Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pfK5wqaIhu.pdf

Overview

General Information

Sample name:pfK5wqaIhu.pdf
renamed because original name is a hash value
Original sample name:87246710a5069ad144deb9dcfb3bcdc6d5a8cca507b820a1e7af72755083a339.pdf
Analysis ID:1592935
MD5:ad266f5e8c19a4d8b8eed607e4084845
SHA1:5a8e6d3780f5de1cc11f60bcdd15878bb5b72827
SHA256:87246710a5069ad144deb9dcfb3bcdc6d5a8cca507b820a1e7af72755083a339
Tags:bookingItalianPastapdfuser-JAMESWT_MHT
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PDF has an OpenAction (likely to launch a dropper script)

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 4196 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\pfK5wqaIhu.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6208 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 2448 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1756,i,12063728696051712839,751656444868727226,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 7944 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://clintonmakes.com/215c/#xjnlc6tz9slr90ljkvyd4hal" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 8120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2012,i,17007502043534105949,12751466779547104436,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'view complaint'
AI detected suspicious Javascript
Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://clintonmakes.com/215c/#xjnlc6tz9slr90ljkvy... This script demonstrates high-risk behavior, including dynamic code execution and data exfiltration. It attempts to redirect the user to an untrusted domain, which is a strong indicator of malicious intent.
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49950 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50019 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50022 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50024 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 172.67.168.162 172.67.168.162
Source: Joe Sandbox ViewIP Address: 66.63.187.216 66.63.187.216
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknownTCP traffic detected without corresponding DNS query: 40.115.3.253
Source: global trafficHTTP traffic detected: GET /215c/ HTTP/1.1Host: clintonmakes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bookid82291 HTTP/1.1Host: minedudiser.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://clintonmakes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: fixecondfirbook.infoConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: http://clintonmakes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /215c/ HTTP/1.1Host: clintonmakes.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: f5510ad44=0ad448213ea0
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: clintonmakes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://clintonmakes.com/215c/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: clintonmakes.com
Source: global trafficDNS traffic detected: DNS query: minedudiser.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: fixecondfirbook.info
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: unknownHTTP traffic detected: POST /report/v4?s=om49Alzf1oAtZJgeG1rEm3yS6gSIVKA2UQTjaH4CJWhZVbh%2FGhaQ3P1aGr8NuwooJdOV3BjM0keDnR%2FLHgnYiCTnlN%2FXC27FbzYiv2qwUnfYD9qJjxw6gJlu0J0oBjFzg3dL9O%2FPQg%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 455Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 16:09:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedserver: Apache/2.4.37 (Rocky Linux)Content-Encoding: gzipData Raw: 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d ce 4d 0f 82 30 0c 06 e0 bf 52 b9 4b d1 70 6c 76 90 8f 48 82 48 cc 38 78 c4 ac 04 12 64 c8 86 c6 7f ef 74 17 2f 4d da f7 c9 9b d2 26 3d 27 f2 5a 67 70 94 a7 12 ea e6 50 16 09 04 5b c4 22 93 39 62 2a 53 9f ec c3 08 31 ab 02 41 bd bd 8f 6e 72 ab 04 d9 c1 8e 2c e2 28 86 4a 5b c8 f5 3a 29 42 7f 24 f4 e4 a6 d5 db f1 9d f8 13 6e a3 59 c8 9e 61 e1 c7 ca c6 b2 82 e6 52 c2 ab 35 30 39 d6 7d 19 e8 09 6c 3f 18 30 bc 3c 79 09 09 67 57 ea eb f0 f7 04 7c 00 b6 fe c5 76 be 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a8MM0RKplvHH8xdt/M&='ZgpP["9b*S1Anr,(J[:)B$nYaR509}l?0<ygW|v0
Source: pfK5wqaIhu.pdfString found in binary or memory: https://clintonmakes.com/215c/#xjnlc6tz9slr90ljkvyd4hal)
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49950 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50019 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50022 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:50024 version: TLS 1.2
Source: classification engineClassification label: mal48.winPDF@47/46@12/12
Source: pfK5wqaIhu.pdfInitial sample: https://clintonmakes.com/215c/#xjnlc6tz9slr90ljkvyd4hal
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-16 11-09-04-353.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\pfK5wqaIhu.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1756,i,12063728696051712839,751656444868727226,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://clintonmakes.com/215c/#xjnlc6tz9slr90ljkvyd4hal"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2012,i,17007502043534105949,12751466779547104436,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1756,i,12063728696051712839,751656444868727226,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2012,i,17007502043534105949,12751466779547104436,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: pfK5wqaIhu.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: pfK5wqaIhu.pdfInitial sample: PDF keyword stream count = 33
Source: pfK5wqaIhu.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: pfK5wqaIhu.pdfInitial sample: PDF keyword obj count = 85
Source: pfK5wqaIhu.pdfInitial sample: PDF keyword /OpenAction
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management Instrumentation2
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1592935 Sample: pfK5wqaIhu.pdf Startdate: 16/01/2025 Architecture: WINDOWS Score: 48 31 AI detected suspicious Javascript 2->31 33 AI detected landing page (webpage, office document or email) 2->33 7 chrome.exe 1 2->7         started        10 Acrobat.exe 18 68 2->10         started        process3 dnsIp4 19 192.168.2.10 unknown unknown 7->19 21 192.168.2.11 unknown unknown 7->21 23 5 other IPs or domains 7->23 12 chrome.exe 7->12         started        15 AcroCEF.exe 105 10->15         started        process5 dnsIp6 25 minedudiser.com 186.64.116.70, 443, 49878, 49879 ZAMLTDACL Chile 12->25 27 www.google.com 216.58.206.36, 443, 49885, 50021 GOOGLEUS United States 12->27 29 3 other IPs or domains 12->29 17 AcroCEF.exe 2 15->17         started        process7

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
pfK5wqaIhu.pdf3%ReversingLabsDocument-PDF.Phishing.Generic
pfK5wqaIhu.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://clintonmakes.com/215c/0%Avira URL Cloudsafe
http://clintonmakes.com/favicon.ico0%Avira URL Cloudsafe
https://clintonmakes.com/215c/#xjnlc6tz9slr90ljkvyd4hal)0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    		high
    www.google.com
    		216.58.206.36
    		truefalse
      		high
      clintonmakes.com
      		66.63.187.216
      		truefalse
        		high
        fixecondfirbook.info
        		172.67.168.162
        		truefalse
          		high
          minedudiser.com
          		186.64.116.70
          		truefalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://a.nel.cloudflare.com/report/v4?s=om49Alzf1oAtZJgeG1rEm3yS6gSIVKA2UQTjaH4CJWhZVbh%2FGhaQ3P1aGr8NuwooJdOV3BjM0keDnR%2FLHgnYiCTnlN%2FXC27FbzYiv2qwUnfYD9qJjxw6gJlu0J0oBjFzg3dL9O%2FPQg%3D%3Dfalse
              		high
              https://minedudiser.com/bookid82291false
                		high
                http://clintonmakes.com/215c/false
                  		unknown
                  https://clintonmakes.com/215c/true
                  • Avira URL Cloud: safe
                  		unknown
                  https://fixecondfirbook.info/false
                    		high
                    http://clintonmakes.com/favicon.icofalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://clintonmakes.com/215c/#xjnlc6tz9slr90ljkvyd4hal)pfK5wqaIhu.pdffalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    172.67.168.162
                    		fixecondfirbook.infoUnited States
                    		13335CLOUDFLARENETUSfalse
                    216.58.206.36
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    66.63.187.216
                    		clintonmakes.comUnited States
                    		8100ASN-QUADRANET-GLOBALUSfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    186.64.116.70
                    		minedudiser.comChile
                    		52368ZAMLTDACLfalse
                    35.190.80.1
                    		a.nel.cloudflare.comUnited States
                    		15169GOOGLEUSfalse

                    Private

                    IP
                    192.168.2.7
                    192.168.2.16
                    192.168.2.9
                    192.168.2.6
                    192.168.2.11
                    192.168.2.10

                    General Information

                    Joe Sandbox version:42.0.0 Malachite
                    Analysis ID:1592935
                    Start date and time:2025-01-16 17:08:07 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 5m 38s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowspdfcookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:15
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:pfK5wqaIhu.pdf
                    renamed because original name is a hash value
                    Original Sample Name:87246710a5069ad144deb9dcfb3bcdc6d5a8cca507b820a1e7af72755083a339.pdf
                    Detection:MAL
                    Classification:mal48.winPDF@47/46@12/12
                    Cookbook Comments:
                    • Found application associated with file extension: .pdf
                    • Found PDF document
                    • Close Viewer

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 2.23.240.205, 172.64.41.3, 162.159.61.3, 2.22.242.11, 2.22.242.123, 2.23.77.188, 84.201.210.23, 172.217.18.3, 64.233.166.84, 142.250.184.238, 142.250.181.238, 142.250.186.78, 172.217.16.202, 216.58.212.170, 172.217.18.10, 142.250.186.138, 216.58.206.42, 142.250.184.202, 172.217.16.138, 142.250.185.138, 142.250.185.170, 142.250.185.74, 142.250.184.234, 142.250.186.74, 142.250.186.42, 142.250.185.106, 216.58.206.74, 172.217.18.106, 172.217.18.14, 142.250.184.206, 142.250.185.238, 172.217.16.206, 142.250.185.163, 216.58.212.174, 142.250.186.46, 216.58.212.142, 216.58.206.46, 13.107.246.45, 3.233.129.217, 184.28.90.27, 104.126.112.182, 20.109.210.53
                    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, optimizationguide-pa.googleapis.com, clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    66.63.187.2169L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                    • clintonmakes.com/favicon.ico
                    zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                    • swxpeyou.com/favicon.ico
                    weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                    • edwatsonsmallworks.com/favicon.ico
                    ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                    • leahbdesign.com/favicon.ico
                    cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                    • revelsocialclub.com/favicon.ico
                    iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                    • ritarichards.com/favicon.ico
                    BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                    • burnalong-info.com/favicon.ico
                    OpoLADYwIE.pdfGet hashmaliciousUnknownBrowse
                    • scaladc.com/favicon.ico
                    JlZU1N9b8M.pdfGet hashmaliciousUnknownBrowse
                    • hannahhalesharp.com/favicon.ico
                    cCVZk5O7GW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                    • ceilingsanddrywall.com/favicon.ico
                    172.67.168.162weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                      ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                        cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                          iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                            BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                              cCVZk5O7GW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                ilCvGBnBTU.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                  ItalianPastaLumma.htaGet hashmaliciousUnknownBrowse
                                    xIrbQ5rfDu.exeGet hashmaliciousGlupteba, SmokeLoader, Socks5Systemz, Stealc, XmrigBrowse

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      minedudiser.com9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 186.64.116.70
                                      zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                      • 186.64.116.70
                                      weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 186.64.116.70
                                      ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 186.64.116.70
                                      cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                      • 186.64.116.70
                                      iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                                      • 186.64.116.70
                                      BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 186.64.116.70
                                      OpoLADYwIE.pdfGet hashmaliciousUnknownBrowse
                                      • 186.64.116.70
                                      JlZU1N9b8M.pdfGet hashmaliciousUnknownBrowse
                                      • 186.64.116.70
                                      cCVZk5O7GW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 186.64.116.70
                                      fixecondfirbook.info9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 104.21.94.195
                                      zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                      • 104.21.94.195
                                      weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 172.67.168.162
                                      ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 172.67.168.162
                                      cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                      • 172.67.168.162
                                      iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                                      • 172.67.168.162
                                      BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 104.21.94.195
                                      OpoLADYwIE.pdfGet hashmaliciousUnknownBrowse
                                      • 104.21.94.195
                                      JlZU1N9b8M.pdfGet hashmaliciousUnknownBrowse
                                      • 104.21.94.195
                                      cCVZk5O7GW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 104.21.94.195
                                      clintonmakes.com9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 66.63.187.216

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      CLOUDFLARENETUS9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 104.21.94.195
                                      https://852u.adj.st/credits-opensea/?sk=288xDmHv&adj_t=wt0ujiy&adj_deep_link=eversheds-sutherlandpago://credits-opensea/?sk=288xDmHv&adj_label=MLM_MP_ML-EMAIL_CC_MARA_AO-UCR_ALL_ACT_X_X_DEFAULT_I-EG-UCR-MUTT-MAR-ABIERTO&adj_fallback=https://iondetox.com.ar/g63c/5617939594/Eversheds-sutherland/?eu=Y2xvemFub0BldmVyc2hlZHMtc3V0aGVybGFuZC5lcw==Get hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      Aura.exeGet hashmaliciousLummaC, PureLog Stealer, XmrigBrowse
                                      • 104.21.96.1
                                      Menu.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                      • 104.21.112.1
                                      zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                      • 104.21.94.195
                                      New [V2.2.0].exeGet hashmaliciousLummaCBrowse
                                      • 104.21.39.230
                                      SecurityHealthHost.exeGet hashmaliciousStealeriumBrowse
                                      • 104.16.185.241
                                      weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 172.67.168.162
                                      ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 172.67.168.162
                                      cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                      • 172.67.168.162
                                      ZAMLTDACL9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 186.64.116.70
                                      zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                      • 186.64.116.70
                                      weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 186.64.116.70
                                      ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 186.64.116.70
                                      cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                      • 186.64.116.70
                                      iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                                      • 186.64.116.70
                                      BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 186.64.116.70
                                      OpoLADYwIE.pdfGet hashmaliciousUnknownBrowse
                                      • 186.64.116.70
                                      JlZU1N9b8M.pdfGet hashmaliciousUnknownBrowse
                                      • 186.64.116.70
                                      cCVZk5O7GW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 186.64.116.70
                                      ASN-QUADRANET-GLOBALUS9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 66.63.187.216
                                      zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                      • 66.63.187.216
                                      weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 66.63.187.216
                                      ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 66.63.187.216
                                      cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                      • 66.63.187.216
                                      iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                                      • 66.63.187.216
                                      BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 66.63.187.216
                                      OpoLADYwIE.pdfGet hashmaliciousUnknownBrowse
                                      • 66.63.187.216
                                      JlZU1N9b8M.pdfGet hashmaliciousUnknownBrowse
                                      • 66.63.187.216
                                      cCVZk5O7GW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 66.63.187.216

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      3b5074b1b5d032e5620f69f9f700ff0eAura.exeGet hashmaliciousLummaC, PureLog Stealer, XmrigBrowse
                                      • 40.115.3.253
                                      SecurityHealthHost.exeGet hashmaliciousStealeriumBrowse
                                      • 40.115.3.253
                                      svchost.exeGet hashmaliciousStealeriumBrowse
                                      • 40.115.3.253
                                      Wallet-PrivateKey.Pdf.exeGet hashmaliciousStealeriumBrowse
                                      • 40.115.3.253
                                      ilCvGBnBTU.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      • 40.115.3.253
                                      http://90.151.171.106/ip.php?Z78882587431Q1Get hashmaliciousUnknownBrowse
                                      • 40.115.3.253
                                      80 Statement of accounts as of Sep 11 2024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 40.115.3.253
                                      PAYMENT SLIP.exeGet hashmaliciousMassLogger RATBrowse
                                      • 40.115.3.253
                                      ItalianPastaLumma.htaGet hashmaliciousUnknownBrowse
                                      • 40.115.3.253
                                      main.ps1Get hashmaliciousUnknownBrowse
                                      • 40.115.3.253

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):295
                                      Entropy (8bit):5.195988366931027
                                      Encrypted:false
                                      SSDEEP:6:iO+9913+q2PN72nKuAl9OmbnIFUtU99nS5Zmwq99nStVkwON72nKuAl9OmbjLJ:7+QvVaHAahFUtUXS5/qXST5OaHAaSJ
                                      MD5:5EA197950C12F6924B80B59BD622F78E
                                      SHA1:0202D0E757E64A59D73685AB391883A08F8FB6AF
                                      SHA-256:C95C6DB665604B95B102D3D30DCEA3E1C7637AF46F773081521905785725CFB3
                                      SHA-512:C9CC2C57D03F2C93865744042BC32397C7111E0C815B43C2F2CB70CCDE259BD922A2604B05D220C5A6889C9DD6D677D05F50B41DC273541E892BF95D7D47F80C
                                      Malicious:false
                                      Reputation:low
                                      Preview:2025/01/16-11:09:02.162 878 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/16-11:09:02.165 878 Recovering log #3.2025/01/16-11:09:02.165 878 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):295
                                      Entropy (8bit):5.195988366931027
                                      Encrypted:false
                                      SSDEEP:6:iO+9913+q2PN72nKuAl9OmbnIFUtU99nS5Zmwq99nStVkwON72nKuAl9OmbjLJ:7+QvVaHAahFUtUXS5/qXST5OaHAaSJ
                                      MD5:5EA197950C12F6924B80B59BD622F78E
                                      SHA1:0202D0E757E64A59D73685AB391883A08F8FB6AF
                                      SHA-256:C95C6DB665604B95B102D3D30DCEA3E1C7637AF46F773081521905785725CFB3
                                      SHA-512:C9CC2C57D03F2C93865744042BC32397C7111E0C815B43C2F2CB70CCDE259BD922A2604B05D220C5A6889C9DD6D677D05F50B41DC273541E892BF95D7D47F80C
                                      Malicious:false
                                      Reputation:low
                                      Preview:2025/01/16-11:09:02.162 878 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/16-11:09:02.165 878 Recovering log #3.2025/01/16-11:09:02.165 878 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):342
                                      Entropy (8bit):5.1371182670535775
                                      Encrypted:false
                                      SSDEEP:6:iO+99Kyq2PN72nKuAl9Ombzo2jMGIFUtU99dW11Zmwq99ZRkwON72nKuAl9Ombzz:7+/vVaHAa8uFUtUtW11/qP5OaHAa8RJ
                                      MD5:11DADAEC2949B00528C56860CA4FEF87
                                      SHA1:4AB2135F01160284A4534CE51CD6F535947ADFF0
                                      SHA-256:CFF8DF49B9DB96C152007104464904B04DBAD5FF8C7BEAE2BAAD915D20C278F1
                                      SHA-512:62F7B304AD38A9A8135F4E9E763E1BDAB448621194C262DAA885B773848D2995F7EEC681E4CBBABB895AD5DC8D33997231768888F0D75A41C663B4CDC7934717
                                      Malicious:false
                                      Reputation:low
                                      Preview:2025/01/16-11:09:02.193 1034 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/16-11:09:02.195 1034 Recovering log #3.2025/01/16-11:09:02.196 1034 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):342
                                      Entropy (8bit):5.1371182670535775
                                      Encrypted:false
                                      SSDEEP:6:iO+99Kyq2PN72nKuAl9Ombzo2jMGIFUtU99dW11Zmwq99ZRkwON72nKuAl9Ombzz:7+/vVaHAa8uFUtUtW11/qP5OaHAa8RJ
                                      MD5:11DADAEC2949B00528C56860CA4FEF87
                                      SHA1:4AB2135F01160284A4534CE51CD6F535947ADFF0
                                      SHA-256:CFF8DF49B9DB96C152007104464904B04DBAD5FF8C7BEAE2BAAD915D20C278F1
                                      SHA-512:62F7B304AD38A9A8135F4E9E763E1BDAB448621194C262DAA885B773848D2995F7EEC681E4CBBABB895AD5DC8D33997231768888F0D75A41C663B4CDC7934717
                                      Malicious:false
                                      Reputation:low
                                      Preview:2025/01/16-11:09:02.193 1034 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/16-11:09:02.195 1034 Recovering log #3.2025/01/16-11:09:02.196 1034 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\745bb58c-c224-4dab-8774-4d34035d90bd.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:modified
                                      Size (bytes):546
                                      Entropy (8bit):4.949986498314938
                                      Encrypted:false
                                      SSDEEP:12:YHgLdvZOjKWoqBWsB6um3RA8sqj6+sBd2caq3QH7E4T3y:YALt8jK8B7JsRds4+dJ3QH7nby
                                      MD5:F70056D91694E1286B319FCD3C4A9C49
                                      SHA1:6D74D07C1E4BCD86E25B01E0598EEBF77679E35D
                                      SHA-256:17A71FA82AAEDA7E033210BF6E8BCA6A375D491E8A068DF90EE95F8C8F523906
                                      SHA-512:8E223151A4EC413B017C3C5E09F003DA7218FA98AFD4CC9D2A26A58AD5968DABFF414224C3209A4887758EA9E78AE6EB1F39ACB6A18BFAF9B7062F218740815E
                                      Malicious:false
                                      Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"broken_until":"1737044052","host":"chrome.cloudflare-dns.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381603754616775","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):546
                                      Entropy (8bit):4.949986498314938
                                      Encrypted:false
                                      SSDEEP:12:YHgLdvZOjKWoqBWsB6um3RA8sqj6+sBd2caq3QH7E4T3y:YALt8jK8B7JsRds4+dJ3QH7nby
                                      MD5:F70056D91694E1286B319FCD3C4A9C49
                                      SHA1:6D74D07C1E4BCD86E25B01E0598EEBF77679E35D
                                      SHA-256:17A71FA82AAEDA7E033210BF6E8BCA6A375D491E8A068DF90EE95F8C8F523906
                                      SHA-512:8E223151A4EC413B017C3C5E09F003DA7218FA98AFD4CC9D2A26A58AD5968DABFF414224C3209A4887758EA9E78AE6EB1F39ACB6A18BFAF9B7062F218740815E
                                      Malicious:false
                                      Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"broken_until":"1737044052","host":"chrome.cloudflare-dns.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381603754616775","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):5859
                                      Entropy (8bit):5.243655339993463
                                      Encrypted:false
                                      SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7RfLqM:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhZ
                                      MD5:4DCB5D7E21D8435E6F1059B2B3588486
                                      SHA1:58F51EB0A1C9FAD3B9647B13C2C06D5F772F9DB0
                                      SHA-256:700C3146D5B1F64DB4BEE8D1D568A51E601EE4C28909353AAFEB61B1285B2572
                                      SHA-512:193F11A0847B1EF5E721C3354D4EF064C402A74660030537AC0E0D268F644837B638AEEA12D82B963C8CA35A09909E83E6ED69A5C30B48AA5946124132CC8092
                                      Malicious:false
                                      Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):330
                                      Entropy (8bit):5.148164712240988
                                      Encrypted:false
                                      SSDEEP:6:iO+99MXVOyq2PN72nKuAl9OmbzNMxIFUtU99MXcT11Zmwq99MXQu8pRkwON72nKA:7++jvVaHAa8jFUtUT1/qvP5OaHAa84J
                                      MD5:E827698195C126A9500A7B386CF1A421
                                      SHA1:754290CA60931A7AFF6624859A5E4C6B9812DE12
                                      SHA-256:DFA0EA09825133A1133E5BF55D9E3DF451FDB0B6F0E9D0D9FD5316DB68B57ED6
                                      SHA-512:F37A34DDF84A736BDCB784E214D037F67A072FAF6C42B1FF38DD6199D0EB06EE3B04AF5E072A7FE1DE6FBE6DAEB41842B567C7C117A69EF5840B5E7819256889
                                      Malicious:false
                                      Preview:2025/01/16-11:09:03.256 1034 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/16-11:09:03.265 1034 Recovering log #3.2025/01/16-11:09:03.269 1034 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):330
                                      Entropy (8bit):5.148164712240988
                                      Encrypted:false
                                      SSDEEP:6:iO+99MXVOyq2PN72nKuAl9OmbzNMxIFUtU99MXcT11Zmwq99MXQu8pRkwON72nKA:7++jvVaHAa8jFUtUT1/qvP5OaHAa84J
                                      MD5:E827698195C126A9500A7B386CF1A421
                                      SHA1:754290CA60931A7AFF6624859A5E4C6B9812DE12
                                      SHA-256:DFA0EA09825133A1133E5BF55D9E3DF451FDB0B6F0E9D0D9FD5316DB68B57ED6
                                      SHA-512:F37A34DDF84A736BDCB784E214D037F67A072FAF6C42B1FF38DD6199D0EB06EE3B04AF5E072A7FE1DE6FBE6DAEB41842B567C7C117A69EF5840B5E7819256889
                                      Malicious:false
                                      Preview:2025/01/16-11:09:03.256 1034 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/16-11:09:03.265 1034 Recovering log #3.2025/01/16-11:09:03.269 1034 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250116160908Z-224.bmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PC bitmap, Windows 3.x format, 164 x -150 x 32, cbSize 98454, bits offset 54
                                      Category:dropped
                                      Size (bytes):98454
                                      Entropy (8bit):1.772163068792158
                                      Encrypted:false
                                      SSDEEP:192:oR+XJG4jph1TmHlVFs41G+nHvIo1TqhWhW8d4hb1:oR+UXJDdw
                                      MD5:E1A47078EF5BC2835E060D0A6ABFB004
                                      SHA1:603E5F9CD41A61B5AA76FB9A2E83753E69C01C3E
                                      SHA-256:633B347D828CCF54FBC1843255567C720BDEFD8E192C0AB54273D7B24C204396
                                      SHA-512:9D9A89B0EB91D51A9C7BD74303184E91CE162C3A3EC2B6450086F7453D2028BDDBB26AFBFC5E5590A329ECB68A026EB6C84DDDA239D91F2E3CD7BEB1D9F0919E
                                      Malicious:false
                                      Preview:BM........6...(.......j..... ..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5...5

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                                      Category:dropped
                                      Size (bytes):86016
                                      Entropy (8bit):4.444677169653716
                                      Encrypted:false
                                      SSDEEP:384:ye6ci5tZiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:m6s3OazzU89UTTgUL
                                      MD5:6786F23FE9442A297C5B089D13646E92
                                      SHA1:4555565EC2250FC07EA2792468A4F55E385089A7
                                      SHA-256:993395AA96F0C859F0EE61AD0586BA6EF81CC19DE308D674D3B9BC61FE107EE2
                                      SHA-512:4632B1E39123C772928D02FC2E60C74C0BF16B306DE699A0F740E8A479088A65AFD918FAA8E95FB5CFFBED26FA56E60C0BE6F2F9C485E2A0123C673A88554BBB
                                      Malicious:false
                                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite Rollback Journal
                                      Category:dropped
                                      Size (bytes):8720
                                      Entropy (8bit):3.7699974369416305
                                      Encrypted:false
                                      SSDEEP:48:7MBlJioyVoioyyoy1C7oy16oy1KKOioy1noy1AYoy1Wioy1oioykioyBoy1noy14:7MJuoWVXjBi3b9IVXEBodRBkg
                                      MD5:9DCC5DBCDF1A1C752CEFB4CFDB095B86
                                      SHA1:5F03868626764532EB98F27BE2D4D5F83BD9414A
                                      SHA-256:390158EF2670E2BBC480012FD09312A004AB541DF45DCF2BD77B855038C27935
                                      SHA-512:E169AF34E98DC65B9FD66A9334F588A460F9613E5E5FB21099FC646D2958655CA83A2392D34E3FA0E4A87EC17EFA26DD4BAB6F7CFFECBD8120D2001C9C04AEFB
                                      Malicious:false
                                      Preview:.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):228351
                                      Entropy (8bit):3.3898188882857125
                                      Encrypted:false
                                      SSDEEP:1536:qKPC4iyzDtrh1cK3XEivQ7VK/3AYvYwgF/rRoL+sn:XPCaH/3AYvYwglFoL+sn
                                      MD5:20A7B5B58ED072AE08A03BC126638854
                                      SHA1:E6F3576C1BF518BFEB2E3117C7B06D9567BDA927
                                      SHA-256:68FB83644BDF0195E6D962C1F7D0B84820E78B61E08558D12E7669615AAC02AA
                                      SHA-512:624B8D689D50CC2960E85018035D1CECE498361FD31740AABC7AF56EF0F9623B20F2E1266ACC788A7320DDAB5FF6296175600F561D38437897E3F419B8A981CC
                                      Malicious:false
                                      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):295
                                      Entropy (8bit):5.378583147362058
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJM3g98kUwPeUkwRe9:YvXKXBDdUvc/GMbLUkee9
                                      MD5:739DB33D26A7772800F6C50CEF500315
                                      SHA1:AEF36DD6F795CC259ADF4B1317E19E2E7501B8B4
                                      SHA-256:BA078CB68B11D72EA8240A97AF1A08907B7ED327DF92BBD8E59F6C06BD1FC3C4
                                      SHA-512:8C533B20486393A37A8AF9EE3A374D2E5910EBDE75EDE0CA567B7043C93E1C1673D6960D58C09CED92050FA62537D4804FF79161C9CF3094D57E0DC63C49507B
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.3323905953858315
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJfBoTfXpnrPeUkwRe9:YvXKXBDdUvc/GWTfXcUkee9
                                      MD5:F5F81CFDF60612BA378531DBE6A49B89
                                      SHA1:498315F012DF2137498027E71812608A3FC87EFA
                                      SHA-256:D7A8C3E23F6359BDC2BF67FE2238E5C7178C56B863E972544D0F7653773D17C6
                                      SHA-512:F4D19C8602E0574220F982AAD6CC15D39A644817855BFB148765765301D71C1774D705C630E1A51AC8F0E02CE8ACC5E473BF1C67BD0E8D52A5C9CE7E2CB2E0E2
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.311877164523234
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJfBD2G6UpnrPeUkwRe9:YvXKXBDdUvc/GR22cUkee9
                                      MD5:B041781F1D0BF2A6123A461620FCB323
                                      SHA1:2F50C98DB91ED8D03501FB15E02264C6237960D2
                                      SHA-256:9461B803655E3606CCB10D369DCB42EB4B24DB81F07093016D618553711E0E1A
                                      SHA-512:A19335012EABF63ECB396797FC36F05DDD1570BA9C35C56829985072ECFB53F59272FB4F102EB0BEB39986A62B3F9AE6A7CA6B8CF36B660BD3B389689C2890B7
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):285
                                      Entropy (8bit):5.359139749729323
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJfPmwrPeUkwRe9:YvXKXBDdUvc/GH56Ukee9
                                      MD5:EE6B262A7DC6DCC7D27FA8D096D86333
                                      SHA1:D5F52E3F60A06E1ADEEB76F29C27E44E57C4365F
                                      SHA-256:7D84588C1727A44A9FE40E2324058DF209B5790BADC8FD2261687736F850371E
                                      SHA-512:7EDBD80656C2A0A3795DEBE2BC3585CE3C5A611DC53269E530C993657D22D51AA37A33E953724AE614CE4EA032C33797FDDCF2A33C7A94A76A751995B85B0A71
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1123
                                      Entropy (8bit):5.68916464852192
                                      Encrypted:false
                                      SSDEEP:24:Yv6XBDWUkpLgE9cQx8LennAvzBvkn0RCmK8czOCCS0Y:YvEDWNhgy6SAFv5Ah8cv/0Y
                                      MD5:779CE5A79D6DA6EAADC790EA61B80AC2
                                      SHA1:71C81FC6DC2E991237CE2C481F1D67474C32E4C8
                                      SHA-256:E20859F0E0ED5849D840CA130B72D8C321EF2B1C227CB5C556F048503B93C02F
                                      SHA-512:A34F0F25BEE0223F136788FAA510D6A72BB91129A5D8558E3F4EE84A97C9C721B7B8585C45AEF4BD363317909EAE05E9EBC8C8AD8366562EA7C9B4ED3BB7D724
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.307969577271467
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJf8dPeUkwRe9:YvXKXBDdUvc/GU8Ukee9
                                      MD5:94539B79BC1B9AB06E23E5848A1E6809
                                      SHA1:8F449C7BAC29AC479D33513CEC83E0118B469FDE
                                      SHA-256:8C62F8FDD821B2AFD081E17446E67E57E637A4A6CA3BB9E0CDED0C9403795F13
                                      SHA-512:B0DAEA3332DB18715E91AF5D714E3AD92A91151C2A607B273DA11DDB06B61ADC2E46D28A03E999A52F5F8167CB4A2953726A370BDFA1278D7FA31C615D61A0C8
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):292
                                      Entropy (8bit):5.310539950195752
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJfQ1rPeUkwRe9:YvXKXBDdUvc/GY16Ukee9
                                      MD5:D5CF369A1310FD8A484894DE3963CC58
                                      SHA1:6EDA5DE44A9BF13F7C73DBF34A2E74EE2DE49E97
                                      SHA-256:4A9DD51F20D796C36261003530B47638DC2221735AC9633E6F934C195D09097F
                                      SHA-512:CC2FF63456F99774926001AAE6F7CB7B253A3C3AB54171EE082F18B0834A6AED3989C8D5C30368FC9CFD932983E7A19F3F1B3BDCA74D1E3267500732CC9C7959
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.316562362460206
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJfFldPeUkwRe9:YvXKXBDdUvc/Gz8Ukee9
                                      MD5:E6C5D432EF9808EF9D1F3A545CEBEDFF
                                      SHA1:8CC01ED00D05FF65D960C6E12D965FBCBC5D2EEA
                                      SHA-256:5806F9BF57B099E862D8D825DA0CE496792BB07B9E2B3E545B46A46170877019
                                      SHA-512:80843ABC9BEDAD704B163BF09523C29FAAF1620AC9F9C15854CC52859E645C0F1E4714741A21A41962FC401B93B493B141FF8878E77C3FE0C548AFF20F6E4D1A
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):295
                                      Entropy (8bit):5.33344967191545
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJfzdPeUkwRe9:YvXKXBDdUvc/Gb8Ukee9
                                      MD5:D93247F08BD67BE149274045E81A8FB4
                                      SHA1:8982B3A0B4BF2263E85EE1D6A6702105CC8E0334
                                      SHA-256:DA559E4B21FF45FB8DDDFCA589F2DDF96484251F3E028EE153BDDCA9D828E475
                                      SHA-512:39F3EBA1358CDFF87D19D6E8AAD75FB4DF828B163B59F75499E850255F0ACFC4333A32A8CBE27E7C4FD98736E285883E6B52B3DC98E895F66B087319EA1661FF
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.314385858654472
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJfYdPeUkwRe9:YvXKXBDdUvc/Gg8Ukee9
                                      MD5:1D9E43F48512117D7F723FA14257A90A
                                      SHA1:C7647B44A9822F1CDAC8A3393BBAA5256BBD48AB
                                      SHA-256:E02AC1D2A13567F5DEE4A68283256D7591B1A7DCC53470AEF77F009C7E3DC1EC
                                      SHA-512:2638F3EB7959CA4BF1E0D4B9988AEC7B34903B0C826FD488E20C06F6C86161E3CB8AE2834CB0E0FB5FAB95711B51DEC63FFFAC5507067430400469643F8514AE
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):284
                                      Entropy (8bit):5.300988494564395
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJf+dPeUkwRe9:YvXKXBDdUvc/G28Ukee9
                                      MD5:22D12ECA417859244C685F0874A981BA
                                      SHA1:5F59A3C44D89E6333CF4075522BC8C20805317DC
                                      SHA-256:A1A44B6C690BD0F3EDAB4439A09C61119A0EFD203C354A57C6C87B028FC3EBCD
                                      SHA-512:1F9078C50851BE8FE45DC08DF39E7F0A8E588140CE4BBB18FE8CC73E138F1EE8E14CBE14176C50EC7BD7C81729F29DF0E39F677C814D47BD742E2160E5B131D4
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):291
                                      Entropy (8bit):5.2978340844475476
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJfbPtdPeUkwRe9:YvXKXBDdUvc/GDV8Ukee9
                                      MD5:B414366F9594970D4182A03FB723878B
                                      SHA1:A3BA54E65D9534F629150528E99030D51ED49769
                                      SHA-256:ECC8FEFB31FA8AB01488D4ADEEBBE904363F8DD146E8E48A70AF217D209954D4
                                      SHA-512:87B07A8DD6C103E417F9A0F025EF4EE07898B8340364F8C5491784AC05D74964A3D460D0B5D115E0B886D934C59055E24E1485197F8F5FE146A7478FB4DB724B
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):287
                                      Entropy (8bit):5.301414526528004
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJf21rPeUkwRe9:YvXKXBDdUvc/G+16Ukee9
                                      MD5:917BD62EE1A33761BA25856E9A6F8694
                                      SHA1:5472D42622D353F55B335CEC5AED084916E6BB59
                                      SHA-256:EB8A64A01ED11081991D755969FA5F0C016043241A0B72045E4296DA5B04F6B2
                                      SHA-512:13A1FF1BD91C873DDEEFF3371BC6ED4B526D9C4B30C0D12E4CA2C2840F31001B44D066D0478FBF00E309B37D3B5FB2F9F883D2F268D1696EFC13FB9333197E51
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1090
                                      Entropy (8bit):5.6636201803786825
                                      Encrypted:false
                                      SSDEEP:24:Yv6XBDWUAamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BS0Y:YvEDWpBgkDMUJUAh8cvM0Y
                                      MD5:3507E2491759F30B3EF478B1F4CC902A
                                      SHA1:36B4549DBFDCA38B2AE837067E9E534709C300F1
                                      SHA-256:483C41A0B5BEE679C9D992BE092508C12C9CE75956BB1C5EC9DB285A2777DDA8
                                      SHA-512:901FD8508AEE1BBE2877004783E51AF02A72ADA711A3A99B9F61C6B1B6EBF1D9B0348A019578472173523CEDC657D49DCDE845BD1AFCAB2AE23C15D2470DD5E3
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):286
                                      Entropy (8bit):5.277531988007243
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJfshHHrPeUkwRe9:YvXKXBDdUvc/GUUUkee9
                                      MD5:CD9D95C049B0D180108310E0607A6ED4
                                      SHA1:5DBC65508C5F0CD040D69F1F58B893B443ED8E5C
                                      SHA-256:A9A8DC952FF8D4DF0F3F7EEC1ADD588D38BA7E6BA6957E3C52825A10848210E8
                                      SHA-512:9CA5FE62DF7A2E946F3FF33AA66FEE5E909C9EB26FF1FE11F8ECB4B0E7FCAD03B92F95CD2FF6CD8ABA70AA103D0AB9A80CFA5F0C7DCB7A3271842BEFDBDF867C
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):282
                                      Entropy (8bit):5.28172863324164
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXBWUH9ohvnZiQ0YPoAvJTqgFCrPeUkwRe9:YvXKXBDdUvc/GTq16Ukee9
                                      MD5:362BF4EAA9100CE45527F3650CA3B533
                                      SHA1:D03CAD8E665AD5641F9BB067885F2B5B145E5CD3
                                      SHA-256:F7314A0F36CE0EA0F63E76FD5720F8BE59BF729E637758831FBFC9D9343291A7
                                      SHA-512:FF88DD308BFC0E26603DE7E83F82C991B5E5FF362D81E5697DE6ADF4BCB55B68C52AAE733D4246186C7EFACAB75C2B037FA4BC8772316F5C09A8DFFD919C5E50
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"63b2d0b8-3a9b-4e21-b9d7-fd5ae81b69b3","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1737220362577,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4
                                      Entropy (8bit):0.8112781244591328
                                      Encrypted:false
                                      SSDEEP:3:e:e
                                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                      Malicious:false
                                      Preview:....

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):2814
                                      Entropy (8bit):5.136807948860389
                                      Encrypted:false
                                      SSDEEP:48:YDz6KttuNxk6LWpvS+vuHoOIp90G9HYbxfwD9DTUGz:q6KttuNe6LWpvS+vuopV94bNeDTUGz
                                      MD5:842639578AA9356E7600C4E4759D7F76
                                      SHA1:F6CB27D3527216F2190BB101C5567ACEE0675FFC
                                      SHA-256:AB8B3C23D3DB904AC063CB8BB8B5389B1F367F6C146812D07838993AA3657AF3
                                      SHA-512:8A3112124760584A3B63B1FACC74FF87E24974E7EA6D339A0EA79C68B933FDC58FD26CEC866AE26F8FFBBA48A63308DEE14C4F9B6F38587FCE49A1021F37EA33
                                      Malicious:false
                                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"8314a2034630f3ba880c760b99588e81","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1737043752000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"cafb1d393741f1d99ad0e8693d742277","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1737043752000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b5e474aa9ad8023c0289826ff08cf2d4","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1737043752000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d29351544c5257ee858b3e62776ec2b9","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1737043751000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"7a92bfb88eb44b28752e277af2bfacd4","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1737043751000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"38e8a735a5a6fe0145e35137aeb9b074","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
                                      Category:dropped
                                      Size (bytes):12288
                                      Entropy (8bit):1.1456055244548204
                                      Encrypted:false
                                      SSDEEP:24:TLhx/XYKQvGJF7ursVRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHw:TFl2GL7mspXc+XcGNFlRYIX2v3kw
                                      MD5:A9EB59BA883AC6FA5561656142A6B2EE
                                      SHA1:D1737AAA8248ABEA07D08C3FED3D824869065201
                                      SHA-256:1C3DEDB2BBE4CD32035552F0DC3F05B76F7998D77D6DA37630382F321B20AB93
                                      SHA-512:06CDF842C9D714386691CF851FB14ADFE378448F51E9C2BDCF19627089A12130A39B900F66562B24FE5E18F185FE18E439C2D56872C047A9AB482513B7E42B20
                                      Malicious:false
                                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite Rollback Journal
                                      Category:dropped
                                      Size (bytes):8720
                                      Entropy (8bit):1.5504562414531462
                                      Encrypted:false
                                      SSDEEP:24:7+txUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLux0qLxx/XYKQX:7MiXc+XcGNFlRYIX2vBqVl2GL7ms4
                                      MD5:8406B695292E9D0213EDD703A8BD71DD
                                      SHA1:97636300B915A58C3D91A89974703CD34A86D630
                                      SHA-256:82F729468E6FF188B21A5962B9665A3F89821622544A5DB0E2BA06F86584EA15
                                      SHA-512:56537340378C1C807E405C13DB13BC742F851BAA76E154812EC57A6D3C0A1057F27EC72796B4A526879DB4D73C63DC9EBCCCFF8E12074A30CB00A3157DC5E69F
                                      Malicious:false
                                      Preview:.... .c......c...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):66726
                                      Entropy (8bit):5.392739213842091
                                      Encrypted:false
                                      SSDEEP:768:RNOpblrU6TBH44ADKZEgIb70BzKtv53DugjGZjC6DuHsoALYyu:6a6TZ44ADEIbxv53KgqZPuHgLK
                                      MD5:D325FCDD281F8F1E70E99B7BD80D41FD
                                      SHA1:2D361174210FA193CEA883E92852D67D0AF43563
                                      SHA-256:C5F1D797EED764AD3919B89FB6AF495ADCE18704DFDA470C818AFD45AB21205E
                                      SHA-512:EFC726DE79F2D7E4253A96F6CF65584EB09BDE9DF2AF82584E079C804A37F418ABB01D595FED1EC32D6DC45646450EBBB1C5A05F3E8E7AB50182741FE1051DF6
                                      Malicious:false
                                      Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                      C:\Users\user\AppData\Local\Temp\MSIead8c.LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):246
                                      Entropy (8bit):3.504899586627176
                                      Encrypted:false
                                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8eebClENlgYle:Qw946cPbiOxDlbYnuRKhsDNXw
                                      MD5:DC50A06949DA7927A532490ECCD22DC7
                                      SHA1:06BF124428EA5FCD0D89A30E5D2D267C492B517D
                                      SHA-256:DEB7B1317F910DFCE55EEB238807CC6E13F5300209554DCE8BFF85DF874F2D59
                                      SHA-512:6A16EB94BD0BB4AA869EE563F16A104CFE95642783E48B803C6AC708C65DFACEF3BD5E7CC049C23AAA34F7DCBE2F0DCD1AF038821CC9B9FF685F6D949C938F81
                                      Malicious:false
                                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.6./.0.1./.2.0.2.5. . .1.1.:.0.9.:.1.6. .=.=.=.....

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-16 11-09-04-353.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with very long lines (393)
                                      Category:dropped
                                      Size (bytes):16525
                                      Entropy (8bit):5.338264912747007
                                      Encrypted:false
                                      SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
                                      MD5:128A51060103D95314048C2F32A15C66
                                      SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
                                      SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
                                      SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
                                      Malicious:false
                                      Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):15114
                                      Entropy (8bit):5.3355354037067295
                                      Encrypted:false
                                      SSDEEP:384:TWaHUHhHMHqH/HZg8X8E8C8UV8H8z8i818KCZjdjfjbo4o8oZouo1G7t7p7zUVFH:s//
                                      MD5:CD1867BEAE43DE9D3362C0E0E796F279
                                      SHA1:36B80039B77D24AF0BADC80109937E22BC90FDCD
                                      SHA-256:D676DB20DF763166EB778B1793B433768EEDB4FBB7CEF45F3A81B9CE3F79475B
                                      SHA-512:011B63256A62316B420105B65312104407214FA34E87AC4D9352F1D5D49BD095A7107DA99A925D34F5B51ED97E3E20A3CD73168829B522E6FFF165CAA980ACDE
                                      Malicious:false
                                      Preview:SessionID=a97a05e4-3f56-4c29-b54d-2a7abfecc7b0.1737043744372 Timestamp=2025-01-16T11:09:04:372-0500 ThreadID=6556 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=a97a05e4-3f56-4c29-b54d-2a7abfecc7b0.1737043744372 Timestamp=2025-01-16T11:09:04:373-0500 ThreadID=6556 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=a97a05e4-3f56-4c29-b54d-2a7abfecc7b0.1737043744372 Timestamp=2025-01-16T11:09:04:373-0500 ThreadID=6556 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=a97a05e4-3f56-4c29-b54d-2a7abfecc7b0.1737043744372 Timestamp=2025-01-16T11:09:04:373-0500 ThreadID=6556 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=a97a05e4-3f56-4c29-b54d-2a7abfecc7b0.1737043744372 Timestamp=2025-01-16T11:09:04:373-0500 ThreadID=6556 Component=ngl-lib_NglAppLib Description="SetConf

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):29752
                                      Entropy (8bit):5.405566427271051
                                      Encrypted:false
                                      SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbxhcbCI2IcbJ:V3fOCIdJDeK2P
                                      MD5:BBDF2316E03F8966DCE3480B533DBA5C
                                      SHA1:4FF86B18E62292314C509DAC80171FC96C2A7494
                                      SHA-256:D09316FFD2C987C49C84516255EC0AB8CC449C6E17DCA2509698FACEBD953903
                                      SHA-512:17BCF3478B5CB089525D18761CCF3E340BC4C2988068B19C707E29C7C4E6FC262AF9617B7F1D0A95A04F5C9FAAD60874751E2FE4FD5AA48D1A37A43B5FF94B64
                                      Malicious:false
                                      Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\5743b78e-fde7-4ab0-9ee3-fd4cd22bd85f.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                      Category:dropped
                                      Size (bytes):1419751
                                      Entropy (8bit):7.976496077007677
                                      Encrypted:false
                                      SSDEEP:24576:/M7ouWLYZwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLYZwZGuGZn3mlind9i4ufFXpAXkru
                                      MD5:EC8D4FAB55F24C0E344D263724846C4A
                                      SHA1:5444D90F86D68A23AF7FB5434DEAE740D57D0312
                                      SHA-256:E489C11D38BFF8F1F51351BAEBEE9F723A5C036DA0B0CB9C82306251017054EE
                                      SHA-512:21018FD299944987654C202779C8E0185815868DE7179B814F145573EE8D45ACC33CA7E008CB23774C473DD7939E9D7D7C2E5A14E31D5EC62F7BFFDBBAB41F9A
                                      Malicious:false
                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\79159136-10a4-4760-85bc-1f2904142a34.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                      Category:dropped
                                      Size (bytes):758601
                                      Entropy (8bit):7.98639316555857
                                      Encrypted:false
                                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                      MD5:3A49135134665364308390AC398006F1
                                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                      Malicious:false
                                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\cab15e78-5e6e-4e23-bfd0-c9213d0b3f4e.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                      Category:dropped
                                      Size (bytes):386528
                                      Entropy (8bit):7.9736851559892425
                                      Encrypted:false
                                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                      Malicious:false
                                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\cd260d87-24d9-42b5-9307-a8e8af74e391.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                      Category:dropped
                                      Size (bytes):1407294
                                      Entropy (8bit):7.97605879016224
                                      Encrypted:false
                                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                      Malicious:false
                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                      Chrome Cache Entry: 191

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:gzip compressed data, from Unix, original size modulo 2^32 190
                                      Category:downloaded
                                      Size (bytes):168
                                      Entropy (8bit):6.7197357652806184
                                      Encrypted:false
                                      SSDEEP:3:FttakNW0v1qHv3HjapKxfD/20PbHykg8TaKRUvKEivzCz4Ecssx2VSREvln:Xt5WaoekNj20P57TaKaHirPF2Vr9n
                                      MD5:3B84FB10F1DF8E1537F04D6C0F8EB5B6
                                      SHA1:E486E09F4BEC13056A3C39C48738C50C0983130B
                                      SHA-256:8675302B63BEDD118BCBB4527599F0FC76E387E96C626776FB7CCB63DA4F498A
                                      SHA-512:6FC2F7B6FE2EB51700421CC92C30137A3820208B3AA75E159D11FE7064FF152680D0D746ABACB5D0E98350ACA8872B2FCFC12B8E32CE0232E343E1FA505C3660
                                      Malicious:false
                                      URL:http://clintonmakes.com/favicon.ico
                                      Preview:..........M.M..0...R.K.plv..H.H.8x...d....t./M....&='.Zgp.....P...[.".9b*S....1..A...nr.....,.(.J[..:)B.$.......n.Y.a......R.509.}...l?.0.<y..gW.....|....v....

                                      Chrome Cache Entry: 192

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:gzip compressed data, from Unix, original size modulo 2^32 526
                                      Category:downloaded
                                      Size (bytes):252
                                      Entropy (8bit):7.110598860032035
                                      Encrypted:false
                                      SSDEEP:6:XtyPGgXdn/L/x3ArVZad32XfxRqI+XQcqa/uD+hWpXJy2QDnW/:XKXdnz/x3UU32vxwIjG/+ps3i/
                                      MD5:273A8E7CE16720012159CCEB076C49B7
                                      SHA1:3D5057731B1521631866D264662F645BAC8CFF95
                                      SHA-256:01CE43EC5F0C2288440121A3A84C1A44210912BC59BB0CA41ED7DA3D68ACCCE7
                                      SHA-512:916731902918128430C5C3B49C509F8A7DA63312445978CD59B2A9199AC34F95E007C8983A728F2918BF32B1C36F1F310415A14FBDDCF56F18F0D777AEB9ADA3
                                      Malicious:false
                                      URL:http://clintonmakes.com/215c/
                                      Preview:.............n. .._..xri3...%...Y:E..6...8...Kb..TE.....8....m..x..lW...R.%....T-.L..9......;.G.~.35v.'.!q.l.j%..*.)_.I.D}.".BI.p..J.........n..}.HC.}S\g...G.nX.&.....d.[.].H...3...9........6,bW].P.a........[q.....j..}..=z=.f*.._...S....

                                      Static File Info

                                      General

                                      File type:PDF document, version 1.4, 8 pages
                                      Entropy (8bit):7.919383964304216
                                      TrID:
                                      • Adobe Portable Document Format (5005/1) 100.00%
                                      File name:pfK5wqaIhu.pdf
                                      File size:153'040 bytes
                                      MD5:ad266f5e8c19a4d8b8eed607e4084845
                                      SHA1:5a8e6d3780f5de1cc11f60bcdd15878bb5b72827
                                      SHA256:87246710a5069ad144deb9dcfb3bcdc6d5a8cca507b820a1e7af72755083a339
                                      SHA512:503d2014911c1f029a2239c7c63bd3ffa5b29906c871756bf57c95708c8006ed298b6e354820f1b81188534a1e555955d670cd2454468bf7b58a002086f4ce78
                                      SSDEEP:3072:1yjXJFxdjHijSiDTmq9APAhVaewQSomPwgMQy/wMpvUUrwPrWASNvX/7rFLk40fH:1mXJPdjCjBEJ9fRByISfUzWASxM/
                                      TLSH:26E3F177C9884C8CF8C3C6F9547B3E8E147DF3170BD4749B303889A66D8955CA9229BA
                                      File Content Preview:%PDF-1.4.1 0 obj.<<./Count 8./Kids [3 0 R.5 0 R.7 0 R.9 0 R.11 0 R.13 0 R.15 0 R.17 0 R]./MediaBox [0 0 595.28 841.89]./Type /Pages.>>.endobj.2 0 obj.<<./OpenAction [3 0 R /FitH null]./PageLayout /OneColumn./Pages 1 0 R./Type /Catalog.>>.endobj.3 0 obj.<<

                                      File Icon

                                      Icon Hash:62cc8caeb29e8ae0

                                      Static PDF Info

                                      General

                                      Header:%PDF-1.4
                                      Total Entropy:7.919384
                                      Total Bytes:153040
                                      Stream Entropy:7.978612
                                      Stream Bytes:139904
                                      Entropy outside Streams:5.174503
                                      Bytes outside Streams:13136
                                      Number of EOF found:1
                                      Bytes after EOF:

                                      Keywords Statistics

                                      NameCount
                                      obj85
                                      endobj85
                                      stream33
                                      endstream33
                                      xref1
                                      trailer1
                                      startxref1
                                      /Page8
                                      /Encrypt0
                                      /ObjStm0
                                      /URI4
                                      /JS1
                                      /JavaScript0
                                      /AA0
                                      /OpenAction1
                                      /AcroForm0
                                      /JBIG2Decode0
                                      /RichMedia0
                                      /Launch0
                                      /EmbeddedFile0

                                      Image Streams

                                      IDDHASHMD5Preview
                                      750080609090804080f47fda3792016278eaf846ff4c888124

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jan 16, 2025 17:08:58.258882046 CET49674443192.168.2.6173.222.162.64
                                      Jan 16, 2025 17:08:58.258889914 CET49673443192.168.2.6173.222.162.64
                                      Jan 16, 2025 17:08:58.556020021 CET49672443192.168.2.6173.222.162.64
                                      Jan 16, 2025 17:09:02.194462061 CET49710443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:02.194495916 CET4434971040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:02.194638014 CET49710443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:02.195379019 CET49710443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:02.195391893 CET4434971040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:03.004311085 CET4434971040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:03.004461050 CET49710443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:03.008368969 CET49710443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:03.008384943 CET4434971040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:03.008712053 CET4434971040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:03.010550976 CET49710443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:03.010613918 CET49710443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:03.010621071 CET4434971040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:03.010796070 CET49710443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:03.051337957 CET4434971040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:03.181134939 CET4434971040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:03.181225061 CET4434971040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:03.181272030 CET49710443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:03.181432009 CET49710443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:03.181447983 CET4434971040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:07.876755953 CET49674443192.168.2.6173.222.162.64
                                      Jan 16, 2025 17:09:07.970503092 CET49673443192.168.2.6173.222.162.64
                                      Jan 16, 2025 17:09:08.173633099 CET49672443192.168.2.6173.222.162.64
                                      Jan 16, 2025 17:09:09.802685022 CET44349706173.222.162.64192.168.2.6
                                      Jan 16, 2025 17:09:09.802793026 CET49706443192.168.2.6173.222.162.64
                                      Jan 16, 2025 17:09:10.143238068 CET49733443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:10.143280029 CET4434973340.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:10.143347025 CET49733443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:10.143964052 CET49733443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:10.143980026 CET4434973340.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:10.931473017 CET4434973340.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:10.931546926 CET49733443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:10.935677052 CET49733443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:10.935703039 CET4434973340.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:10.935967922 CET4434973340.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:10.942616940 CET49733443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:10.942692041 CET49733443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:10.942703009 CET4434973340.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:10.942819118 CET49733443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:10.987335920 CET4434973340.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:11.138783932 CET4434973340.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:11.139517069 CET4434973340.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:11.140825033 CET49733443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:11.146621943 CET49733443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:11.146636009 CET4434973340.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:22.367723942 CET49817443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:22.367755890 CET4434981740.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:22.368067980 CET49817443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:22.368760109 CET49817443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:22.368776083 CET4434981740.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:23.261362076 CET4434981740.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:23.261639118 CET49817443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:23.263653994 CET49817443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:23.263664961 CET4434981740.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:23.264506102 CET4434981740.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:23.266639948 CET49817443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:23.266746998 CET49817443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:23.266755104 CET4434981740.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:23.266900063 CET49817443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:23.311331987 CET4434981740.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:23.450903893 CET4434981740.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:23.451128006 CET4434981740.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:23.451215029 CET49817443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:23.451385975 CET49817443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:23.451406956 CET4434981740.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:29.171149969 CET49851443192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:29.171195030 CET4434985166.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:29.171253920 CET49851443192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:29.173728943 CET49851443192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:29.173743010 CET4434985166.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:30.038846970 CET4434985166.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:30.039191008 CET49851443192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:30.039218903 CET4434985166.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:30.040306091 CET4434985166.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:30.040468931 CET49851443192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:30.041960001 CET49851443192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:30.042056084 CET4434985166.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:30.042376041 CET49851443192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:30.042388916 CET4434985166.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:30.085985899 CET49851443192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:30.555037022 CET4434985166.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:30.555145025 CET4434985166.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:30.555270910 CET49851443192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:30.556371927 CET49851443192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:30.556395054 CET4434985166.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:30.650659084 CET4986680192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:30.651138067 CET4986780192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:30.655570984 CET804986666.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:30.656307936 CET804986766.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:30.656418085 CET4986780192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:30.656429052 CET4986680192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:30.656723022 CET4986680192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:30.661581039 CET804986666.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:31.565236092 CET804986666.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:31.619669914 CET4986680192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:31.745801926 CET4986680192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:31.750740051 CET804986666.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:31.993201017 CET49878443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:31.993247986 CET44349878186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:31.993325949 CET49878443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:31.993582964 CET49878443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:31.993597031 CET44349878186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:31.994024038 CET49879443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:31.994072914 CET44349879186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:31.994128942 CET49879443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:31.994337082 CET49879443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:31.994362116 CET44349879186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:32.077228069 CET804986666.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:32.117405891 CET4986680192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:32.687743902 CET44349879186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:32.688119888 CET49879443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:32.688146114 CET44349879186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:32.688671112 CET44349878186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:32.688863039 CET49878443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:32.688889980 CET44349878186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:32.689284086 CET44349879186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:32.689357996 CET49879443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:32.689925909 CET44349878186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:32.689991951 CET49878443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:32.690443993 CET49879443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:32.690512896 CET44349879186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:32.690731049 CET49878443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:32.690809011 CET44349878186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:32.691330910 CET49879443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:32.691338062 CET44349879186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:32.703594923 CET49885443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:09:32.703619957 CET44349885216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:09:32.703908920 CET49885443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:09:32.703908920 CET49885443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:09:32.703942060 CET44349885216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:09:32.734889984 CET49878443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:32.734925985 CET44349878186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:32.734988928 CET49879443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:32.781369925 CET49878443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:33.016169071 CET44349879186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:33.016258001 CET44349879186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:33.016772032 CET49879443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:33.016803026 CET44349879186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:33.017965078 CET49879443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:33.019176960 CET49879443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:33.045125961 CET49886443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.045164108 CET44349886172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:33.045238972 CET49886443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.045558929 CET49886443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.045567989 CET44349886172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:33.366425991 CET44349885216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:09:33.366848946 CET49885443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:09:33.366877079 CET44349885216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:09:33.369184017 CET44349885216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:09:33.369254112 CET49885443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:09:33.370567083 CET49885443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:09:33.370707989 CET44349885216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:09:33.414931059 CET49885443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:09:33.414951086 CET44349885216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:09:33.455451012 CET49885443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:09:33.563260078 CET44349886172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:33.563524961 CET49886443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.563538074 CET44349886172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:33.564649105 CET44349886172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:33.564969063 CET49886443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.565922976 CET49886443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.565962076 CET49886443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.566011906 CET44349886172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:33.566056967 CET49886443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.566066027 CET44349886172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:33.566075087 CET49886443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.566103935 CET49886443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.566474915 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.566514969 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:33.566576958 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.566817045 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:33.566824913 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:34.042283058 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:34.087236881 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:34.101664066 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:34.101691008 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:34.103058100 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:34.103107929 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:34.104501009 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:34.104587078 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:34.104726076 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:34.104739904 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:34.147996902 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.211524010 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.211575031 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.211605072 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.211625099 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.211635113 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.211652040 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.211671114 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.211688995 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.211719990 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.211724997 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.211853981 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.211884975 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.211889982 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.212203026 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.212241888 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.212244034 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.212254047 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.212285995 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.305180073 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.305232048 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.305284023 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.305310965 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.305367947 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.305402040 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.305407047 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.305413008 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.305449009 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.305850983 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.305907011 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.305979967 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.306006908 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.306545973 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.306575060 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.306592941 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.306601048 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.306634903 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.306948900 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.307009935 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.307039976 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.307054043 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.307059050 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.307096004 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.307732105 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.307790041 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.307818890 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.307825089 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.307832956 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.307859898 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.400155067 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.400264978 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.400301933 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.400302887 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.400322914 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.400357008 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.400362968 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.400367975 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.400398970 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.400408030 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.400489092 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.400531054 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.400536060 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.400887966 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.400939941 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.400945902 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.401401043 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.401458979 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.401463985 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.401499033 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.401804924 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.401858091 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.401859045 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.401870966 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.401909113 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.402419090 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.402467012 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.402488947 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.402529955 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.402585983 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.402626991 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.403276920 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.403340101 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.403696060 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.403729916 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.403743029 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.403747082 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.403779030 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.444359064 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.444375038 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.492713928 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.508351088 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.508361101 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.508413076 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.508503914 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.508511066 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.508549929 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.508598089 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.508603096 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.508654118 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.508706093 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.508713961 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.508747101 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.508791924 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.509175062 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.509222984 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.509269953 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.509315968 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.509505033 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.509557009 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.509943008 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.509988070 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.510087967 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.510142088 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.510318995 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.510371923 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.510843992 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.510895014 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.510988951 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.511037111 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.512936115 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.513014078 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.513107061 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.513731956 CET49892443192.168.2.6172.67.168.162
                                      Jan 16, 2025 17:09:36.513751984 CET44349892172.67.168.162192.168.2.6
                                      Jan 16, 2025 17:09:36.525883913 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:36.525904894 CET4434991235.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:36.525978088 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:36.526376009 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:36.526390076 CET4434991235.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:36.996169090 CET4434991235.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:36.996417046 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:36.996433020 CET4434991235.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:36.997503996 CET4434991235.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:36.997561932 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:36.998567104 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:36.998645067 CET4434991235.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:36.998647928 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.038611889 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.038641930 CET4434991235.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.085477114 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.123862982 CET4434991235.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.124094009 CET4434991235.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.124130964 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.124146938 CET4434991235.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.124166965 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.124166965 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.124195099 CET49912443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.124763966 CET49918443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.124809980 CET4434991835.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.124875069 CET49918443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.125274897 CET49918443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.125289917 CET4434991835.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.589395046 CET4434991835.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.589742899 CET49918443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.589751005 CET4434991835.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.590092897 CET4434991835.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.590451956 CET49918443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.590511084 CET4434991835.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.590631008 CET49918443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.631325960 CET4434991835.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.718748093 CET4434991835.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.718832970 CET4434991835.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:37.718873978 CET49918443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.719347000 CET49918443192.168.2.635.190.80.1
                                      Jan 16, 2025 17:09:37.719355106 CET4434991835.190.80.1192.168.2.6
                                      Jan 16, 2025 17:09:41.300904989 CET804986766.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:41.300926924 CET804986766.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:41.300975084 CET4986780192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:41.338069916 CET49950443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:41.338098049 CET4434995040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:41.338175058 CET49950443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:41.338752031 CET49950443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:41.338769913 CET4434995040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:42.078392982 CET804986666.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:42.078560114 CET4986680192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:42.132455111 CET4434995040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:42.132704973 CET49950443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:42.137226105 CET49950443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:42.137233973 CET4434995040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:42.137501001 CET4434995040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:42.139617920 CET49950443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:42.139617920 CET49950443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:42.139636993 CET4434995040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:42.139796019 CET49950443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:42.183337927 CET4434995040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:42.311119080 CET4434995040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:42.311404943 CET4434995040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:42.311536074 CET49950443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:42.311723948 CET49950443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:09:42.311743975 CET4434995040.115.3.253192.168.2.6
                                      Jan 16, 2025 17:09:42.893522024 CET4986680192.168.2.666.63.187.216
                                      Jan 16, 2025 17:09:42.898709059 CET804986666.63.187.216192.168.2.6
                                      Jan 16, 2025 17:09:43.280258894 CET44349885216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:09:43.280318022 CET44349885216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:09:43.280376911 CET49885443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:09:43.586791992 CET49885443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:09:43.586828947 CET44349885216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:09:52.938199997 CET44349878186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:52.938435078 CET44349878186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:09:52.938560009 CET49878443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:53.586643934 CET49878443192.168.2.6186.64.116.70
                                      Jan 16, 2025 17:09:53.586684942 CET44349878186.64.116.70192.168.2.6
                                      Jan 16, 2025 17:10:05.629002094 CET50019443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:05.629057884 CET4435001940.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:05.629158020 CET50019443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:05.630012035 CET50019443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:05.630026102 CET4435001940.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:06.436557055 CET4435001940.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:06.436700106 CET50019443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:06.438971043 CET50019443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:06.438983917 CET4435001940.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:06.439812899 CET4435001940.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:06.441719055 CET50019443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:06.441788912 CET50019443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:06.441793919 CET4435001940.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:06.441931009 CET50019443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:06.483334064 CET4435001940.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:06.616614103 CET4435001940.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:06.616869926 CET4435001940.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:06.616951942 CET50019443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:06.617192030 CET50019443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:06.617216110 CET4435001940.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:06.617224932 CET50019443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:26.303330898 CET4986780192.168.2.666.63.187.216
                                      Jan 16, 2025 17:10:26.308310032 CET804986766.63.187.216192.168.2.6
                                      Jan 16, 2025 17:10:31.586090088 CET4986780192.168.2.666.63.187.216
                                      Jan 16, 2025 17:10:31.586090088 CET4986780192.168.2.666.63.187.216
                                      Jan 16, 2025 17:10:31.590941906 CET804986766.63.187.216192.168.2.6
                                      Jan 16, 2025 17:10:31.591013908 CET4986780192.168.2.666.63.187.216
                                      Jan 16, 2025 17:10:32.758533001 CET50021443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:10:32.758570910 CET44350021216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:10:32.758680105 CET50021443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:10:32.759049892 CET50021443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:10:32.759061098 CET44350021216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:10:33.387552977 CET44350021216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:10:33.388022900 CET50021443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:10:33.388041019 CET44350021216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:10:33.388365030 CET44350021216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:10:33.388708115 CET50021443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:10:33.388756990 CET44350021216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:10:33.443725109 CET50021443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:10:36.332542896 CET4970480192.168.2.62.22.50.144
                                      Jan 16, 2025 17:10:36.332634926 CET49703443192.168.2.640.126.32.68
                                      Jan 16, 2025 17:10:36.337793112 CET80497042.22.50.144192.168.2.6
                                      Jan 16, 2025 17:10:36.337873936 CET4970480192.168.2.62.22.50.144
                                      Jan 16, 2025 17:10:36.338151932 CET4434970340.126.32.68192.168.2.6
                                      Jan 16, 2025 17:10:36.338191986 CET49703443192.168.2.640.126.32.68
                                      Jan 16, 2025 17:10:39.742306948 CET50022443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:39.742366076 CET4435002240.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:39.742432117 CET50022443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:39.743068933 CET50022443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:39.743082047 CET4435002240.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:39.771951914 CET49707443192.168.2.640.126.32.68
                                      Jan 16, 2025 17:10:39.778700113 CET4434970740.126.32.68192.168.2.6
                                      Jan 16, 2025 17:10:39.778837919 CET49707443192.168.2.640.126.32.68
                                      Jan 16, 2025 17:10:40.550843954 CET4435002240.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:40.550951958 CET50022443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:40.553039074 CET50022443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:40.553050995 CET4435002240.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:40.553301096 CET4435002240.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:40.555262089 CET50022443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:40.555351019 CET50022443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:40.555357933 CET4435002240.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:40.555536032 CET50022443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:40.603333950 CET4435002240.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:40.729933023 CET4435002240.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:40.730045080 CET4435002240.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:40.730099916 CET50022443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:40.730360985 CET50022443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:10:40.730382919 CET4435002240.115.3.253192.168.2.6
                                      Jan 16, 2025 17:10:43.298352957 CET44350021216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:10:43.298511982 CET44350021216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:10:43.298578978 CET50021443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:10:43.585973978 CET50021443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:10:43.585999966 CET44350021216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:11:27.751282930 CET50024443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:11:27.751308918 CET4435002440.115.3.253192.168.2.6
                                      Jan 16, 2025 17:11:27.751662016 CET50024443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:11:27.752259016 CET50024443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:11:27.752275944 CET4435002440.115.3.253192.168.2.6
                                      Jan 16, 2025 17:11:28.563575983 CET4435002440.115.3.253192.168.2.6
                                      Jan 16, 2025 17:11:28.563678980 CET50024443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:11:28.565515041 CET50024443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:11:28.565530062 CET4435002440.115.3.253192.168.2.6
                                      Jan 16, 2025 17:11:28.565773010 CET4435002440.115.3.253192.168.2.6
                                      Jan 16, 2025 17:11:28.567626953 CET50024443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:11:28.567682028 CET50024443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:11:28.567688942 CET4435002440.115.3.253192.168.2.6
                                      Jan 16, 2025 17:11:28.567832947 CET50024443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:11:28.611339092 CET4435002440.115.3.253192.168.2.6
                                      Jan 16, 2025 17:11:28.766874075 CET4435002440.115.3.253192.168.2.6
                                      Jan 16, 2025 17:11:28.767071009 CET4435002440.115.3.253192.168.2.6
                                      Jan 16, 2025 17:11:28.767179012 CET50024443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:11:28.767366886 CET50024443192.168.2.640.115.3.253
                                      Jan 16, 2025 17:11:28.767394066 CET4435002440.115.3.253192.168.2.6
                                      Jan 16, 2025 17:11:32.820089102 CET50025443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:11:32.820157051 CET44350025216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:11:32.820287943 CET50025443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:11:32.820605993 CET50025443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:11:32.820621967 CET44350025216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:11:33.458132029 CET44350025216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:11:33.458826065 CET50025443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:11:33.458861113 CET44350025216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:11:33.459214926 CET44350025216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:11:33.460089922 CET50025443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:11:33.460161924 CET44350025216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:11:33.505590916 CET50025443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:11:43.361309052 CET44350025216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:11:43.361376047 CET44350025216.58.206.36192.168.2.6
                                      Jan 16, 2025 17:11:43.361581087 CET50025443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:11:43.585378885 CET50025443192.168.2.6216.58.206.36
                                      Jan 16, 2025 17:11:43.585400105 CET44350025216.58.206.36192.168.2.6

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Jan 16, 2025 17:09:29.097204924 CET6255553192.168.2.61.1.1.1
                                      Jan 16, 2025 17:09:29.097361088 CET5424153192.168.2.61.1.1.1
                                      Jan 16, 2025 17:09:29.103302002 CET53586301.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:29.105040073 CET53612811.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:29.127159119 CET53542411.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:29.145443916 CET53625551.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:30.149096012 CET53526581.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:30.595817089 CET5632253192.168.2.61.1.1.1
                                      Jan 16, 2025 17:09:30.595953941 CET4925153192.168.2.61.1.1.1
                                      Jan 16, 2025 17:09:30.628484011 CET53563221.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:30.629122972 CET53492511.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:31.732738972 CET5320053192.168.2.61.1.1.1
                                      Jan 16, 2025 17:09:31.733058929 CET6325053192.168.2.61.1.1.1
                                      Jan 16, 2025 17:09:31.939124107 CET53632501.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:31.992299080 CET53532001.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:32.695519924 CET5446453192.168.2.61.1.1.1
                                      Jan 16, 2025 17:09:32.695519924 CET6362553192.168.2.61.1.1.1
                                      Jan 16, 2025 17:09:32.702433109 CET53544641.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:32.702476978 CET53636251.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:33.019176960 CET5657853192.168.2.61.1.1.1
                                      Jan 16, 2025 17:09:33.021922112 CET5302153192.168.2.61.1.1.1
                                      Jan 16, 2025 17:09:33.030529022 CET53530211.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:33.044498920 CET53565781.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:34.109850883 CET53588721.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:36.517640114 CET5329653192.168.2.61.1.1.1
                                      Jan 16, 2025 17:09:36.518021107 CET5638853192.168.2.61.1.1.1
                                      Jan 16, 2025 17:09:36.524858952 CET53532961.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:36.525101900 CET53563881.1.1.1192.168.2.6
                                      Jan 16, 2025 17:09:47.140228987 CET53499331.1.1.1192.168.2.6
                                      Jan 16, 2025 17:10:06.051806927 CET53535101.1.1.1192.168.2.6
                                      Jan 16, 2025 17:10:28.166225910 CET53604341.1.1.1192.168.2.6
                                      Jan 16, 2025 17:10:28.798125982 CET53502711.1.1.1192.168.2.6
                                      Jan 16, 2025 17:10:59.516032934 CET53645141.1.1.1192.168.2.6
                                      Jan 16, 2025 17:11:45.186477900 CET53502941.1.1.1192.168.2.6

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Jan 16, 2025 17:09:29.097204924 CET192.168.2.61.1.1.10x240eStandard query (0)clintonmakes.comA (IP address)IN (0x0001)false
                                      Jan 16, 2025 17:09:29.097361088 CET192.168.2.61.1.1.10x4e2Standard query (0)clintonmakes.com65IN (0x0001)false
                                      Jan 16, 2025 17:09:30.595817089 CET192.168.2.61.1.1.10xb222Standard query (0)clintonmakes.comA (IP address)IN (0x0001)false
                                      Jan 16, 2025 17:09:30.595953941 CET192.168.2.61.1.1.10x896eStandard query (0)clintonmakes.com65IN (0x0001)false
                                      Jan 16, 2025 17:09:31.732738972 CET192.168.2.61.1.1.10xd1beStandard query (0)minedudiser.comA (IP address)IN (0x0001)false
                                      Jan 16, 2025 17:09:31.733058929 CET192.168.2.61.1.1.10x3887Standard query (0)minedudiser.com65IN (0x0001)false
                                      Jan 16, 2025 17:09:32.695519924 CET192.168.2.61.1.1.10xd83dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                      Jan 16, 2025 17:09:32.695519924 CET192.168.2.61.1.1.10xd863Standard query (0)www.google.com65IN (0x0001)false
                                      Jan 16, 2025 17:09:33.019176960 CET192.168.2.61.1.1.10x6ae4Standard query (0)fixecondfirbook.infoA (IP address)IN (0x0001)false
                                      Jan 16, 2025 17:09:33.021922112 CET192.168.2.61.1.1.10x7d5cStandard query (0)fixecondfirbook.info65IN (0x0001)false
                                      Jan 16, 2025 17:09:36.517640114 CET192.168.2.61.1.1.10x20c6Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                      Jan 16, 2025 17:09:36.518021107 CET192.168.2.61.1.1.10x14cdStandard query (0)a.nel.cloudflare.com65IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Jan 16, 2025 17:09:29.145443916 CET1.1.1.1192.168.2.60x240eNo error (0)clintonmakes.com66.63.187.216A (IP address)IN (0x0001)false
                                      Jan 16, 2025 17:09:30.628484011 CET1.1.1.1192.168.2.60xb222No error (0)clintonmakes.com66.63.187.216A (IP address)IN (0x0001)false
                                      Jan 16, 2025 17:09:31.992299080 CET1.1.1.1192.168.2.60xd1beNo error (0)minedudiser.com186.64.116.70A (IP address)IN (0x0001)false
                                      Jan 16, 2025 17:09:32.702433109 CET1.1.1.1192.168.2.60xd83dNo error (0)www.google.com216.58.206.36A (IP address)IN (0x0001)false
                                      Jan 16, 2025 17:09:32.702476978 CET1.1.1.1192.168.2.60xd863No error (0)www.google.com65IN (0x0001)false
                                      Jan 16, 2025 17:09:33.030529022 CET1.1.1.1192.168.2.60x7d5cNo error (0)fixecondfirbook.info65IN (0x0001)false
                                      Jan 16, 2025 17:09:33.044498920 CET1.1.1.1192.168.2.60x6ae4No error (0)fixecondfirbook.info172.67.168.162A (IP address)IN (0x0001)false
                                      Jan 16, 2025 17:09:33.044498920 CET1.1.1.1192.168.2.60x6ae4No error (0)fixecondfirbook.info104.21.94.195A (IP address)IN (0x0001)false
                                      Jan 16, 2025 17:09:36.524858952 CET1.1.1.1192.168.2.60x20c6No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • clintonmakes.com
                                        • minedudiser.com
                                        • fixecondfirbook.info
                                      • a.nel.cloudflare.com

                                      HTTP Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.64986666.63.187.216808120C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      Jan 16, 2025 17:09:30.656723022 CET468OUTGET /215c/ HTTP/1.1
                                      Host: clintonmakes.com
                                      Connection: keep-alive
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Cookie: f5510ad44=0ad448213ea0
                                      Jan 16, 2025 17:09:31.565236092 CET448INHTTP/1.1 200 OK
                                      Date: Thu, 16 Jan 2025 16:09:31 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      server: Apache/2.4.37 (Rocky Linux)
                                      Content-Encoding: gzip
                                      Data Raw: 66 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 91 b1 6e c3 20 10 86 5f 85 b2 78 72 69 33 a5 8e ed 25 cd dc 0e 59 3a 45 04 2e 36 aa 01 e7 38 da fa ed 4b 62 a7 b2 54 45 f2 c2 e9 a4 ef ff 38 b8 f2 e1 f5 6d bb ff 78 df b1 96 6c 57 97 d3 09 52 d7 25 19 ea a0 2e c5 54 2d 90 4c 14 f5 39 9c a3 f9 aa f8 d6 3b 02 47 f9 7e e8 81 33 35 76 15 27 f8 21 71 f1 6c 98 6a 25 06 a0 2a d2 29 5f f3 49 e1 a4 85 44 7d 1b 22 c0 42 49 d4 b3 70 88 d6 4a 1c 0e 9d c4 06 0e c6 ca 06 6e b9 1e 7d 0f 48 43 c5 7d 53 5c 67 9a e5 b8 f8 47 dd 6e 58 80 26 a1 86 a0 d0 f4 64 bc 5b a6 5d 1c 48 f2 f1 1d 33 ea ae f5 1e 39 fb f7 0c e1 84 10 da ec 8f ca 9e 36 2c 62 57 5d a0 50 08 61 8d 03 1d b5 09 80 8f ca 5b 71 f4 fe d3 e8 f5 6a f5 f2 9c a5 7d 8e db 3d 7a 3d a4 66 2a d7 bd b3 5f 9e 07 89 53 0e 02 00 00 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: fcn _xri3%Y:E.68KbTE8mxlWR%.T-L9;G~35v'!qlj%*)_ID}"BIpJn}HC}S\gGnX&d[]H396,bW]Pa[qj}=z=f*_S0
                                      Jan 16, 2025 17:09:31.745801926 CET381OUTGET /favicon.ico HTTP/1.1
                                      Host: clintonmakes.com
                                      Connection: keep-alive
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                      Referer: http://clintonmakes.com/215c/
                                      Accept-Encoding: gzip, deflate
                                      Accept-Language: en-US,en;q=0.9
                                      Jan 16, 2025 17:09:32.077228069 CET371INHTTP/1.1 404 Not Found
                                      Date: Thu, 16 Jan 2025 16:09:31 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Transfer-Encoding: chunked
                                      server: Apache/2.4.37 (Rocky Linux)
                                      Content-Encoding: gzip
                                      Data Raw: 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d ce 4d 0f 82 30 0c 06 e0 bf 52 b9 4b d1 70 6c 76 90 8f 48 82 48 cc 38 78 c4 ac 04 12 64 c8 86 c6 7f ef 74 17 2f 4d da f7 c9 9b d2 26 3d 27 f2 5a 67 70 94 a7 12 ea e6 50 16 09 04 5b c4 22 93 39 62 2a 53 9f ec c3 08 31 ab 02 41 bd bd 8f 6e 72 ab 04 d9 c1 8e 2c e2 28 86 4a 5b c8 f5 3a 29 42 7f 24 f4 e4 a6 d5 db f1 9d f8 13 6e a3 59 c8 9e 61 e1 c7 ca c6 b2 82 e6 52 c2 ab 35 30 39 d6 7d 19 e8 09 6c 3f 18 30 bc 3c 79 09 09 67 57 ea eb f0 f7 04 7c 00 b6 fe c5 76 be 00 00 00 0d 0a 30 0d 0a 0d 0a
                                      Data Ascii: a8MM0RKplvHH8xdt/M&='ZgpP["9b*S1Anr,(J[:)B$nYaR509}l?0<ygW|v0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.64986766.63.187.216808120C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      Jan 16, 2025 17:09:41.300904989 CET212INHTTP/1.0 408 Request Time-out
                                      Cache-Control: no-cache
                                      Connection: close
                                      Content-Type: text/html
                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>
                                      Jan 16, 2025 17:10:26.303330898 CET6OUTData Raw: 00
                                      Data Ascii:


                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination Port
                                      0192.168.2.64971040.115.3.253443
                                      TimestampBytes transferredDirectionData
                                      2025-01-16 16:09:03 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 32 57 52 53 6f 68 31 65 42 55 32 39 54 6d 61 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 65 36 34 39 63 36 38 33 35 32 64 33 33 30 35 0d 0a 0d 0a
                                      Data Ascii: CNT 1 CON 305MS-CV: 2WRSoh1eBU29TmaG.1Context: 3e649c68352d3305
                                      2025-01-16 16:09:03 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                      2025-01-16 16:09:03 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 32 57 52 53 6f 68 31 65 42 55 32 39 54 6d 61 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 65 36 34 39 63 36 38 33 35 32 64 33 33 30 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 6e 61 4b 50 37 33 56 7a 68 50 58 4f 43 4e 56 71 39 32 46 66 6f 78 32 37 54 72 2f 6a 51 67 54 39 69 71 44 65 6d 7a 4c 61 75 76 65 35 79 69 51 45 2f 58 37 45 75 6f 38 49 33 56 65 6f 4b 61 49 4a 34 72 33 69 37 52 4b 66 4a 66 61 48 6c 59 5a 53 36 2b 58 6b 63 46 39 42 55 46 64 36 75 79 77 34 41 4c 58 52 49 74 33 38 38 36 6f 54
                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 2WRSoh1eBU29TmaG.2Context: 3e649c68352d3305<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXnaKP73VzhPXOCNVq92Ffox27Tr/jQgT9iqDemzLauve5yiQE/X7Euo8I3VeoKaIJ4r3i7RKfJfaHlYZS6+XkcF9BUFd6uyw4ALXRIt3886oT
                                      2025-01-16 16:09:03 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 32 57 52 53 6f 68 31 65 42 55 32 39 54 6d 61 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 65 36 34 39 63 36 38 33 35 32 64 33 33 30 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: 2WRSoh1eBU29TmaG.3Context: 3e649c68352d3305<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                      2025-01-16 16:09:03 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                      Data Ascii: 202 1 CON 58
                                      2025-01-16 16:09:03 UTC58INData Raw: 4d 53 2d 43 56 3a 20 63 6a 77 68 2b 6a 47 47 78 6b 43 50 69 38 79 73 32 56 76 2f 69 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                      Data Ascii: MS-CV: cjwh+jGGxkCPi8ys2Vv/iw.0Payload parsing failed.


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      1192.168.2.64973340.115.3.253443
                                      TimestampBytes transferredDirectionData
                                      2025-01-16 16:09:10 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 39 62 42 35 7a 72 6b 77 63 55 75 4a 74 55 67 67 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 32 35 32 63 32 30 66 38 65 38 61 33 33 32 37 0d 0a 0d 0a
                                      Data Ascii: CNT 1 CON 305MS-CV: 9bB5zrkwcUuJtUgg.1Context: 5252c20f8e8a3327
                                      2025-01-16 16:09:10 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                      2025-01-16 16:09:10 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 39 62 42 35 7a 72 6b 77 63 55 75 4a 74 55 67 67 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 32 35 32 63 32 30 66 38 65 38 61 33 33 32 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 6e 61 4b 50 37 33 56 7a 68 50 58 4f 43 4e 56 71 39 32 46 66 6f 78 32 37 54 72 2f 6a 51 67 54 39 69 71 44 65 6d 7a 4c 61 75 76 65 35 79 69 51 45 2f 58 37 45 75 6f 38 49 33 56 65 6f 4b 61 49 4a 34 72 33 69 37 52 4b 66 4a 66 61 48 6c 59 5a 53 36 2b 58 6b 63 46 39 42 55 46 64 36 75 79 77 34 41 4c 58 52 49 74 33 38 38 36 6f 54
                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 9bB5zrkwcUuJtUgg.2Context: 5252c20f8e8a3327<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXnaKP73VzhPXOCNVq92Ffox27Tr/jQgT9iqDemzLauve5yiQE/X7Euo8I3VeoKaIJ4r3i7RKfJfaHlYZS6+XkcF9BUFd6uyw4ALXRIt3886oT
                                      2025-01-16 16:09:10 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 39 62 42 35 7a 72 6b 77 63 55 75 4a 74 55 67 67 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 32 35 32 63 32 30 66 38 65 38 61 33 33 32 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: 9bB5zrkwcUuJtUgg.3Context: 5252c20f8e8a3327<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                      2025-01-16 16:09:11 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                      Data Ascii: 202 1 CON 58
                                      2025-01-16 16:09:11 UTC58INData Raw: 4d 53 2d 43 56 3a 20 2f 36 36 70 53 38 63 47 38 6b 75 4d 67 6c 64 57 31 56 59 6c 69 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                      Data Ascii: MS-CV: /66pS8cG8kuMgldW1VYliQ.0Payload parsing failed.


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      2192.168.2.64981740.115.3.253443
                                      TimestampBytes transferredDirectionData
                                      2025-01-16 16:09:23 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 70 68 45 73 55 69 34 38 6d 30 4f 47 41 46 4a 55 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 34 31 32 64 64 66 36 62 35 35 30 35 61 34 0d 0a 0d 0a
                                      Data Ascii: CNT 1 CON 304MS-CV: phEsUi48m0OGAFJU.1Context: e412ddf6b5505a4
                                      2025-01-16 16:09:23 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                      2025-01-16 16:09:23 UTC1083OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 70 68 45 73 55 69 34 38 6d 30 4f 47 41 46 4a 55 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 34 31 32 64 64 66 36 62 35 35 30 35 61 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 6e 61 4b 50 37 33 56 7a 68 50 58 4f 43 4e 56 71 39 32 46 66 6f 78 32 37 54 72 2f 6a 51 67 54 39 69 71 44 65 6d 7a 4c 61 75 76 65 35 79 69 51 45 2f 58 37 45 75 6f 38 49 33 56 65 6f 4b 61 49 4a 34 72 33 69 37 52 4b 66 4a 66 61 48 6c 59 5a 53 36 2b 58 6b 63 46 39 42 55 46 64 36 75 79 77 34 41 4c 58 52 49 74 33 38 38 36 6f 54 78
                                      Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: phEsUi48m0OGAFJU.2Context: e412ddf6b5505a4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXnaKP73VzhPXOCNVq92Ffox27Tr/jQgT9iqDemzLauve5yiQE/X7Euo8I3VeoKaIJ4r3i7RKfJfaHlYZS6+XkcF9BUFd6uyw4ALXRIt3886oTx
                                      2025-01-16 16:09:23 UTC217OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 70 68 45 73 55 69 34 38 6d 30 4f 47 41 46 4a 55 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 34 31 32 64 64 66 36 62 35 35 30 35 61 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                      Data Ascii: BND 3 CON\WNS 0 196MS-CV: phEsUi48m0OGAFJU.3Context: e412ddf6b5505a4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                      2025-01-16 16:09:23 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                      Data Ascii: 202 1 CON 58
                                      2025-01-16 16:09:23 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6e 47 4a 6e 77 75 6e 34 79 55 32 69 4e 54 7a 5a 74 7a 4e 48 75 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                      Data Ascii: MS-CV: nGJnwun4yU2iNTzZtzNHug.0Payload parsing failed.


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.64985166.63.187.2164438120C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-16 16:09:30 UTC664OUTGET /215c/ HTTP/1.1
                                      Host: clintonmakes.com
                                      Connection: keep-alive
                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: none
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-User: ?1
                                      Sec-Fetch-Dest: document
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2025-01-16 16:09:30 UTC210INHTTP/1.1 200 OK
                                      Date: Thu, 16 Jan 2025 16:09:30 GMT
                                      Content-Type: text/html; charset=utf-8
                                      Content-Length: 1069
                                      Connection: close
                                      Set-Cookie: f5510ad44=0ad448213ea0
                                      server: Apache/2.4.37 (Rocky Linux)
                                      2025-01-16 16:09:30 UTC828INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 3c 6d 65 74 61 20 70 72 6f
                                      Data Ascii: <!DOCTYPE html><html><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="twitter:card" content="summary_large_image"><meta property="og:title" content=""/><meta property="twitter:title" content=""/><meta pro


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      4192.168.2.649879186.64.116.704438120C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-16 16:09:32 UTC690OUTGET /bookid82291 HTTP/1.1
                                      Host: minedudiser.com
                                      Connection: keep-alive
                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-Dest: document
                                      Referer: http://clintonmakes.com/
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2025-01-16 16:09:33 UTC344INHTTP/1.1 301 Moved Permanently
                                      Date: Thu, 16 Jan 2025 16:09:32 GMT
                                      Server: Apache
                                      Strict-Transport-Security: max-age=63072000; includeSubdomains;
                                      Location: https://fixecondfirbook.info/
                                      Cache-Control: max-age=0
                                      Expires: Thu, 16 Jan 2025 16:09:32 GMT
                                      Content-Length: 237
                                      Connection: close
                                      Content-Type: text/html; charset=iso-8859-1
                                      2025-01-16 16:09:33 UTC237INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 69 78 65 63 6f 6e 64 66 69 72 62 6f 6f 6b 2e 69 6e 66 6f 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://fixecondfirbook.info/">here</a>.</p></body></html>


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      5192.168.2.649892172.67.168.1624438120C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-16 16:09:34 UTC684OUTGET / HTTP/1.1
                                      Host: fixecondfirbook.info
                                      Connection: keep-alive
                                      Upgrade-Insecure-Requests: 1
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                      Sec-Fetch-Site: cross-site
                                      Sec-Fetch-Mode: navigate
                                      Sec-Fetch-Dest: document
                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                      sec-ch-ua-mobile: ?0
                                      sec-ch-ua-platform: "Windows"
                                      Referer: http://clintonmakes.com/
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2025-01-16 16:09:36 UTC925INHTTP/1.1 200 OK
                                      Date: Thu, 16 Jan 2025 16:09:36 GMT
                                      Content-Type: text/html; charset=UTF-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      X-Powered-By: Express
                                      Accept-Ranges: bytes
                                      Cache-Control: public, max-age=0
                                      Last-Modified: Tue, 07 Jan 2025 11:10:39 GMT
                                      cf-cache-status: DYNAMIC
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=om49Alzf1oAtZJgeG1rEm3yS6gSIVKA2UQTjaH4CJWhZVbh%2FGhaQ3P1aGr8NuwooJdOV3BjM0keDnR%2FLHgnYiCTnlN%2FXC27FbzYiv2qwUnfYD9qJjxw6gJlu0J0oBjFzg3dL9O%2FPQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Server: cloudflare
                                      CF-RAY: 902f5ee47bda0843-IAD
                                      alt-svc: h3=":443"; ma=86400
                                      server-timing: cfL4;desc="?proto=TCP&rtt=8392&min_rtt=8336&rtt_var=3166&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2853&recv_bytes=1262&delivery_rate=350287&cwnd=32&unsent_bytes=0&cid=f4577f0fbb406772&ts=2181&x=0"
                                      2025-01-16 16:09:36 UTC444INData Raw: 33 33 36 37 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 42 d0 be d0 be 6b 69 6e 67 2e d1 81 d0 be 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a
                                      Data Ascii: 3367<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Bking.m</title> <style> body { margin: 0; font-family: Arial, sans-serif;
                                      2025-01-16 16:09:36 UTC1369INData Raw: 35 35 70 78 3b 0a 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 0a 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 63 6f 6e 74 65 6e 74 20 7b 0a 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 34 30 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 2d 32 30 70 78 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 20 20 70 61 64
                                      Data Ascii: 55px; justify-content: space-between; align-items: center; left: 0; } header h1 { margin: 0; font-size: 20px; } .content { max-width: 400px; margin: -20px auto; background: white; pad
                                      2025-01-16 16:09:36 UTC1369INData Raw: 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 34 35 70 78 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 66 6f 6f 74 65 72 20 61 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 37 31 63 32 3b 0a 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 72 20 7b 0a 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69
                                      Data Ascii: margin-top: -45px; font-size: 12px; color: #666; } footer a { color: #0071c2; text-decoration: none; } footer a:hover { text-decoration: underline; } hr { -webkit-font-smoothing: antiali
                                      2025-01-16 16:09:36 UTC1369INData Raw: 65 73 74 72 75 63 74 69 76 65 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 64 65 73 74 72 75 63 74 69 76 65 5f 6c 69 67 68 74 3a 20 23 66 63 62 34 62 34 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 64 65 73 74 72 75 63 74 69 76 65 5f 6c 69 67 68 74 65 72 3a 20 23 66 66 65 62 65 62 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 64 65 73 74 72 75 63 74 69 76 65 5f 6c 69 67 68 74 65 73 74 3a 20 23 66 66 66 30 66 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 63 61 6c 6c 6f 75 74 5f 64 61 72 6b 3a 20 23 62 63 35 62 30 31 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 63 61 6c 6c 6f 75 74 3a 20 23 66 66 38 30 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72
                                      Data Ascii: estructive: #c00; --bui_color_destructive_light: #fcb4b4; --bui_color_destructive_lighter: #ffebeb; --bui_color_destructive_lightest: #fff0f0; --bui_color_callout_dark: #bc5b01; --bui_color_callout: #ff8000; --bui_color
                                      2025-01-16 16:09:36 UTC1369INData Raw: 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 61 63 74 69 6f 6e 5f 6c 69 67 68 74 65 72 3a 20 23 65 34 66 34 66 66 3b 0a 20 20 20 20 20 20 2d 2d 67 65 6e 69 75 73 5f 63 6f 6c 6f 72 5f 70 72 69 6d 61 72 79 3a 20 23 30 30 34 63 62 38 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 62 61 73 65 6c 69 6e 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 70 61 64 64 69 6e 67 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 6e 65 67 61 74 69 76 65 5f 70 61 64 64 69 6e 67 3a 20 2d 31 32 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 6d 65 64 69 75 6d 5f 62 72 65 61 6b 70 6f 69 6e 74 3a 20 35 37 36 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 6c 61 72 67 65 5f 62 72 65 61 6b 70 6f 69 6e 74 3a 20 31 30 32 34 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75
                                      Data Ascii: --bui_color_action_lighter: #e4f4ff; --genius_color_primary: #004cb8; --bui_baseline: 24px; --bui_padding: 12px; --bui_negative_padding: -12px; --bui_medium_breakpoint: 576px; --bui_large_breakpoint: 1024px; --bu
                                      2025-01-16 16:09:36 UTC1369INData Raw: 67 65 73 74 5f 6c 69 6e 65 5f 68 65 69 67 68 74 3a 20 34 30 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 66 6f 6e 74 5f 77 65 69 67 68 74 5f 6e 6f 72 6d 61 6c 3a 20 34 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 66 6f 6e 74 5f 77 65 69 67 68 74 5f 6d 65 64 69 75 6d 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 66 6f 6e 74 5f 77 65 69 67 68 74 5f 62 6f 6c 64 3a 20 37 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 66 6f 6e 74 5f 73 74 61 63 6b 5f 73 61 6e 73 3a 20 22 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 22 2c 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 52 6f 62 6f 74 6f 22 2c 20 22 48 65 6c 76 65 74 69 63 61 22 2c 20 22 41 72 69 61 6c 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a
                                      Data Ascii: gest_line_height: 40px; --bui_font_weight_normal: 400; --bui_font_weight_medium: 500; --bui_font_weight_bold: 700; --bui_font_stack_sans: "BlinkMacSystemFont", -apple-system, "Segoe UI", "Roboto", "Helvetica", "Arial", sans-serif;
                                      2025-01-16 16:09:36 UTC1369INData Raw: 37 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 66 6f 72 65 67 72 6f 75 6e 64 5f 69 6e 76 65 72 74 65 64 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 72 61 6e 64 5f 70 72 69 6d 61 72 79 5f 66 6f 72 65 67 72 6f 75 6e 64 3a 20 23 30 30 33 62 39 35 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 66 6f 72 65 67 72 6f 75 6e 64 3a 20 23 39 34 36 38 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 61 63 74 69 6f 6e 5f 66 6f 72 65 67 72 6f 75 6e 64 3a 20 23 30 30 36 63 65 34 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 63 61 6c 6c 6f 75 74 5f 66 6f 72 65 67 72 6f 75 6e 64 3a 20 23 39 32 33 65 30 31 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f
                                      Data Ascii: 7; --bui_color_foreground_inverted: #f5f5f5; --bui_color_brand_primary_foreground: #003b95; --bui_color_accent_foreground: #946800; --bui_color_action_foreground: #006ce4; --bui_color_callout_foreground: #923e01; --bui_
                                      2025-01-16 16:09:36 UTC1369INData Raw: 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 6f 6e 5f 62 72 61 6e 64 5f 67 65 6e 69 75 73 5f 70 72 69 6d 61 72 79 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 69 6e 76 65 72 74 65 64 3a 20 23 31 61 31 61 31 61 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 34 37 34 37 34 37 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 74 72 61 6e 73 70 61 72 65 6e 74 3a 20 72 67 62 61 28 32 36 2c 20 32 36 2c 20 32 36 2c 20 30 29 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 61 6c 74 3a 20 23 66 35 66 35 66 35 3b
                                      Data Ascii: ground: #fff; --bui_color_on_brand_genius_primary_background: #fff; --bui_color_background_inverted: #1a1a1a; --bui_color_background: #474747; --bui_color_transparent: rgba(26, 26, 26, 0); --bui_color_background_alt: #f5f5f5;
                                      2025-01-16 16:09:36 UTC1369INData Raw: 65 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 6f 6e 5f 62 72 61 6e 64 5f 70 72 69 6d 61 72 79 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 72 61 6e 64 5f 70 72 69 6d 61 72 79 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 30 30 33 62 39 35 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 66 66 62 37 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 63 61 6c 6c 6f 75 74 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 66 35 36 37
                                      Data Ascii: e_background_dynamic: #fff; --bui_color_on_brand_primary_background_dynamic: #fff; --bui_color_brand_primary_background_dynamic: #003b95; --bui_color_accent_background_dynamic: #ffb700; --bui_color_callout_background_dynamic: #f567
                                      2025-01-16 16:09:36 UTC1369INData Raw: 79 5f 31 5f 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 20 20 20 20 20 20 2d 2d 44 4f 5f 4e 4f 54 5f 55 53 45 5f 62 75 69 5f 73 6d 61 6c 6c 5f 66 6f 6e 74 5f 62 6f 64 79 5f 31 5f 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 53 65 67 6f 65 20 55 49 2c 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 2d 2d 44 4f 5f 4e 4f 54 5f 55 53 45 5f 62 75 69 5f 73 6d 61 6c 6c 5f 66 6f 6e 74 5f 62 6f 64 79 5f 32 5f 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 2d 2d 44 4f 5f 4e 4f 54 5f 55 53 45 5f 62 75 69 5f 73 6d 61 6c 6c 5f 66 6f 6e 74 5f 62 6f 64
                                      Data Ascii: y_1_line-height: 24px; --DO_NOT_USE_bui_small_font_body_1_font-family: BlinkMacSystemFont, -apple-system, Segoe UI, Roboto, Helvetica, Arial, sans-serif; --DO_NOT_USE_bui_small_font_body_2_font-size: 14px; --DO_NOT_USE_bui_small_font_bod


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      6192.168.2.64991235.190.80.14438120C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-16 16:09:36 UTC553OUTOPTIONS /report/v4?s=om49Alzf1oAtZJgeG1rEm3yS6gSIVKA2UQTjaH4CJWhZVbh%2FGhaQ3P1aGr8NuwooJdOV3BjM0keDnR%2FLHgnYiCTnlN%2FXC27FbzYiv2qwUnfYD9qJjxw6gJlu0J0oBjFzg3dL9O%2FPQg%3D%3D HTTP/1.1
                                      Host: a.nel.cloudflare.com
                                      Connection: keep-alive
                                      Origin: https://fixecondfirbook.info
                                      Access-Control-Request-Method: POST
                                      Access-Control-Request-Headers: content-type
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2025-01-16 16:09:37 UTC336INHTTP/1.1 200 OK
                                      Content-Length: 0
                                      access-control-max-age: 86400
                                      access-control-allow-methods: POST, OPTIONS
                                      access-control-allow-origin: *
                                      access-control-allow-headers: content-length, content-type
                                      date: Thu, 16 Jan 2025 16:09:36 GMT
                                      Via: 1.1 google
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      7192.168.2.64991835.190.80.14438120C:\Program Files\Google\Chrome\Application\chrome.exe
                                      TimestampBytes transferredDirectionData
                                      2025-01-16 16:09:37 UTC490OUTPOST /report/v4?s=om49Alzf1oAtZJgeG1rEm3yS6gSIVKA2UQTjaH4CJWhZVbh%2FGhaQ3P1aGr8NuwooJdOV3BjM0keDnR%2FLHgnYiCTnlN%2FXC27FbzYiv2qwUnfYD9qJjxw6gJlu0J0oBjFzg3dL9O%2FPQg%3D%3D HTTP/1.1
                                      Host: a.nel.cloudflare.com
                                      Connection: keep-alive
                                      Content-Length: 455
                                      Content-Type: application/reports+json
                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                      Accept-Encoding: gzip, deflate, br
                                      Accept-Language: en-US,en;q=0.9
                                      2025-01-16 16:09:37 UTC455OUTData Raw: 5b 7b 22 61 67 65 22 3a 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 33 34 39 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 3a 2f 2f 63 6c 69 6e 74 6f 6e 6d 61 6b 65 73 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 37 2e 31 36 38 2e 31 36 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 32 30 30 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 72 65 73 70 6f 6e 73 65 2e 69 6e 76 61 6c 69 64 2e 69 6e 63 6f 6d 70 6c 65 74 65 5f 63 68 75 6e 6b 65 64 5f
                                      Data Ascii: [{"age":1,"body":{"elapsed_time":3495,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"http://clintonmakes.com/","sampling_fraction":1.0,"server_ip":"172.67.168.162","status_code":200,"type":"http.response.invalid.incomplete_chunked_
                                      2025-01-16 16:09:37 UTC168INHTTP/1.1 200 OK
                                      Content-Length: 0
                                      date: Thu, 16 Jan 2025 16:09:37 GMT
                                      Via: 1.1 google
                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      8192.168.2.64995040.115.3.253443
                                      TimestampBytes transferredDirectionData
                                      2025-01-16 16:09:42 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 77 36 63 51 78 58 67 43 75 30 4f 65 62 73 48 39 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 30 35 33 30 61 38 62 31 37 34 32 64 66 34 64 0d 0a 0d 0a
                                      Data Ascii: CNT 1 CON 305MS-CV: w6cQxXgCu0OebsH9.1Context: c0530a8b1742df4d
                                      2025-01-16 16:09:42 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                      2025-01-16 16:09:42 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 77 36 63 51 78 58 67 43 75 30 4f 65 62 73 48 39 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 30 35 33 30 61 38 62 31 37 34 32 64 66 34 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 6e 61 4b 50 37 33 56 7a 68 50 58 4f 43 4e 56 71 39 32 46 66 6f 78 32 37 54 72 2f 6a 51 67 54 39 69 71 44 65 6d 7a 4c 61 75 76 65 35 79 69 51 45 2f 58 37 45 75 6f 38 49 33 56 65 6f 4b 61 49 4a 34 72 33 69 37 52 4b 66 4a 66 61 48 6c 59 5a 53 36 2b 58 6b 63 46 39 42 55 46 64 36 75 79 77 34 41 4c 58 52 49 74 33 38 38 36 6f 54
                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: w6cQxXgCu0OebsH9.2Context: c0530a8b1742df4d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXnaKP73VzhPXOCNVq92Ffox27Tr/jQgT9iqDemzLauve5yiQE/X7Euo8I3VeoKaIJ4r3i7RKfJfaHlYZS6+XkcF9BUFd6uyw4ALXRIt3886oT
                                      2025-01-16 16:09:42 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 77 36 63 51 78 58 67 43 75 30 4f 65 62 73 48 39 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 30 35 33 30 61 38 62 31 37 34 32 64 66 34 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: w6cQxXgCu0OebsH9.3Context: c0530a8b1742df4d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                      2025-01-16 16:09:42 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                      Data Ascii: 202 1 CON 58
                                      2025-01-16 16:09:42 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6c 66 32 31 6a 50 61 6b 61 55 75 55 6e 64 58 33 36 63 4f 53 58 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                      Data Ascii: MS-CV: lf21jPakaUuUndX36cOSXA.0Payload parsing failed.


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      9192.168.2.65001940.115.3.253443
                                      TimestampBytes transferredDirectionData
                                      2025-01-16 16:10:06 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6f 39 6d 58 67 6b 70 74 77 6b 2b 53 59 67 62 30 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 62 32 33 36 37 33 32 34 32 32 32 30 39 36 0d 0a 0d 0a
                                      Data Ascii: CNT 1 CON 305MS-CV: o9mXgkptwk+SYgb0.1Context: 55b2367324222096
                                      2025-01-16 16:10:06 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                      2025-01-16 16:10:06 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6f 39 6d 58 67 6b 70 74 77 6b 2b 53 59 67 62 30 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 62 32 33 36 37 33 32 34 32 32 32 30 39 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 6e 61 4b 50 37 33 56 7a 68 50 58 4f 43 4e 56 71 39 32 46 66 6f 78 32 37 54 72 2f 6a 51 67 54 39 69 71 44 65 6d 7a 4c 61 75 76 65 35 79 69 51 45 2f 58 37 45 75 6f 38 49 33 56 65 6f 4b 61 49 4a 34 72 33 69 37 52 4b 66 4a 66 61 48 6c 59 5a 53 36 2b 58 6b 63 46 39 42 55 46 64 36 75 79 77 34 41 4c 58 52 49 74 33 38 38 36 6f 54
                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: o9mXgkptwk+SYgb0.2Context: 55b2367324222096<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXnaKP73VzhPXOCNVq92Ffox27Tr/jQgT9iqDemzLauve5yiQE/X7Euo8I3VeoKaIJ4r3i7RKfJfaHlYZS6+XkcF9BUFd6uyw4ALXRIt3886oT
                                      2025-01-16 16:10:06 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6f 39 6d 58 67 6b 70 74 77 6b 2b 53 59 67 62 30 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 35 62 32 33 36 37 33 32 34 32 32 32 30 39 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: o9mXgkptwk+SYgb0.3Context: 55b2367324222096<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                      2025-01-16 16:10:06 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                      Data Ascii: 202 1 CON 58
                                      2025-01-16 16:10:06 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6b 62 63 6b 65 56 55 55 34 45 53 47 73 2b 63 30 41 4c 34 34 4e 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                      Data Ascii: MS-CV: kbckeVUU4ESGs+c0AL44Ng.0Payload parsing failed.


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      10192.168.2.65002240.115.3.253443
                                      TimestampBytes transferredDirectionData
                                      2025-01-16 16:10:40 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 30 57 33 4c 73 48 61 39 75 30 53 74 2f 53 43 42 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 61 62 65 35 65 35 33 31 35 32 30 30 33 30 0d 0a 0d 0a
                                      Data Ascii: CNT 1 CON 305MS-CV: 0W3LsHa9u0St/SCB.1Context: 98abe5e531520030
                                      2025-01-16 16:10:40 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                      2025-01-16 16:10:40 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 30 57 33 4c 73 48 61 39 75 30 53 74 2f 53 43 42 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 61 62 65 35 65 35 33 31 35 32 30 30 33 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 6e 61 4b 50 37 33 56 7a 68 50 58 4f 43 4e 56 71 39 32 46 66 6f 78 32 37 54 72 2f 6a 51 67 54 39 69 71 44 65 6d 7a 4c 61 75 76 65 35 79 69 51 45 2f 58 37 45 75 6f 38 49 33 56 65 6f 4b 61 49 4a 34 72 33 69 37 52 4b 66 4a 66 61 48 6c 59 5a 53 36 2b 58 6b 63 46 39 42 55 46 64 36 75 79 77 34 41 4c 58 52 49 74 33 38 38 36 6f 54
                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 0W3LsHa9u0St/SCB.2Context: 98abe5e531520030<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXnaKP73VzhPXOCNVq92Ffox27Tr/jQgT9iqDemzLauve5yiQE/X7Euo8I3VeoKaIJ4r3i7RKfJfaHlYZS6+XkcF9BUFd6uyw4ALXRIt3886oT
                                      2025-01-16 16:10:40 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 30 57 33 4c 73 48 61 39 75 30 53 74 2f 53 43 42 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 38 61 62 65 35 65 35 33 31 35 32 30 30 33 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: 0W3LsHa9u0St/SCB.3Context: 98abe5e531520030<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                      2025-01-16 16:10:40 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                      Data Ascii: 202 1 CON 58
                                      2025-01-16 16:10:40 UTC58INData Raw: 4d 53 2d 43 56 3a 20 33 67 55 6d 72 4b 63 59 59 30 43 39 33 54 48 43 30 45 76 51 69 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                      Data Ascii: MS-CV: 3gUmrKcYY0C93THC0EvQiw.0Payload parsing failed.


                                      Session IDSource IPSource PortDestination IPDestination Port
                                      11192.168.2.65002440.115.3.253443
                                      TimestampBytes transferredDirectionData
                                      2025-01-16 16:11:28 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6b 4a 35 54 6b 65 64 70 31 6b 69 56 46 64 49 65 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 64 66 33 34 31 30 30 38 30 66 35 65 31 39 66 0d 0a 0d 0a
                                      Data Ascii: CNT 1 CON 305MS-CV: kJ5Tkedp1kiVFdIe.1Context: 2df3410080f5e19f
                                      2025-01-16 16:11:28 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                      2025-01-16 16:11:28 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6b 4a 35 54 6b 65 64 70 31 6b 69 56 46 64 49 65 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 64 66 33 34 31 30 30 38 30 66 35 65 31 39 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 6e 61 4b 50 37 33 56 7a 68 50 58 4f 43 4e 56 71 39 32 46 66 6f 78 32 37 54 72 2f 6a 51 67 54 39 69 71 44 65 6d 7a 4c 61 75 76 65 35 79 69 51 45 2f 58 37 45 75 6f 38 49 33 56 65 6f 4b 61 49 4a 34 72 33 69 37 52 4b 66 4a 66 61 48 6c 59 5a 53 36 2b 58 6b 63 46 39 42 55 46 64 36 75 79 77 34 41 4c 58 52 49 74 33 38 38 36 6f 54
                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: kJ5Tkedp1kiVFdIe.2Context: 2df3410080f5e19f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXnaKP73VzhPXOCNVq92Ffox27Tr/jQgT9iqDemzLauve5yiQE/X7Euo8I3VeoKaIJ4r3i7RKfJfaHlYZS6+XkcF9BUFd6uyw4ALXRIt3886oT
                                      2025-01-16 16:11:28 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6b 4a 35 54 6b 65 64 70 31 6b 69 56 46 64 49 65 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 64 66 33 34 31 30 30 38 30 66 35 65 31 39 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: kJ5Tkedp1kiVFdIe.3Context: 2df3410080f5e19f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                      2025-01-16 16:11:28 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                      Data Ascii: 202 1 CON 58
                                      2025-01-16 16:11:28 UTC58INData Raw: 4d 53 2d 43 56 3a 20 32 30 44 71 6b 69 5a 75 6f 45 65 71 43 6b 75 55 42 66 49 66 58 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                      Data Ascii: MS-CV: 20DqkiZuoEeqCkuUBfIfXg.0Payload parsing failed.


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:11:09:00
                                      Start date:16/01/2025
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\pfK5wqaIhu.pdf"
                                      Imagebase:0x7ff651090000
                                      File size:5'641'176 bytes
                                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:2
                                      Start time:11:09:01
                                      Start date:16/01/2025
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                      Imagebase:0x7ff70df30000
                                      File size:3'581'912 bytes
                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:4
                                      Start time:11:09:02
                                      Start date:16/01/2025
                                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1756,i,12063728696051712839,751656444868727226,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                      Imagebase:0x7ff70df30000
                                      File size:3'581'912 bytes
                                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:10
                                      Start time:11:09:26
                                      Start date:16/01/2025
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://clintonmakes.com/215c/#xjnlc6tz9slr90ljkvyd4hal"
                                      Imagebase:0x7ff684c40000
                                      File size:3'242'272 bytes
                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:11
                                      Start time:11:09:26
                                      Start date:16/01/2025
                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2012,i,17007502043534105949,12751466779547104436,262144 /prefetch:8
                                      Imagebase:0x7ff684c40000
                                      File size:3'242'272 bytes
                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      Disassembly

                                      No disassembly