5kYl95z:ntZ
                                      MD5:AB17AAE450DB133B91A9AB4998BA8A04
                                      SHA1:E2F56AF368F96D5F3DCC0869C78B691CC58657AA
                                      SHA-256:48BB3E7B46268672559780326ED593CF33A911BB73A9C150D338A03111186160
                                      SHA-512:96B24E862211F8B29E85F703D35B9866B0AB83205525C9C02309B55E7847D81D2D7969DFD84E24FD86AE78081F7600A920CCA8A318192ECDB0D6E1808D1C3DA7
                                      Malicious:false
                                      Preview:SessionID=14a40963-27a9-468f-91f0-e9a731a18c3a.1715192358636 Timestamp=2024-05-08T20:19:18:636+0200 ThreadID=1972 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=14a40963-27a9-468f-91f0-e9a731a18c3a.1715192358636 Timestamp=2024-05-08T20:19:18:637+0200 ThreadID=1972 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=14a40963-27a9-468f-91f0-e9a731a18c3a.1715192358636 Timestamp=2024-05-08T20:19:18:637+0200 ThreadID=1972 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=14a40963-27a9-468f-91f0-e9a731a18c3a.1715192358636 Timestamp=2024-05-08T20:19:18:637+0200 ThreadID=1972 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=14a40963-27a9-468f-91f0-e9a731a18c3a.1715192358636 Timestamp=2024-05-08T20:19:18:637+0200 ThreadID=1972 Component=ngl-lib_NglAppLib Description="SetConf

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):29845
                                      Entropy (8bit):5.402758123339304
                                      Encrypted:false
                                      SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbA:4QSXvVpp+YGCp
                                      MD5:726B9278929D4600AD0AA797679FF7D0
                                      SHA1:A3DFE446C3A33A9E50ADC93E88719E17AAD360DC
                                      SHA-256:8EC144446420CBC4F23C78A7A0CAE8D0F391D7ED97923ADA21D42D44AB46F7BB
                                      SHA-512:6F850FE8BEEAC84B3459D62009A937739FCA4307CBE40421039E719A707BE41C96589885EE3CE609295695B25D293CA72BAFE58B98216BDE58D7316908B4FE1A
                                      Malicious:false
                                      Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\23ec47be-71df-4d65-b489-f3aaa8dc3a60.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                      Category:dropped
                                      Size (bytes):1407294
                                      Entropy (8bit):7.97605879016224
                                      Encrypted:false
                                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                      Malicious:false
                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\2e1c3776-c64d-483b-8689-ef9fc5f332fc.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                      Category:dropped
                                      Size (bytes):758601
                                      Entropy (8bit):7.98639316555857
                                      Encrypted:false
                                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                      MD5:3A49135134665364308390AC398006F1
                                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                      Malicious:false
                                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\6cff64d0-22ad-47f5-86e0-9267c2c23507.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                      Category:dropped
                                      Size (bytes):386528
                                      Entropy (8bit):7.9736851559892425
                                      Encrypted:false
                                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                      Malicious:false
                                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\80c9dfc8-ddb2-42c1-88ed-32000c732ed4.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                      Category:dropped
                                      Size (bytes):1419751
                                      Entropy (8bit):7.976496077007677
                                      Encrypted:false
                                      SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                                      MD5:18E3D04537AF72FDBEB3760B2D10C80E
                                      SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                                      SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                                      SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                                      Malicious:false
                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 17:19:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                      Category:dropped
                                      Size (bytes):2677
                                      Entropy (8bit):3.9786563113540305
                                      Encrypted:false
                                      SSDEEP:48:8Jd6TGmhHiidAKZdA19ehwiZUklqehHMy+3:8+rSmMy
                                      MD5:E877F65A5FDED3B93BBE7FF0627010DF
                                      SHA1:8636237BB9942302E975ACD54D0FEA7624369327
                                      SHA-256:11A57AC3EFB18C0AC70C83341BF3995F792FE874E86738028DBB26BD020997D4
                                      SHA-512:30BD4C99A0619F1B3797DD383F9D9AD4DB635CFCB41D735FB87F17A863F29BEB0576A449F456CB7D7A2851E8DD7D2BC1070940BA08F2434F314F53D0CD80CC6F
                                      Malicious:false
                                      Preview:L..................F.@.. ...$+.,.....@.Lt...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xh.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xu.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xu.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xu............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xv............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............#.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 17:19:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                      Category:dropped
                                      Size (bytes):2679
                                      Entropy (8bit):3.9960437871870695
                                      Encrypted:false
                                      SSDEEP:48:8Pd6TGmhHiidAKZdA1weh/iZUkAQkqehWMy+2:8ArI9QBMy
                                      MD5:C8DC52D3430A75D41CED71CB567684D2
                                      SHA1:47CDBB5FFFE4A355F68E6ACDD177A9F7D486B4C3
                                      SHA-256:BFFFFC678D625A9CAB21459DB591C4A182E475E0950D4AC9572D24843FEBBF59
                                      SHA-512:3BCC72FD09DD32179CB408074963A412602E89BEC70DD0398AE5850D5DA92C5FA8BA244EA9DA004A1F71008588C4277310E7BDB9A34DCD1939E4208925FFF737
                                      Malicious:false
                                      Preview:L..................F.@.. ...$+.,.......Lt...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xh.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xu.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xu.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xu............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xv............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............#.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                      Category:dropped
                                      Size (bytes):2693
                                      Entropy (8bit):4.005944758895585
                                      Encrypted:false
                                      SSDEEP:48:8xud6TGmsHiidAKZdA14tseh7sFiZUkmgqeh7sgMy+BX:8xTrHnqMy
                                      MD5:FB7D7CD49DF896C0833A1499B6B4385C
                                      SHA1:8911E6AA5649DD79D0DF2679C7F97AA3C9607DEC
                                      SHA-256:1A0310F21C315D01A44A0873216CEB192B51242683F47049311923407DB54336
                                      SHA-512:AA97B1AD27FD17AC7BC96BB77F2EE5706FDF01D8F42A0EF9975AFD6AC0BDE7ECDBBA1F03C651B3C56608331225E69891D4964C53731BB64E2C64524D208C0328
                                      Malicious:false
                                      Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xh.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xu.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xu.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xu............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............#.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 17:19:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                      Category:dropped
                                      Size (bytes):2681
                                      Entropy (8bit):3.9939717891510003
                                      Encrypted:false
                                      SSDEEP:48:8Hod6TGmhHiidAKZdA1vehDiZUkwqehyMy+R:8RrTIMy
                                      MD5:7B01908422B27FEB12BE6A586CF39F48
                                      SHA1:22FD3E6C7AEB0634401EF06485DADACD22320318
                                      SHA-256:E2DB43C03D6D5DE5FAE7E7D1E0B8DEB0D6E75EFB30105343EE8B1D6E3516A7AC
                                      SHA-512:3251CB8E31D3CCFCCE0F6695715E1C8EF7167EC46D6C25139F6FFB707633B97BF48A4028A555106145CAE9829C62450EF15D9B648F8E41999A1DBE693C69150D
                                      Malicious:false
                                      Preview:L..................F.@.. ...$+.,....0.Lt...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xh.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xu.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xu.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xu............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xv............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............#.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 17:19:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                      Category:dropped
                                      Size (bytes):2681
                                      Entropy (8bit):3.9833991243235594
                                      Encrypted:false
                                      SSDEEP:48:80d6TGmhHiidAKZdA1hehBiZUk1W1qeh0My+C:81rD9UMy
                                      MD5:7FF377EC738607C2DE3EA1E118295931
                                      SHA1:3D6949BFFB236B4B48EB8F0A1535FF30CDB8D3BE
                                      SHA-256:DEDD6F2AFF3768683DDEB4780D710ED72C6B3270930A6591897291CEB9BBF752
                                      SHA-512:B65F2181C4F4CDE54083493A1BE63408068DD2742658D28C2AA02DF5DC671FFF4210B1E6862A7524AA4427814A81893F0300CF9D0270BA0E0CDCB6F7364E7D08
                                      Malicious:false
                                      Preview:L..................F.@.. ...$+.,....v@.Lt...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xh.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xu.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xu.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xu............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xv............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............#.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 17:19:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                      Category:dropped
                                      Size (bytes):2683
                                      Entropy (8bit):3.9929720020471198
                                      Encrypted:false
                                      SSDEEP:48:8ad6TGmhHiidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbqMy+yT+:8XrzT/TbxWOvTbqMy7T
                                      MD5:27C1BF70CA45101956959C1E1930CC33
                                      SHA1:60FD1618CE510622792F96BD8501DBB5C1796896
                                      SHA-256:939900F4AC367DF6EF231E2DAE59E88C4F3EB7DD22893F76B06CD6DDAC441F98
                                      SHA-512:573D58596050D583DCA3B31F07556A44C7823CA5284B11CDC635DD2AA5C24C359855FF09AB6C317661FB08DC83328289F6FD2D0AC08DF6A5A8E6A1FA49227209
                                      Malicious:false
                                      Preview:L..................F.@.. ...$+.,.......Lt...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Xh.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xu.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xu.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xu............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xv............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............#.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                      C:\Users\user\Downloads\Unconfirmed 693529.crdownload

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:Java archive data (JAR)
                                      Category:dropped
                                      Size (bytes):29570
                                      Entropy (8bit):7.9846241255032915
                                      Encrypted:false
                                      SSDEEP:768:d9ze2UFUsBUaGB2tCnh2tC4Yf5enQdH2FDbb9j6:dle97BNGB2tCnhJjfcnQJ2FDbV6
                                      MD5:815E20864D51B16F27D5C41A75DB3650
                                      SHA1:4699CE194FD66F2FF14061AAD905034B0C356E99
                                      SHA-256:F20585B7183D6380968B8F1D75A34BB78B6224E5686EBB81430EC14E80FCE17A
                                      SHA-512:4E83FFF07FE7D0EF7950038395AB304E76E900F070C1BF0BEE058A9EC5E82922483DBBFF1D4E56B15E19949B590E61F806513977FB672F94832841C0E1F202EC
                                      Malicious:false
                                      Preview:PK.........t.X................META-INF/......PK..............PK.........t.X................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3...M...u.I,..R.tt.07...r.JM,IM.u..*3.3.3S../JL.IUp./*./J,.........PK.....|X...X...PK.........t.X................jYAGX769.class.U.S.U...$9.u.4.K.-..6PHl..Z..Zj......9..dw..4.^..Z.....d..\.BG.g|./._p..N...3.r....}.sv...........R0.`...Fe3..2.p..P..U.. %...9.D...Q...)xC.tu.......s..`.......`Q..nr...K...[*....PqL.f .......G..d..7-.....c......2-1Y./.wV_..J ......bjU..'r.....].Z...-3.n.M.N...F.R..Z..Z9[.....N..9%N.9.<Q....!..-.&3v.5D.e.jz..g....}.g.....%...x.kE....b..S.;.Cf#.Zn..%Z.....bkp.......p.i...\F...#..&..Qpsq.....v.w.~TC...N.SS.p.dh.%\....P........Cw5.c...eE....ne.u...D..Hc...|..n..g...N..P..M...2......q}`.........>..vl..qW.G......n7.'.>.]...~..tJ.g......|.p.^.d$...d..#.t.4..W...k...4.Z...3.Z^....c........Oo.,2'B..Xui5-.3.....{..eL.+.......y:...&.b=...J3.;..2.....T=.d..v.Wgl'.......5.._smCx^.d.Y.

                                      Chrome Cache Entry: 203

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:Java archive data (JAR)
                                      Category:downloaded
                                      Size (bytes):29570
                                      Entropy (8bit):7.9846241255032915
                                      Encrypted:false
                                      SSDEEP:768:d9ze2UFUsBUaGB2tCnh2tC4Yf5enQdH2FDbb9j6:dle97BNGB2tCnhJjfcnQJ2FDbV6
                                      MD5:815E20864D51B16F27D5C41A75DB3650
                                      SHA1:4699CE194FD66F2FF14061AAD905034B0C356E99
                                      SHA-256:F20585B7183D6380968B8F1D75A34BB78B6224E5686EBB81430EC14E80FCE17A
                                      SHA-512:4E83FFF07FE7D0EF7950038395AB304E76E900F070C1BF0BEE058A9EC5E82922483DBBFF1D4E56B15E19949B590E61F806513977FB672F94832841C0E1F202EC
                                      Malicious:false
                                      URL:https://moarhofhechtl.at/wp-content/plugins/image-hover-effects-addon-for-elementor/download.php
                                      Preview:PK.........t.X................META-INF/......PK..............PK.........t.X................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3...M...u.I,..R.tt.07...r.JM,IM.u..*3.3.3S../JL.IUp./*./J,.........PK.....|X...X...PK.........t.X................jYAGX769.class.U.S.U...$9.u.4.K.-..6PHl..Z..Zj......9..dw..4.^..Z.....d..\.BG.g|./._p..N...3.r....}.sv...........R0.`...Fe3..2.p..P..U.. %...9.D...Q...)xC.tu.......s..`.......`Q..nr...K...[*....PqL.f .......G..d..7-.....c......2-1Y./.wV_..J ......bjU..'r.....].Z...-3.n.M.N...F.R..Z..Z9[.....N..9%N.9.<Q....!..-.&3v.5D.e.jz..g....}.g.....%...x.kE....b..S.;.Cf#.Zn..%Z.....bkp.......p.i...\F...#..&..Qpsq.....v.w.~TC...N.SS.p.dh.%\....P........Cw5.c...eE....ne.u...D..Hc...|..n..g...N..P..M...2......q}`.........>..vl..qW.G......n7.'.>.]...~..tJ.g......|.p.^.d$...d..#.t.4..W...k...4.Z...3.Z^....c........Oo.,2'B..Xui5-.3.....{..eL.+.......y:...&.b=...J3.;..2.....T=.d..v.Wgl'.......5.._smCx^.d.Y.

                                      Chrome Cache Entry: 204

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text
                                      Category:downloaded
                                      Size (bytes):71
                                      Entropy (8bit):4.636480437867723
                                      Encrypted:false
                                      SSDEEP:3:nmNjJMzVJu+1p5WNCYUOPrn:GMRJVpINior
                                      MD5:44DF088D6F9005C8087800D7891ADC0B
                                      SHA1:3066ED2A6B57EE0B6D33C6309ED746A944258347
                                      SHA-256:1E467DBE3BAAD0A6B18452BCCC65D2228E55EF3D969DB1DFB191E282A904EF6D
                                      SHA-512:0735CE887739C90473C4F517F38C074D915E85C768BC50E275964934F85E705FE844A39E25785207EA36C86390C43D907D781AE5B79727DCDF9B590749F871B2
                                      Malicious:false
                                      URL:https://afarm.net/favicon.ico
                                      Preview:<meta http-equiv="refresh" content="0;https://wercosliuhqgheirn.com/">.

                                      Chrome Cache Entry: 205

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:ASCII text
                                      Category:downloaded
                                      Size (bytes):71
                                      Entropy (8bit):4.636480437867723
                                      Encrypted:false
                                      SSDEEP:3:nmNjJMzVJu+1p5WNCYUOPrn:GMRJVpINior
                                      MD5:44DF088D6F9005C8087800D7891ADC0B
                                      SHA1:3066ED2A6B57EE0B6D33C6309ED746A944258347
                                      SHA-256:1E467DBE3BAAD0A6B18452BCCC65D2228E55EF3D969DB1DFB191E282A904EF6D
                                      SHA-512:0735CE887739C90473C4F517F38C074D915E85C768BC50E275964934F85E705FE844A39E25785207EA36C86390C43D907D781AE5B79727DCDF9B590749F871B2
                                      Malicious:false
                                      URL:https://afarm.net/uxz1b
                                      Preview:<meta http-equiv="refresh" content="0;https://wercosliuhqgheirn.com/">.

                                      Static File Info

                                      General

                                      File type:PDF document, version 1.3, 1 pages
                                      Entropy (8bit):7.808501042215607
                                      TrID:
                                      • Adobe Portable Document Format (5005/1) 100.00%
                                      File name:may-document_71837433.pdf
                                      File size:38'519 bytes
                                      MD5:ec973141e5b56a0dbb775f21a6c25dfc
                                      SHA1:40472c824cda807286f4cece552b3138aba30088
                                      SHA256:0b9b240c69ba1cd5c06b160021798f3b0ddfd855aad6fd6aeda421a79341b7f4
                                      SHA512:427a7a7a3bdf8b34ecd9eea5e1f63a135eea2ad119932fa39c5f898061ff1f4b6dc8ce9b1205b78ad08c8e727ed4db4b6a9ecc9a83db8d9b06c370f1e722105d
                                      SSDEEP:768:6qtJdTG3QYxIGdusFLTekz1QqAJRaA83sUlWWqdZcKSjm:1wRxvduCLSeCJRaoUD6ZcKGm
                                      TLSH:B303F16C957984C8E0A9723EBBBD57440EFF3367E5E8539A019F6850AC495E05832DC3
                                      File Content Preview:%PDF-1.3.3 0 obj.<</Type /Page./Parent 1 0 R./MediaBox [0 0 1190.55 841.89]./Resources 2 0 R./Annots [5 0 R ]./Contents 4 0 R>>.endobj.4 0 obj.<</Filter /FlateDecode /Length 108>>.stream.x...1..1.@.>..v..ff.$.........B"A../.w.g\B.)..;g8*.$F.....Ut&...|a}z

                                      File Icon

                                      Icon Hash:62cc8caeb29e8ae0

                                      Static PDF Info

                                      General

                                      Header:%PDF-1.3
                                      Total Entropy:7.808501
                                      Total Bytes:38519
                                      Stream Entropy:7.802114
                                      Stream Bytes:36997
                                      Entropy outside Streams:5.070336
                                      Bytes outside Streams:1522
                                      Number of EOF found:1
                                      Bytes after EOF:

                                      Keywords Statistics

                                      NameCount
                                      obj11
                                      endobj11
                                      stream4
                                      endstream4
                                      xref1
                                      trailer1
                                      startxref1
                                      /Page1
                                      /Encrypt0
                                      /ObjStm0
                                      /URI2
                                      /JS0
                                      /JavaScript0
                                      /AA0
                                      /OpenAction0
                                      /AcroForm0
                                      /JBIG2Decode0
                                      /RichMedia0
                                      /Launch0
                                      /EmbeddedFile0

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      May 8, 2024 20:19:13.736118078 CEST49674443192.168.2.523.1.237.91
                                      May 8, 2024 20:19:13.736123085 CEST49675443192.168.2.523.1.237.91
                                      May 8, 2024 20:19:13.845499039 CEST49673443192.168.2.523.1.237.91
                                      May 8, 2024 20:19:22.976579905 CEST49710443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:22.976624966 CEST44349710104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:22.976737976 CEST49710443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:22.978708982 CEST49710443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:22.978724003 CEST44349710104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:23.314903021 CEST44349710104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:23.315036058 CEST49710443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:23.319674969 CEST49710443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:23.319689989 CEST44349710104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:23.319957018 CEST44349710104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:23.340805054 CEST49675443192.168.2.523.1.237.91
                                      May 8, 2024 20:19:23.340810061 CEST49674443192.168.2.523.1.237.91
                                      May 8, 2024 20:19:23.372060061 CEST49710443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:23.410115004 CEST49710443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:23.450201988 CEST49673443192.168.2.523.1.237.91
                                      May 8, 2024 20:19:23.456110001 CEST44349710104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:23.640245914 CEST44349710104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:23.640363932 CEST44349710104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:23.640429020 CEST49710443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:23.640583038 CEST49710443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:23.640598059 CEST44349710104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:23.640609980 CEST49710443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:23.640615940 CEST44349710104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:23.877737045 CEST49713443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:23.877756119 CEST44349713104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:23.877820015 CEST49713443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:23.878097057 CEST49713443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:23.878112078 CEST44349713104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:24.207096100 CEST44349713104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:24.207217932 CEST49713443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:24.391931057 CEST49713443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:24.391953945 CEST44349713104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:24.392241955 CEST44349713104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:24.393368006 CEST49713443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:24.436120033 CEST44349713104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:24.559212923 CEST44349713104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:24.559361935 CEST44349713104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:24.559415102 CEST49713443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:24.560494900 CEST49713443192.168.2.5104.125.88.106
                                      May 8, 2024 20:19:24.560506105 CEST44349713104.125.88.106192.168.2.5
                                      May 8, 2024 20:19:24.898032904 CEST4434970323.1.237.91192.168.2.5
                                      May 8, 2024 20:19:24.898288012 CEST49703443192.168.2.523.1.237.91
                                      May 8, 2024 20:19:29.386456013 CEST49714443192.168.2.5173.222.196.143
                                      May 8, 2024 20:19:29.386478901 CEST44349714173.222.196.143192.168.2.5
                                      May 8, 2024 20:19:29.386553049 CEST49714443192.168.2.5173.222.196.143
                                      May 8, 2024 20:19:29.386768103 CEST49714443192.168.2.5173.222.196.143
                                      May 8, 2024 20:19:29.386774063 CEST44349714173.222.196.143192.168.2.5
                                      May 8, 2024 20:19:29.883718014 CEST44349714173.222.196.143192.168.2.5
                                      May 8, 2024 20:19:29.884072065 CEST49714443192.168.2.5173.222.196.143
                                      May 8, 2024 20:19:29.884084940 CEST44349714173.222.196.143192.168.2.5
                                      May 8, 2024 20:19:29.885546923 CEST44349714173.222.196.143192.168.2.5
                                      May 8, 2024 20:19:29.885618925 CEST49714443192.168.2.5173.222.196.143
                                      May 8, 2024 20:19:29.887411118 CEST49714443192.168.2.5173.222.196.143
                                      May 8, 2024 20:19:29.887491941 CEST44349714173.222.196.143192.168.2.5
                                      May 8, 2024 20:19:29.887594938 CEST49714443192.168.2.5173.222.196.143
                                      May 8, 2024 20:19:29.887600899 CEST44349714173.222.196.143192.168.2.5
                                      May 8, 2024 20:19:29.932180882 CEST49714443192.168.2.5173.222.196.143
                                      May 8, 2024 20:19:30.052464962 CEST44349714173.222.196.143192.168.2.5
                                      May 8, 2024 20:19:30.052544117 CEST44349714173.222.196.143192.168.2.5
                                      May 8, 2024 20:19:30.052608013 CEST49714443192.168.2.5173.222.196.143
                                      May 8, 2024 20:19:30.052988052 CEST49714443192.168.2.5173.222.196.143
                                      May 8, 2024 20:19:30.053002119 CEST44349714173.222.196.143192.168.2.5
                                      May 8, 2024 20:19:34.548729897 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:34.548752069 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:34.548834085 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:34.549917936 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:34.549926996 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:35.217447996 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:35.217519999 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:35.220956087 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:35.220968008 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:35.221200943 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:35.275918007 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:35.826800108 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:35.872123003 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:36.263451099 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:36.263468981 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:36.263478994 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:36.263504982 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:36.263514042 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:36.263529062 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:36.263552904 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:36.263575077 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:36.263587952 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:36.263603926 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:36.263638020 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:36.263685942 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:36.263714075 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:36.625921965 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:36.625921965 CEST49716443192.168.2.552.165.165.26
                                      May 8, 2024 20:19:36.625953913 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:36.625967026 CEST4434971652.165.165.26192.168.2.5
                                      May 8, 2024 20:19:42.697954893 CEST49723443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:42.697982073 CEST44349723193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:42.698045015 CEST49723443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:42.698642969 CEST49724443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:42.698672056 CEST44349724193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:42.698724031 CEST49724443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:42.698947906 CEST49723443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:42.698961020 CEST44349723193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:42.699132919 CEST49724443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:42.699142933 CEST44349724193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:43.734415054 CEST44349723193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:43.734622002 CEST49723443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:43.734635115 CEST44349723193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:43.735611916 CEST44349724193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:43.735685110 CEST44349723193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:43.735738993 CEST49723443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:43.735841036 CEST49724443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:43.735857010 CEST44349724193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:43.736907005 CEST44349724193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:43.736963034 CEST49724443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:43.737077951 CEST49723443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:43.737140894 CEST44349723193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:43.737593889 CEST49723443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:43.737600088 CEST44349723193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:43.737942934 CEST49724443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:43.738002062 CEST44349724193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:43.789510012 CEST49723443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:43.789575100 CEST49724443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:43.789587021 CEST44349724193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:43.837487936 CEST49724443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:44.080683947 CEST44349723193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:44.080773115 CEST44349723193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:44.080828905 CEST49723443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:44.081917048 CEST49723443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:44.081934929 CEST44349723193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:44.124479055 CEST49724443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:44.172116041 CEST44349724193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:44.467418909 CEST44349724193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:44.467487097 CEST44349724193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:44.467555046 CEST49724443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:44.481633902 CEST49724443192.168.2.5193.3.19.64
                                      May 8, 2024 20:19:44.481652975 CEST44349724193.3.19.64192.168.2.5
                                      May 8, 2024 20:19:44.697578907 CEST49728443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:44.697607040 CEST4434972845.61.138.43192.168.2.5
                                      May 8, 2024 20:19:44.697660923 CEST49728443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:44.698235989 CEST49729443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:44.698259115 CEST4434972945.61.138.43192.168.2.5
                                      May 8, 2024 20:19:44.698324919 CEST49729443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:44.698453903 CEST49728443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:44.698477983 CEST4434972845.61.138.43192.168.2.5
                                      May 8, 2024 20:19:44.698596001 CEST49729443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:44.698607922 CEST4434972945.61.138.43192.168.2.5
                                      May 8, 2024 20:19:45.304068089 CEST4434972945.61.138.43192.168.2.5
                                      May 8, 2024 20:19:45.304359913 CEST49729443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:45.304375887 CEST4434972945.61.138.43192.168.2.5
                                      May 8, 2024 20:19:45.305253029 CEST4434972945.61.138.43192.168.2.5
                                      May 8, 2024 20:19:45.305326939 CEST49729443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:45.305643082 CEST4434972845.61.138.43192.168.2.5
                                      May 8, 2024 20:19:45.305871964 CEST49728443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:45.305896044 CEST4434972845.61.138.43192.168.2.5
                                      May 8, 2024 20:19:45.306287050 CEST49729443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:45.306370974 CEST4434972945.61.138.43192.168.2.5
                                      May 8, 2024 20:19:45.306488037 CEST49729443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:45.306493044 CEST4434972945.61.138.43192.168.2.5
                                      May 8, 2024 20:19:45.306746006 CEST4434972845.61.138.43192.168.2.5
                                      May 8, 2024 20:19:45.306807995 CEST49728443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:45.307540894 CEST49728443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:45.307599068 CEST4434972845.61.138.43192.168.2.5
                                      May 8, 2024 20:19:45.351557016 CEST49729443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:45.353625059 CEST49728443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:45.353642941 CEST4434972845.61.138.43192.168.2.5
                                      May 8, 2024 20:19:45.397597075 CEST49728443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:46.084038973 CEST4434972945.61.138.43192.168.2.5
                                      May 8, 2024 20:19:46.084168911 CEST4434972945.61.138.43192.168.2.5
                                      May 8, 2024 20:19:46.084233999 CEST49729443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:46.090419054 CEST49729443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:46.090431929 CEST4434972945.61.138.43192.168.2.5
                                      May 8, 2024 20:19:46.090444088 CEST49729443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:46.090477943 CEST49729443192.168.2.545.61.138.43
                                      May 8, 2024 20:19:46.381632090 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:46.381659985 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:46.381736994 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:46.381931067 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:46.381944895 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:46.999973059 CEST49731443192.168.2.5142.250.69.196
                                      May 8, 2024 20:19:46.999998093 CEST44349731142.250.69.196192.168.2.5
                                      May 8, 2024 20:19:47.000066996 CEST49731443192.168.2.5142.250.69.196
                                      May 8, 2024 20:19:47.000287056 CEST49731443192.168.2.5142.250.69.196
                                      May 8, 2024 20:19:47.000293970 CEST44349731142.250.69.196192.168.2.5
                                      May 8, 2024 20:19:47.340470076 CEST44349731142.250.69.196192.168.2.5
                                      May 8, 2024 20:19:47.340713978 CEST49731443192.168.2.5142.250.69.196
                                      May 8, 2024 20:19:47.340730906 CEST44349731142.250.69.196192.168.2.5
                                      May 8, 2024 20:19:47.341581106 CEST44349731142.250.69.196192.168.2.5
                                      May 8, 2024 20:19:47.341659069 CEST49731443192.168.2.5142.250.69.196
                                      May 8, 2024 20:19:47.342627048 CEST49731443192.168.2.5142.250.69.196
                                      May 8, 2024 20:19:47.342689991 CEST44349731142.250.69.196192.168.2.5
                                      May 8, 2024 20:19:47.385442019 CEST49731443192.168.2.5142.250.69.196
                                      May 8, 2024 20:19:47.385451078 CEST44349731142.250.69.196192.168.2.5
                                      May 8, 2024 20:19:47.430918932 CEST49731443192.168.2.5142.250.69.196
                                      May 8, 2024 20:19:48.170094013 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.179253101 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.179264069 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.180149078 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.180210114 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.200726986 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.200783014 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.201311111 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.201319933 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.243532896 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.543833971 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.543977976 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.543986082 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.544049025 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.544059992 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.587865114 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.862041950 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.862050056 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.862133980 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.862148046 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.862171888 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.862184048 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.862215996 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.862221956 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.862227917 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.862243891 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.862258911 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.862281084 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.862340927 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:48.862389088 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.937287092 CEST49730443192.168.2.5192.36.38.142
                                      May 8, 2024 20:19:48.937297106 CEST44349730192.36.38.142192.168.2.5
                                      May 8, 2024 20:19:57.374782085 CEST44349731142.250.69.196192.168.2.5
                                      May 8, 2024 20:19:57.374849081 CEST44349731142.250.69.196192.168.2.5
                                      May 8, 2024 20:19:57.374895096 CEST49731443192.168.2.5142.250.69.196
                                      May 8, 2024 20:19:57.651309967 CEST49731443192.168.2.5142.250.69.196
                                      May 8, 2024 20:19:57.651350021 CEST44349731142.250.69.196192.168.2.5
                                      May 8, 2024 20:20:04.603785992 CEST49703443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:04.603899002 CEST49703443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:04.604211092 CEST49743443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:04.604233027 CEST4434974323.1.237.91192.168.2.5
                                      May 8, 2024 20:20:04.604326010 CEST49743443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:04.604626894 CEST49743443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:04.604640961 CEST4434974323.1.237.91192.168.2.5
                                      May 8, 2024 20:20:04.796756983 CEST4434970323.1.237.91192.168.2.5
                                      May 8, 2024 20:20:04.796880007 CEST4434970323.1.237.91192.168.2.5
                                      May 8, 2024 20:20:04.996176004 CEST4434974323.1.237.91192.168.2.5
                                      May 8, 2024 20:20:04.996268034 CEST49743443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:05.015654087 CEST49743443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:05.015674114 CEST4434974323.1.237.91192.168.2.5
                                      May 8, 2024 20:20:05.015966892 CEST4434974323.1.237.91192.168.2.5
                                      May 8, 2024 20:20:05.016031027 CEST49743443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:05.016422987 CEST49743443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:05.016447067 CEST4434974323.1.237.91192.168.2.5
                                      May 8, 2024 20:20:05.016640902 CEST49743443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:05.016645908 CEST4434974323.1.237.91192.168.2.5
                                      May 8, 2024 20:20:05.448930025 CEST4434974323.1.237.91192.168.2.5
                                      May 8, 2024 20:20:05.448990107 CEST49743443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:05.449515104 CEST4434974323.1.237.91192.168.2.5
                                      May 8, 2024 20:20:05.449563980 CEST4434974323.1.237.91192.168.2.5
                                      May 8, 2024 20:20:05.449570894 CEST49743443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:05.449614048 CEST49743443192.168.2.523.1.237.91
                                      May 8, 2024 20:20:13.099256992 CEST49744443192.168.2.552.165.165.26
                                      May 8, 2024 20:20:13.099286079 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:13.099364042 CEST49744443192.168.2.552.165.165.26
                                      May 8, 2024 20:20:13.099766970 CEST49744443192.168.2.552.165.165.26
                                      May 8, 2024 20:20:13.099781990 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:13.754353046 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:13.754477024 CEST49744443192.168.2.552.165.165.26
                                      May 8, 2024 20:20:13.756038904 CEST49744443192.168.2.552.165.165.26
                                      May 8, 2024 20:20:13.756048918 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:13.756259918 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:13.764004946 CEST49744443192.168.2.552.165.165.26
                                      May 8, 2024 20:20:13.808115959 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:14.401014090 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:14.401034117 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:14.401046991 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:14.401093960 CEST49744443192.168.2.552.165.165.26
                                      May 8, 2024 20:20:14.401113987 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:14.401161909 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:14.401175976 CEST49744443192.168.2.552.165.165.26
                                      May 8, 2024 20:20:14.401196957 CEST49744443192.168.2.552.165.165.26
                                      May 8, 2024 20:20:14.405566931 CEST49744443192.168.2.552.165.165.26
                                      May 8, 2024 20:20:14.405580044 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:14.405591011 CEST49744443192.168.2.552.165.165.26
                                      May 8, 2024 20:20:14.405596018 CEST4434974452.165.165.26192.168.2.5
                                      May 8, 2024 20:20:30.364626884 CEST49728443192.168.2.545.61.138.43
                                      May 8, 2024 20:20:30.364659071 CEST4434972845.61.138.43192.168.2.5
                                      May 8, 2024 20:20:45.298065901 CEST4434972845.61.138.43192.168.2.5
                                      May 8, 2024 20:20:45.298177958 CEST4434972845.61.138.43192.168.2.5
                                      May 8, 2024 20:20:45.298238039 CEST49728443192.168.2.545.61.138.43
                                      May 8, 2024 20:20:46.694520950 CEST49728443192.168.2.545.61.138.43
                                      May 8, 2024 20:20:46.694551945 CEST4434972845.61.138.43192.168.2.5
                                      May 8, 2024 20:20:46.896863937 CEST49746443192.168.2.5142.250.69.196
                                      May 8, 2024 20:20:46.896907091 CEST44349746142.250.69.196192.168.2.5
                                      May 8, 2024 20:20:46.897006989 CEST49746443192.168.2.5142.250.69.196
                                      May 8, 2024 20:20:46.897221088 CEST49746443192.168.2.5142.250.69.196
                                      May 8, 2024 20:20:46.897233009 CEST44349746142.250.69.196192.168.2.5
                                      May 8, 2024 20:20:47.234919071 CEST44349746142.250.69.196192.168.2.5
                                      May 8, 2024 20:20:47.235302925 CEST49746443192.168.2.5142.250.69.196
                                      May 8, 2024 20:20:47.235323906 CEST44349746142.250.69.196192.168.2.5
                                      May 8, 2024 20:20:47.235686064 CEST44349746142.250.69.196192.168.2.5
                                      May 8, 2024 20:20:47.236041069 CEST49746443192.168.2.5142.250.69.196
                                      May 8, 2024 20:20:47.236110926 CEST44349746142.250.69.196192.168.2.5
                                      May 8, 2024 20:20:47.286370993 CEST49746443192.168.2.5142.250.69.196
                                      May 8, 2024 20:20:57.273745060 CEST44349746142.250.69.196192.168.2.5
                                      May 8, 2024 20:20:57.273814917 CEST44349746142.250.69.196192.168.2.5
                                      May 8, 2024 20:20:57.273940086 CEST49746443192.168.2.5142.250.69.196
                                      May 8, 2024 20:20:58.682797909 CEST49746443192.168.2.5142.250.69.196
                                      May 8, 2024 20:20:58.682831049 CEST44349746142.250.69.196192.168.2.5
                                      May 8, 2024 20:21:46.963887930 CEST49748443192.168.2.5142.250.69.196
                                      May 8, 2024 20:21:46.963933945 CEST44349748142.250.69.196192.168.2.5
                                      May 8, 2024 20:21:46.964062929 CEST49748443192.168.2.5142.250.69.196
                                      May 8, 2024 20:21:46.964926004 CEST49748443192.168.2.5142.250.69.196
                                      May 8, 2024 20:21:46.964946985 CEST44349748142.250.69.196192.168.2.5
                                      May 8, 2024 20:21:47.299962044 CEST44349748142.250.69.196192.168.2.5
                                      May 8, 2024 20:21:47.300585985 CEST49748443192.168.2.5142.250.69.196
                                      May 8, 2024 20:21:47.300601959 CEST44349748142.250.69.196192.168.2.5
                                      May 8, 2024 20:21:47.300940037 CEST44349748142.250.69.196192.168.2.5
                                      May 8, 2024 20:21:47.301824093 CEST49748443192.168.2.5142.250.69.196
                                      May 8, 2024 20:21:47.301892042 CEST44349748142.250.69.196192.168.2.5
                                      May 8, 2024 20:21:47.351663113 CEST49748443192.168.2.5142.250.69.196
                                      May 8, 2024 20:21:57.308559895 CEST44349748142.250.69.196192.168.2.5
                                      May 8, 2024 20:21:57.308633089 CEST44349748142.250.69.196192.168.2.5
                                      May 8, 2024 20:21:57.308691025 CEST49748443192.168.2.5142.250.69.196
                                      May 8, 2024 20:21:58.683641911 CEST49748443192.168.2.5142.250.69.196
                                      May 8, 2024 20:21:58.683665991 CEST44349748142.250.69.196192.168.2.5

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      May 8, 2024 20:19:42.487879992 CEST5354653192.168.2.51.1.1.1
                                      May 8, 2024 20:19:42.488007069 CEST6487653192.168.2.51.1.1.1
                                      May 8, 2024 20:19:42.650998116 CEST53565451.1.1.1192.168.2.5
                                      May 8, 2024 20:19:42.656635046 CEST53648761.1.1.1192.168.2.5
                                      May 8, 2024 20:19:42.697418928 CEST53535461.1.1.1192.168.2.5
                                      May 8, 2024 20:19:42.706285000 CEST53606891.1.1.1192.168.2.5
                                      May 8, 2024 20:19:43.605761051 CEST53637441.1.1.1192.168.2.5
                                      May 8, 2024 20:19:44.121751070 CEST5787653192.168.2.51.1.1.1
                                      May 8, 2024 20:19:44.121998072 CEST5020353192.168.2.51.1.1.1
                                      May 8, 2024 20:19:44.581739902 CEST53502031.1.1.1192.168.2.5
                                      May 8, 2024 20:19:44.696799040 CEST53578761.1.1.1192.168.2.5
                                      May 8, 2024 20:19:46.091403961 CEST6494653192.168.2.51.1.1.1
                                      May 8, 2024 20:19:46.091552973 CEST6414253192.168.2.51.1.1.1
                                      May 8, 2024 20:19:46.340148926 CEST53649461.1.1.1192.168.2.5
                                      May 8, 2024 20:19:46.381110907 CEST53641421.1.1.1192.168.2.5
                                      May 8, 2024 20:19:46.836071014 CEST5873953192.168.2.51.1.1.1
                                      May 8, 2024 20:19:46.836219072 CEST5993453192.168.2.51.1.1.1
                                      May 8, 2024 20:19:46.999083042 CEST53587391.1.1.1192.168.2.5
                                      May 8, 2024 20:19:46.999305964 CEST53599341.1.1.1192.168.2.5
                                      May 8, 2024 20:19:47.139673948 CEST53606271.1.1.1192.168.2.5
                                      May 8, 2024 20:20:00.655299902 CEST53653971.1.1.1192.168.2.5
                                      May 8, 2024 20:20:19.685381889 CEST53631151.1.1.1192.168.2.5
                                      May 8, 2024 20:20:42.225203037 CEST53616901.1.1.1192.168.2.5
                                      May 8, 2024 20:20:42.624444962 CEST53557601.1.1.1192.168.2.5
                                      May 8, 2024 20:21:10.781941891 CEST53584461.1.1.1192.168.2.5
                                      May 8, 2024 20:21:57.033371925 CEST53562151.1.1.1192.168.2.5

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      May 8, 2024 20:19:42.487879992 CEST192.168.2.51.1.1.10x3eb2Standard query (0)afarm.netA (IP address)IN (0x0001)false
                                      May 8, 2024 20:19:42.488007069 CEST192.168.2.51.1.1.10x125cStandard query (0)afarm.net65IN (0x0001)false
                                      May 8, 2024 20:19:44.121751070 CEST192.168.2.51.1.1.10x63Standard query (0)wercosliuhqgheirn.comA (IP address)IN (0x0001)false
                                      May 8, 2024 20:19:44.121998072 CEST192.168.2.51.1.1.10x2019Standard query (0)wercosliuhqgheirn.com65IN (0x0001)false
                                      May 8, 2024 20:19:46.091403961 CEST192.168.2.51.1.1.10x44edStandard query (0)moarhofhechtl.atA (IP address)IN (0x0001)false
                                      May 8, 2024 20:19:46.091552973 CEST192.168.2.51.1.1.10x71f9Standard query (0)moarhofhechtl.at65IN (0x0001)false
                                      May 8, 2024 20:19:46.836071014 CEST192.168.2.51.1.1.10xb44bStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                      May 8, 2024 20:19:46.836219072 CEST192.168.2.51.1.1.10x8521Standard query (0)www.google.com65IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      May 8, 2024 20:19:42.697418928 CEST1.1.1.1192.168.2.50x3eb2No error (0)afarm.net193.3.19.64A (IP address)IN (0x0001)false
                                      May 8, 2024 20:19:44.696799040 CEST1.1.1.1192.168.2.50x63No error (0)wercosliuhqgheirn.com45.61.138.43A (IP address)IN (0x0001)false
                                      May 8, 2024 20:19:46.340148926 CEST1.1.1.1192.168.2.50x44edNo error (0)moarhofhechtl.at192.36.38.142A (IP address)IN (0x0001)false
                                      May 8, 2024 20:19:46.999083042 CEST1.1.1.1192.168.2.50xb44bNo error (0)www.google.com142.250.69.196A (IP address)IN (0x0001)false
                                      May 8, 2024 20:19:46.999305964 CEST1.1.1.1192.168.2.50x8521No error (0)www.google.com65IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • fs.microsoft.com
                                      • armmf.adobe.com
                                      • slscr.update.microsoft.com
                                      • afarm.net
                                      • https:
                                        • wercosliuhqgheirn.com
                                        • moarhofhechtl.at
                                        • www.bing.com

                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.549710104.125.88.106443
                                      TimestampBytes transferredDirectionData
                                      2024-05-08 18:19:23 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: */*
                                      Accept-Encoding: identity
                                      User-Agent: Microsoft BITS/7.8
                                      Host: fs.microsoft.com
                                      2024-05-08 18:19:23 UTC466INHTTP/1.1 200 OK
                                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                      Content-Type: application/octet-stream
                                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                      Server: ECAcc (sac/2518)
                                      X-CID: 11
                                      X-Ms-ApiVersion: Distribute 1.2
                                      X-Ms-Region: prod-eus-z1
                                      Cache-Control: public, max-age=45818
                                      Date: Wed, 08 May 2024 18:19:23 GMT
                                      Connection: close
                                      X-CID: 2


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.549713104.125.88.106443
                                      TimestampBytes transferredDirectionData
                                      2024-05-08 18:19:24 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: */*
                                      Accept-Encoding: identity
                                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                      Range: bytes=0-2147483646
                                      User-Agent: Microsoft BITS/7.8
                                      Host: fs.microsoft.com
                                      2024-05-08 18:19:24 UTC538INHTTP/1.1 200 OK
                                      Content-Type: application/octet-stream
                                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                      ApiVersion: Distribute 1.1
                                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                      X-Azure-Ref: 0MNkrYwAAAADiUL7L3dxqSIABzBrl++yWQ082QUEzMTUwODEwMDIxAGNlZmMyNTgzLWE5YjItNDRhNy05NzU1LWI3NmQxN2UwNWY3Zg==
                                      Cache-Control: public, max-age=29316
                                      Date: Wed, 08 May 2024 18:19:24 GMT
                                      Content-Length: 55
                                      Connection: close
                                      X-CID: 2
                                      2024-05-08 18:19:24 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.549714173.222.196.1434435316C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      TimestampBytes transferredDirectionData
                                      2024-05-08 18:19:29 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                      Host: armmf.adobe.com
                                      Connection: keep-alive
                                      Accept-Language: en-US,en;q=0.9
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                      Sec-Fetch-Site: same-origin
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: empty
                                      Accept-Encoding: gzip, deflate, br
                                      If-None-Match: "78-5faa31cce96da"
                                      If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                      2024-05-08 18:19:30 UTC198INHTTP/1.1 304 Not Modified
                                      Content-Type: text/plain; charset=UTF-8
                                      Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                      ETag: "78-5faa31cce96da"
                                      Date: Wed, 08 May 2024 18:19:29 GMT
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.54971652.165.165.26443
                                      TimestampBytes transferredDirectionData
                                      2024-05-08 18:19:35 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=wYEwuzH7hfdGfp4&MD=5t5GxPLc HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: */*
                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                      Host: slscr.update.microsoft.com
                                      2024-05-08 18:19:36 UTC560INHTTP/1.1 200 OK
                                      Cache-Control: no-cache
                                      Pragma: no-cache
                                      Content-Type: application/octet-stream
                                      Expires: -1
                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                      MS-CorrelationId: aa1ae97c-6afa-4b11-9b55-712fd49f9562
                                      MS-RequestId: 6cdeadae-35c0-4d48-a18a-5fab78285122
                                      MS-CV: KMdEwxZPqky/VbEn.0
                                      X-Microsoft-SLSClientCache: 2880
                                      Content-Disposition: attachment; filename=environment.cab
                                      X-Content-Type-Options: nosniff
                                      Date: Wed, 08 May 2024 18:19:35 GMT
                                      Connection: close
                                      Content-Length: 24490
                                      2024-05-08 18:19:36 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                      2024-05-08 18:19:36 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      4192.168.2.549723193.3.19.644438008C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2024-05-08 18:19:43 UTC657OUTGET /uxz1b HTTP/1.1
                                      Host: afarm.net
                                      Connection: keep-alive
                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2024-05-08 18:19:44 UTC251INHTTP/1.1 404 Not Found
                                      Server: nginx
                                      Date: Wed, 08 May 2024 18:19:43 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Content-Length: 71
                                      Connection: close
                                      Last-Modified: Wed, 08 May 2024 14:29:10 GMT
                                      ETag: "47-617f220359aa3"
                                      Accept-Ranges: bytes
                                      2024-05-08 18:19:44 UTC71INData Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 68 74 74 70 73 3a 2f 2f 77 65 72 63 6f 73 6c 69 75 68 71 67 68 65 69 72 6e 2e 63 6f 6d 2f 22 3e 0a
                                      Data Ascii: <meta http-equiv="refresh" content="0;https://wercosliuhqgheirn.com/">


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      5192.168.2.549724193.3.19.644438008C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2024-05-08 18:19:44 UTC579OUTGET /favicon.ico HTTP/1.1
                                      Host: afarm.net
                                      Connection: keep-alive
                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                      sec-ch-ua-mobile: ?0
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      sec-ch-ua-platform: "Windows"
                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      Sec-Fetch-Site: same-origin
                                      Sec-Fetch-Mode: no-cors
                                      Sec-Fetch-Dest: image
                                      Referer: https://afarm.net/uxz1b
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2024-05-08 18:19:44 UTC251INHTTP/1.1 404 Not Found
                                      Server: nginx
                                      Date: Wed, 08 May 2024 18:19:44 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Content-Length: 71
                                      Connection: close
                                      Last-Modified: Wed, 08 May 2024 14:29:10 GMT
                                      ETag: "47-617f220359aa3"
                                      Accept-Ranges: bytes
                                      2024-05-08 18:19:44 UTC71INData Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 68 74 74 70 73 3a 2f 2f 77 65 72 63 6f 73 6c 69 75 68 71 67 68 65 69 72 6e 2e 63 6f 6d 2f 22 3e 0a
                                      Data Ascii: <meta http-equiv="refresh" content="0;https://wercosliuhqgheirn.com/">


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      6192.168.2.54972945.61.138.434438008C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2024-05-08 18:19:45 UTC679OUTGET / HTTP/1.1
                                      Host: wercosliuhqgheirn.com
                                      Connection: keep-alive
                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-Dest: document
                                      Referer: https://afarm.net/
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2024-05-08 18:19:46 UTC768INHTTP/1.1 302 Found
                                      Server: nginx/1.22.1
                                      Date: Wed, 08 May 2024 18:19:45 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Content-Length: 0
                                      Connection: close
                                      Cache-Control: no-cache, no-store, must-revalidate
                                      Expires: Wed, 08 May 2024 18:19:45 GMT
                                      Location: https://moarhofhechtl.at/wp-content/plugins/image-hover-effects-addon-for-elementor/download.php
                                      Set-Cookie: _subid=pv26jk1umu; expires=Sat, 08 Jun 2024 18:19:45 GMT; path=/
                                      Set-Cookie: ec9cc=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjVcIjoxNzE1MTkyMzg1fSxcImNhbXBhaWduc1wiOntcIjNcIjoxNzE1MTkyMzg1fSxcInRpbWVcIjoxNzE1MTkyMzg1fSJ9.WIoaNN0-0uuIA6Gcl_BTI3VZrJQOiVC9lJrHh2N5mfM; expires=Thu, 15 Sep 2078 12:39:30 GMT; path=/
                                      Vary: Accept-Encoding
                                      Access-Control-Allow-Origin: *


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      7192.168.2.549730192.36.38.1424438008C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2024-05-08 18:19:48 UTC745OUTGET /wp-content/plugins/image-hover-effects-addon-for-elementor/download.php HTTP/1.1
                                      Host: moarhofhechtl.at
                                      Connection: keep-alive
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-Dest: document
                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Referer: https://afarm.net/
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2024-05-08 18:19:48 UTC381INHTTP/1.1 200 OK
                                      Date: Wed, 08 May 2024 18:19:48 GMT
                                      Server: Apache/2.4.10 (Debian)
                                      Content-Description: File Transfer
                                      Content-Disposition: attachment; filename="08-May-24-document-7d1f7c67.jar"
                                      Expires: 0
                                      Cache-Control: must-revalidate
                                      Pragma: public
                                      Strict-Transport-Security: max-age=0
                                      Content-Length: 29570
                                      Connection: close
                                      Content-Type: application/java-archive
                                      2024-05-08 18:19:48 UTC7936INData Raw: 50 4b 03 04 14 00 08 08 08 00 c3 74 a8 58 00 00 00 00 00 00 00 00 00 00 00 00 09 00 04 00 4d 45 54 41 2d 49 4e 46 2f fe ca 00 00 03 00 50 4b 07 08 00 00 00 00 02 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 c3 74 a8 58 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 4d 45 54 41 2d 49 4e 46 2f 4d 41 4e 49 46 45 53 54 2e 4d 46 f3 4d cc cb 4c 4b 2d 2e d1 0d 4b 2d 2a ce cc cf b3 52 30 d4 33 e0 e5 f2 4d cc cc d3 75 ce 49 2c 2e b6 52 c8 8a 74 74 8f 30 37 b3 e4 e5 72 2e 4a 4d 2c 49 4d d1 75 aa 04 2a 33 d7 33 d0 33 53 d0 f0 2f 4a 4c ce 49 55 70 ce 2f 2a c8 2f 4a 2c 01 1a a1 c9 cb c5 cb 05 00 50 4b 07 08 ee 15 f4 7c 58 00 00 00 58 00 00 00 50 4b 03 04 14 00 08 08 08 00 c4 74 a8 58 00 00 00 00 00 00 00 00 00 00 00 00 0e 00 00 00 6a 59 41 47 58 37 36 39 2e 63
                                      Data Ascii: PKtXMETA-INF/PKPKtXMETA-INF/MANIFEST.MFMLK-.K-*R03MuI,.Rtt07r.JM,IMu*333S/JLIUp/*/J,PK|XXPKtXjYAGX769.c
                                      2024-05-08 18:19:48 UTC8192INData Raw: c7 c0 79 57 eb 2d cf 19 39 64 91 7d 4c f9 8e d0 06 d0 44 50 29 c4 19 48 bd 78 fc 27 fe 58 fc 07 5b c6 77 82 6e 93 49 b2 fa 67 2c bd b9 49 d1 98 0c 9e f2 af 7b ad f1 27 1b ff f2 b1 f8 80 e8 b0 b8 5a eb 75 75 51 4e 24 03 80 ca 6e 40 03 b8 ad a5 1d 89 e5 17 8f 46 3b e0 46 36 cf a7 91 3e 2f fa 24 92 2a 4c 87 91 0c ab 3f 1b 7c 08 60 50 75 52 35 26 0e a4 1d 08 f1 18 4c 5e bd 8e b4 5a 99 ba e9 ac 6b 9c dc 63 95 5f eb 6a 93 62 64 4c ae bf 4b 2c a7 f5 66 08 0a cb dc 79 44 28 d7 68 fe 9e 15 1f d8 e9 a4 86 2c 95 6a b3 c4 3b 29 67 42 16 dd 57 73 bd 4e 18 fd 1e 32 b0 5a 01 ab 69 26 55 18 f9 c0 71 73 52 f8 db 39 91 c0 6e 89 9b 70 f7 7e 1f 11 4d d9 38 27 f3 3c bf a3 3d 29 7b cd 2c 42 72 c9 38 b9 70 7c f9 b6 bd cf d1 50 c4 a0 e9 f8 fa f2 5d 29 09 e7 4c a9 af 77 88 e5 7f
                                      Data Ascii: yW-9d}LDP)Hx'X[wnIg,I{'ZuuQN$n@F;F6>/$*L?|`PuR5&L^Zkc_jbdLK,fyD(h,j;)gBWsN2Zi&UqsR9np~M8'<=){,Br8p|P])Lw
                                      2024-05-08 18:19:48 UTC8192INData Raw: 47 2c a9 87 87 ec f4 78 2a 3e 9f f3 9b b3 d2 43 25 0c e9 cb db a4 3f bb 2a 5d ac 30 bd 60 7f aa 14 69 52 b2 f8 ac 34 17 66 e9 f9 02 be 68 4a 1c d4 be 2c 70 60 dc 9d ce 29 00 03 b9 de ec 79 75 7f f3 26 35 4d 0c ac 7b d5 26 fd 9b 86 34 2f b8 b7 ae 04 46 d3 67 fe d9 a5 34 17 67 69 6d 88 3c e8 73 7c ff 61 aa 90 24 2d 17 66 d0 6e 60 6f 94 94 14 f3 60 ae f8 c7 54 f6 18 af 48 4b db 69 ae f4 e1 81 ce f6 8a ea a5 b0 b3 0d 6b da 11 19 47 c7 06 4e 79 af 0a f8 70 63 a1 96 cb 67 c6 4b 8d 9a 0b ef 4b c9 1d 1c b4 cd 67 f0 cb a9 44 bc 38 38 e9 1d 34 b9 96 7f 98 1c b1 61 cc b7 53 61 fa 3e 7c d7 c8 33 43 5d 58 a6 5a 3a 83 3c a9 30 2d 25 e8 7d ea d1 4d 91 a2 f6 58 45 c5 42 fc 4d e8 f2 4a 92 c5 9b a6 be 27 d1 df 6b 85 e0 06 71 23 21 b2 0f 64 e5 6c 66 c9 d2 d2 02 e0 de 02 18
                                      Data Ascii: G,x*>C%?*]0`iR4fhJ,p`)yu&5M{&4/Fg4gim<s|a$-fn`o`THKikGNypcgKKgD884aSa>|3C]XZ:<0-%}MXEBMJ'kq#!dlf
                                      2024-05-08 18:19:48 UTC5248INData Raw: fc ed e7 cd 1c 1d 61 20 c4 94 ae 68 4a 8d 32 8d 4e eb c9 48 1c dc 64 ca 56 7a be 95 f2 96 c2 32 c4 b9 3f d1 ea 7d a5 bc 14 1c 72 88 69 e1 e1 bd 31 79 e4 3c 04 5c b4 90 a4 e8 f0 71 7b 2c ef 0b 94 f2 61 26 10 2c c8 e8 92 36 4f 86 aa 56 6e 76 5a d4 e0 8d 2f a6 6f 5c d8 c8 71 63 d3 ef 71 f3 5e b8 43 a0 99 ea 74 66 e8 6b 37 0e 0c 96 17 a3 98 54 3b 47 a3 e3 02 6a b9 99 51 f7 8e a3 dc 8e 1b 07 2d d4 ed 35 6c 2c ab 4d 4f 35 eb af f9 52 53 42 1f f8 94 51 fc ef 62 30 80 32 dd 7c 55 66 2b e3 b0 77 63 f5 cf a7 4d af c1 be fb cb 8a 11 c5 ca e8 a8 74 07 91 15 06 f5 b9 5e d8 ac fc 7e 03 aa 1e 66 79 66 f5 34 1d 4b d5 79 a4 5d ea 8d 95 d3 64 b0 fd dc 75 1c 1e bb d3 cb 12 0e 0f 52 2b 46 26 22 7e 8d 1c 79 7b 21 24 16 d5 9f 15 74 21 25 15 e7 68 8d 7f 8f 29 34 34 b5 a3 65 9d
                                      Data Ascii: a hJ2NHdVz2?}ri1y<\q{,a&,6OVnvZ/o\qcq^Ctfk7T;GjQ-5l,MO5RSBQb02|Uf+wcMt^~fyf4Ky]duR+F&"~y{!$t!%h)44e
                                      2024-05-08 18:19:48 UTC2INData Raw: 00 00
                                      Data Ascii:


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      8192.168.2.54974323.1.237.91443
                                      TimestampBytes transferredDirectionData
                                      2024-05-08 18:20:05 UTC2148OUTPOST /threshold/xls.aspx HTTP/1.1
                                      Origin: https://www.bing.com
                                      Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                      Accept: */*
                                      Accept-Language: en-CH
                                      Content-type: text/xml
                                      X-Agent-DeviceId: 01000A410900D492
                                      X-BM-CBT: 1696428841
                                      X-BM-DateFormat: dd/MM/yyyy
                                      X-BM-DeviceDimensions: 784x984
                                      X-BM-DeviceDimensionsLogical: 784x984
                                      X-BM-DeviceScale: 100
                                      X-BM-DTZ: 120
                                      X-BM-Market: CH
                                      X-BM-Theme: 000000;0078d7
                                      X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                      X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22
                                      X-Device-isOptin: false
                                      X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                      X-Device-OSSKU: 48
                                      X-Device-Touch: false
                                      X-DeviceID: 01000A410900D492
                                      X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh
                                      X-MSEdge-ExternalExpType: JointCoord
                                      X-PositionerType: Desktop
                                      X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                      X-Search-CortanaAvailableCapabilities: None
                                      X-Search-SafeSearch: Moderate
                                      X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                                      X-UserAgeClass: Unknown
                                      Accept-Encoding: gzip, deflate, br
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                      Host: www.bing.com
                                      Content-Length: 2484
                                      Connection: Keep-Alive
                                      Cache-Control: no-cache
                                      Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1715192343318&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
                                      2024-05-08 18:20:05 UTC1OUTData Raw: 3c
                                      Data Ascii: <
                                      2024-05-08 18:20:05 UTC2483OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                                      Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                                      2024-05-08 18:20:05 UTC480INHTTP/1.1 204 No Content
                                      Access-Control-Allow-Origin: *
                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                      X-MSEdge-Ref: Ref A: 87AA203D91004E8A8187EC30477EFE55 Ref B: LAX311000115007 Ref C: 2024-05-08T18:20:05Z
                                      Date: Wed, 08 May 2024 18:20:05 GMT
                                      Connection: close
                                      Alt-Svc: h3=":443"; ma=93600
                                      X-CDN-TraceID: 0.57ed0117.1715192405.391150db


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      9192.168.2.54974452.165.165.26443
                                      TimestampBytes transferredDirectionData
                                      2024-05-08 18:20:13 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=wYEwuzH7hfdGfp4&MD=5t5GxPLc HTTP/1.1
                                      Connection: Keep-Alive
                                      Accept: */*
                                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                      Host: slscr.update.microsoft.com
                                      2024-05-08 18:20:14 UTC560INHTTP/1.1 200 OK
                                      Cache-Control: no-cache
                                      Pragma: no-cache
                                      Content-Type: application/octet-stream
                                      Expires: -1
                                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                      ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                      MS-CorrelationId: 6bd3b6d5-fde6-403f-ada5-eb45531ecc54
                                      MS-RequestId: 5772b6ef-3994-45fd-a71e-7f545335e4b5
                                      MS-CV: fCYcpuTNc0OMrsbD.0
                                      X-Microsoft-SLSClientCache: 2160
                                      Content-Disposition: attachment; filename=environment.cab
                                      X-Content-Type-Options: nosniff
                                      Date: Wed, 08 May 2024 18:20:14 GMT
                                      Connection: close
                                      Content-Length: 25457
                                      2024-05-08 18:20:14 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                      Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                      2024-05-08 18:20:14 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                      Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:20:19:15
                                      Start date:08/05/2024
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\may-document_71837433.pdf"
                                      Imagebase:0x7ff686a00000
                                      File size:5'641'176 bytes
                                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:2
                                      Start time:20:19:15
                                      Start date:08/05/2024
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                      Imagebase:0x7ff6413e0000
                                      File size:3'581'912 bytes
                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:4
                                      Start time:20:19:16
                                      Start date:08/05/2024
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1580,i,7145348183962323435,6305329400522768354,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                      Imagebase:0x7ff6413e0000
                                      File size:3'581'912 bytes
                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      General

                                      Target ID:8
                                      Start time:20:19:40
                                      Start date:08/05/2024
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://afarm.net/uxz1b"
                                      Imagebase:0x7ff715980000
                                      File size:3'242'272 bytes
                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:9
                                      Start time:20:19:40
                                      Start date:08/05/2024
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1988,i,15417379012499189400,2625528048342565880,262144 /prefetch:8
                                      Imagebase:0x7ff715980000
                                      File size:3'242'272 bytes
                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      Disassembly

                                      No disassembly