Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ACH Electronic Remittance Reciept.pdf

Overview

General Information

Sample name:ACH Electronic Remittance Reciept.pdf
Analysis ID:1455411
MD5:2ff1ec49a7eb880b576391db95f2216f
SHA1:60fd32d463ffd6b5a2bca5e88db8f32bda555302
SHA256:b37629b167b381df073d10bf674a084647457c433fb7334976d9e086a33439eb
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Antivirus detection for URL or domain
AI detected suspicious PDF
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
HTML body contains low number of good links
HTML title does not match URL
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Suspicious form URL found

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6772 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ACH Electronic Remittance Reciept.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 5600 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7352 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1640,i,14712021949428459927,10776584995888633118,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 7952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://qrco.de/bf8XxK MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=2264,i,5115585336318407760,10633538412966993992,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://iexeuniversidad.com/portal.htmlSlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://iexeuniversidad.com/favicon.icoAvira URL Cloud: Label: phishing

Phishing

barindex
AI detected phishing page
Source: https://iexeuniversidad.comLLM: Score: 9 brands: Microsoft Reasons: The URL 'https://iexeuniversidad.com' does not match the legitimate domain 'microsoft.com' associated with the Microsoft brand. The webpage displays a login form asking for email and password, which is a common tactic in phishing attacks. The domain name 'iexeuniversidad.com' appears unrelated to Microsoft, raising suspicion. The use of the Microsoft logo and branding on an unrelated domain is a social engineering technique aimed at misleading users. There is no CAPTCHA present, which is often used on legitimate login pages for added security. Based on these factors, the site is highly likely to be a phishing site. DOM: 0.0.pages.csv
Phishing site detected (based on image similarity)
Source: https://iexeuniversidad.com/portal.htmlMatcher: Found strong image similarity, brand: MICROSOFT
Phishing site detected (based on logo match)
Source: https://iexeuniversidad.com/portal.htmlMatcher: Template: microsoft matched
Source: https://iexeuniversidad.com/portal.htmlHTTP Parser: Number of links: 0
Source: https://iexeuniversidad.com/portal.htmlHTTP Parser: Title: Continue does not match URL
Source: https://iexeuniversidad.com/portal.htmlHTTP Parser: Form action: ./execute.php
Source: https://iexeuniversidad.com/portal.htmlHTTP Parser: Form action: ./execute.php
Source: https://iexeuniversidad.com/portal.htmlHTTP Parser: <input type="password" .../> found
Source: https://iexeuniversidad.com/portal.htmlHTTP Parser: No <meta name="author".. found
Source: https://iexeuniversidad.com/portal.htmlHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 13.107.246.67 13.107.246.67
Source: Joe Sandbox ViewIP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.143
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /bf8XxK HTTP/1.1Host: qrco.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /portal.html HTTP/1.1Host: iexeuniversidad.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://iexeuniversidad.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ulp/react-components/1.87.4/css/main.cdn.min.css HTTP/1.1Host: cdn.auth0.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://iexeuniversidad.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Fl2pNcymfwyN9UW&MD=KLZbXtzN HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fonts/FKGroteskNeue.woff HTTP/1.1Host: resources.messari.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://iexeuniversidad.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://iexeuniversidad.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iexeuniversidad.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://iexeuniversidad.com/portal.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iexeuniversidad.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Fl2pNcymfwyN9UW&MD=KLZbXtzN HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: qrco.de
Source: global trafficDNS traffic detected: DNS query: iexeuniversidad.com
Source: global trafficDNS traffic detected: DNS query: cdn.auth0.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: resources.messari.io
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.1.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_175.5.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.
Source: chromecache_175.5.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ea19b2112f4dfd8e90b4505ef7dcb4f9.
Source: chromecache_175.5.drString found in binary or memory: https://cdn.auth0.com/ulp/react-components/1.87.4/css/main.cdn.min.css
Source: chromecache_175.5.drString found in binary or memory: https://resources.messari.io/fonts/FKGroteskNeue.woff
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: classification engineClassification label: mal68.phis.winPDF@29/59@12/11
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-11 14-00-29-270.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ACH Electronic Remittance Reciept.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1640,i,14712021949428459927,10776584995888633118,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://qrco.de/bf8XxK
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=2264,i,5115585336318407760,10633538412966993992,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1640,i,14712021949428459927,10776584995888633118,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=2264,i,5115585336318407760,10633538412966993992,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: ACH Electronic Remittance Reciept.pdfInitial sample: PDF keyword /JS count = 0
Source: ACH Electronic Remittance Reciept.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A91mbgqbr_1ig89w2_530.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A91mbgqbr_1ig89w2_530.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: ACH Electronic Remittance Reciept.pdfInitial sample: PDF keyword stream count = 32
Source: ACH Electronic Remittance Reciept.pdfInitial sample: PDF keyword /EmbeddedFile count = 0

Persistence and Installation Behavior

barindex
AI detected suspicious PDF
Source: PDF shotLLM: Score: 9 Reasons: The PDF contains a visually prominent QR code with a 'SCAN ME' button, which encourages the user to scan it with their smartphone. The text 'SCAN QR CODE WITH YOUR SMART PHONE CAMERA TO OPEN SENSITIVE DOCUMENT' creates a sense of urgency and interest. The document impersonates a well-known brand, 'Microsoft Authenticator,' which adds to its credibility and potential to mislead users. The combination of urgency, interest, and brand impersonation significantly increases the risk of phishing or malware distribution.
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ACH Electronic Remittance Reciept.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://iexeuniversidad.com/portal.html100%SlashNextCredential Stealing type: Phishing & Social Engineering
https://ipinfo.io/0%URL Reputationsafe
https://iexeuniversidad.com/favicon.ico100%Avira URL Cloudphishing
https://qrco.de/bf8XxK0%Avira URL Cloudsafe
https://cdn.auth0.com/ulp/react-components/1.87.4/css/main.cdn.min.css0%Avira URL Cloudsafe
https://resources.messari.io/fonts/FKGroteskNeue.woff0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    resources.messari.io
    		104.18.7.70
    		truefalse
      		unknown
      s-part-0017.t-0009.t-msedge.net
      		13.107.246.45
      		truefalse
        		unknown
        www.google.com
        		142.250.186.68
        		truefalse
          		unknown
          s-part-0039.t-0009.t-msedge.net
          		13.107.246.67
          		truefalse
            		unknown
            qrco.de
            		13.33.187.51
            		truefalse
              		unknown
              iexeuniversidad.com
              		51.161.117.153
              		truetrue
                		unknown
                dp0wn1kjwhg75.cloudfront.net
                		13.33.223.41
                		truefalse
                  		unknown
                  cdn.auth0.com
                  		unknown
                  		unknownfalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://cdn.auth0.com/ulp/react-components/1.87.4/css/main.cdn.min.cssfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ipinfo.io/false
                    • URL Reputation: safe
                    		unknown
                    https://iexeuniversidad.com/favicon.icotrue
                    • Avira URL Cloud: phishing
                    		unknown
                    https://resources.messari.io/fonts/FKGroteskNeue.wofffalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://qrco.de/bf8XxKfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://iexeuniversidad.com/portal.htmltrue
                    • SlashNext: Credential Stealing type: Phishing & Social Engineering
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    142.250.186.68
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    13.107.246.67
                    		s-part-0039.t-0009.t-msedge.netUnited States
                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    13.107.246.45
                    		s-part-0017.t-0009.t-msedge.netUnited States
                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    51.161.117.153
                    		iexeuniversidad.comCanada
                    		16276OVHFRtrue
                    13.33.223.41
                    		dp0wn1kjwhg75.cloudfront.netUnited States
                    		16509AMAZON-02USfalse
                    96.6.160.143
                    		unknownUnited States
                    		16625AKAMAI-ASUSfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    104.18.7.70
                    		resources.messari.ioUnited States
                    		13335CLOUDFLARENETUSfalse
                    13.33.187.51
                    		qrco.deUnited States
                    		16509AMAZON-02USfalse

                    Private

                    IP
                    192.168.2.4
                    192.168.2.5

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1455411
                    Start date and time:2024-06-11 19:59:21 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 6m 37s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowspdfcookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:13
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:ACH Electronic Remittance Reciept.pdf
                    Detection:MAL
                    Classification:mal68.phis.winPDF@29/59@12/11
                    Cookbook Comments:
                    • Found application associated with file extension: .pdf
                    • Found PDF document
                    • Close Viewer

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 162.159.61.3, 172.64.41.3, 142.250.185.110, 142.251.173.84, 142.250.186.35, 2.22.242.123, 2.22.242.136, 2.22.242.88, 18.207.85.246, 34.193.227.236, 107.22.247.231, 54.144.73.197, 34.104.35.123, 2.16.202.123, 95.101.54.195, 199.232.210.172, 216.58.212.138, 142.250.186.138, 142.250.186.106, 142.250.181.234, 172.217.18.106, 142.250.185.74, 142.250.186.42, 216.58.206.74, 172.217.18.10, 142.250.185.234, 142.250.185.170, 142.250.186.74, 142.250.185.138, 142.250.185.106, 142.250.184.202, 142.250.185.202, 192.229.221.95, 2.19.126.142, 2.19.126.143, 2.22.242.11, 142.250.185.67, 2.19.122.199, 2.19.122.216, 142.250.185.78
                    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, apps.identrust.com, wu-b-net.trafficmanager.net, clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, content-autofill.googleapis.com, acroipm2.adobe.com.edgesuite.net, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, aadcdn.msauth.net, p13n.adobe.io, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, geo2.adobe.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtCreateFile calls found.
                    • Report size getting too big, too many NtSetInformationFile calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • VT rate limit hit for: ACH Electronic Remittance Reciept.pdf

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    14:00:35API Interceptor2x Sleep call for process: AcroCEF.exe modified

                    QR Codes

                    SourceURL
                    Screenshothttps://qrco.de/bf8XxK
                    Screenshothttps://qrco.de/bf8XxK

                    LLM Input / Output

                    InputOutput
                    URL: PDF Model: gpt-4o
                    ```json
{
  "riskscore": 9,
  "reasons": "The PDF contains a visually prominent QR code with a 'SCAN ME' button, which encourages the user to scan it with their smartphone. The text 'SCAN QR CODE WITH YOUR SMART PHONE CAMERA TO OPEN SENSITIVE DOCUMENT' creates a sense of urgency and interest. The document impersonates a well-known brand, 'Microsoft Authenticator,' which adds to its credibility and potential to mislead users. The combination of urgency, interest, and brand impersonation significantly increases the risk of phishing or malware distribution."
}
                    URL: https://iexeuniversidad.com Model: gpt-4o
                    ```json
{
  "phishing_score": 9,
  "brands": "Microsoft",
  "phishing": true,
  "suspicious_domain": true,
  "has_loginform": true,
  "has_captcha": false,
  "setechniques": true,
  "has_suspicious_link": false,
  "legitmate_domain": "microsoft.com",
  "reasons": "The URL 'https://iexeuniversidad.com' does not match the legitimate domain 'microsoft.com' associated with the Microsoft brand. The webpage displays a login form asking for email and password, which is a common tactic in phishing attacks. The domain name 'iexeuniversidad.com' appears unrelated to Microsoft, raising suspicion. The use of the Microsoft logo and branding on an unrelated domain is a social engineering technique aimed at misleading users. There is no CAPTCHA present, which is often used on legitimate login pages for added security. Based on these factors, the site is highly likely to be a phishing site."
}

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    13.33.223.41https://auth.transmitsms.com/authorize?state=d22ff23667643a7552ad161b0ddf88aa&client_id=iGrd6jD5ZjOam1lDJLJhB0a6dxkjidD0&audience=https://transmitsms-production.au.auth0.com/api/v2/&redirect_uri=https://onefortyone.transmitsms.com/index.php?page=logincb&scope=openid%20profile%20email&response_mode=query&response_type=code&resellerDomain=onefortyone&nonce=c24860e3ec560963f31151206ef426b7&code_challenge=ZxIcrlwPzOMH_5yYAZnWnG6YI9ojMIjPcJifv3KKJ9A&code_challenge_method=S256/login?state=hKFo2SBhaExvT1ltRXprS2tWYThWQWl6R2pSaDVkSHRQZHZGRKFupWxvZ2luo3RpZNkgNG5KbzNJMG9HQkN2R18zaWEwcEs3Y2JVRFU4NDVPY0KjY2lk2SBpR3JkNmpENVpqT2FtMWxESkxKaEIwYTZkeGtqaWREMA&client=iGrd6jD5ZjOam1lDJLJhB0a6dxkjidD0&protocol=oauth2&audience=https://transmitsms-production.au.auth0.com/api/v2/&redirect_uri=https://onefortyone.transmitsms.com/index.php?page=logincb&scope=openid%20profile%20email&response_mode=query&response_type=code&resellerDomain=onefortyone&nonce=c24860e3ec560963f31151206ef426b7&code_challenge=ZxIcrlwPzOMH_5yYAZnWnG6YI9ojMIjPcJifv3KKJ9A&code_challenge_method=S256Get hashmaliciousUnknownBrowse
                      https://umn.adnxs.com/clktrb?id=092070&redir=//cloudflare-ipfs.com/ipfs/bafybeia2uvj3sitwpuaf4jgessydk6eoaspcym62bihuwbygggcbgd4nna/?*/oMTqwOWufzKCNnxPSr8v6y2ySjfHWwR+7bB3gi8sS7dz5VngVaYN21vSPDPIt+zL2eLaYM3MXtiohyqv#cGhpc2hpbmdAdW1uLmVkdQ==Get hashmaliciousHTMLPhisherBrowse
                        96.6.160.143http://jockmurray.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607ec05d29315---40214979780.pdfGet hashmaliciousPDFPhishBrowse
                          239.255.255.250https://shoutout.wix.com/so/c6P07NDxS/c?w=TZKBCXkrVA_LfU5BB-tTV_q5lDeQIvLgoBVjKb-7XVw.eyJ1IjoiaHR0cHM6Ly9mdWxsYmx1bWVmaXRuZXNzYXBpLmNvbS9peXUvb25lZHJpdiIsInIiOiJmNmUzNjM0Ni01MDUyLTQzYjEtODYzMy1hNDBkZTVhNTg3ZmYiLCJtIjoibWFpbCIsImMiOiJlZDQ5ZmRkMC02YjcxLTQ1MjgtODA0ZC1lMzc0N2M4MjZiNmQifQGet hashmaliciousHTMLPhisherBrowse
                            https://34.75.2o2.lol/XZXlZcys3Y0lMeE9qTWRaYisvV2ozVCtKTk9jbmZUSEdiYTZpTS9BYmpHY1I5Q3lSanAxam16TnE1Ly8zaitNeWxyTzBVQWhCS1VjcExjT0xsb284a2FQR1RLMkF3NGpiOVVvVHp4R2h6M3NmOWRIQmlQdmY2clJOcm11TXM2TDNadXUrUGxmclIwVGpyc3ViVndCME9RWXltbDl4QkZiNDVqRUhuVzNpZCs1cmNhS0s2bVk1ZWY3K0VCTG5FQzByWWJBTU53TGVvSjV2MXFBMitJQmgtLUNmdVg1bG1UOGdhbzNBaTQtLU9YTW5YNHNaYnFhVDM5V3BKaGVUZWc9PQ==?cid=2059126474Get hashmaliciousUnknownBrowse
                              https://drive.google.com/file/d/1rUX5pF_yChUfocjQZEgSZVDbnTsCbsyI/view?usp=sharing_eil_m&ts=66679781Get hashmaliciousUnknownBrowse
                                https://workspace.cftc.gov/cedc903c-09bb-4a95-bb76-9b133af0550f/?action=replyGet hashmaliciousUnknownBrowse
                                  https://download.filezilla-project.org/client/FileZilla_3.67.0_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
                                    http://www.chanamais.com/Get hashmaliciousUnknownBrowse
                                      https://download.filezilla-project.org/client/FileZilla_3.67.0_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
                                        T0G5K8T6g0y4P25927684.htmlGet hashmaliciousUnknownBrowse
                                          https://www.jottacloud.com/s/35437d4f4e0da78459690378b988b967376Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                            https://larandeteknik.se/reports.phpGet hashmaliciousUnknownBrowse
                                              13.107.246.67https://rrohlo.ac-page.com/paymentconfirmationGet hashmaliciousHTMLPhisherBrowse
                                                https://firebasestorage.googleapis.com/v0/b/open-1bebe.appspot.com/o/sci.html?alt=media&token=cd1dbc1a-6097-4fcc-a13d-476f52e5185aGet hashmaliciousHTMLPhisherBrowse
                                                  http://www.ecohabitatenergie.com/Get hashmaliciousUnknownBrowse
                                                    VM#3529386562_7cf9869a610ab51a1d4be7758e2825b2a03a5afc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      New Pay App#78846 From Cube Care.emlGet hashmaliciousUnknownBrowse
                                                        AmSafe AR Statement - Bill-To 30616 AAR ALLEN ASSET MANAGEMENT(1).emlGet hashmaliciousUnknownBrowse
                                                          original.emlGet hashmaliciousHTMLPhisherBrowse
                                                            https://aufderworldcom-my.sharepoint.com/:b:/g/personal/nhufford_aufderworld_com/EfjrxQ1LqqFLg10YOJiqkjEBCPiaKOjdGnPUn541zuhgJw?e=BQBnN1Get hashmaliciousHTMLPhisherBrowse
                                                              https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=b56-867mf0uKG8VqFVQxra245b_y_DhFnvrl9YoLr8JUNDNXRlVGTkRYQkI1TVFXRVFPREY3RzZZRC4uGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                https://onedrive.live.com/view.aspx?resid=605E71EC44B519D8%21377&authkey=!AEHlQk7QIU8Eux0Get hashmaliciousUnknownBrowse
                                                                  13.107.246.45https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4Get hashmaliciousHTMLPhisherBrowse
                                                                  • nam.dcv.ms/BxPVLH2cz4

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  dp0wn1kjwhg75.cloudfront.nethttps://auth.transmitsms.com/authorize?state=d22ff23667643a7552ad161b0ddf88aa&client_id=iGrd6jD5ZjOam1lDJLJhB0a6dxkjidD0&audience=https://transmitsms-production.au.auth0.com/api/v2/&redirect_uri=https://onefortyone.transmitsms.com/index.php?page=logincb&scope=openid%20profile%20email&response_mode=query&response_type=code&resellerDomain=onefortyone&nonce=c24860e3ec560963f31151206ef426b7&code_challenge=ZxIcrlwPzOMH_5yYAZnWnG6YI9ojMIjPcJifv3KKJ9A&code_challenge_method=S256/login?state=hKFo2SBhaExvT1ltRXprS2tWYThWQWl6R2pSaDVkSHRQZHZGRKFupWxvZ2luo3RpZNkgNG5KbzNJMG9HQkN2R18zaWEwcEs3Y2JVRFU4NDVPY0KjY2lk2SBpR3JkNmpENVpqT2FtMWxESkxKaEIwYTZkeGtqaWREMA&client=iGrd6jD5ZjOam1lDJLJhB0a6dxkjidD0&protocol=oauth2&audience=https://transmitsms-production.au.auth0.com/api/v2/&redirect_uri=https://onefortyone.transmitsms.com/index.php?page=logincb&scope=openid%20profile%20email&response_mode=query&response_type=code&resellerDomain=onefortyone&nonce=c24860e3ec560963f31151206ef426b7&code_challenge=ZxIcrlwPzOMH_5yYAZnWnG6YI9ojMIjPcJifv3KKJ9A&code_challenge_method=S256Get hashmaliciousUnknownBrowse
                                                                  • 13.33.223.41
                                                                  https://umn.adnxs.com/clktrb?id=092070&redir=//cloudflare-ipfs.com/ipfs/bafybeia2uvj3sitwpuaf4jgessydk6eoaspcym62bihuwbygggcbgd4nna/?*/oMTqwOWufzKCNnxPSr8v6y2ySjfHWwR+7bB3gi8sS7dz5VngVaYN21vSPDPIt+zL2eLaYM3MXtiohyqv#cGhpc2hpbmdAdW1uLmVkdQ==Get hashmaliciousHTMLPhisherBrowse
                                                                  • 13.33.223.41
                                                                  https://myportal.watchtower-security.com/site/21396/events/134329Get hashmaliciousUnknownBrowse
                                                                  • 18.164.107.47
                                                                  https://clt1673167.benchurl.com/c/l?u=10ED75D9&e=17DC577&c=1987CF&t=1&l=F3D10E22&email=O%2F%2F%2BXUHXhKADQfLHuzfZBZmzr2pp0X63TI8GHOplciAElwBPzESuqA%3D%3D&seq=1#YWRzYWxlc0BiZWluc3BvcnRzLm5ldA==Get hashmaliciousHTMLPhisherBrowse
                                                                  • 13.249.103.47
                                                                  https://www.aihr.com/blog/execution-excellence-impactGet hashmaliciousUnknownBrowse
                                                                  • 65.8.179.49
                                                                  https://mandrillapp.com/track/click/31165340/auth0.openai.com?p=eyJzIjoiRVRjNlAwLVZsSkFMNVpQLUNOX0dhWTA4U1dzIiwidiI6MSwicCI6IntcInVcIjozMTE2NTM0MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2F1dGgwLm9wZW5haS5jb21cXFwvdVxcXC9lbWFpbC12ZXJpZmljYXRpb24_dGlja2V0PXZvanU5dTNYcXYwemR0dml5NFY1RndGcDk1WVJDZWZtI1wiLFwiaWRcIjpcIjkxZGEzZmNkNDBiMjQ0MTE5Y2FkM2IwN2NmN2U3MjZkXCIsXCJ1cmxfaWRzXCI6W1wiMWM3OTUyMjNiMmQ0YmUwMjBmZDJhNTBmMmM5YzQxZjEwMThlNDU0Y1wiXX0ifQGet hashmaliciousUnknownBrowse
                                                                  • 18.160.32.50
                                                                  http://api.commit.dev/auth/loginGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.33.17.51
                                                                  https://community.icims.com/loginGet hashmaliciousUnknownBrowse
                                                                  • 99.86.65.46
                                                                  https://www.ocregister.com/2023/09/07/what-exodus-california-has-4th-stickiest-population-in-us/Get hashmaliciousUnknownBrowse
                                                                  • 18.160.32.50
                                                                  https://accentbnb.co.nz/all.htmlGet hashmaliciousUnknownBrowse
                                                                  • 18.160.32.50
                                                                  s-part-0017.t-0009.t-msedge.nethttps://shoutout.wix.com/so/c6P07NDxS/c?w=TZKBCXkrVA_LfU5BB-tTV_q5lDeQIvLgoBVjKb-7XVw.eyJ1IjoiaHR0cHM6Ly9mdWxsYmx1bWVmaXRuZXNzYXBpLmNvbS9peXUvb25lZHJpdiIsInIiOiJmNmUzNjM0Ni01MDUyLTQzYjEtODYzMy1hNDBkZTVhNTg3ZmYiLCJtIjoibWFpbCIsImMiOiJlZDQ5ZmRkMC02YjcxLTQ1MjgtODA0ZC1lMzc0N2M4MjZiNmQifQGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.45
                                                                  Payment_confirmation.xlsGet hashmaliciousUnknownBrowse
                                                                  • 13.107.246.45
                                                                  https://larandeteknik.se/reports.phpGet hashmaliciousUnknownBrowse
                                                                  • 13.107.246.45
                                                                  https://rrohlo.ac-page.com/paymentconfirmationGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.45
                                                                  https://gkdks.grid.ws/Get hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.45
                                                                  https://assets-usa.mkt.dynamics.com/abe70e4d-5c1e-ef11-8404-000d3a10682d/digitalassets/standaloneforms/a6de0794-2621-ef11-840a-0022481fd617Get hashmaliciousUnknownBrowse
                                                                  • 13.107.246.45
                                                                  DOC89747.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.45
                                                                  EncryptedPaymentAdviceReference.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.45
                                                                  https://new.express.adobe.com/webpage/czD5r1jfeik32Get hashmaliciousUnknownBrowse
                                                                  • 13.107.246.45
                                                                  New Pay App#78846 From Cube Care.emlGet hashmaliciousUnknownBrowse
                                                                  • 13.107.246.45
                                                                  s-part-0039.t-0009.t-msedge.nethttps://rrohlo.ac-page.com/paymentconfirmationGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.67
                                                                  https://firebasestorage.googleapis.com/v0/b/open-1bebe.appspot.com/o/sci.html?alt=media&token=cd1dbc1a-6097-4fcc-a13d-476f52e5185aGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.67
                                                                  http://www.ecohabitatenergie.com/Get hashmaliciousUnknownBrowse
                                                                  • 13.107.246.67
                                                                  VM#3529386562_7cf9869a610ab51a1d4be7758e2825b2a03a5afc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.67
                                                                  New Pay App#78846 From Cube Care.emlGet hashmaliciousUnknownBrowse
                                                                  • 13.107.246.67
                                                                  AmSafe AR Statement - Bill-To 30616 AAR ALLEN ASSET MANAGEMENT(1).emlGet hashmaliciousUnknownBrowse
                                                                  • 13.107.246.67
                                                                  original.emlGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.67
                                                                  https://aufderworldcom-my.sharepoint.com/:b:/g/personal/nhufford_aufderworld_com/EfjrxQ1LqqFLg10YOJiqkjEBCPiaKOjdGnPUn541zuhgJw?e=BQBnN1Get hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.67
                                                                  https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=b56-867mf0uKG8VqFVQxra245b_y_DhFnvrl9YoLr8JUNDNXRlVGTkRYQkI1TVFXRVFPREY3RzZZRC4uGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                  • 13.107.246.67
                                                                  https://onedrive.live.com/view.aspx?resid=605E71EC44B519D8%21377&authkey=!AEHlQk7QIU8Eux0Get hashmaliciousUnknownBrowse
                                                                  • 13.107.246.67
                                                                  bg.microsoft.map.fastly.netrPaymentAdvice-PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 199.232.210.172
                                                                  zb1.exeGet hashmaliciousUnknownBrowse
                                                                  • 199.232.210.172
                                                                  https://drive.google.com/file/d/1rUX5pF_yChUfocjQZEgSZVDbnTsCbsyI/view?usp=sharing_eil_m&ts=66679781Get hashmaliciousUnknownBrowse
                                                                  • 199.232.210.172
                                                                  https://workspace.cftc.gov/cedc903c-09bb-4a95-bb76-9b133af0550f/?action=replyGet hashmaliciousUnknownBrowse
                                                                  • 199.232.210.172
                                                                  file.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                  • 199.232.210.172
                                                                  https://mcfp.felk.cvut.czGet hashmaliciousPhisherBrowse
                                                                  • 199.232.210.172
                                                                  https://info.virtualhealth.com/e3t/Ctc/GB+113/cmmfD04/VWRD9T8N6WzjN8MJTHvTlRp-W842MfZ5g9NL_N6-TN-l3qgyTW7Y8-PT6lZ3mfW56Rjx787zhFxW4_YPND6r6flrW4BlJlg1DphdCVWC28Z4PpMbRW6GGMRN2bfpFdW7hSWPP6KFbcRW4PBy7c6n3dRqN7ztR5NtV-d9W1y6F6Z799h-lN1ZbvtmQ73TLW5ShFj48-W2NPW1L2f016vN6bSW45yp6K7Xp_V9W1fy0nl6xLNR_N5n9x3txmtWFN2nZ6w9QgWwJW1rlxcq4rmPQZW2D31f_3FjFXjN7D51x8lx574V_S2G96X3V3rW3xJHsh5zkBZjW6M_Gg24KcjVwW2wm07P9jh6znVyVtyJ6VBB3ZW80wlHc6H0YX2W1stJK56XtGc2f45z9Cx04Get hashmaliciousUnknownBrowse
                                                                  • 199.232.214.172
                                                                  http://www.tlyrxy.skyliexhys.comGet hashmaliciousUnknownBrowse
                                                                  • 199.232.214.172
                                                                  http://www.tlyrxy.skyliexhys.comGet hashmaliciousUnknownBrowse
                                                                  • 199.232.214.172
                                                                  https://deyangming.angebotfilesoffer.top/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                  • 199.232.210.172
                                                                  qrco.dehttps://qrco.de/bf8phnbmqgfwzbpjfxfmxqbbsdecvvGet hashmaliciousUnknownBrowse
                                                                  • 13.33.187.13
                                                                  https://qrco.de/n8mxa4i5VHuJk4PMwkLpvyNqgwLBQ0Sb/?zwphvtjquqnl/pub/cc?_ri_=X0Gzc2X%3DAQpglLjHJlYQGXHi3ygqqrREEgoSeza8UICjjze1whbSsXnwpzgE8gG5CszbXAjhO3FqKUWVXtpKX%3DUYRTAADY&_ei_=EM6hiIRZ6IbTRQzpp7EgfWDv5wmb7wtZr_HKt4Y9565l73Y_PqZSaCEhvHs0mzNqB-gBgO3tuO3UzGxLd8-XUq76ZMc933xI6KE-OcN9i_7_vZ1nKFQzNpaL4RiL4mq9EVgUJPIQMWCvlw3G0w1CjXYcIG-BSVUdKxTJ-nET9bFyCwB2_dByO9r2C-jKzARF7AriZjx_pk4nCrXsqa5CQmpAUkWEc-dfHJ9wX73GWCpfF57_v_ES7Af2szUwfyD1crCX8fOSqjBUZSUnMozbxe4aYYiNhDFxL-2jMKdpABJE3vtt_geGts7n8Xf4EYbq7j3d_IMY4o8Q72577S1E3LPhYqvKvmKbTUvvnIMLzsO6OHpvMQd9_ppOuzIIivn9ZEfO3rb9O9j_duNb3MRYEYBN-0s24zFn151NBJlyD6Gq-MjdBvSKqeeKbw5Wfsj_VyMcrEbHNU3N-Fwk31llQYD9Y_KwimheCdKUAFPtoMQQev1yIcv8hHULCmqh0T1-CEH0F10XlSOydOFp_GyqRNIoG2OjudzyH2-uSleZsarzjYlowPA825PtI7w6EzQlva8d5pko8MVh5GhEP_jIa45zP_XmcMGT6AurPE-K2-xcw0R3fJdeI2HLvwr04_2EB8cEsQvXASU8ndzsHdI_YoX-pNX-DGKMx-6o7E8ijo1A4IQu6extYnY-yNU8Vt-z9xT3l2_ybVcDcwUj0ZQbN2JWPhpiuk8AtxJGzNnIrb4fD-PiJQXEveDyN7N9WsWB0Lg4So4GVp3wT2J2c8BxTsaHBlF99Acrgm9dCZjD_F51LbRK0LCxQjX-tsn4QuELhVAmkIDb_mIoHBFMG6pvRiLCwd_1KWrY31qzwPtEFzqzLUjtacn_BU8V3jK4bE2aqaNyrQaB0oaSFT5kgpAzuJ_iH7j8LpQz0TQLZ4tmiAQeKYiG_FGPh3KXElLE7DkhVTs0Oi8Q6tLs6smyQq4eF3hLlTnnZgSTePsTLxmDzrSw-KGeDyW2LkOZ4kbkxvCGN6seSt91qJ5eDDYhrv3-FjtktxugKzF7yfbej64mQyq1x75cGd6er7nAEMPG28MGLOx9idu5hHS8xpH3XiKhrSQQ3YC3jWQ8qY-EF-Q0TcdwfOj9V-oeOy0KZ-xAMn4XoAuVsYtm7dInk0l0GcUOHwbLnVpy8vKxcHhomXAYRvCzxOe9DPAf3WyCg16exynSJ7tVWJIJA2HKvQ30Pkd9jo8ww7nT6bHa-kCAU5sP0R60XwbaOD1Va5lezql219BRJKOoQC3Ce2b6YAtmFxpVQCXmavy8ISfNPYLP7iYDoR3ywadCKdxWiaVT52gr.&_di_=auf9n3qge530sjoc9a8mlfu4dl79cq7siqsd7tr5omthg3894hpgGet hashmaliciousUnknownBrowse
                                                                  • 18.238.243.111
                                                                  https://docs.google.com/drawings/d/1NvhHuECLQF-PWMkByVuD9aUG5sEbeSN6j9ffcNo0BK4/previewGet hashmaliciousUnknownBrowse
                                                                  • 108.157.173.68
                                                                  https://qrco.de/WntxebLzUZRPvkbE7lS0v1K3POsozeEKGet hashmaliciousUnknownBrowse
                                                                  • 18.164.174.19
                                                                  https://cloudflare-ipfs.com/ipfs/QmbhC4yNHxbesHuqL3USBWmLSYPNT2dCWjS4ff4aRXvqFvGet hashmaliciousHTMLPhisherBrowse
                                                                  • 18.160.225.37
                                                                  https://docs.google.com/drawings/d/1hsNba0GFL7D35MHhiXW98q5gXn9lh-NWbkA0ERgoy2M/previewGet hashmaliciousUnknownBrowse
                                                                  • 18.238.49.92
                                                                  https://wor6a9e8f3001534eb85e273da4065fbbkerow-lab-0665.pilnik9.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                  • 18.238.49.67
                                                                  https://woroffic649db55a37679a4d36b07de29dc3abad2.pilweweik9.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                  • 18.238.49.67
                                                                  https://docs.google.com/drawings/d/1FOCmojL-27dX1mBuFcZy_UU5JFnHcfx3tkIooi0YGzA/previewGet hashmaliciousUnknownBrowse
                                                                  • 18.238.49.67
                                                                  https://docs.google.com/drawings/d/1FOCmojL-27dX1mBuFcZy_UU5JFnHcfx3tkIooi0YGzA/previewGet hashmaliciousUnknownBrowse
                                                                  • 18.238.49.108

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  MICROSOFT-CORP-MSN-AS-BLOCKUSRFQ for Maintenance usering for Sabratha Project.exeGet hashmaliciousFormBookBrowse
                                                                  • 20.187.114.221
                                                                  https://shoutout.wix.com/so/c6P07NDxS/c?w=TZKBCXkrVA_LfU5BB-tTV_q5lDeQIvLgoBVjKb-7XVw.eyJ1IjoiaHR0cHM6Ly9mdWxsYmx1bWVmaXRuZXNzYXBpLmNvbS9peXUvb25lZHJpdiIsInIiOiJmNmUzNjM0Ni01MDUyLTQzYjEtODYzMy1hNDBkZTVhNTg3ZmYiLCJtIjoibWFpbCIsImMiOiJlZDQ5ZmRkMC02YjcxLTQ1MjgtODA0ZC1lMzc0N2M4MjZiNmQifQGet hashmaliciousHTMLPhisherBrowse
                                                                  • 20.229.224.122
                                                                  Payment_confirmation.xlsGet hashmaliciousUnknownBrowse
                                                                  • 13.107.246.45
                                                                  https://www.jottacloud.com/s/35437d4f4e0da78459690378b988b967376Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                  • 20.76.133.196
                                                                  https://larandeteknik.se/reports.phpGet hashmaliciousUnknownBrowse
                                                                  • 204.79.197.203
                                                                  https://rrohlo.ac-page.com/paymentconfirmationGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.67
                                                                  https://soja.escypa.com/Get hashmaliciousUnknownBrowse
                                                                  • 13.107.21.237
                                                                  https://firebasestorage.googleapis.com/v0/b/open-1bebe.appspot.com/o/sci.html?alt=media&token=cd1dbc1a-6097-4fcc-a13d-476f52e5185aGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.67
                                                                  http://sospr-my.sharepoint.com/:b:/g/personal/fsantiago_sospr_net/EVjrrdwOckpCrdDtyrBdGR8B8QRq9S7bcsy03GNJ5tyhQgGet hashmaliciousHTMLPhisherBrowse
                                                                  • 52.107.243.197
                                                                  https://morganakins-my.sharepoint.com/:b:/p/csestak/Ec9Mjk1ZxdhGtxGztMWxDwQBJP0sgzknfiEra3fMvhs_lQ?e=4%3aFK74jx&at=9Get hashmaliciousHTMLPhisherBrowse
                                                                  • 52.104.127.27
                                                                  MICROSOFT-CORP-MSN-AS-BLOCKUSRFQ for Maintenance usering for Sabratha Project.exeGet hashmaliciousFormBookBrowse
                                                                  • 20.187.114.221
                                                                  https://shoutout.wix.com/so/c6P07NDxS/c?w=TZKBCXkrVA_LfU5BB-tTV_q5lDeQIvLgoBVjKb-7XVw.eyJ1IjoiaHR0cHM6Ly9mdWxsYmx1bWVmaXRuZXNzYXBpLmNvbS9peXUvb25lZHJpdiIsInIiOiJmNmUzNjM0Ni01MDUyLTQzYjEtODYzMy1hNDBkZTVhNTg3ZmYiLCJtIjoibWFpbCIsImMiOiJlZDQ5ZmRkMC02YjcxLTQ1MjgtODA0ZC1lMzc0N2M4MjZiNmQifQGet hashmaliciousHTMLPhisherBrowse
                                                                  • 20.229.224.122
                                                                  Payment_confirmation.xlsGet hashmaliciousUnknownBrowse
                                                                  • 13.107.246.45
                                                                  https://www.jottacloud.com/s/35437d4f4e0da78459690378b988b967376Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                  • 20.76.133.196
                                                                  https://larandeteknik.se/reports.phpGet hashmaliciousUnknownBrowse
                                                                  • 204.79.197.203
                                                                  https://rrohlo.ac-page.com/paymentconfirmationGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.67
                                                                  https://soja.escypa.com/Get hashmaliciousUnknownBrowse
                                                                  • 13.107.21.237
                                                                  https://firebasestorage.googleapis.com/v0/b/open-1bebe.appspot.com/o/sci.html?alt=media&token=cd1dbc1a-6097-4fcc-a13d-476f52e5185aGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.107.246.67
                                                                  http://sospr-my.sharepoint.com/:b:/g/personal/fsantiago_sospr_net/EVjrrdwOckpCrdDtyrBdGR8B8QRq9S7bcsy03GNJ5tyhQgGet hashmaliciousHTMLPhisherBrowse
                                                                  • 52.107.243.197
                                                                  https://morganakins-my.sharepoint.com/:b:/p/csestak/Ec9Mjk1ZxdhGtxGztMWxDwQBJP0sgzknfiEra3fMvhs_lQ?e=4%3aFK74jx&at=9Get hashmaliciousHTMLPhisherBrowse
                                                                  • 52.104.127.27
                                                                  OVHFRPO 05588060624.exeGet hashmaliciousFormBookBrowse
                                                                  • 192.99.35.32
                                                                  http://aauhjgmnb2.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                  • 178.32.197.56
                                                                  http://amazon-clone-virid-chi.vercel.app/Get hashmaliciousUnknownBrowse
                                                                  • 54.36.150.184
                                                                  SecuriteInfo.com.Linux.Siggen.9999.27902.26281.elfGet hashmaliciousMiraiBrowse
                                                                  • 37.187.28.219
                                                                  https://www.mediafire.com/file/0k1qpxynn6wl5z6/Purchase+Inquiry++Uzbekistan+&+Greece+Customers.tgz/fileGet hashmaliciousAgentTeslaBrowse
                                                                  • 51.195.68.162
                                                                  https://circleoftoast.blogspot.comGet hashmaliciousUnknownBrowse
                                                                  • 142.4.219.198
                                                                  https://shorturl.at/c9o0aGet hashmaliciousUnknownBrowse
                                                                  • 51.75.86.98
                                                                  https://stemerto.com/1k-as-us/index.phpGet hashmaliciousUnknownBrowse
                                                                  • 54.39.130.163
                                                                  TS-240609-CStealer1.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                  • 151.80.29.83
                                                                  http://instaofficiallog.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                  • 217.182.178.234
                                                                  AKAMAI-ASUShttps://www.jottacloud.com/s/35437d4f4e0da78459690378b988b967376Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                  • 2.19.126.199
                                                                  https://larandeteknik.se/reports.phpGet hashmaliciousUnknownBrowse
                                                                  • 2.19.126.152
                                                                  https://firebasestorage.googleapis.com/v0/b/open-1bebe.appspot.com/o/sci.html?alt=media&token=cd1dbc1a-6097-4fcc-a13d-476f52e5185aGet hashmaliciousHTMLPhisherBrowse
                                                                  • 2.19.126.200
                                                                  https://morganakins-my.sharepoint.com/:b:/p/csestak/Ec9Mjk1ZxdhGtxGztMWxDwQBJP0sgzknfiEra3fMvhs_lQ?e=4%3aFK74jx&at=9Get hashmaliciousHTMLPhisherBrowse
                                                                  • 2.19.126.200
                                                                  SecuriteInfo.com.BackDoor.SpyBotNET.62.3223.1756.exeGet hashmaliciousVidarBrowse
                                                                  • 104.102.42.29
                                                                  https://we.tl/t-oXROBsGucpGet hashmaliciousUnknownBrowse
                                                                  • 184.28.89.220
                                                                  http://pic.fancyapi.comGet hashmaliciousUnknownBrowse
                                                                  • 104.102.42.253
                                                                  phishQR.jpgGet hashmaliciousHTMLPhisherBrowse
                                                                  • 23.211.10.90
                                                                  8MFpF2RpG1.elfGet hashmaliciousMiraiBrowse
                                                                  • 96.26.27.78
                                                                  https://new.express.adobe.com/webpage/czD5r1jfeik32Get hashmaliciousUnknownBrowse
                                                                  • 23.215.55.144
                                                                  AMAZON-02USBootblacks.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 18.185.25.67
                                                                  RFQ for Maintenance usering for Sabratha Project.exeGet hashmaliciousFormBookBrowse
                                                                  • 3.64.163.50
                                                                  https://shoutout.wix.com/so/c6P07NDxS/c?w=TZKBCXkrVA_LfU5BB-tTV_q5lDeQIvLgoBVjKb-7XVw.eyJ1IjoiaHR0cHM6Ly9mdWxsYmx1bWVmaXRuZXNzYXBpLmNvbS9peXUvb25lZHJpdiIsInIiOiJmNmUzNjM0Ni01MDUyLTQzYjEtODYzMy1hNDBkZTVhNTg3ZmYiLCJtIjoibWFpbCIsImMiOiJlZDQ5ZmRkMC02YjcxLTQ1MjgtODA0ZC1lMzc0N2M4MjZiNmQifQGet hashmaliciousHTMLPhisherBrowse
                                                                  • 13.227.219.97
                                                                  https://34.75.2o2.lol/XZXlZcys3Y0lMeE9qTWRaYisvV2ozVCtKTk9jbmZUSEdiYTZpTS9BYmpHY1I5Q3lSanAxam16TnE1Ly8zaitNeWxyTzBVQWhCS1VjcExjT0xsb284a2FQR1RLMkF3NGpiOVVvVHp4R2h6M3NmOWRIQmlQdmY2clJOcm11TXM2TDNadXUrUGxmclIwVGpyc3ViVndCME9RWXltbDl4QkZiNDVqRUhuVzNpZCs1cmNhS0s2bVk1ZWY3K0VCTG5FQzByWWJBTU53TGVvSjV2MXFBMitJQmgtLUNmdVg1bG1UOGdhbzNBaTQtLU9YTW5YNHNaYnFhVDM5V3BKaGVUZWc9PQ==?cid=2059126474Get hashmaliciousUnknownBrowse
                                                                  • 18.239.36.5
                                                                  RAm88JXXYr.elfGet hashmaliciousGafgyt, Mirai, OkiruBrowse
                                                                  • 54.217.10.153
                                                                  https://download.filezilla-project.org/client/FileZilla_3.67.0_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
                                                                  • 18.239.94.23
                                                                  http://www.chanamais.com/Get hashmaliciousUnknownBrowse
                                                                  • 76.76.21.61
                                                                  https://larandeteknik.se/reports.phpGet hashmaliciousUnknownBrowse
                                                                  • 18.155.129.126
                                                                  https://na2.docusign.net/Member/EmailStart.aspx?a=d9cc73d9-ae0f-4253-a792-b28e8e553025&acct=61cb9522-75f6-4286-9c9e-e0f21cfcb28c&er=7c01d5b5-65de-4226-821a-b71d7d0d5623&c=E,1,Js_dcjgNrYNrel1HuUzofphnyLHztW0huM_6dgU6JXOMHy6LrFNyRz9u0XbDVY5U7gRSOASLaSlWJc5pS8NIpp_k-HIIGeO2F0BtBCErZxdMks2Qmw,,&typo=1Get hashmaliciousUnknownBrowse
                                                                  • 65.9.66.67
                                                                  https://info.virtualhealth.com/e3t/Ctc/GB+113/cmmfD04/VWRD9T8N6WzjN8MJTHvTlRp-W842MfZ5g9NL_N6-TN-l3qgyTW7Y8-PT6lZ3mfW56Rjx787zhFxW4_YPND6r6flrW4BlJlg1DphdCVWC28Z4PpMbRW6GGMRN2bfpFdW7hSWPP6KFbcRW4PBy7c6n3dRqN7ztR5NtV-d9W1y6F6Z799h-lN1ZbvtmQ73TLW5ShFj48-W2NPW1L2f016vN6bSW45yp6K7Xp_V9W1fy0nl6xLNR_N5n9x3txmtWFN2nZ6w9QgWwJW1rlxcq4rmPQZW2D31f_3FjFXjN7D51x8lx574V_S2G96X3V3rW3xJHsh5zkBZjW6M_Gg24KcjVwW2wm07P9jh6znVyVtyJ6VBB3ZW80wlHc6H0YX2W1stJK56XtGc2f45z9Cx04Get hashmaliciousUnknownBrowse
                                                                  • 52.48.96.129

                                                                  JA3 Fingerprints

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  28a2c9bd18a11de089ef85a160da29e4https://34.75.2o2.lol/XZXlZcys3Y0lMeE9qTWRaYisvV2ozVCtKTk9jbmZUSEdiYTZpTS9BYmpHY1I5Q3lSanAxam16TnE1Ly8zaitNeWxyTzBVQWhCS1VjcExjT0xsb284a2FQR1RLMkF3NGpiOVVvVHp4R2h6M3NmOWRIQmlQdmY2clJOcm11TXM2TDNadXUrUGxmclIwVGpyc3ViVndCME9RWXltbDl4QkZiNDVqRUhuVzNpZCs1cmNhS0s2bVk1ZWY3K0VCTG5FQzByWWJBTU53TGVvSjV2MXFBMitJQmgtLUNmdVg1bG1UOGdhbzNBaTQtLU9YTW5YNHNaYnFhVDM5V3BKaGVUZWc9PQ==?cid=2059126474Get hashmaliciousUnknownBrowse
                                                                  • 13.85.23.86
                                                                  • 184.28.90.27
                                                                  https://drive.google.com/file/d/1rUX5pF_yChUfocjQZEgSZVDbnTsCbsyI/view?usp=sharing_eil_m&ts=66679781Get hashmaliciousUnknownBrowse
                                                                  • 13.85.23.86
                                                                  • 184.28.90.27
                                                                  https://workspace.cftc.gov/cedc903c-09bb-4a95-bb76-9b133af0550f/?action=replyGet hashmaliciousUnknownBrowse
                                                                  • 13.85.23.86
                                                                  • 184.28.90.27
                                                                  https://download.filezilla-project.org/client/FileZilla_3.67.0_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
                                                                  • 13.85.23.86
                                                                  • 184.28.90.27
                                                                  http://www.chanamais.com/Get hashmaliciousUnknownBrowse
                                                                  • 13.85.23.86
                                                                  • 184.28.90.27
                                                                  https://download.filezilla-project.org/client/FileZilla_3.67.0_win64_sponsored2-setup.exeGet hashmaliciousUnknownBrowse
                                                                  • 13.85.23.86
                                                                  • 184.28.90.27
                                                                  T0G5K8T6g0y4P25927684.htmlGet hashmaliciousUnknownBrowse
                                                                  • 13.85.23.86
                                                                  • 184.28.90.27
                                                                  https://na2.docusign.net/Member/EmailStart.aspx?a=d9cc73d9-ae0f-4253-a792-b28e8e553025&acct=61cb9522-75f6-4286-9c9e-e0f21cfcb28c&er=7c01d5b5-65de-4226-821a-b71d7d0d5623&c=E,1,Js_dcjgNrYNrel1HuUzofphnyLHztW0huM_6dgU6JXOMHy6LrFNyRz9u0XbDVY5U7gRSOASLaSlWJc5pS8NIpp_k-HIIGeO2F0BtBCErZxdMks2Qmw,,&typo=1Get hashmaliciousUnknownBrowse
                                                                  • 13.85.23.86
                                                                  • 184.28.90.27
                                                                  https://mcfp.felk.cvut.czGet hashmaliciousPhisherBrowse
                                                                  • 13.85.23.86
                                                                  • 184.28.90.27
                                                                  https://info.virtualhealth.com/e3t/Ctc/GB+113/cmmfD04/VWRD9T8N6WzjN8MJTHvTlRp-W842MfZ5g9NL_N6-TN-l3qgyTW7Y8-PT6lZ3mfW56Rjx787zhFxW4_YPND6r6flrW4BlJlg1DphdCVWC28Z4PpMbRW6GGMRN2bfpFdW7hSWPP6KFbcRW4PBy7c6n3dRqN7ztR5NtV-d9W1y6F6Z799h-lN1ZbvtmQ73TLW5ShFj48-W2NPW1L2f016vN6bSW45yp6K7Xp_V9W1fy0nl6xLNR_N5n9x3txmtWFN2nZ6w9QgWwJW1rlxcq4rmPQZW2D31f_3FjFXjN7D51x8lx574V_S2G96X3V3rW3xJHsh5zkBZjW6M_Gg24KcjVwW2wm07P9jh6znVyVtyJ6VBB3ZW80wlHc6H0YX2W1stJK56XtGc2f45z9Cx04Get hashmaliciousUnknownBrowse
                                                                  • 13.85.23.86
                                                                  • 184.28.90.27

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):292
                                                                  Entropy (8bit):5.157388874892772
                                                                  Encrypted:false
                                                                  SSDEEP:6:h3tZFIq2Pwkn2nKuAl9OmbnIFUt8A3iZmw+A3OkwOwkn2nKuAl9OmbjLJ:hzFIvYfHAahFUt8Ay/+A+5JfHAaSJ
                                                                  MD5:58FDE4DE76581E77C032B58679773D67
                                                                  SHA1:EE0FB098B9FB68962227B06AE63D6D29198BC475
                                                                  SHA-256:CF568287E043BD9251C9E4A2BE687E0AFF2931B527BC7191FD6A4E00976D5944
                                                                  SHA-512:999074A7AE4EFDC924777BDAC7ACC24685900D1F6115172B6B6BBA1C23151322ABFF031CB4D5202DEBF40D013E79790302796718C573B6BC5BB2AB9C482FA6C3
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:2024/06/11-14:00:26.914 1c60 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/11-14:00:26.917 1c60 Recovering log #3.2024/06/11-14:00:26.917 1c60 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):292
                                                                  Entropy (8bit):5.157388874892772
                                                                  Encrypted:false
                                                                  SSDEEP:6:h3tZFIq2Pwkn2nKuAl9OmbnIFUt8A3iZmw+A3OkwOwkn2nKuAl9OmbjLJ:hzFIvYfHAahFUt8Ay/+A+5JfHAaSJ
                                                                  MD5:58FDE4DE76581E77C032B58679773D67
                                                                  SHA1:EE0FB098B9FB68962227B06AE63D6D29198BC475
                                                                  SHA-256:CF568287E043BD9251C9E4A2BE687E0AFF2931B527BC7191FD6A4E00976D5944
                                                                  SHA-512:999074A7AE4EFDC924777BDAC7ACC24685900D1F6115172B6B6BBA1C23151322ABFF031CB4D5202DEBF40D013E79790302796718C573B6BC5BB2AB9C482FA6C3
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:2024/06/11-14:00:26.914 1c60 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/11-14:00:26.917 1c60 Recovering log #3.2024/06/11-14:00:26.917 1c60 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):336
                                                                  Entropy (8bit):5.173352441926516
                                                                  Encrypted:false
                                                                  SSDEEP:6:h3Pq2Pwkn2nKuAl9Ombzo2jMGIFUt8A3bZmw+A3xkwOwkn2nKuAl9Ombzo2jMmLJ:hfvYfHAa8uFUt8Ar/+Ah5JfHAa8RJ
                                                                  MD5:AE396CEB97E912201AEFA9592C347B93
                                                                  SHA1:638553D35817BBBDB0B20ADF4F513D6BA7E9714E
                                                                  SHA-256:628F5F907B0310761315377AF72ECF673336C24991D516A42E3E1B28B68850B1
                                                                  SHA-512:EDFE79002E64CC048C81B3A22D9166D8E5B8195388BE9C11BB417A89BCBE8D82F11B991A855ABEABEA64BBB9BF912FF090D2F5F55B57095ABACDF72DCAA2A308
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:2024/06/11-14:00:26.968 1d14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/11-14:00:26.970 1d14 Recovering log #3.2024/06/11-14:00:26.970 1d14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):336
                                                                  Entropy (8bit):5.173352441926516
                                                                  Encrypted:false
                                                                  SSDEEP:6:h3Pq2Pwkn2nKuAl9Ombzo2jMGIFUt8A3bZmw+A3xkwOwkn2nKuAl9Ombzo2jMmLJ:hfvYfHAa8uFUt8Ar/+Ah5JfHAa8RJ
                                                                  MD5:AE396CEB97E912201AEFA9592C347B93
                                                                  SHA1:638553D35817BBBDB0B20ADF4F513D6BA7E9714E
                                                                  SHA-256:628F5F907B0310761315377AF72ECF673336C24991D516A42E3E1B28B68850B1
                                                                  SHA-512:EDFE79002E64CC048C81B3A22D9166D8E5B8195388BE9C11BB417A89BCBE8D82F11B991A855ABEABEA64BBB9BF912FF090D2F5F55B57095ABACDF72DCAA2A308
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:2024/06/11-14:00:26.968 1d14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/11-14:00:26.970 1d14 Recovering log #3.2024/06/11-14:00:26.970 1d14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5d5db112-4aad-49ec-a610-f768cb42c393.tmp

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):475
                                                                  Entropy (8bit):4.961917325471821
                                                                  Encrypted:false
                                                                  SSDEEP:12:YH/um3RA8sqIsBdOg2Hfcaq3QYiubInP7E4T3y:Y2sRdssdMHu3QYhbG7nby
                                                                  MD5:1C519FBF3724EF5A7CAC974A25D68C4A
                                                                  SHA1:79C991EE70E67E865D59FEFAA0F085F99200F353
                                                                  SHA-256:DB54B15F7BF2742F1D1920E02B83360EF80DBC21BCC6C3024594CA19A60636D5
                                                                  SHA-512:6E9CB8B9B5EF170C60B4455A6132383FDE8CD5FD07D4F914A1A6655146B9A5AA9FF6948630F5AB553FF767A9F99DF787FB32A8F48E798E46E243619A04E5FB53
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13362688839200593","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":223994},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):475
                                                                  Entropy (8bit):4.966895279106768
                                                                  Encrypted:false
                                                                  SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4T3y:Y2sRdsVdMHO3QYhbG7nby
                                                                  MD5:2B2DD4FFCADFFFA544C423CE65A911E2
                                                                  SHA1:3C690C4670D732A1F54C5BD0B93A7CFF6CA96720
                                                                  SHA-256:7ACAC2E53C854E8000F43FE4CB549E82A2B9F6A957366C429ABB730EE326CBD0
                                                                  SHA-512:51D13C2DCDFB21C1C0F1756DA980098861148C6CE5CBB18F8D6247FB33D1037B60EB4CE27C7AC482D705509BD1BDF1EDDBC619CC6D6610A3EED3F2AAD0185C50
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5aea0c.TMP (copy)

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):475
                                                                  Entropy (8bit):4.966895279106768
                                                                  Encrypted:false
                                                                  SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4T3y:Y2sRdsVdMHO3QYhbG7nby
                                                                  MD5:2B2DD4FFCADFFFA544C423CE65A911E2
                                                                  SHA1:3C690C4670D732A1F54C5BD0B93A7CFF6CA96720
                                                                  SHA-256:7ACAC2E53C854E8000F43FE4CB549E82A2B9F6A957366C429ABB730EE326CBD0
                                                                  SHA-512:51D13C2DCDFB21C1C0F1756DA980098861148C6CE5CBB18F8D6247FB33D1037B60EB4CE27C7AC482D705509BD1BDF1EDDBC619CC6D6610A3EED3F2AAD0185C50
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d402a027-246c-4b96-9d5d-014378d69553.tmp

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):475
                                                                  Entropy (8bit):4.966895279106768
                                                                  Encrypted:false
                                                                  SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4T3y:Y2sRdsVdMHO3QYhbG7nby
                                                                  MD5:2B2DD4FFCADFFFA544C423CE65A911E2
                                                                  SHA1:3C690C4670D732A1F54C5BD0B93A7CFF6CA96720
                                                                  SHA-256:7ACAC2E53C854E8000F43FE4CB549E82A2B9F6A957366C429ABB730EE326CBD0
                                                                  SHA-512:51D13C2DCDFB21C1C0F1756DA980098861148C6CE5CBB18F8D6247FB33D1037B60EB4CE27C7AC482D705509BD1BDF1EDDBC619CC6D6610A3EED3F2AAD0185C50
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):4730
                                                                  Entropy (8bit):5.251023194445487
                                                                  Encrypted:false
                                                                  SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo70IF9dIS9Z:etJCV4FiN/jTN/2r8Mta02fEhgO73goP
                                                                  MD5:7ACD1DA0C8DC4BBA2139AD4DBADEE326
                                                                  SHA1:DF06352A36D665BC029B4D02366F3D1DE5215066
                                                                  SHA-256:10EDD5C7E405F277D6B70C86CCCE850FBA7B71B66A6D17DAB2D42463A0AD4AE4
                                                                  SHA-512:6C6C68A99BFCE269DB34B151748D69D1DE3E85A11CB236B945AE8B72488D6BE9D030A68F9D43A3E14540F80C4BF594F0D30271EACE9C860160E98D18F85C7C3D
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):324
                                                                  Entropy (8bit):5.170477195152695
                                                                  Encrypted:false
                                                                  SSDEEP:6:h3aNq2Pwkn2nKuAl9OmbzNMxIFUt8A3aY9Zmw+A3auFkwOwkn2nKuAl9OmbzNMFd:hqNvYfHAa8jFUt8Aqo/+Aqy5JfHAa84J
                                                                  MD5:F8BEB0E8FCEEC3E8AF873EE793599A5F
                                                                  SHA1:559FA778AD5107A10C84F63817983744DCA3F46F
                                                                  SHA-256:D1F691C93C002566A4D32FD536F45AC261344885570EC0DEF46068B3C75E4909
                                                                  SHA-512:E3FA9C8A693E8D27CA32338A8193F0A7AB222F5A1C7FE3591BF4505FDCF4818F8D82FF104499A29CC566D34CD6324472F64A6932517440D1F5A5516F98A06768
                                                                  Malicious:false
                                                                  Preview:2024/06/11-14:00:27.531 1d14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/11-14:00:27.544 1d14 Recovering log #3.2024/06/11-14:00:27.551 1d14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:ASCII text
                                                                  Category:dropped
                                                                  Size (bytes):324
                                                                  Entropy (8bit):5.170477195152695
                                                                  Encrypted:false
                                                                  SSDEEP:6:h3aNq2Pwkn2nKuAl9OmbzNMxIFUt8A3aY9Zmw+A3auFkwOwkn2nKuAl9OmbzNMFd:hqNvYfHAa8jFUt8Aqo/+Aqy5JfHAa84J
                                                                  MD5:F8BEB0E8FCEEC3E8AF873EE793599A5F
                                                                  SHA1:559FA778AD5107A10C84F63817983744DCA3F46F
                                                                  SHA-256:D1F691C93C002566A4D32FD536F45AC261344885570EC0DEF46068B3C75E4909
                                                                  SHA-512:E3FA9C8A693E8D27CA32338A8193F0A7AB222F5A1C7FE3591BF4505FDCF4818F8D82FF104499A29CC566D34CD6324472F64A6932517440D1F5A5516F98A06768
                                                                  Malicious:false
                                                                  Preview:2024/06/11-14:00:27.531 1d14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/11-14:00:27.544 1d14 Recovering log #3.2024/06/11-14:00:27.551 1d14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240611180033Z-261.bmp

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                                  Category:dropped
                                                                  Size (bytes):65110
                                                                  Entropy (8bit):1.5011324381460613
                                                                  Encrypted:false
                                                                  SSDEEP:192:w67vnlWKoW7oJcFumNiiRH7AB/bO2jxdVOivUXj4xgN1ioNl:B7PIfW7o6vNiiR0tOedYivUXj4xgb
                                                                  MD5:88F6565025FC48D37983E085FFA11F65
                                                                  SHA1:709D320C5B26DF151BB1D6F794801A19703E875C
                                                                  SHA-256:55EF945C33F03A6897E838557B5FA07FFFDB9512D2895BA06333049413E85FF8
                                                                  SHA-512:BBDB5A4EF4D217D19616676CA9A7335C8F0005BC9DEE63F3F3999B6D7AFDBDDE7E183A8EDBD3BE96463D6AB28006824170547C1BC7E1B3CD2846577FDB833EC2
                                                                  Malicious:false
                                                                  Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                                  Category:dropped
                                                                  Size (bytes):86016
                                                                  Entropy (8bit):4.44495606704795
                                                                  Encrypted:false
                                                                  SSDEEP:384:yezci5teiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rxs3OazzU89UTTgUL
                                                                  MD5:E7D04E7D24596276D10959EDF5B31845
                                                                  SHA1:CC4B3F655710BA653FA5B7CFB2BB9BF643409ED7
                                                                  SHA-256:D3C82CC860D12BC9CA2F72B9C0AFE78B9566C1EEEAF2C738C3D2D2FE029C3D58
                                                                  SHA-512:A20383512DC39BC27115BE01DC10DE682F8455BF5237E0049FD08DB028648397DCEE844CDB314ACB5500A552FB18250C10AC0C8600DA9D3E30BEE658D524D7ED
                                                                  Malicious:false
                                                                  Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:SQLite Rollback Journal
                                                                  Category:dropped
                                                                  Size (bytes):8720
                                                                  Entropy (8bit):3.77237671775681
                                                                  Encrypted:false
                                                                  SSDEEP:48:7Mfup/E2ioyVEgioy9oWoy1Cwoy17DKOioy1noy1AYoy1Wioy1hioybioyl1oy1g:7JpjuEgF2JXKQIHQb9IVXEBodRBkv
                                                                  MD5:D03B2881E91225FF4581D96F8C36E1B6
                                                                  SHA1:E932ACA2556831C36F3817550EE9D8AEFD9111F7
                                                                  SHA-256:07EB94F4EB47A0C6A23C8DB30B9FB79494572ED611E3105CAD3EE3B7B7CBBDC7
                                                                  SHA-512:48766D41062A4FCA517D7B283C77ACE34BCA6600E659D044AC146DA370863DBF11255A99906EFAC11E34676282F82F1D9E667DBE06B752A84AEB598064AC2454
                                                                  Malicious:false
                                                                  Preview:.... .c.....C.nD...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                  Category:dropped
                                                                  Size (bytes):71954
                                                                  Entropy (8bit):7.996617769952133
                                                                  Encrypted:true
                                                                  SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                  MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                  SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                  SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                  SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                  Malicious:false
                                                                  Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):893
                                                                  Entropy (8bit):7.366016576663508
                                                                  Encrypted:false
                                                                  SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
                                                                  MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                                                                  SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                                                                  SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                                                                  SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                                                                  Malicious:false
                                                                  Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:data
                                                                  Category:modified
                                                                  Size (bytes):328
                                                                  Entropy (8bit):3.2418003062782916
                                                                  Encrypted:false
                                                                  SSDEEP:6:kK/9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:GDImsLNkPlE99SNxAhUe/3
                                                                  MD5:526FCE762B89B739E0A87DBD6CD29AAC
                                                                  SHA1:928A1125196CF89308A688F5433342A416F47B63
                                                                  SHA-256:0C1525AA2F159EE6DD58E68342EA09F084E0DAEA6D6C6A4BE8F76C57DB3E8DF2
                                                                  SHA-512:76C38E346BDF9E8A762D8E9D6048B8F51A98C84AC984FB61D73FCE4CC5E8FC5BEBF787ECC5B3106EA2D1E6498163C6268B126F4F68FFAF52562E511D8ED45373
                                                                  Malicious:false
                                                                  Preview:p...... ...........T)...(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):252
                                                                  Entropy (8bit):3.034404395079139
                                                                  Encrypted:false
                                                                  SSDEEP:3:kkFklZiSM/tfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kKQM1xliBAIdQZV7I7kc3
                                                                  MD5:9E8D3A83CA8DBAE38E4136EEDC780DC1
                                                                  SHA1:4076A825A08C8E35ACED268DC34D771A3DC0033C
                                                                  SHA-256:7E5D758A659C5F3B82A9DDDA5F7F75BC5E12E7FA8357C07BEFB238FDE72E39E3
                                                                  SHA-512:C5AE9DAF4C12F998BEC7441F8684CF8F23813BD917136C7461ABA092904F9BA993213512C88947C1DCC837187CC1BC6EB968694CBE506197EE77F356752C4C00
                                                                  Malicious:false
                                                                  Preview:p...... ....`....'.B)...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6588

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:PostScript document text
                                                                  Category:dropped
                                                                  Size (bytes):185099
                                                                  Entropy (8bit):5.182478651346149
                                                                  Encrypted:false
                                                                  SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                  MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                  SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                  SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                  SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                  Malicious:false
                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:PostScript document text
                                                                  Category:dropped
                                                                  Size (bytes):185099
                                                                  Entropy (8bit):5.182478651346149
                                                                  Encrypted:false
                                                                  SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                  MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                  SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                  SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                  SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                  Malicious:false
                                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):243196
                                                                  Entropy (8bit):3.3450692389394283
                                                                  Encrypted:false
                                                                  SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                                                                  MD5:F5567C4FF4AB049B696D3BE0DD72A793
                                                                  SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                                                                  SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                                                                  SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                                                                  Malicious:false
                                                                  Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):295
                                                                  Entropy (8bit):5.3772598947330295
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJM3g98kUwPeUkwRe9:YvXKXF1Nw/iEZc0vHMGMbLUkee9
                                                                  MD5:864B1C54E5428C7F7347320E8A671D3C
                                                                  SHA1:65587A8F0B8D785B23E2FF852322625EFA05B674
                                                                  SHA-256:D610C892A44385654289F97C8B1D141D6EB3184936F1B4EBB4DF4515BE98799D
                                                                  SHA-512:6E6801429B5CA4CB50672740B0E57F8366ACB38A89D8105181EB1A6AD5625DEE90B4A6411391CA02F3CD4B376A42852F2789117F03C0ADBF05A4244ACBE8DFA3
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):294
                                                                  Entropy (8bit):5.329442978753832
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJfBoTfXpnrPeUkwRe9:YvXKXF1Nw/iEZc0vHMGWTfXcUkee9
                                                                  MD5:05E907FE195BA46D2AD66C45EC3E1449
                                                                  SHA1:A75D0DF63C38F5E8BBF4C317E98B35A46F6DAB84
                                                                  SHA-256:5ED3D2EDFB598769FDEBE73E87F5777ED44259446C8C54630D83D9421C26BBF8
                                                                  SHA-512:6652EF79E1C896BD58ABF0D2EE2556E17CE5C21395083ED214290B29EBD501B74688EE6973BBBD768C73CCFDF44044FF292523972E6353088D0DDEE9772C7E52
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):294
                                                                  Entropy (8bit):5.307842297622263
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJfBD2G6UpnrPeUkwRe9:YvXKXF1Nw/iEZc0vHMGR22cUkee9
                                                                  MD5:B1558345F64529220ACDFFB0476D2343
                                                                  SHA1:9262873AEDB8A48179F7381B8AB781AFF7F22D0A
                                                                  SHA-256:8F9736389EC0E013EB0CF567E7C76FB62060485F67D049CEC1B453BBC5C5FF09
                                                                  SHA-512:1EBF8D124C059256905631984E0101CE02835BB2938B2F927F08E2A469C5C076C4D6B26510DDF57798F4E2D7C35EFB16C10CDD1C755DB45B454836C46D454423
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):285
                                                                  Entropy (8bit):5.364757997714709
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJfPmwrPeUkwRe9:YvXKXF1Nw/iEZc0vHMGH56Ukee9
                                                                  MD5:C512AD5319A72F6D971104ECCBEB3D0E
                                                                  SHA1:5022F0E774710EE9F0E8C01B561527BA3CBEFCD5
                                                                  SHA-256:217B3D7A19B1CA012BDE0A23DB2DE673F3514F4A933016DF024D9E12D83B175F
                                                                  SHA-512:90F1286A9F3BAE9FD32CB831B5996FDDC5EDC9BC5D32467DC555C2151EF4F8373892CCD21756B7593C6DAFF9FFA3074C620F3E4F9AB2168BF0ACC499D25C5F66
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):292
                                                                  Entropy (8bit):5.32657550945428
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJfJWCtMdPeUkwRe9:YvXKXF1Nw/iEZc0vHMGBS8Ukee9
                                                                  MD5:5533352119758437B37E56856800AE99
                                                                  SHA1:45212A76B14F47862FA8A423571F7EEE4BC76A8C
                                                                  SHA-256:324C18FAEA08601B577ECBF6A48E4DB905692E73D1A60682C0EDF1D340F9A1FE
                                                                  SHA-512:7E0C139961F1EEB14F329DC2B42924776A98D19D0EC2519BB72E21B3EF0FF7AAEA77EE6C989E529A6D3DE8859F7D64AC3EDB45D0C5F3154F2B082C0883F8DCC6
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):289
                                                                  Entropy (8bit):5.313528012604836
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJf8dPeUkwRe9:YvXKXF1Nw/iEZc0vHMGU8Ukee9
                                                                  MD5:F63DB2BA667C91DE1B47ED055B8F95CE
                                                                  SHA1:6BA170EB9855E1775ACE848E8A0AB0DB0DA5A4F1
                                                                  SHA-256:72E6D23373B162AB0FA58CDF327754A2104A23B4A8E08FB5E2BBBAA1FFB696CE
                                                                  SHA-512:FB4EE24ADC9D646AAF1FCE251E941C5C09946AC1C3D28AEE404CB08AC679E647501AB333019D0E207BAB8EFFD106D796909CDB3076A8C009289699BD3EF6BA01
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):292
                                                                  Entropy (8bit):5.3175804611936766
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJfQ1rPeUkwRe9:YvXKXF1Nw/iEZc0vHMGY16Ukee9
                                                                  MD5:D635BDD1247D875EC9E56C8E0E08BF6E
                                                                  SHA1:6456A11E5866659DB49D599B5DE572C97680EC8F
                                                                  SHA-256:AE55822DBAE4E2AE7FB075972C81EC74374EC667ABE04166F27B959C775398D9
                                                                  SHA-512:81F94AC4C48295D33FB19B6C20CDF60AB0C2A55713FEB4C3AE4A354FD947A272F23EF2B4CD33911EFE28C6B9F776922A5A6D4600765636A14437C29714837C35
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):289
                                                                  Entropy (8bit):5.322331058875935
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJfFldPeUkwRe9:YvXKXF1Nw/iEZc0vHMGz8Ukee9
                                                                  MD5:1F6B171E4357C4EE3F901EC29178B686
                                                                  SHA1:E7F22A1C2EE5402B0E59A828F138FB252763308F
                                                                  SHA-256:B997F4A143051CF1C720341E4469B23911E6441F5B9CEB8CA08C06F8EA1E700A
                                                                  SHA-512:161C03720CF3C82C11A096355697E5EC6F3D0E1599485D73876BD44549BC09FA1EB25ACF8411613AD8EE31B9081C46C1E4C0176035013D54752D6E9D804CFFD1
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):1372
                                                                  Entropy (8bit):5.742768770951347
                                                                  Encrypted:false
                                                                  SSDEEP:24:Yv6XXNw/ZzvUKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNy:YvuwlMEgigrNt0wSJn+ns8cvFJE
                                                                  MD5:81B54034A0F930360CBB89CF22841DC4
                                                                  SHA1:9CDADF29E48E824442BE17B284FCD2E1C6DEB757
                                                                  SHA-256:77940A0507E1145C53591E38BB320942C3A196C753EA3A723AA7FFDF48363653
                                                                  SHA-512:BBDBD2A00A7EEFC6A6BC57BAE782D92AF56E31547F70AF60FD7FA97002A889F6328C50116B1D9F55660B92F5AF78F148E416AEF269A0EFFEE8FE4B5521359215
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):289
                                                                  Entropy (8bit):5.319924678733342
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJfYdPeUkwRe9:YvXKXF1Nw/iEZc0vHMGg8Ukee9
                                                                  MD5:5A105CDD5DE0745C86CCE220A684A74B
                                                                  SHA1:6B5ECE3736CA2FC6DD68E31012AD9B1703174644
                                                                  SHA-256:51155F30C4EEEDE723407D246E2110E4DD0E4C0E22DD8BD88D9CE4AC9ECDCAEF
                                                                  SHA-512:6E5174AE36C67DC354DF6E4BC75A6640235E716170A3C33A7CD0097C91D3C68B2DBCA2920DAA104702C3D8FA98022F5E08EC4C2D3CE47FCFD300D7ADA8CD66A1
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):1395
                                                                  Entropy (8bit):5.781178201493571
                                                                  Encrypted:false
                                                                  SSDEEP:24:Yv6XXNw/Zzv7rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNq:YvuwlDHgDv3W2aYQfgB5OUupHrQ9FJA
                                                                  MD5:5768E1EA1009970D4525AC74648FCA3C
                                                                  SHA1:AB52E76AD4E5E734CD3A35CBF4078C424EA95138
                                                                  SHA-256:72E0D6E93D41759F70E2B6A300A33C68B778B7B78E0EF2B5B40FD1E470EF219F
                                                                  SHA-512:C5DA93EB982E6F2728DD7387C6D5A38EC7A2D328CAB7A74EC5B1BD901C45CCA0D3018DB08EE74E7711538959C7869537A011CCD1FB9A502B622C520B0E14EAA9
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):291
                                                                  Entropy (8bit):5.303334837034467
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJfbPtdPeUkwRe9:YvXKXF1Nw/iEZc0vHMGDV8Ukee9
                                                                  MD5:CD6D99500FF7D14BA385914645BB8351
                                                                  SHA1:C4AF8E6E0E068A197B0A421382A82302BA3842F7
                                                                  SHA-256:52B7E6709F7B984D6C38F0EB5379177D9CD210E745348C5E6E28048FD9430911
                                                                  SHA-512:2647ACB75B5F3E3B4A4A07A7EFD48108DD0B75ED25B2D8DB53AC97405649D0DFD63199E6BD55EDD668737E8D5283DD36CAC19694B8FD0874702AF226D037573A
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):287
                                                                  Entropy (8bit):5.30794769636776
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJf21rPeUkwRe9:YvXKXF1Nw/iEZc0vHMG+16Ukee9
                                                                  MD5:DF8E7ADAC73717D4E20F29388A2E55D7
                                                                  SHA1:22E9259FC06789B53AF93640D688B1B8454EEEC2
                                                                  SHA-256:35154D67DF46D2D66B958E404F20E75B1B24B95DF3E5210D0731AF1718A01223
                                                                  SHA-512:9045CCF7FEED8E096D58AD5173F290D6EA118A559BE30D8162D5ED70CC4DC51591EF8AC6536FE315FC3FB758BF2AD3EDE86CBCEA2F4E1098BD424295C71E521F
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):289
                                                                  Entropy (8bit):5.326153784450542
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJfbpatdPeUkwRe9:YvXKXF1Nw/iEZc0vHMGVat8Ukee9
                                                                  MD5:409369A8A5C84A9587F9A218FE56DA80
                                                                  SHA1:EF3A28D992AD0255232FFBDA8F3471805AF0E15A
                                                                  SHA-256:36589C3583D463D63592B7DE0DE9763390323A72C76F25DE055ED3DF78A741B9
                                                                  SHA-512:524E0E4F153C6ED61AD1DFD0CCF6103EC494BA88BDC12BEEA37060F357636E8CAF4C725139946FEBE4C2038264067B409404D686DE4D52CC63B4D788D9AA09C0
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):286
                                                                  Entropy (8bit):5.283361195224537
                                                                  Encrypted:false
                                                                  SSDEEP:6:YEQXJ2HXF2YXgIRef/WHH9VoZcg1vRcR0YMklqoAvJfshHHrPeUkwRe9:YvXKXF1Nw/iEZc0vHMGUUUkee9
                                                                  MD5:73F969E8AF9FD36A71C5E90F7959F7D0
                                                                  SHA1:DFA047D7670516D483BA316C394E0F446ED37971
                                                                  SHA-256:55B75E8796AB7FC1B0B0CAA9C12EC3E96D631F12C4DE525833FAD027CA94D142
                                                                  SHA-512:30EC2A9920B2E54BC4F4E628DB23F16DB86A16F55689804197409EE18BB157AF10321602991EB2A210C254112067CA9AA82559755A26CB6279C5C255C269C561
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):782
                                                                  Entropy (8bit):5.371774997794416
                                                                  Encrypted:false
                                                                  SSDEEP:12:YvXKXF1Nw/iEZc0vHMGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWO:Yv6XXNw/ZzvC168CgEXX5kcIfANhT
                                                                  MD5:E0204531867D84F8725821877977EA3D
                                                                  SHA1:682A23770CE244D0D7B5C8A67E76CA4EEF93102F
                                                                  SHA-256:94758D448D1C99F1D01F88E46BA1E3CDEB530F2B6DCEAB608A008CABFBF7CECC
                                                                  SHA-512:4922309640BF3D27B7382016B41594BA5F6366B7E351250D075D3E2B957069265907A616377056F99CB672680132894FE8C2C8A84875D673A27A07B299476A10
                                                                  Malicious:false
                                                                  Preview:{"analyticsData":{"responseGUID":"2d711792-2243-4c69-8281-f4a425f5015d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718306902231,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1718128837270}}}}

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):4
                                                                  Entropy (8bit):0.8112781244591328
                                                                  Encrypted:false
                                                                  SSDEEP:3:e:e
                                                                  MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                  SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                  SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                  SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                  Malicious:false
                                                                  Preview:....

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):2814
                                                                  Entropy (8bit):5.135977127591353
                                                                  Encrypted:false
                                                                  SSDEEP:24:YUpE2kNhPCaOj109EJNlkaVyTHaytK+9GdNWN8jtwp8j0SYxTQgQ2B3xpV2LSSO5:YbROyuJdyTYtMOOTQhm3t4OMruXn9Lt
                                                                  MD5:5413C268C0C953490E5178E5066F19E6
                                                                  SHA1:1CF9A760415F3603C2EFA768428207A5AF8DA106
                                                                  SHA-256:84F6D65043EE1672E5D46933342BEAB8D01D4E13D453024DC115756D71B29B7E
                                                                  SHA-512:8EECF25AC691847289648CF11015DB1AE854D5BD7A45D87B30E7831D02DE326B01E66A85312D068446EF0F67043F014AA2B4075CFBE6D431CF288FA57F089B95
                                                                  Malicious:false
                                                                  Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"bfa27143588158964baf13cf98503cfa","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1718128836000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"c9f4dfc9633e7129f8f628a35091e198","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1718128836000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e86a613689c2fdcce6185e1427452558","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1718128836000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"c4c25736996851ec24908e6bcb905ec0","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1718128836000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"7c5118273f9816421b091a4bb40b77f7","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1718128836000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"1c94e9822b6b5c96d31c397a5812acc3","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1718128836000},

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                                  Category:dropped
                                                                  Size (bytes):12288
                                                                  Entropy (8bit):1.18811654408372
                                                                  Encrypted:false
                                                                  SSDEEP:48:TGufl2GL7msEHUUUUUUUUpOSvR9H9vxFGiDIAEkGVvplI:lNVmswUUUUUUUUpO+FGSItpI
                                                                  MD5:973677675DCBAF34B0B3253EF6E6EC8E
                                                                  SHA1:9AAB88A261652E38CEA79E8D8F378D0BD2592C84
                                                                  SHA-256:E32C91BC0ECDDBF6A25E38E5E2E267E56329E94045912B69A0356A4204F34168
                                                                  SHA-512:9B3C4E31807E15D8BC17EA47011FAE7468829B259D83CFA00BB73BC7CD64E8AD7FC5EFA18CFB7C6E4FA7EC1B92070C201938B96D5CC27DA52211CF40CAEFD651
                                                                  Malicious:false
                                                                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:SQLite Rollback Journal
                                                                  Category:dropped
                                                                  Size (bytes):8720
                                                                  Entropy (8bit):1.605011380123159
                                                                  Encrypted:false
                                                                  SSDEEP:48:7M6KUUUUUUUUUUpcvR9H9vxFGiDIAEkGVv2qFl2GL7msL:7CUUUUUUUUUUpsFGSItQKVmsL
                                                                  MD5:32FD35D0540EE5570F93644F3AA13C95
                                                                  SHA1:2451189A9BEB5BBDDC37EF996B645449E394F5C7
                                                                  SHA-256:9FC5BB5E24E0D2038DEBD59E846EE558ABE6A57DB4CEE7CE29CD9A8F274CD1A6
                                                                  SHA-512:A653A026405202605A57EC9ED116D4CE5808143679A0ABB30592D509B12759A5B6869BF796DF6835E610716C4597CF987CB65AA69924E3B5DB0514289DF79CD5
                                                                  Malicious:false
                                                                  Preview:.... .c.......c.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\MSI9e29e.LOG

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):246
                                                                  Entropy (8bit):3.524398495091119
                                                                  Encrypted:false
                                                                  SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K87qRTH:Qw946cPbiOxDlbYnuRKgwH
                                                                  MD5:CABB097DF24C703072263EAA07168637
                                                                  SHA1:BFF0CFF3C947C538846A17419C01B9F9D817B62C
                                                                  SHA-256:7F60ED71245433CB388997032D14D9AAC92F3348AE25152434E1FE03456A6A43
                                                                  SHA-512:F190B3225BC64B8553A7D878A0666398F8A0DCF25B5A4A98EDC20B247ABB44E1AE189507BECF8C39145ACAD041DB12CFAA81FC84B5F6BEFA026FB597D177F7A8
                                                                  Malicious:false
                                                                  Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.1./.0.6./.2.0.2.4. . .1.4.:.0.0.:.3.5. .=.=.=.....

                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91mbgqbr_1ig89w2_530.tmp

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:PDF document, version 1.6, 0 pages
                                                                  Category:dropped
                                                                  Size (bytes):358
                                                                  Entropy (8bit):5.0191867587289805
                                                                  Encrypted:false
                                                                  SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOzlUSbcRzUSbFCSyAAO:IngVMre9T0HQIDmy9g06JX9cpFlX
                                                                  MD5:06080143E2931CF99031B89CEB9F2DD8
                                                                  SHA1:518929B85EEF1E7187847561730F4EEF1F59034F
                                                                  SHA-256:9E53AB87797D6D750DBBC9D0E6464C983741E1A7E03910AB26447180629D320F
                                                                  SHA-512:04E79674D0B207922E177F5BDEAEBFDCAE538F2207E6F68C86DE0B29EEBA376EF1DC3E8387FD30A492898B3039FEE7DBEAA09C10DE67E6EC0A2E457AC49B1287
                                                                  Malicious:false
                                                                  Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<569E88ABF7AC6141A20183432C008087><569E88ABF7AC6141A20183432C008087>]>>..startxref..127..%%EOF..

                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-11 14-00-29-270.log

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:ASCII text, with very long lines (393)
                                                                  Category:dropped
                                                                  Size (bytes):16525
                                                                  Entropy (8bit):5.345946398610936
                                                                  Encrypted:false
                                                                  SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                                                  MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                                                  SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                                                  SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                                                  SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                                                  Malicious:false
                                                                  Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):16603
                                                                  Entropy (8bit):5.33381739162477
                                                                  Encrypted:false
                                                                  SSDEEP:384:PoipaEX3I/y1aI+25glJP2bncCDuOHDxYD1mM42surUHtySBzWGn7q7KjlbKeFlS:j3C7
                                                                  MD5:91ED5EE3427FA5177C3EB44D11E6D994
                                                                  SHA1:473D2A054C4D017412034967EDF2213C3A230B9B
                                                                  SHA-256:7469843ED0A7DEB65E99FE3BC3D52DB01893B5784814BBD8EB3A1670EE3A976A
                                                                  SHA-512:27087FE22634046F44630649910C2F235B9B40B153928B319B1FA82C3456FE3A5EFE275A28826493216F8F1FD8F7371E01EC5DBEB0C986C03ED90CF141955086
                                                                  Malicious:false
                                                                  Preview:SessionID=5ad61d8a-62ce-4cfa-bc3d-f6223f18668c.1718128829296 Timestamp=2024-06-11T14:00:29:296-0400 ThreadID=6860 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=5ad61d8a-62ce-4cfa-bc3d-f6223f18668c.1718128829296 Timestamp=2024-06-11T14:00:29:298-0400 ThreadID=6860 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=5ad61d8a-62ce-4cfa-bc3d-f6223f18668c.1718128829296 Timestamp=2024-06-11T14:00:29:298-0400 ThreadID=6860 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=5ad61d8a-62ce-4cfa-bc3d-f6223f18668c.1718128829296 Timestamp=2024-06-11T14:00:29:298-0400 ThreadID=6860 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=5ad61d8a-62ce-4cfa-bc3d-f6223f18668c.1718128829296 Timestamp=2024-06-11T14:00:29:298-0400 ThreadID=6860 Component=ngl-lib_NglAppLib Description="SetConf

                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  File Type:ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):29845
                                                                  Entropy (8bit):5.386524191295893
                                                                  Encrypted:false
                                                                  SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rc:TM
                                                                  MD5:EA28BACC832CDF7C05C591885C452FD7
                                                                  SHA1:ADEFC96B7A73484ACF66DE99EE7E7170C57ECBDC
                                                                  SHA-256:34E4F7052544F7614173307573817C86FAEA2E3768765E1EDFEF73729E85837F
                                                                  SHA-512:3FEEB6AD08FCCEC20DA8861D5D93AC078489EB1D18634FF5547C367686FB30F441BF0B647221536B9BE1E8AAC2240D95771C4B99F0C77E364CD68647FE2762F4
                                                                  Malicious:false
                                                                  Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\41e20407-88da-463c-b385-4c430e8da676.tmp

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
                                                                  Category:dropped
                                                                  Size (bytes):1407294
                                                                  Entropy (8bit):7.97605879016224
                                                                  Encrypted:false
                                                                  SSDEEP:24576:/VRbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oXGZnYIGNPJF:tRb3mlind9i4ufFXpAXkrfUs0qWLxXGY
                                                                  MD5:9543A6C1DE815E938F6AA0F90F2EF0C6
                                                                  SHA1:62B527E0463D71548862DE000950E638F3721582
                                                                  SHA-256:8A4B4F588D79D2AF9E617936932D8264DF9017D80A68F8D39E5EA36B14D76F1D
                                                                  SHA-512:50A26B895BA1F40B2ADE59996A1A89EBAFE67CB9F7B4F3A029382B6966E75F8BAD3551D25F29391C58A7EDC206F7DAF1D07F68F5E458E3A5D02556EACA377B0D
                                                                  Malicious:false
                                                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\5de5bbdd-78a3-40b7-8766-6a7bf8447038.tmp

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                  Category:dropped
                                                                  Size (bytes):758601
                                                                  Entropy (8bit):7.98639316555857
                                                                  Encrypted:false
                                                                  SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                  MD5:3A49135134665364308390AC398006F1
                                                                  SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                  SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                  SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                  Malicious:false
                                                                  Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\a94a4ac7-87f5-4deb-bf90-93acc5830b11.tmp

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
                                                                  Category:dropped
                                                                  Size (bytes):1419751
                                                                  Entropy (8bit):7.976496077007677
                                                                  Encrypted:false
                                                                  SSDEEP:24576:/xaWL07oSwYIGNPUGZfAdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:JaWLxSwZG6GZQ3mlind9i4ufFXpAXkrj
                                                                  MD5:37082BACCAA977DE3B8069CCD3391FB8
                                                                  SHA1:4905CC70446289CFB3FF6CAAF38EC581A42CD33A
                                                                  SHA-256:BB1F8C477B66247B4D84DE336A87136A3E3DBD8D7199AE1380EC20B82E4D0122
                                                                  SHA-512:A14E9F412C3C7ECE0A997841BF0E5F65F7875C4628B8C183C862D502E506478CDFA6B846568710E5CA3912AFA3274E01EB6F3843EF8DBEF4086BF1A19395F40B
                                                                  Malicious:false
                                                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\aa70eaba-69f4-42b3-b7c1-4125cffc9482.tmp

                                                                  Download File
                                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                  Category:dropped
                                                                  Size (bytes):386528
                                                                  Entropy (8bit):7.9736851559892425
                                                                  Encrypted:false
                                                                  SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                  MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                  SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                  SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                  SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                  Malicious:false
                                                                  Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                  Chrome Cache Entry: 172

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                                                  Category:downloaded
                                                                  Size (bytes):1435
                                                                  Entropy (8bit):7.8613342322590265
                                                                  Encrypted:false
                                                                  SSDEEP:24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
                                                                  MD5:9F368BC4580FED907775F31C6B26D6CF
                                                                  SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                                                  SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                                                  SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                                                  Malicious:false
                                                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
                                                                  Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                                                  Chrome Cache Entry: 173

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                                                  Category:dropped
                                                                  Size (bytes):1435
                                                                  Entropy (8bit):7.8613342322590265
                                                                  Encrypted:false
                                                                  SSDEEP:24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
                                                                  MD5:9F368BC4580FED907775F31C6B26D6CF
                                                                  SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                                                  SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                                                  SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                                                  Malicious:false
                                                                  Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                                                  Chrome Cache Entry: 174

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
                                                                  Category:downloaded
                                                                  Size (bytes):278551
                                                                  Entropy (8bit):5.324328207187027
                                                                  Encrypted:false
                                                                  SSDEEP:1536:sELKRnwfevKsE9Nkf06tX8xygsCEIrddc0ogWsqc+vmO4x18Cc0L4K+4gc0++wJP:nLxevGeBs4KT2Cc0L4K+4gcS/zETvhv
                                                                  MD5:F13BBBDA75559CA0F00DEB30CF7D838E
                                                                  SHA1:10993252A7AE0B7F8922493B4079D196A3A91843
                                                                  SHA-256:40DB496B666BC587F8159CCA9F8FF43B1C83D8EF1D7B3438A5056480ECE8A125
                                                                  SHA-512:0E3B08830217E6CB11B087C3CD1E581A8AFFAA51E1E96B1554D3131274F3D521D8605D530F3F1BE0EFB46F175FFE6EFDD3591F3ECB57B7EE312B20B66001F77F
                                                                  Malicious:false
                                                                  URL:https://cdn.auth0.com/ulp/react-components/1.87.4/css/main.cdn.min.css
                                                                  Preview:a,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,em,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,main,mark,menu,nav,object,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section{display:block}[hidden]{display:none}body{line-height:1}menu,ol,ul{list-style:none}blockquote,q{quotes:none}blockquote:after,blockquote:before,q:after,q:before{content:"";content:none}table{border-collapse:collapse;border-spacing:0}.c76f3b5cc{display:inline-block;width:20px;height:20px;position:relative;background-size:contain;background-repeat:no-repeat;background-position:50%}.c76f3b5cc[data-provider^=apple]{backgrou

                                                                  Chrome Cache Entry: 175

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:HTML document, ASCII text, with very long lines (19321)
                                                                  Category:downloaded
                                                                  Size (bytes):32063
                                                                  Entropy (8bit):5.227991575682029
                                                                  Encrypted:false
                                                                  SSDEEP:768:36v29qmFUG8uPZHD7Mbyy3SSZ3cQn2LHuDj:5/l8oHPFSZ3mLH4j
                                                                  MD5:00CBF83D89184ACF7A844CEBDDD39CB1
                                                                  SHA1:11D0641B807A3DB6C0EA4970399A3C24403E4B4F
                                                                  SHA-256:7C587E80D44AF1B09673749AABBCBE191DD388C5DB4044B7D0D75E1E10EFDDB7
                                                                  SHA-512:5A47FD8425A0BBD12500BF3DB5C80B132150B1979B465F51BA2EBF60DE7155FAB57ACAA3E15432E5BA3C28F89838C4979C47F9764F69CC867C22CC310B384D46
                                                                  Malicious:false
                                                                  URL:https://iexeuniversidad.com/portal.html
                                                                  Preview:..<!DOCTYPE html>.<html>. <head> <meta charset="utf-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1">. . <meta name="ulp-version" content="1.17.148">. . . . <meta name="robots" content="noindex, nofollow">. . . <link rel="stylesheet" href="https://cdn.auth0.com/ulp/react-components/1.87.4/css/main.cdn.min.css">. <style id="custom-styles-container">. . ..... . :root {. --primary-color: #016BD4;. }. . .. . :root {. --button-font-color: #ffffff;. }. . .. . :root {. --secondary-button-border-color: #E2EAF2;. --social-button-border-color: #E2EAF2;. --radio-button-border-color: #E2EAF2;. }. . .. . :root {. --secondary-button-text-color: #141618;. }. . .. . :root {. --link-color: #016BD4;. }. . ..

                                                                  Chrome Cache Entry: 176

                                                                  Download File
                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:downloaded
                                                                  Size (bytes):28
                                                                  Entropy (8bit):4.066108939837481
                                                                  Encrypted:false
                                                                  SSDEEP:3:GMyoSt:jFSt
                                                                  MD5:96B191AE794C2C78387B3F4F9BB7A251
                                                                  SHA1:F974547DF0ADFFB7E80699552C6BCE3E709343A6
                                                                  SHA-256:CE76758AEEF2CAF12021AFB5257D0CA4E9E5C20015C2C85D68BB27FA6B1AFB28
                                                                  SHA-512:07EE1CFDBD53C1046FA4F44FF7C83F4456CDAA099299816B451D114E3EEAAD4BE8F0CD0FC09F0E838418BCBB5E50547E806E8E080B8E3421D0DB26FF4C15D412
                                                                  Malicious:false
                                                                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlPbItBzmNKABIFDeeNQA4SBQ3OQUx6?alt=proto
                                                                  Preview:ChIKBw3njUAOGgAKBw3OQUx6GgA=

                                                                  Static File Info

                                                                  General

                                                                  File type:PDF document, version 2.0
                                                                  Entropy (8bit):7.755851078673434
                                                                  TrID:
                                                                  • Adobe Portable Document Format (5005/1) 100.00%
                                                                  File name:ACH Electronic Remittance Reciept.pdf
                                                                  File size:824'040 bytes
                                                                  MD5:2ff1ec49a7eb880b576391db95f2216f
                                                                  SHA1:60fd32d463ffd6b5a2bca5e88db8f32bda555302
                                                                  SHA256:b37629b167b381df073d10bf674a084647457c433fb7334976d9e086a33439eb
                                                                  SHA512:9e532674b077119a5643905228936f431717385b287af138ab31f3210b973c1b6998e4a9c1bcf1afe2a2667b3ac0c921e08f3891be0c49897dd875a04d72627d
                                                                  SSDEEP:12288:i9zKr3NDCB4ucQiOKzbakIXXctluHJO1catp2ii4u6P4u6HuPcr9nKtRzDkK:GKr3NZufGDIX7HJ+catPiYPY/nADkK
                                                                  TLSH:CD0502E442A7CBD4CC1A303C69D75EBA4BA04C55B4842E63D3B5D508279FBFA20A7E5C
                                                                  File Content Preview:%PDF-2.0.%.....2 0 obj.<<./Type /Catalog./Pages 4 0 R./Version /1#2E5./AcroForm 5 0 R.>>.endobj.13 0 obj.<<./Filter /FlateDecode./Length 10.>>.stream..x.+......|..endstream.endobj.14 0 obj.<<./Filter /FlateDecode./Length 10.>>.stream..x.+......|..endstrea

                                                                  File Icon

                                                                  Icon Hash:62cc8caeb29e8ae0

                                                                  Static PDF Info

                                                                  General

                                                                  Header:%PDF-2.0
                                                                  Total Entropy:7.755851
                                                                  Total Bytes:824040
                                                                  Stream Entropy:7.753956
                                                                  Stream Bytes:819388
                                                                  Entropy outside Streams:5.149992
                                                                  Bytes outside Streams:4652
                                                                  Number of EOF found:1
                                                                  Bytes after EOF:

                                                                  Keywords Statistics

                                                                  NameCount
                                                                  obj34
                                                                  endobj34
                                                                  stream32
                                                                  endstream32
                                                                  xref0
                                                                  trailer0
                                                                  startxref1
                                                                  /Page0
                                                                  /Encrypt0
                                                                  /ObjStm1
                                                                  /URI0
                                                                  /JS0
                                                                  /JavaScript0
                                                                  /AA0
                                                                  /OpenAction0
                                                                  /AcroForm1
                                                                  /JBIG2Decode0
                                                                  /RichMedia0
                                                                  /Launch0
                                                                  /EmbeddedFile0

                                                                  Image Streams

                                                                  IDDHASHMD5Preview
                                                                  346c526dfc666678806b779384d7edcdda0da0d611c44c0019
                                                                  3500112068a42414005b9d1fcd04be08481b102fd07beaf19c
                                                                  369e87804313212602334b78ee638ef3241288219430302f39
                                                                  37081831200c00b0307bb1c4437aa9657e90af4c59236af7af
                                                                  380080d8ccdedb9808aced673f75473560581538aef2b82dd5

                                                                  Network Behavior

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Jun 11, 2024 20:00:34.208432913 CEST49742443192.168.2.413.33.187.51
                                                                  Jun 11, 2024 20:00:34.208468914 CEST4434974213.33.187.51192.168.2.4
                                                                  Jun 11, 2024 20:00:34.208775043 CEST49742443192.168.2.413.33.187.51
                                                                  Jun 11, 2024 20:00:34.209739923 CEST49742443192.168.2.413.33.187.51
                                                                  Jun 11, 2024 20:00:34.209755898 CEST4434974213.33.187.51192.168.2.4
                                                                  Jun 11, 2024 20:00:35.048062086 CEST4434974213.33.187.51192.168.2.4
                                                                  Jun 11, 2024 20:00:35.048490047 CEST49742443192.168.2.413.33.187.51
                                                                  Jun 11, 2024 20:00:35.048505068 CEST4434974213.33.187.51192.168.2.4
                                                                  Jun 11, 2024 20:00:35.049432993 CEST4434974213.33.187.51192.168.2.4
                                                                  Jun 11, 2024 20:00:35.049531937 CEST49742443192.168.2.413.33.187.51
                                                                  Jun 11, 2024 20:00:35.052162886 CEST49742443192.168.2.413.33.187.51
                                                                  Jun 11, 2024 20:00:35.052225113 CEST4434974213.33.187.51192.168.2.4
                                                                  Jun 11, 2024 20:00:35.053255081 CEST49742443192.168.2.413.33.187.51
                                                                  Jun 11, 2024 20:00:35.053265095 CEST4434974213.33.187.51192.168.2.4
                                                                  Jun 11, 2024 20:00:35.188287020 CEST49742443192.168.2.413.33.187.51
                                                                  Jun 11, 2024 20:00:35.427798033 CEST4434974213.33.187.51192.168.2.4
                                                                  Jun 11, 2024 20:00:35.428071976 CEST4434974213.33.187.51192.168.2.4
                                                                  Jun 11, 2024 20:00:35.428133011 CEST49742443192.168.2.413.33.187.51
                                                                  Jun 11, 2024 20:00:35.448391914 CEST49742443192.168.2.413.33.187.51
                                                                  Jun 11, 2024 20:00:35.448405981 CEST4434974213.33.187.51192.168.2.4
                                                                  Jun 11, 2024 20:00:35.657844067 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:35.657881975 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:35.658354998 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:35.658911943 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:35.658929110 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:35.828047037 CEST49747443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:35.828073025 CEST44349747184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:35.828159094 CEST49747443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:35.830209017 CEST49747443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:35.830224991 CEST44349747184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:36.174280882 CEST49672443192.168.2.4173.222.162.32
                                                                  Jun 11, 2024 20:00:36.174324036 CEST44349672173.222.162.32192.168.2.4
                                                                  Jun 11, 2024 20:00:36.342845917 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.344857931 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.344887018 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.346617937 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.346679926 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.350568056 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.350661993 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.350805998 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.350816011 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.480376005 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.607438087 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.607539892 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.607559919 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.607578993 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.607604027 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.607619047 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.607628107 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.607639074 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.607669115 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.607686996 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.607701063 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.607707977 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.607733965 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.627244949 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.627266884 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.627314091 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.627330065 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.627334118 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.627372980 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.627381086 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.627420902 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.627420902 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.627518892 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.627577066 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.683933020 CEST44349747184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:36.684011936 CEST49747443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:36.752460003 CEST49747443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:36.752477884 CEST44349747184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:36.752762079 CEST44349747184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:36.785370111 CEST49745443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:36.785415888 CEST4434974551.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:36.797267914 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:36.797312021 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:36.797388077 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:36.797641039 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:36.797658920 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:36.800287962 CEST49751443192.168.2.413.107.246.67
                                                                  Jun 11, 2024 20:00:36.800313950 CEST4434975113.107.246.67192.168.2.4
                                                                  Jun 11, 2024 20:00:36.800435066 CEST49751443192.168.2.413.107.246.67
                                                                  Jun 11, 2024 20:00:36.800580978 CEST49751443192.168.2.413.107.246.67
                                                                  Jun 11, 2024 20:00:36.800594091 CEST4434975113.107.246.67192.168.2.4
                                                                  Jun 11, 2024 20:00:36.815781116 CEST49747443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:36.856513023 CEST44349747184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:36.980499983 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:36.980526924 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:36.980767012 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:36.986813068 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:36.986829042 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:37.055632114 CEST44349747184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:37.055702925 CEST44349747184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:37.055774927 CEST49747443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:37.058192015 CEST49747443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:37.058223009 CEST44349747184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:37.058235884 CEST49747443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:37.058242083 CEST44349747184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:37.064563990 CEST49755443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:00:37.064609051 CEST44349755142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:00:37.064743996 CEST49755443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:00:37.064960957 CEST49755443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:00:37.064987898 CEST44349755142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:00:37.095510960 CEST49756443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:37.095547915 CEST44349756184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:37.095951080 CEST49756443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:37.096602917 CEST49756443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:37.096618891 CEST44349756184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:37.537403107 CEST4434975113.107.246.67192.168.2.4
                                                                  Jun 11, 2024 20:00:37.585016966 CEST49751443192.168.2.413.107.246.67
                                                                  Jun 11, 2024 20:00:37.648292065 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:37.667881966 CEST49751443192.168.2.413.107.246.67
                                                                  Jun 11, 2024 20:00:37.667905092 CEST4434975113.107.246.67192.168.2.4
                                                                  Jun 11, 2024 20:00:37.668050051 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:37.668061018 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:37.669507980 CEST4434975113.107.246.67192.168.2.4
                                                                  Jun 11, 2024 20:00:37.669584990 CEST49751443192.168.2.413.107.246.67
                                                                  Jun 11, 2024 20:00:37.669779062 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:37.669835091 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:37.670660019 CEST49751443192.168.2.413.107.246.67
                                                                  Jun 11, 2024 20:00:37.670809984 CEST4434975113.107.246.67192.168.2.4
                                                                  Jun 11, 2024 20:00:37.671030998 CEST49751443192.168.2.413.107.246.67
                                                                  Jun 11, 2024 20:00:37.671030998 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:37.671041012 CEST4434975113.107.246.67192.168.2.4
                                                                  Jun 11, 2024 20:00:37.671138048 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:37.671235085 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:37.716505051 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:37.747536898 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:37.747617006 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:37.773515940 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:37.773545980 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:37.773977041 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:37.775083065 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:37.775100946 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:37.775132895 CEST49751443192.168.2.413.107.246.67
                                                                  Jun 11, 2024 20:00:37.799308062 CEST4434975113.107.246.67192.168.2.4
                                                                  Jun 11, 2024 20:00:37.799343109 CEST4434975113.107.246.67192.168.2.4
                                                                  Jun 11, 2024 20:00:37.799401045 CEST49751443192.168.2.413.107.246.67
                                                                  Jun 11, 2024 20:00:37.799406052 CEST4434975113.107.246.67192.168.2.4
                                                                  Jun 11, 2024 20:00:37.799799919 CEST49751443192.168.2.413.107.246.67
                                                                  Jun 11, 2024 20:00:37.810990095 CEST49751443192.168.2.413.107.246.67
                                                                  Jun 11, 2024 20:00:37.811018944 CEST4434975113.107.246.67192.168.2.4
                                                                  Jun 11, 2024 20:00:37.823050022 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:37.835509062 CEST49757443192.168.2.413.107.246.45
                                                                  Jun 11, 2024 20:00:37.835604906 CEST4434975713.107.246.45192.168.2.4
                                                                  Jun 11, 2024 20:00:37.835670948 CEST49757443192.168.2.413.107.246.45
                                                                  Jun 11, 2024 20:00:37.836007118 CEST49757443192.168.2.413.107.246.45
                                                                  Jun 11, 2024 20:00:37.836041927 CEST4434975713.107.246.45192.168.2.4
                                                                  Jun 11, 2024 20:00:37.884538889 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:37.920722008 CEST44349755142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:00:37.933023930 CEST49755443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:00:37.933057070 CEST44349755142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:00:37.934051037 CEST44349755142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:00:37.934138060 CEST49755443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:00:37.935658932 CEST49755443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:00:37.935750961 CEST44349755142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:00:37.937133074 CEST44349756184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:37.937213898 CEST49756443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:37.942573071 CEST49756443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:37.942591906 CEST44349756184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:37.943026066 CEST44349756184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:37.946376085 CEST49756443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:37.992505074 CEST44349756184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:37.993194103 CEST49755443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:00:37.993211985 CEST44349755142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:00:38.093930006 CEST49755443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:00:38.186630964 CEST44349756184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:38.186852932 CEST44349756184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:38.186914921 CEST49756443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:38.188153982 CEST49756443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:38.188175917 CEST44349756184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:38.188185930 CEST49756443192.168.2.4184.28.90.27
                                                                  Jun 11, 2024 20:00:38.188191891 CEST44349756184.28.90.27192.168.2.4
                                                                  Jun 11, 2024 20:00:38.505434990 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:38.517132044 CEST4972380192.168.2.4199.232.214.172
                                                                  Jun 11, 2024 20:00:38.525230885 CEST8049723199.232.214.172192.168.2.4
                                                                  Jun 11, 2024 20:00:38.525562048 CEST4972380192.168.2.4199.232.214.172
                                                                  Jun 11, 2024 20:00:38.548532963 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:38.561019897 CEST4434975713.107.246.45192.168.2.4
                                                                  Jun 11, 2024 20:00:38.561295986 CEST49757443192.168.2.413.107.246.45
                                                                  Jun 11, 2024 20:00:38.561333895 CEST4434975713.107.246.45192.168.2.4
                                                                  Jun 11, 2024 20:00:38.562221050 CEST4434975713.107.246.45192.168.2.4
                                                                  Jun 11, 2024 20:00:38.562289953 CEST49757443192.168.2.413.107.246.45
                                                                  Jun 11, 2024 20:00:38.562669992 CEST49757443192.168.2.413.107.246.45
                                                                  Jun 11, 2024 20:00:38.562730074 CEST4434975713.107.246.45192.168.2.4
                                                                  Jun 11, 2024 20:00:38.562839031 CEST49757443192.168.2.413.107.246.45
                                                                  Jun 11, 2024 20:00:38.604182959 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.604219913 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.604229927 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.604284048 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.604304075 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.604350090 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.605727911 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.605807066 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.608529091 CEST4434975713.107.246.45192.168.2.4
                                                                  Jun 11, 2024 20:00:38.681217909 CEST49757443192.168.2.413.107.246.45
                                                                  Jun 11, 2024 20:00:38.681241035 CEST4434975713.107.246.45192.168.2.4
                                                                  Jun 11, 2024 20:00:38.692044020 CEST4434975713.107.246.45192.168.2.4
                                                                  Jun 11, 2024 20:00:38.692106962 CEST4434975713.107.246.45192.168.2.4
                                                                  Jun 11, 2024 20:00:38.692162991 CEST49757443192.168.2.413.107.246.45
                                                                  Jun 11, 2024 20:00:38.693119049 CEST49757443192.168.2.413.107.246.45
                                                                  Jun 11, 2024 20:00:38.693135023 CEST4434975713.107.246.45192.168.2.4
                                                                  Jun 11, 2024 20:00:38.720268965 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.720288038 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.720324993 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.720349073 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.720392942 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.752574921 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:38.752655983 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:38.752677917 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:38.752717972 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:38.752737045 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:38.752769947 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:38.752821922 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:38.752866983 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:38.752868891 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:38.752870083 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:38.752892971 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:38.752897024 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:38.752927065 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:38.752940893 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:38.752988100 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:38.753006935 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:38.753334999 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:38.753407955 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:38.765240908 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.765259981 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.765278101 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.765288115 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.765315056 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.765319109 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.765361071 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.771984100 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.772072077 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.772083998 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.836585999 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.836605072 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.836638927 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.836690903 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.836707115 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.836761951 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.869932890 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.869951010 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.869977951 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.869999886 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.870043039 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.920403004 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.920419931 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.920444012 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.920465946 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.920478106 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.920490980 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.920523882 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.920537949 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.923571110 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.939919949 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.939946890 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.940015078 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.940021038 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.940038919 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.959980011 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.960015059 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.960139036 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.960139036 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.960144997 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.963094950 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:38.963169098 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:38.963175058 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.071064949 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.071100950 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.071141005 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.071156025 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.071187019 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.090738058 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.090754032 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.090785027 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.090794086 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.090799093 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.090826035 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.090842962 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.090861082 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.090890884 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.110241890 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.110260010 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.110280991 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.110292912 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.110341072 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.110348940 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.110390902 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.129724026 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.129760027 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.129769087 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.129795074 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.129813910 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.129826069 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.129859924 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.173134089 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.173197031 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.173218012 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.173226118 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.173240900 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.173274040 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.173278093 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.173295021 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.177453995 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.177511930 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.177535057 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.177541971 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.177553892 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.177576065 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.177577019 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.177602053 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.177611113 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.186750889 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.186794996 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.186835051 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.186846018 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.186877966 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.202747107 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.202820063 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.202833891 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.202848911 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.202872992 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.202891111 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.220803976 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.220849991 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.220890999 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.220905066 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.220923901 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.230241060 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.230293989 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.230340958 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.230350971 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.230359077 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.247217894 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.247263908 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.247390985 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.247402906 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.249644041 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.249732018 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.249739885 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.249831915 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.249886036 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.250238895 CEST49750443192.168.2.413.33.223.41
                                                                  Jun 11, 2024 20:00:39.250256062 CEST4434975013.33.223.41192.168.2.4
                                                                  Jun 11, 2024 20:00:39.632479906 CEST49753443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:00:39.632580042 CEST4434975313.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:00:40.227644920 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:40.227674007 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:40.227750063 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:40.230020046 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:40.230034113 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:40.498538971 CEST49764443192.168.2.496.6.160.143
                                                                  Jun 11, 2024 20:00:40.498590946 CEST4434976496.6.160.143192.168.2.4
                                                                  Jun 11, 2024 20:00:40.498681068 CEST49764443192.168.2.496.6.160.143
                                                                  Jun 11, 2024 20:00:40.499013901 CEST49764443192.168.2.496.6.160.143
                                                                  Jun 11, 2024 20:00:40.499026060 CEST4434976496.6.160.143192.168.2.4
                                                                  Jun 11, 2024 20:00:40.837752104 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:40.847668886 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:40.847697020 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:40.848769903 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:40.848834991 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:40.885312080 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:40.885463953 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:40.886193037 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:40.886210918 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:40.991782904 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:41.142502069 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:41.142561913 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:41.142601967 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:41.142608881 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:41.142636061 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:41.142672062 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:41.142818928 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:41.143131971 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:41.143163919 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:41.143167019 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:41.143177032 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:41.143218040 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:41.143240929 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:41.143249989 CEST44349763104.18.7.70192.168.2.4
                                                                  Jun 11, 2024 20:00:41.143286943 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:41.144653082 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:41.144675016 CEST49763443192.168.2.4104.18.7.70
                                                                  Jun 11, 2024 20:00:41.190896034 CEST49766443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:41.190993071 CEST4434976651.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:41.191102982 CEST49766443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:41.191463947 CEST49766443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:41.191503048 CEST4434976651.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:41.221561909 CEST4434976496.6.160.143192.168.2.4
                                                                  Jun 11, 2024 20:00:41.222054958 CEST49764443192.168.2.496.6.160.143
                                                                  Jun 11, 2024 20:00:41.222068071 CEST4434976496.6.160.143192.168.2.4
                                                                  Jun 11, 2024 20:00:41.223581076 CEST4434976496.6.160.143192.168.2.4
                                                                  Jun 11, 2024 20:00:41.223639965 CEST49764443192.168.2.496.6.160.143
                                                                  Jun 11, 2024 20:00:41.379755974 CEST49764443192.168.2.496.6.160.143
                                                                  Jun 11, 2024 20:00:41.379997015 CEST4434976496.6.160.143192.168.2.4
                                                                  Jun 11, 2024 20:00:41.380219936 CEST49764443192.168.2.496.6.160.143
                                                                  Jun 11, 2024 20:00:41.380234003 CEST4434976496.6.160.143192.168.2.4
                                                                  Jun 11, 2024 20:00:41.505004883 CEST4434976496.6.160.143192.168.2.4
                                                                  Jun 11, 2024 20:00:41.505086899 CEST49764443192.168.2.496.6.160.143
                                                                  Jun 11, 2024 20:00:41.505924940 CEST49764443192.168.2.496.6.160.143
                                                                  Jun 11, 2024 20:00:41.505944014 CEST4434976496.6.160.143192.168.2.4
                                                                  Jun 11, 2024 20:00:41.864377975 CEST4434976651.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:41.864804983 CEST49766443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:41.864867926 CEST4434976651.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:41.865667105 CEST4434976651.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:41.866030931 CEST49766443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:41.866125107 CEST4434976651.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:41.866261005 CEST49766443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:41.912511110 CEST4434976651.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:42.027216911 CEST4434976651.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:42.027436018 CEST4434976651.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:42.028294086 CEST49766443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:42.062123060 CEST49766443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:42.062172890 CEST4434976651.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:42.297534943 CEST49770443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:42.297600031 CEST4434977051.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:42.297684908 CEST49770443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:42.297972918 CEST49770443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:42.297986984 CEST4434977051.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:42.987032890 CEST4434977051.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:42.987324953 CEST49770443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:42.987370968 CEST4434977051.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:42.990991116 CEST4434977051.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:42.991063118 CEST49770443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:42.991549969 CEST49770443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:42.991724014 CEST49770443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:42.991729021 CEST4434977051.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:43.032511950 CEST4434977051.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:43.132121086 CEST49770443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:43.132158995 CEST4434977051.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:43.153315067 CEST4434977051.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:43.153392076 CEST49770443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:43.154448032 CEST49770443192.168.2.451.161.117.153
                                                                  Jun 11, 2024 20:00:43.154476881 CEST4434977051.161.117.153192.168.2.4
                                                                  Jun 11, 2024 20:00:47.907963991 CEST44349755142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:00:47.908037901 CEST44349755142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:00:47.908226967 CEST49755443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:00:48.759488106 CEST49755443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:00:48.759561062 CEST44349755142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:01:17.290874958 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:17.290950060 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:17.291035891 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:17.291531086 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:17.291548967 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.047312975 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.047506094 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:18.057917118 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:18.057954073 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.058826923 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.079436064 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:18.120523930 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.326425076 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.326483965 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.326525927 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.326580048 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:18.326607943 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.326627970 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:18.326669931 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:18.327452898 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.327522993 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.327553988 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:18.327564001 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.327616930 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:18.327838898 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.327904940 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:18.332892895 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:18.332912922 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:18.332935095 CEST49771443192.168.2.413.85.23.86
                                                                  Jun 11, 2024 20:01:18.332942009 CEST4434977113.85.23.86192.168.2.4
                                                                  Jun 11, 2024 20:01:23.444705963 CEST4972480192.168.2.4199.232.214.172
                                                                  Jun 11, 2024 20:01:23.450020075 CEST8049724199.232.214.172192.168.2.4
                                                                  Jun 11, 2024 20:01:23.450174093 CEST4972480192.168.2.4199.232.214.172
                                                                  Jun 11, 2024 20:01:37.117965937 CEST49773443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:01:37.118001938 CEST44349773142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:01:37.118107080 CEST49773443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:01:37.118426085 CEST49773443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:01:37.118438959 CEST44349773142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:01:37.991000891 CEST44349773142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:01:37.991473913 CEST49773443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:01:37.991482973 CEST44349773142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:01:37.992533922 CEST44349773142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:01:37.993000031 CEST49773443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:01:37.993275881 CEST44349773142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:01:38.038279057 CEST49773443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:01:47.982552052 CEST44349773142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:01:47.982723951 CEST44349773142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:01:47.982983112 CEST49773443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:01:48.759349108 CEST49773443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:01:48.759378910 CEST44349773142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:02:37.173777103 CEST49775443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:02:37.173816919 CEST44349775142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:02:37.174026012 CEST49775443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:02:37.174328089 CEST49775443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:02:37.174343109 CEST44349775142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:02:38.022463083 CEST44349775142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:02:38.022938967 CEST49775443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:02:38.022981882 CEST44349775142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:02:38.024081945 CEST44349775142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:02:38.024874926 CEST49775443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:02:38.025053978 CEST44349775142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:02:38.069823027 CEST49775443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:02:48.025362015 CEST44349775142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:02:48.025513887 CEST44349775142.250.186.68192.168.2.4
                                                                  Jun 11, 2024 20:02:48.025665045 CEST49775443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:02:48.760323048 CEST49775443192.168.2.4142.250.186.68
                                                                  Jun 11, 2024 20:02:48.760365963 CEST44349775142.250.186.68192.168.2.4

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Jun 11, 2024 20:00:34.184613943 CEST5070053192.168.2.41.1.1.1
                                                                  Jun 11, 2024 20:00:34.184756041 CEST6358653192.168.2.41.1.1.1
                                                                  Jun 11, 2024 20:00:34.192286968 CEST53635861.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:34.192637920 CEST53507001.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:34.193398952 CEST53552321.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:34.195538998 CEST53615501.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:35.037139893 CEST138138192.168.2.4192.168.2.255
                                                                  Jun 11, 2024 20:00:35.453702927 CEST5470753192.168.2.41.1.1.1
                                                                  Jun 11, 2024 20:00:35.454054117 CEST5125753192.168.2.41.1.1.1
                                                                  Jun 11, 2024 20:00:35.641490936 CEST53497651.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:35.651458025 CEST53512571.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:35.657018900 CEST53547071.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:36.783395052 CEST5015253192.168.2.41.1.1.1
                                                                  Jun 11, 2024 20:00:36.783544064 CEST6391653192.168.2.41.1.1.1
                                                                  Jun 11, 2024 20:00:36.792506933 CEST53501521.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:36.794100046 CEST53639161.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:37.054486036 CEST6504353192.168.2.41.1.1.1
                                                                  Jun 11, 2024 20:00:37.054892063 CEST5353453192.168.2.41.1.1.1
                                                                  Jun 11, 2024 20:00:37.062915087 CEST53650431.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:37.063680887 CEST53535341.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:39.450972080 CEST53588841.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:39.689611912 CEST5383153192.168.2.41.1.1.1
                                                                  Jun 11, 2024 20:00:39.690418005 CEST5937253192.168.2.41.1.1.1
                                                                  Jun 11, 2024 20:00:39.702888966 CEST53593721.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:39.704730034 CEST53538311.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:42.070962906 CEST6407953192.168.2.41.1.1.1
                                                                  Jun 11, 2024 20:00:42.071332932 CEST5040553192.168.2.41.1.1.1
                                                                  Jun 11, 2024 20:00:42.267407894 CEST53504051.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:42.269665003 CEST53640791.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:00:53.330898046 CEST53515811.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:01:12.066711903 CEST53653961.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:01:32.396795988 CEST53599701.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:01:34.765822887 CEST53500711.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:02:01.359627962 CEST53530661.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:02:47.786745071 CEST53574541.1.1.1192.168.2.4
                                                                  Jun 11, 2024 20:04:00.862653017 CEST53654641.1.1.1192.168.2.4

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Jun 11, 2024 20:00:34.184613943 CEST192.168.2.41.1.1.10xa8c1Standard query (0)qrco.deA (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:34.184756041 CEST192.168.2.41.1.1.10x7b3aStandard query (0)qrco.de65IN (0x0001)false
                                                                  Jun 11, 2024 20:00:35.453702927 CEST192.168.2.41.1.1.10x56c1Standard query (0)iexeuniversidad.comA (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:35.454054117 CEST192.168.2.41.1.1.10x14f9Standard query (0)iexeuniversidad.com65IN (0x0001)false
                                                                  Jun 11, 2024 20:00:36.783395052 CEST192.168.2.41.1.1.10x9e94Standard query (0)cdn.auth0.comA (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:36.783544064 CEST192.168.2.41.1.1.10x1f06Standard query (0)cdn.auth0.com65IN (0x0001)false
                                                                  Jun 11, 2024 20:00:37.054486036 CEST192.168.2.41.1.1.10x9ccStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:37.054892063 CEST192.168.2.41.1.1.10x4126Standard query (0)www.google.com65IN (0x0001)false
                                                                  Jun 11, 2024 20:00:39.689611912 CEST192.168.2.41.1.1.10x2886Standard query (0)resources.messari.ioA (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:39.690418005 CEST192.168.2.41.1.1.10x2dc9Standard query (0)resources.messari.io65IN (0x0001)false
                                                                  Jun 11, 2024 20:00:42.070962906 CEST192.168.2.41.1.1.10x8df8Standard query (0)iexeuniversidad.comA (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:42.071332932 CEST192.168.2.41.1.1.10x2d65Standard query (0)iexeuniversidad.com65IN (0x0001)false

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Jun 11, 2024 20:00:34.192637920 CEST1.1.1.1192.168.2.40xa8c1No error (0)qrco.de13.33.187.51A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:34.192637920 CEST1.1.1.1192.168.2.40xa8c1No error (0)qrco.de13.33.187.85A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:34.192637920 CEST1.1.1.1192.168.2.40xa8c1No error (0)qrco.de13.33.187.122A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:34.192637920 CEST1.1.1.1192.168.2.40xa8c1No error (0)qrco.de13.33.187.13A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:35.657018900 CEST1.1.1.1192.168.2.40x56c1No error (0)iexeuniversidad.com51.161.117.153A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:36.792506933 CEST1.1.1.1192.168.2.40x9e94No error (0)cdn.auth0.comdp0wn1kjwhg75.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:36.792506933 CEST1.1.1.1192.168.2.40x9e94No error (0)dp0wn1kjwhg75.cloudfront.net13.33.223.41A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:36.794100046 CEST1.1.1.1192.168.2.40x1f06No error (0)cdn.auth0.comdp0wn1kjwhg75.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:36.798424959 CEST1.1.1.1192.168.2.40x6ce9No error (0)shed.dual-low.s-part-0039.t-0009.t-msedge.nets-part-0039.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:36.798424959 CEST1.1.1.1192.168.2.40x6ce9No error (0)s-part-0039.t-0009.t-msedge.net13.107.246.67A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:37.026508093 CEST1.1.1.1192.168.2.40xb30aNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:37.026508093 CEST1.1.1.1192.168.2.40xb30aNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:37.062915087 CEST1.1.1.1192.168.2.40x9ccNo error (0)www.google.com142.250.186.68A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:37.063680887 CEST1.1.1.1192.168.2.40x4126No error (0)www.google.com65IN (0x0001)false
                                                                  Jun 11, 2024 20:00:37.834007025 CEST1.1.1.1192.168.2.40xed94No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:37.834007025 CEST1.1.1.1192.168.2.40xed94No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:39.702888966 CEST1.1.1.1192.168.2.40x2dc9No error (0)resources.messari.io65IN (0x0001)false
                                                                  Jun 11, 2024 20:00:39.704730034 CEST1.1.1.1192.168.2.40x2886No error (0)resources.messari.io104.18.7.70A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:39.704730034 CEST1.1.1.1192.168.2.40x2886No error (0)resources.messari.io104.18.6.70A (IP address)IN (0x0001)false
                                                                  Jun 11, 2024 20:00:42.269665003 CEST1.1.1.1192.168.2.40x8df8No error (0)iexeuniversidad.com51.161.117.153A (IP address)IN (0x0001)false

                                                                  HTTP Request Dependency Graph

                                                                  • ipinfo.io
                                                                  • qrco.de
                                                                  • iexeuniversidad.com
                                                                  • https:
                                                                    • aadcdn.msauth.net
                                                                    • cdn.auth0.com
                                                                    • resources.messari.io
                                                                  • fs.microsoft.com
                                                                  • slscr.update.microsoft.com
                                                                  • armmf.adobe.com

                                                                  HTTPS Proxied Packets

                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                  0192.168.2.44973034.117.186.192443
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:19 UTC59OUTGET / HTTP/1.1
                                                                  Host: ipinfo.io
                                                                  Connection: Keep-Alive
                                                                  2024-06-11 18:00:20 UTC513INHTTP/1.1 200 OK
                                                                  server: nginx/1.24.0
                                                                  date: Tue, 11 Jun 2024 18:00:20 GMT
                                                                  content-type: application/json; charset=utf-8
                                                                  Content-Length: 314
                                                                  access-control-allow-origin: *
                                                                  x-frame-options: SAMEORIGIN
                                                                  x-xss-protection: 1; mode=block
                                                                  x-content-type-options: nosniff
                                                                  referrer-policy: strict-origin-when-cross-origin
                                                                  x-envoy-upstream-service-time: 1
                                                                  via: 1.1 google
                                                                  strict-transport-security: max-age=2592000; includeSubDomains
                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                  Connection: close
                                                                  2024-06-11 18:00:20 UTC314INData Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 39 31 2e 73 74 61 74 69 63 2e 71 75 61 64 72 61 6e 65 74 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 44 61 6c 6c 61 73 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 54 65 78 61 73 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 33 32 2e 38 31 35 32 2c 2d 39 36 2e 38 37 30 33 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 38 31 30 30 20 51 75 61 64 72 61 4e 65 74 20 45 6e 74 65 72 70 72 69 73 65 73 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 37 35 32 34 37 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 41 6d 65 72
                                                                  Data Ascii: { "ip": "173.254.250.91", "hostname": "173.254.250.91.static.quadranet.com", "city": "Dallas", "region": "Texas", "country": "US", "loc": "32.8152,-96.8703", "org": "AS8100 QuadraNet Enterprises LLC", "postal": "75247", "timezone": "Amer


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  1192.168.2.44974213.33.187.514437720C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:35 UTC656OUTGET /bf8XxK HTTP/1.1
                                                                  Host: qrco.de
                                                                  Connection: keep-alive
                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                  sec-ch-ua-mobile: ?0
                                                                  sec-ch-ua-platform: "Windows"
                                                                  Upgrade-Insecure-Requests: 1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Sec-Fetch-Site: none
                                                                  Sec-Fetch-Mode: navigate
                                                                  Sec-Fetch-User: ?1
                                                                  Sec-Fetch-Dest: document
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2024-06-11 18:00:35 UTC531INHTTP/1.1 302 Moved Temporarily
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Date: Tue, 11 Jun 2024 18:00:35 GMT
                                                                  Server: nginx
                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                  Pragma: no-cache
                                                                  Location: https://iexeuniversidad.com/portal.html
                                                                  X-Cache: Miss from cloudfront
                                                                  Via: 1.1 32803d0ba3af70cddd7db80d2fd00608.cloudfront.net (CloudFront)
                                                                  X-Amz-Cf-Pop: FRA60-P9
                                                                  X-Amz-Cf-Id: P2HCJUal8vaf__XexlLyCpO4fP5puXHhip5MgVGxHSeKD6uuN5_92Q==
                                                                  2024-06-11 18:00:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                  Data Ascii: 0


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  2192.168.2.44974551.161.117.1534437720C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:36 UTC673OUTGET /portal.html HTTP/1.1
                                                                  Host: iexeuniversidad.com
                                                                  Connection: keep-alive
                                                                  Upgrade-Insecure-Requests: 1
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Sec-Fetch-Site: none
                                                                  Sec-Fetch-Mode: navigate
                                                                  Sec-Fetch-User: ?1
                                                                  Sec-Fetch-Dest: document
                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                  sec-ch-ua-mobile: ?0
                                                                  sec-ch-ua-platform: "Windows"
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2024-06-11 18:00:36 UTC240INHTTP/1.1 200 OK
                                                                  Server: nginx
                                                                  Date: Tue, 11 Jun 2024 18:00:35 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 32063
                                                                  Connection: close
                                                                  Last-Modified: Fri, 07 Jun 2024 18:44:19 GMT
                                                                  Vary: Accept-Encoding,User-Agent
                                                                  Accept-Ranges: bytes
                                                                  2024-06-11 18:00:36 UTC16144INData Raw: 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 75 6c 70 2d 76 65 72 73 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 37 2e 31 34 38 22 3e 0a 20 20 20 20 0a 20 20 20
                                                                  Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="ulp-version" content="1.17.148">
                                                                  2024-06-11 18:00:36 UTC15919INData Raw: 65 6f 75 74 28 72 29 2c 6e 28 65 29 7d 29 7d 29 7d 2c 63 72 65 61 74 65 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 3f 6e 75 6c 6c 3a 6e 65 77 20 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 28 65 29 7d 2c 63 6f 6e 73 6f 6c 65 57 61 72 6e 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 28 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 7c 7c 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 29 2e 61 70 70 6c 79 28 63 6f 6e 73 6f 6c 65 2c 61 72 67 75 6d 65 6e 74 73 29 7d 2c 67 65 74 43 6f 6e 66 69 67 4a 73 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 63 28 65 29 3b 69 66 28 21 74 29 72 65 74 75 72
                                                                  Data Ascii: eout(r),n(e)})})},createMutationObserver:function(e){return"undefined"==typeof MutationObserver?null:new MutationObserver(e)},consoleWarn:function(){(console.warn||console.log).apply(console,arguments)},getConfigJson:function(e){try{var t=c(e);if(!t)retur


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  3192.168.2.449747184.28.90.27443
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:36 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                  Connection: Keep-Alive
                                                                  Accept: */*
                                                                  Accept-Encoding: identity
                                                                  User-Agent: Microsoft BITS/7.8
                                                                  Host: fs.microsoft.com
                                                                  2024-06-11 18:00:37 UTC467INHTTP/1.1 200 OK
                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                  Content-Type: application/octet-stream
                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                  Server: ECAcc (lpl/EF06)
                                                                  X-CID: 11
                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                  X-Ms-Region: prod-neu-z1
                                                                  Cache-Control: public, max-age=166133
                                                                  Date: Tue, 11 Jun 2024 18:00:36 GMT
                                                                  Connection: close
                                                                  X-CID: 2


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  4192.168.2.44975113.107.246.674437720C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:37 UTC657OUTGET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1
                                                                  Host: aadcdn.msauth.net
                                                                  Connection: keep-alive
                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                  sec-ch-ua-mobile: ?0
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  sec-ch-ua-platform: "Windows"
                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                  Sec-Fetch-Site: cross-site
                                                                  Sec-Fetch-Mode: no-cors
                                                                  Sec-Fetch-Dest: image
                                                                  Referer: https://iexeuniversidad.com/
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2024-06-11 18:00:37 UTC785INHTTP/1.1 200 OK
                                                                  Date: Tue, 11 Jun 2024 18:00:37 GMT
                                                                  Content-Type: image/svg+xml
                                                                  Content-Length: 1435
                                                                  Connection: close
                                                                  Cache-Control: public, max-age=31536000
                                                                  Content-Encoding: gzip
                                                                  Last-Modified: Wed, 24 May 2023 10:11:48 GMT
                                                                  ETag: 0x8DB5C3F4911527F
                                                                  x-ms-request-id: a55e378d-301e-0005-0faf-b76294000000
                                                                  x-ms-version: 2009-09-19
                                                                  x-ms-lease-status: unlocked
                                                                  x-ms-blob-type: BlockBlob
                                                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                  Access-Control-Allow-Origin: *
                                                                  x-azure-ref: 20240611T180037Z-165c8c7b54d5z4b5qg8mcuncsg00000008pg000000007mf2
                                                                  x-fd-int-roxy-purgeid: 4554691
                                                                  X-Cache: TCP_HIT
                                                                  Accept-Ranges: bytes
                                                                  2024-06-11 18:00:37 UTC1435INData Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5
                                                                  Data Ascii: WMo7+uVHJ{&v(QFaWQ|~|{~b{8zv8|bgxby{x<\lSppl7o}vtrr|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  5192.168.2.44975013.33.223.414437720C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:37 UTC578OUTGET /ulp/react-components/1.87.4/css/main.cdn.min.css HTTP/1.1
                                                                  Host: cdn.auth0.com
                                                                  Connection: keep-alive
                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                  sec-ch-ua-mobile: ?0
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  sec-ch-ua-platform: "Windows"
                                                                  Accept: text/css,*/*;q=0.1
                                                                  Sec-Fetch-Site: cross-site
                                                                  Sec-Fetch-Mode: no-cors
                                                                  Sec-Fetch-Dest: style
                                                                  Referer: https://iexeuniversidad.com/
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2024-06-11 18:00:38 UTC746INHTTP/1.1 200 OK
                                                                  Content-Type: text/css
                                                                  Content-Length: 278551
                                                                  Connection: close
                                                                  Date: Tue, 11 Jun 2024 18:00:39 GMT
                                                                  x-amz-replication-status: FAILED
                                                                  Last-Modified: Tue, 19 Mar 2024 12:47:33 GMT
                                                                  ETag: "f13bbbda75559ca0f00deb30cf7d838e"
                                                                  x-amz-server-side-encryption: AES256
                                                                  Cache-Control: max-age=86400
                                                                  x-amz-version-id: 1tUZ2hbU4Y2ULW91Rsg26QsTE78M3mcV
                                                                  Accept-Ranges: bytes
                                                                  Server: AmazonS3
                                                                  Vary: Accept-Encoding
                                                                  X-Cache: Miss from cloudfront
                                                                  Via: 1.1 ebf31a208b1563522327c20ddd946a5c.cloudfront.net (CloudFront)
                                                                  X-Amz-Cf-Pop: FRA60-P10
                                                                  X-Amz-Cf-Id: Im3HiIdBp0H97d-JRAB3kjlCGPhUSNKVINFCJKjf4WAWODAHEPXT0w==
                                                                  X-Content-Type-Options: nosniff
                                                                  Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                  X-Robots-Tag: noindex
                                                                  2024-06-11 18:00:38 UTC6396INData Raw: 61 2c 61 62 62 72 2c 61 63 72 6f 6e 79 6d 2c 61 64 64 72 65 73 73 2c 61 70 70 6c 65 74 2c 61 72 74 69 63 6c 65 2c 61 73 69 64 65 2c 61 75 64 69 6f 2c 62 2c 62 69 67 2c 62 6c 6f 63 6b 71 75 6f 74 65 2c 62 6f 64 79 2c 63 61 6e 76 61 73 2c 63 61 70 74 69 6f 6e 2c 63 65 6e 74 65 72 2c 63 69 74 65 2c 63 6f 64 65 2c 64 64 2c 64 65 6c 2c 64 65 74 61 69 6c 73 2c 64 66 6e 2c 64 69 76 2c 64 6c 2c 64 74 2c 65 6d 2c 65 6d 62 65 64 2c 66 69 65 6c 64 73 65 74 2c 66 69 67 63 61 70 74 69 6f 6e 2c 66 69 67 75 72 65 2c 66 6f 6f 74 65 72 2c 66 6f 72 6d 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 2c 68 65 61 64 65 72 2c 68 67 72 6f 75 70 2c 68 74 6d 6c 2c 69 2c 69 66 72 61 6d 65 2c 69 6d 67 2c 69 6e 73 2c 6b 62 64 2c 6c 61 62 65 6c 2c 6c 65 67 65 6e 64 2c 6c 69 2c
                                                                  Data Ascii: a,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,em,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,
                                                                  2024-06-11 18:00:38 UTC2553INData Raw: 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 2c 25 33 43 73 76 67 20 77 69 64 74 68 3d 27 32 31 36 39 27 20 68 65 69 67 68 74 3d 27 32 35 30 30 27 20 76 69 65 77 42 6f 78 3d 27 30 20 30 20 32 35 36 20 32 39 35 27 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 70 72 65 73 65 72 76 65 41 73 70 65 63 74 52 61 74 69 6f 3d 27 78 4d 69 6e 59 4d 69 6e 20 6d 65 65 74 27 25 33 45 25 33 43 67 20 66 69 6c 6c 3d 27 25 32 33 32 30 35 30 38 31 27 25 33 45 25 33 43 70 61 74 68 20 64 3d 27 4d 31 32 38 20 30 43 35 37 2e 37 33 32 20 30 20 2e 30 31 32 20 31 38 2e 38 32 32 2e 30 31 32 20 34 32 2e 36 36 33 63 30 20 36 2e
                                                                  Data Ascii: und-image:url("data:image/svg+xml;charset=utf-8,%3Csvg width='2169' height='2500' viewBox='0 0 256 295' xmlns='http://www.w3.org/2000/svg' preserveAspectRatio='xMinYMin meet'%3E%3Cg fill='%23205081'%3E%3Cpath d='M128 0C57.732 0 .012 18.822.012 42.663c0 6.
                                                                  2024-06-11 18:00:38 UTC7947INData Raw: 30 30 34 2d 2e 30 30 32 63 35 2e 37 39 34 20 37 2e 33 37 37 20 31 36 2e 34 34 33 20 38 2e 38 31 34 20 32 33 2e 39 38 20 33 2e 31 35 34 20 37 2e 35 33 39 2d 35 2e 36 36 32 20 39 2e 31 32 35 2d 31 36 2e 32 39 31 20 33 2e 36 35 32 2d 32 33 2e 39 31 6c 2e 30 30 38 2d 2e 30 30 38 7a 27 2f 25 33 45 25 33 43 2f 67 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 7d 2e 63 37 36 66 33 62 35 63 63 5b 64 61 74 61 2d 70 72 6f 76 69 64 65 72 5e 3d 64 61 63 63 6f 75 6e 74 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 2c 25 33 43 73 76 67 20 77 69 64 74 68 3d 27 32 30 27 20 68 65 69 67 68 74 3d 27 32 38 27 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77
                                                                  Data Ascii: 004-.002c5.794 7.377 16.443 8.814 23.98 3.154 7.539-5.662 9.125-16.291 3.652-23.91l.008-.008z'/%3E%3C/g%3E%3C/svg%3E")}.c76f3b5cc[data-provider^=daccount]{background-image:url("data:image/svg+xml;charset=utf-8,%3Csvg width='20' height='28' xmlns='http://w
                                                                  2024-06-11 18:00:38 UTC12792INData Raw: 31 38 20 34 2e 34 31 32 76 37 30 2e 35 33 31 61 34 2e 34 32 34 20 34 2e 34 32 34 20 30 20 30 20 31 2d 34 2e 34 31 38 20 34 2e 34 32 63 2d 32 2e 34 33 34 20 30 2d 34 2e 33 39 31 2d 31 2e 39 39 32 2d 34 2e 33 39 31 2d 34 2e 34 32 7a 6d 2d 36 31 2e 31 31 37 2d 37 35 2e 32 33 38 63 2d 31 32 2e 35 37 38 2e 30 30 38 2d 32 33 2e 37 39 31 20 35 2e 38 33 36 2d 33 31 2e 31 30 34 20 31 34 2e 39 32 36 56 34 2e 34 31 34 61 34 2e 34 31 20 34 2e 34 31 20 30 20 30 20 30 2d 38 2e 38 31 39 20 30 56 38 35 2e 37 35 63 30 20 2e 33 31 32 2e 31 31 35 2e 35 38 38 2e 31 38 32 2e 38 38 35 20 31 2e 37 39 35 20 32 30 2e 33 38 35 20 31 38 2e 38 38 33 20 33 36 2e 33 36 39 20 33 39 2e 37 34 34 20 33 36 2e 33 36 39 20 32 32 2e 30 34 33 20 30 20 33 39 2e 39 30 36 2d 31 37 2e 38 35 39 20
                                                                  Data Ascii: 18 4.412v70.531a4.424 4.424 0 0 1-4.418 4.42c-2.434 0-4.391-1.992-4.391-4.42zm-61.117-75.238c-12.578.008-23.791 5.836-31.104 14.926V4.414a4.41 4.41 0 0 0-8.819 0V85.75c0 .312.115.588.182.885 1.795 20.385 18.883 36.369 39.744 36.369 22.043 0 39.906-17.859
                                                                  2024-06-11 18:00:38 UTC4616INData Raw: 36 20 33 30 32 27 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 70 72 65 73 65 72 76 65 41 73 70 65 63 74 52 61 74 69 6f 3d 27 78 4d 69 64 59 4d 69 64 27 25 33 45 25 33 43 70 61 74 68 20 64 3d 27 4d 32 31 37 2e 31 36 38 20 32 33 2e 35 30 37 43 32 30 33 2e 32 33 34 20 37 2e 36 32 35 20 31 37 38 2e 30 34 36 2e 38 31 36 20 31 34 35 2e 38 32 33 2e 38 31 36 68 2d 39 33 2e 35 32 41 31 33 2e 33 39 33 20 31 33 2e 33 39 33 20 30 20 30 20 30 20 33 39 2e 30 37 36 20 31 32 2e 31 31 4c 2e 31 33 36 20 32 35 39 2e 30 37 37 63 2d 2e 37 37 34 20 34 2e 38 37 20 32 2e 39 39 37 20 39 2e 32 38 20 37 2e 39 33 33 20 39 2e 32 38 68 35 37 2e 37 33 36 6c 31 34 2e 35 2d 39 31 2e 39 37 31 2d 2e 34 35 20 32 2e 38 38 63 31
                                                                  Data Ascii: 6 302' xmlns='http://www.w3.org/2000/svg' preserveAspectRatio='xMidYMid'%3E%3Cpath d='M217.168 23.507C203.234 7.625 178.046.816 145.823.816h-93.52A13.393 13.393 0 0 0 39.076 12.11L.136 259.077c-.774 4.87 2.997 9.28 7.933 9.28h57.736l14.5-91.971-.45 2.88c1
                                                                  2024-06-11 18:00:38 UTC8949INData Raw: 2e 33 32 34 2e 38 35 35 20 33 2e 30 37 36 20 32 2e 35 32 36 20 34 2e 38 30 36 20 32 2e 37 37 37 20 32 2e 31 38 38 2d 31 2e 36 35 33 20 34 2e 31 32 38 2d 35 2e 33 37 39 20 35 2e 36 33 32 2d 37 2e 38 30 38 20 36 2e 37 36 39 2d 31 30 2e 39 34 34 20 31 31 2e 30 37 37 2d 32 38 2e 32 39 38 20 36 2e 36 38 31 2d 34 34 2e 38 39 38 7a 4d 31 35 36 2e 38 32 36 20 39 32 2e 31 33 63 2d 32 2e 35 35 39 2d 33 2e 33 39 35 2d 34 2e 38 38 37 2d 37 2e 30 35 31 2d 37 2e 31 33 33 2d 31 30 2e 37 33 37 6c 2d 33 2e 33 37 39 2d 36 2e 33 38 32 68 2d 2e 31 35 6c 2d 31 2e 31 32 36 20 33 2e 33 37 39 2d 33 2e 33 30 34 20 37 2e 33 35 38 63 2d 34 2e 31 33 33 20 37 2e 34 38 2d 39 2e 34 38 34 20 31 33 2e 38 37 38 2d 31 35 2e 36 39 31 20 31 39 2e 32 39 36 2d 31 2e 38 36 35 20 31 2e 36 32 38
                                                                  Data Ascii: .324.855 3.076 2.526 4.806 2.777 2.188-1.653 4.128-5.379 5.632-7.808 6.769-10.944 11.077-28.298 6.681-44.898zM156.826 92.13c-2.559-3.395-4.887-7.051-7.133-10.737l-3.379-6.382h-.15l-1.126 3.379-3.304 7.358c-4.133 7.48-9.484 13.878-15.691 19.296-1.865 1.628
                                                                  2024-06-11 18:00:38 UTC8459INData Raw: 36 37 20 36 2e 30 37 36 20 34 2e 37 36 37 20 31 33 2e 37 38 39 76 32 2e 34 34 38 61 32 30 39 2e 36 37 37 20 32 30 39 2e 36 37 37 20 30 20 30 20 30 2d 39 2e 35 34 39 2d 31 2e 31 32 33 6d 34 36 37 2e 30 32 39 2d 32 39 2e 38 33 36 63 2e 34 34 2d 31 2e 33 31 2d 2e 34 38 34 2d 31 2e 39 33 36 2d 2e 38 36 39 2d 32 2e 30 37 38 2d 2e 39 38 31 2d 2e 33 38 34 2d 35 2e 39 30 35 2d 31 2e 34 32 33 2d 39 2e 37 30 35 2d 31 2e 36 36 35 2d 37 2e 32 37 31 2d 2e 34 34 31 2d 31 31 2e 33 31 32 2e 37 38 33 2d 31 34 2e 39 32 38 20 32 2e 34 30 35 2d 33 2e 35 38 36 20 31 2e 36 32 32 2d 37 2e 35 37 20 34 2e 32 34 2d 39 2e 37 39 31 20 37 2e 32 31 35 76 2d 37 2e 30 34 34 63 30 2d 2e 39 38 32 2d 2e 36 39 37 2d 31 2e 37 36 35 2d 31 2e 36 36 35 2d 31 2e 37 36 35 68 2d 31 34 2e 38 34 33
                                                                  Data Ascii: 67 6.076 4.767 13.789v2.448a209.677 209.677 0 0 0-9.549-1.123m467.029-29.836c.44-1.31-.484-1.936-.869-2.078-.981-.384-5.905-1.423-9.705-1.665-7.271-.441-11.312.783-14.928 2.405-3.586 1.622-7.57 4.24-9.791 7.215v-7.044c0-.982-.697-1.765-1.665-1.765h-14.843
                                                                  2024-06-11 18:00:38 UTC16384INData Raw: 72 61 64 69 65 6e 74 54 72 61 6e 73 66 6f 72 6d 3d 27 6d 61 74 72 69 78 28 2e 32 30 36 35 20 30 20 30 20 2d 2e 32 30 36 35 20 2d 32 31 30 2e 35 34 37 20 2d 32 39 31 2e 30 32 36 29 27 25 33 45 25 33 43 73 74 6f 70 20 6f 66 66 73 65 74 3d 27 30 27 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 27 25 32 33 66 38 30 27 2f 25 33 45 25 33 43 73 74 6f 70 20 6f 66 66 73 65 74 3d 27 31 27 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 27 25 32 33 66 33 30 27 2f 25 33 45 25 33 43 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 25 33 45 25 33 43 70 61 74 68 20 66 69 6c 6c 3d 27 75 72 6c 28 25 32 33 61 29 27 20 64 3d 27 4d 31 35 2e 38 33 35 20 34 37 2e 39 63 2d 2e 30 38 33 2d 2e 30 38 32 2d 2e 31 34 35 2d 2e 32 36 38 2d 2e 31 34 35 2d 2e 33 39 33 20 30 2d 2e 31 34 35 2d 2e 30 38 33 2d 31 2e
                                                                  Data Ascii: radientTransform='matrix(.2065 0 0 -.2065 -210.547 -291.026)'%3E%3Cstop offset='0' stop-color='%23f80'/%3E%3Cstop offset='1' stop-color='%23f30'/%3E%3C/linearGradient%3E%3Cpath fill='url(%23a)' d='M15.835 47.9c-.083-.082-.145-.268-.145-.393 0-.145-.083-1.
                                                                  2024-06-11 18:00:38 UTC1024INData Raw: 38 20 30 2d 32 2e 31 30 37 20 31 2e 34 37 38 2d 31 2e 36 37 34 20 32 2e 33 39 34 2e 33 34 38 2e 37 33 32 20 32 35 2e 32 32 20 36 36 2e 39 30 33 20 33 35 2e 32 36 39 20 39 32 2e 31 38 33 76 35 35 2e 35 38 63 30 20 31 2e 30 31 35 2e 34 30 35 20 31 2e 36 32 32 20 31 2e 34 31 37 20 31 2e 36 32 32 48 34 39 2e 38 35 63 2e 38 30 39 20 30 20 31 2e 34 31 36 2d 2e 36 30 37 20 31 2e 34 31 36 2d 31 2e 36 32 32 76 2d 35 35 2e 31 34 33 43 35 39 2e 36 34 20 38 36 2e 34 38 38 20 39 30 2e 32 33 37 20 33 2e 32 37 20 39 30 2e 35 37 20 32 2e 33 33 38 20 39 30 2e 39 37 35 20 31 2e 31 39 38 20 39 30 2e 38 35 35 20 30 20 38 39 2e 31 33 38 20 30 7a 27 2f 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 7d 2e 63 37 36 66 33 62 35 63 63 5b 64 61 74 61 2d 70 72 6f 76 69 64 65 72 5e 3d
                                                                  Data Ascii: 8 0-2.107 1.478-1.674 2.394.348.732 25.22 66.903 35.269 92.183v55.58c0 1.015.405 1.622 1.417 1.622H49.85c.809 0 1.416-.607 1.416-1.622v-55.143C59.64 86.488 90.237 3.27 90.57 2.338 90.975 1.198 90.855 0 89.138 0z'/%3E%3C/svg%3E")}.c76f3b5cc[data-provider^=
                                                                  2024-06-11 18:00:38 UTC16384INData Raw: 35 37 2e 37 35 34 2d 37 30 2e 36 34 38 2d 39 33 2e 35 34 37 20 30 2d 33 2e 38 36 33 2e 33 31 38 2d 37 2e 38 32 35 2e 39 34 35 2d 31 31 2e 37 38 37 20 31 2e 35 38 39 2d 33 39 2e 39 37 33 20 33 34 2e 37 39 37 2d 39 37 2e 39 34 37 20 38 34 2e 37 38 2d 31 34 37 2e 39 33 20 33 33 2e 32 32 37 2d 33 33 2e 32 32 36 20 36 39 2e 38 37 2d 35 39 2e 32 37 20 31 30 33 2e 33 31 34 2d 37 33 2e 34 35 38 2d 37 2e 38 35 34 20 31 2e 38 32 33 2d 31 36 2e 32 31 38 20 34 2e 35 36 36 2d 32 35 2e 30 32 33 20 38 2e 32 34 35 2d 33 33 2e 37 31 35 20 31 34 2e 30 38 38 2d 37 30 2e 37 36 34 20 34 30 2e 33 33 2d 31 30 34 2e 33 32 35 20 37 33 2e 38 38 39 43 33 35 2e 37 34 32 20 32 32 38 2e 37 30 37 20 32 2e 35 33 34 20 32 38 36 2e 36 38 32 2e 39 34 35 20 33 32 36 2e 36 35 34 41 37 35 2e
                                                                  Data Ascii: 57.754-70.648-93.547 0-3.863.318-7.825.945-11.787 1.589-39.973 34.797-97.947 84.78-147.93 33.227-33.226 69.87-59.27 103.314-73.458-7.854 1.823-16.218 4.566-25.023 8.245-33.715 14.088-70.764 40.33-104.325 73.889C35.742 228.707 2.534 286.682.945 326.654A75.


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  6192.168.2.449756184.28.90.27443
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:37 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                  Connection: Keep-Alive
                                                                  Accept: */*
                                                                  Accept-Encoding: identity
                                                                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                  Range: bytes=0-2147483646
                                                                  User-Agent: Microsoft BITS/7.8
                                                                  Host: fs.microsoft.com
                                                                  2024-06-11 18:00:38 UTC515INHTTP/1.1 200 OK
                                                                  ApiVersion: Distribute 1.1
                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                  Content-Type: application/octet-stream
                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                  Server: ECAcc (lpl/EF06)
                                                                  X-CID: 11
                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                  X-Ms-Region: prod-weu-z1
                                                                  Cache-Control: public, max-age=166225
                                                                  Date: Tue, 11 Jun 2024 18:00:38 GMT
                                                                  Content-Length: 55
                                                                  Connection: close
                                                                  X-CID: 2
                                                                  2024-06-11 18:00:38 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  7192.168.2.44975313.85.23.86443
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:38 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Fl2pNcymfwyN9UW&MD=KLZbXtzN HTTP/1.1
                                                                  Connection: Keep-Alive
                                                                  Accept: */*
                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                  Host: slscr.update.microsoft.com
                                                                  2024-06-11 18:00:38 UTC560INHTTP/1.1 200 OK
                                                                  Cache-Control: no-cache
                                                                  Pragma: no-cache
                                                                  Content-Type: application/octet-stream
                                                                  Expires: -1
                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                  MS-CorrelationId: 48d58fb0-e747-4c88-8cfb-cce6aa5922da
                                                                  MS-RequestId: 645ab730-8d41-4794-a2ec-a53e7df654ae
                                                                  MS-CV: 701ucv5iWUqDH7os.0
                                                                  X-Microsoft-SLSClientCache: 2880
                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                  X-Content-Type-Options: nosniff
                                                                  Date: Tue, 11 Jun 2024 18:00:38 GMT
                                                                  Connection: close
                                                                  Content-Length: 24490
                                                                  2024-06-11 18:00:38 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                  2024-06-11 18:00:38 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  8192.168.2.44975713.107.246.454437720C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:38 UTC418OUTGET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1
                                                                  Host: aadcdn.msauth.net
                                                                  Connection: keep-alive
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  Accept: */*
                                                                  Sec-Fetch-Site: none
                                                                  Sec-Fetch-Mode: cors
                                                                  Sec-Fetch-Dest: empty
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2024-06-11 18:00:38 UTC785INHTTP/1.1 200 OK
                                                                  Date: Tue, 11 Jun 2024 18:00:38 GMT
                                                                  Content-Type: image/svg+xml
                                                                  Content-Length: 1435
                                                                  Connection: close
                                                                  Cache-Control: public, max-age=31536000
                                                                  Content-Encoding: gzip
                                                                  Last-Modified: Wed, 24 May 2023 10:11:48 GMT
                                                                  ETag: 0x8DB5C3F4911527F
                                                                  x-ms-request-id: a55e378d-301e-0005-0faf-b76294000000
                                                                  x-ms-version: 2009-09-19
                                                                  x-ms-lease-status: unlocked
                                                                  x-ms-blob-type: BlockBlob
                                                                  Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                  Access-Control-Allow-Origin: *
                                                                  x-azure-ref: 20240611T180038Z-165c8c7b54dnwl9ng2p9g8136s00000008mg00000000m3gb
                                                                  x-fd-int-roxy-purgeid: 4554691
                                                                  X-Cache: TCP_HIT
                                                                  Accept-Ranges: bytes
                                                                  2024-06-11 18:00:38 UTC1435INData Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5
                                                                  Data Ascii: WMo7+uVHJ{&v(QFaWQ|~|{~b{8zv8|bgxby{x<\lSppl7o}vtrr|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  9192.168.2.449763104.18.7.704437720C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:40 UTC579OUTGET /fonts/FKGroteskNeue.woff HTTP/1.1
                                                                  Host: resources.messari.io
                                                                  Connection: keep-alive
                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                  Origin: https://iexeuniversidad.com
                                                                  sec-ch-ua-mobile: ?0
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  sec-ch-ua-platform: "Windows"
                                                                  Accept: */*
                                                                  Sec-Fetch-Site: cross-site
                                                                  Sec-Fetch-Mode: cors
                                                                  Sec-Fetch-Dest: font
                                                                  Referer: https://iexeuniversidad.com/
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2024-06-11 18:00:41 UTC645INHTTP/1.1 200 OK
                                                                  Date: Tue, 11 Jun 2024 18:00:41 GMT
                                                                  Content-Type: application/font-woff
                                                                  Content-Length: 143888
                                                                  Connection: close
                                                                  last-modified: Fri, 15 Mar 2024 20:29:40 GMT
                                                                  x-amz-server-side-encryption: AES256
                                                                  etag: "236ee4e878f1695bfc50a77c3e367a85"
                                                                  x-cache: RefreshHit from cloudfront
                                                                  via: 1.1 c73c454a7c881cf4337ab88377497bfc.cloudfront.net (CloudFront)
                                                                  x-amz-cf-pop: DFW57-P2
                                                                  x-amz-cf-id: TfII0qcwgusmixPNVgVfx2ItNZQHvRIN1lm24T9YNhk-DUSBsfafFg==
                                                                  CF-Cache-Status: REVALIDATED
                                                                  Expires: Tue, 11 Jun 2024 22:00:41 GMT
                                                                  Cache-Control: public, max-age=14400
                                                                  Accept-Ranges: bytes
                                                                  Server: cloudflare
                                                                  CF-RAY: 89238087fddce6fe-DFW
                                                                  2024-06-11 18:00:41 UTC724INData Raw: 77 4f 46 46 00 01 00 00 00 02 32 10 00 15 00 00 00 05 f8 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 53 49 47 00 00 01 d0 00 00 00 08 00 00 00 08 00 00 00 01 47 44 45 46 00 00 01 d8 00 00 0f b8 00 00 13 b4 c3 a5 e2 b3 47 50 4f 53 00 00 11 90 00 00 52 89 00 00 e9 2e fd d7 a1 8b 47 53 55 42 00 00 64 1c 00 00 06 49 00 00 0c 78 f8 8a bd 3e 48 56 41 52 00 00 6a 68 00 00 06 f5 00 00 0b 8a 74 0a 77 db 4f 53 2f 32 00 00 71 60 00 00 00 4f 00 00 00 60 50 47 3b 20 53 54 41 54 00 00 71 b0 00 00 00 24 00 00 00 24 e2 e5 c9 fa 61 76 61 72 00 00 71 d4 00 00 00 2e 00 00 00 34 70 d7 78 05 63 6d 61 70 00 00 72 04 00 00 04 6e 00 00 05 c8 0b 02 5b 74 66 76 61 72 00 00 76 74 00 00 00 6c 00 00 00 c8 0b 84 cc 03 67 61 73 70 00 00 76 e0 00 00 00
                                                                  Data Ascii: wOFF2DSIGGDEFGPOSR.GSUBdIx>HVARjhtwOS/2q`O`PG; STATq$$avarq.4pxcmaprn[tfvarvtlgaspv
                                                                  2024-06-11 18:00:41 UTC1369INData Raw: fe 01 6d 5a e9 1f d6 66 15 3f a2 7d 44 59 f6 69 bf a4 b8 a4 fd b2 b2 dc af 1d 54 7c 40 fb b8 b2 9c d0 4e 28 3e a1 3d a1 78 5a 3b ad f8 7b da 33 00 6a 5f d6 be ac f8 15 ed 05 65 f9 9a 76 51 fd fe 55 e5 bb a6 7d 53 fb a6 d2 5f d7 ae 2a fe 9d d6 51 96 9e d6 53 fc 37 6d 4b 59 be ab 85 4a 1f 6a df 53 7c 5b 7b 5b f1 1d 08 81 06 ef 80 77 80 3d 50 87 7b 95 fe 7e e8 2b 2e c1 5f 51 fc 55 f8 80 b2 ff 1a fc 75 a5 7f 16 aa c8 c0 df 82 a7 14 9f 81 7f a8 ec 7f 02 ff 52 e9 5f 83 5f 53 fc 3a fc ba e2 25 f8 d7 8a 7f 03 ff 56 f1 55 f8 a6 e2 35 78 53 71 15 fe a3 e2 b7 e0 b7 55 94 76 fe 00 c0 8a ef df 89 a7 8a d7 3d 9a ad bd 4f 73 b4 7b 77 e2 a5 62 33 a9 7d 50 9b d2 3e a4 4d 6b b3 3b 11 51 f1 f8 e8 8e 8f 3b 5e ed f8 b1 d3 ab dd 1e ec b4 73 10 dc ad 78 4a c9 37 94 ac 28 49 95
                                                                  Data Ascii: mZf?}DYiT|@N(>=xZ;{3j_evQU}S_*QS7mKYJjS|[{[w=P{~+._QUuR__S:%VU5xSqUv=Os{wb3}P>Mk;Q;^sxJ7(I
                                                                  2024-06-11 18:00:41 UTC1369INData Raw: 30 23 2e a2 2a 8f 10 8b 50 19 e9 49 84 61 44 cc 88 9a 91 c1 22 67 14 b9 71 e4 e6 91 67 46 4d 14 b5 3a a3 0b ef 8e 32 32 42 78 44 f3 91 41 46 d6 d6 e8 21 14 5f 3a 1c 6f 4c c4 5b 30 0e 60 1c 0d e3 18 c5 09 8c 13 14 67 45 5c 18 71 e1 c4 7c 32 2e 61 2c ab 58 1a 71 25 63 58 c5 10 c7 84 c6 a4 16 d3 8b 31 cd 63 aa c7 96 1d db 7a 6c 1b b1 6b c4 b5 8d b8 8e 63 7f 33 f6 c3 78 5c c6 4d 33 9e 20 f1 a4 8c 67 64 7c 28 89 8f c8 64 e0 27 89 95 64 56 22 64 22 a6 12 a4 12 1d 4a 47 7a 1a b7 d2 78 36 4d 78 9a e0 34 39 94 a6 24 4d 9d 34 83 69 de 48 8b 2a 7d fb df 53 0e 53 4e 52 ee a4 7c 3a 95 30 ad 78 0a ed 14 f1 14 59 a9 5e 4b f1 4a 8a 49 8a 5b 29 21 a9 e1 a5 56 92 da 22 b5 cb d4 29 d2 5a 98 d6 ec b4 51 aa e5 9a 36 26 d3 66 96 ce 74 b3 3e cb 82 3c 0b 61 96 92 2c e7 59 6e 64
                                                                  Data Ascii: 0#.*PIaD"gqgFM:22BxDAF!_:oL[0`gE\q|2.a,Xq%cX1czlkc3x\M3 gd|(d'dV"d"JGzx6Mx49$M4iH*}SSNR|:0xY^KJI[)!V")ZQ6&ft><a,Ynd
                                                                  2024-06-11 18:00:41 UTC1369INData Raw: 9b 15 2e 97 2e 27 6e 05 5d 2c 5c 22 5c 9a b8 b4 72 8d 9e 6b 44 ae 99 bb 0e 77 dd d8 ad 41 d7 4b 5d 5f ba e3 eb 6e 2b 76 17 98 fb 89 7b dd c7 e3 da 55 e8 bd 32 ee 85 91 37 9c f0 d8 d0 93 c8 83 95 87 0a 0f 31 4f 8d 03 31 3c da f3 28 f7 0c e9 99 b9 67 f7 3d 27 f5 bc c8 6b 04 5e a3 f4 9a 81 37 d3 ab 13 5e a7 bc ee 55 f5 93 c4 7f 43 f8 5c fa 02 fb 72 c3 af 62 1f 42 1f ba 3e 4a 7c 2b f3 1d ee cf 08 7f 21 18 7b e1 87 63 7a 6f ac 96 8d d5 d9 d8 54 d6 e8 5a 0d 09 1b 78 d0 b0 c3 46 23 68 4c a4 8d 56 d8 d8 17 37 96 4f 34 0e 5e 6f 7c fa 8e f1 97 c8 b8 df 1b 3f 79 d7 f8 e7 b4 e6 da 0f 9b c3 5e 33 4e 9a b8 df c4 49 93 44 4d 5a 34 ad 51 d3 19 34 1d d9 74 2f 36 dd b8 79 fc 0b 13 4b 45 ab 6b b6 86 f5 d6 b0 d1 e2 a4 45 46 2d 93 b7 2c d4 aa 8d 5a b5 a2 35 31 6c cd 65 ad c5
                                                                  Data Ascii: ..'n],\"\rkDwAK]_n+v{U271O1<(g='k^7^UC\rbB>J|+!{czoTZxF#hLV7O4^o|?y^3NIDMZ4Q4t/6yKEkEF-,Z51le
                                                                  2024-06-11 18:00:41 UTC1369INData Raw: a0 9f 70 ee c6 c0 fa 55 a7 5e c7 ac cb bc 35 fa 48 ff 84 f8 21 a7 ca 4e bb 3a 0f e9 9c e7 c9 9d 97 76 fe 46 f4 bd a2 57 44 97 36 8d 39 62 f8 c9 a4 37 62 78 97 de 17 1c ec 39 a0 67 a8 ac 03 02 df 09 f5 eb a0 4d 3d 17 f6 fb a8 df ba 9e 15 bd fb 8c 18 ee ad bd c7 c8 e7 a3 4b 2e 3e ba ed d6 4b 56 ca ba fd 92 ed b1 8b 47 0c bf 7c ee e5 59 b2 ce 3d fa dd 3f 41 c2 f7 c8 e7 50 9f ae 7d ba c6 0f 89 1f d2 ef 23 f9 ac 8b 1f d2 67 82 ac c5 7d f2 fb 14 f7 fb a8 cf 8e 4b 43 2f 8d ba 34 c6 85 bb f5 d2 ca fe 09 fd 13 8e a6 d1 2f b3 5f e6 e5 bb 62 ae 77 df b2 6f a6 5b dd 56 4c 32 db f9 b2 7e e4 f2 29 9f 03 fd 95 db b3 7f c2 b0 3d 7c 77 97 75 6c ff 58 f9 24 78 79 ed bf c4 71 40 64 c3 fc 0f 98 5f bf ba ed 2b 23 06 ec b8 32 e2 ca 4e 4e be 2a ee aa b6 b2 c6 c5 2e be 6a dd 55
                                                                  Data Ascii: pU^5H!N:vFWD69b7bx9gM=K.>KVG|Y=?AP}#g}KC/4/_bwo[VL2~)=|wulX$xyq@d_+#2NN*.jU
                                                                  2024-06-11 18:00:41 UTC1369INData Raw: 80 bc 1b 7e 88 e6 37 c8 7b e1 c7 68 f6 21 7f 02 4b d1 fc 16 f9 53 f8 3b 58 86 fe f7 c8 9f c1 cf d1 94 23 ff 01 ee 47 53 81 fc 05 3c 80 e6 4f c8 07 e1 97 68 6a 90 ff 02 0f a1 91 16 21 b8 4a b7 b0 55 d1 55 da 0f 5b c3 08 18 ed e2 e8 2e b0 3b 3c 1f f6 80 7d ed da cb 93 75 7f e4 58 38 08 0e 87 23 60 3c bc 11 8e 84 37 c1 51 f0 66 38 1a de 02 c7 c0 5b e1 58 78 1b bc 8b 63 4d 46 9e 62 d7 6e 2e d7 09 76 73 f0 d7 3a 11 26 a1 49 81 a9 68 d2 60 3a 9a 0c 39 df f6 3a 93 7d b3 61 0e 2c 50 2a 24 54 cf 80 77 c3 99 f0 1e 58 08 ef 85 b3 e0 83 f0 71 f6 5d 02 9f 80 45 70 3d c7 da c0 71 5f 81 1b d1 bc a6 66 04 d7 8a bd 74 dc 42 4e de 44 7e 0b 7e 82 e6 73 58 0e f7 c3 3f c2 3f c3 bf 91 fe 37 f0 ef f0 30 fc 16 1e 81 d6 d1 28 a8 a1 81 3e 18 0c 43 a0 1f b6 84 a1 b0 15 0c 83 ad 61
                                                                  Data Ascii: ~7{h!KS;X#GS<Ohj!JUU[.;<}uX8#`<7Qf8[XxcMFbn.vs:&Ih`:9:}a,P*$TwXq]Ep=q_ftBND~~sX??70(>Ca
                                                                  2024-06-11 18:00:41 UTC1369INData Raw: 72 a9 b3 5e 6d ed 6c f7 aa ee 12 12 2f f7 43 a8 9a cc fe 9d 49 f7 3f e0 f5 85 ae c5 f5 49 cd dd 2d b5 71 8f da 29 b5 d1 c9 c1 30 04 fa 61 4b 18 0a 5b c1 30 d8 1a b6 81 e1 30 02 9e 01 db c2 76 30 12 9e 09 db c3 b3 60 14 3c 1b ba b3 4a e6 ac 42 dd 59 85 ef d0 2d dc ad a7 fd b0 35 8c f0 da 3b 5b a1 f6 ca 95 72 74 67 be 5a ca e7 53 ca ed ef 94 ea 11 5a 40 77 ff 46 52 16 1d a4 07 54 2e 6d 59 a8 2a 20 fc 63 e2 7e 25 3c 03 7b 91 20 f7 ec b6 67 fd d2 33 ee 21 f7 7b b9 1d 22 2d 6d 8d c8 f9 b2 77 f4 8f d7 49 4f 2e 4c 15 4a 5f 2d 4c cd 91 de 58 5f 35 4f 3f 69 f7 76 6f ef 7a 39 6a 81 de aa a2 d4 62 29 6d a9 e3 e2 cb 77 54 cb 25 4f d1 6a 95 bb f7 9f 1a 28 3e 75 5f b5 56 f2 e0 e7 98 5f c3 7d 5c 51 5a 18 df 1c 34 7b 90 13 91 9f 46 1e 86 cc 95 32 78 a6 be 27 e1 42 61 3f
                                                                  Data Ascii: r^ml/CI?I-q)0aK[00v0`<JBY-5;[rtgZSZ@wFRT.mY* c~%<{ g3!{"-mwIO.LJ_-LX_5O?ivoz9jb)mwT%Oj(>u_V_}\QZ4{F2x'Ba?
                                                                  2024-06-11 18:00:41 UTC1369INData Raw: 41 de 09 df 45 f3 1e f2 fb 70 17 9a 0f 90 77 c3 0f d1 fc 06 79 2f fc 18 cd 3e e4 4f 60 29 9a df 22 7f 0a 7f 07 cb d0 ff 1e f9 33 f8 39 9a 72 e4 3f c0 fd 68 2a 90 bf 80 07 d0 fc 09 f9 20 fc 12 4d 0d f2 5f e0 21 34 7f 55 6a d9 7e 1d ed 64 f7 bc 53 d8 1d 9e 0f 7b c0 4b 55 e8 73 87 c4 3b 71 ec 8f 26 16 0e 82 43 5d ad 76 4f 40 45 1e 01 e3 e1 8d 70 24 bc 09 8e 82 37 c3 d1 f0 16 38 06 de 0a c7 c2 db e0 38 5b ed ef ad c7 c3 bb 38 fa 64 f4 ae a5 1f e3 9e 8c 8a 9c 2d bc cc 3d 19 15 b9 c0 96 fa 07 eb 19 f0 6e 38 13 de 03 0b e1 bd 70 16 fc b9 e4 7c 80 fe 05 7c 10 cd 43 b6 d6 3f 54 3f 02 1f 27 cd 25 f0 09 58 04 5f a4 c4 d6 d8 12 ff 70 2d 35 6d c9 5c 5d 0c 5f 87 9b e1 16 72 b8 15 f9 0d b8 0d 6e 87 25 e2 4b 8c d1 6f c3 1d a4 f6 0e dc 09 df 85 ef c1 f7 e1 2e b8 cf 56 fa
                                                                  Data Ascii: AEpwy/>O`)"39r?h* M_!4Uj~dS{KUs;q&C]vO@Ep$788[8d-=n8p||C?T?'%X_p-5m\]_rn%Ko.V
                                                                  2024-06-11 18:00:41 UTC1369INData Raw: d1 b5 1b 9d dd 0c 84 eb c9 f1 5e f8 7f 18 2b 50 75 63 26 09 9d 16 b9 39 47 8c 99 54 31 66 52 c5 98 49 15 63 26 c5 9d 8a cc f9 f6 90 1b 33 b1 a5 6e cc 04 f6 44 23 47 e8 f4 8c 3b 42 a7 95 72 56 09 a4 0d f5 a8 a3 67 d5 a9 9f 9c d5 80 26 67 35 80 b3 1a d0 e4 ac 06 78 67 d5 29 56 ce 2a 8e b3 1a c2 59 0d e1 ac e2 bc b3 ea 34 84 63 5e af da 78 a3 75 be cf 60 25 ac 2d 64 6e ad e4 d2 cd ad ad 96 b2 0f d5 bb c8 93 0b d7 7a f1 b7 63 94 2b d5 6e 75 ed 6c 31 ed 6c f1 b9 4b 5d ca e7 2e a7 9d 8d 96 74 b2 b9 9e 29 85 75 4f dc 16 2c 90 b8 65 2e ae 37 2e 22 57 d2 8d 3b be 42 9b 1d 42 dc 87 b9 9e d5 b4 d3 b5 e2 0b f4 92 b8 51 aa 8f dc dd 7b dc 93 66 5b f2 ab 30 93 a1 22 1e ec 23 7b a4 90 a3 47 c8 31 7b 9b 0f 0a 1b ce 09 2e 77 f9 36 67 13 6b 38 9c 62 4b 5b cf 16 bb e9 98 02
                                                                  Data Ascii: ^+Puc&9GT1fRIc&3nD#G;BrVg&g5xg)V*Y4c^xu`%-dnzc+nul1lK].t)uO,e.7."W;BBQ{f[0"#{G1{.w6gk8bK[


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  10192.168.2.44976496.6.160.1434437352C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:41 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                                  Host: armmf.adobe.com
                                                                  Connection: keep-alive
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                                  Sec-Fetch-Site: same-origin
                                                                  Sec-Fetch-Mode: no-cors
                                                                  Sec-Fetch-Dest: empty
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  If-None-Match: "78-5faa31cce96da"
                                                                  If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                                                  2024-06-11 18:00:41 UTC198INHTTP/1.1 304 Not Modified
                                                                  Content-Type: text/plain; charset=UTF-8
                                                                  Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                                  ETag: "78-5faa31cce96da"
                                                                  Date: Tue, 11 Jun 2024 18:00:41 GMT
                                                                  Connection: close


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  11192.168.2.44976651.161.117.1534437720C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:41 UTC605OUTGET /favicon.ico HTTP/1.1
                                                                  Host: iexeuniversidad.com
                                                                  Connection: keep-alive
                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                  sec-ch-ua-mobile: ?0
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  sec-ch-ua-platform: "Windows"
                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                  Sec-Fetch-Site: same-origin
                                                                  Sec-Fetch-Mode: no-cors
                                                                  Sec-Fetch-Dest: image
                                                                  Referer: https://iexeuniversidad.com/portal.html
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2024-06-11 18:00:42 UTC167INHTTP/1.1 200 OK
                                                                  Server: nginx
                                                                  Date: Tue, 11 Jun 2024 18:00:41 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: close
                                                                  Vary: User-Agent


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  12192.168.2.44977051.161.117.1534437720C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:00:42 UTC354OUTGET /favicon.ico HTTP/1.1
                                                                  Host: iexeuniversidad.com
                                                                  Connection: keep-alive
                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                  Accept: */*
                                                                  Sec-Fetch-Site: none
                                                                  Sec-Fetch-Mode: cors
                                                                  Sec-Fetch-Dest: empty
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.9
                                                                  2024-06-11 18:00:43 UTC167INHTTP/1.1 200 OK
                                                                  Server: nginx
                                                                  Date: Tue, 11 Jun 2024 18:00:42 GMT
                                                                  Content-Type: text/html; charset=UTF-8
                                                                  Content-Length: 0
                                                                  Connection: close
                                                                  Vary: User-Agent


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  13192.168.2.44977113.85.23.86443
                                                                  TimestampBytes transferredDirectionData
                                                                  2024-06-11 18:01:18 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Fl2pNcymfwyN9UW&MD=KLZbXtzN HTTP/1.1
                                                                  Connection: Keep-Alive
                                                                  Accept: */*
                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                  Host: slscr.update.microsoft.com
                                                                  2024-06-11 18:01:18 UTC560INHTTP/1.1 200 OK
                                                                  Cache-Control: no-cache
                                                                  Pragma: no-cache
                                                                  Content-Type: application/octet-stream
                                                                  Expires: -1
                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                  ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_1440"
                                                                  MS-CorrelationId: bec3c4d5-d4fb-4b18-9e78-75329ab52c3d
                                                                  MS-RequestId: 2b5a47f6-3893-4221-9a8c-9684e3b57e1c
                                                                  MS-CV: A/6cAx/eD0mJQPSU.0
                                                                  X-Microsoft-SLSClientCache: 1440
                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                  X-Content-Type-Options: nosniff
                                                                  Date: Tue, 11 Jun 2024 18:01:18 GMT
                                                                  Connection: close
                                                                  Content-Length: 25457
                                                                  2024-06-11 18:01:18 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                  Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                  2024-06-11 18:01:18 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                  Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:0
                                                                  Start time:14:00:24
                                                                  Start date:11/06/2024
                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ACH Electronic Remittance Reciept.pdf"
                                                                  Imagebase:0x7ff6bc1b0000
                                                                  File size:5'641'176 bytes
                                                                  MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:moderate
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:1
                                                                  Start time:14:00:26
                                                                  Start date:11/06/2024
                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                  Imagebase:0x7ff74bb60000
                                                                  File size:3'581'912 bytes
                                                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:moderate
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:3
                                                                  Start time:14:00:26
                                                                  Start date:11/06/2024
                                                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1640,i,14712021949428459927,10776584995888633118,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                  Imagebase:0x7ff74bb60000
                                                                  File size:3'581'912 bytes
                                                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:moderate
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:4
                                                                  Start time:14:00:29
                                                                  Start date:11/06/2024
                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://qrco.de/bf8XxK
                                                                  Imagebase:0x7ff76e190000
                                                                  File size:3'242'272 bytes
                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:5
                                                                  Start time:14:00:30
                                                                  Start date:11/06/2024
                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 --field-trial-handle=2264,i,5115585336318407760,10633538412966993992,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                  Imagebase:0x7ff76e190000
                                                                  File size:3'242'272 bytes
                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  Disassembly

                                                                  No disassembly