Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
P4906RXNYH.pdf

Overview

General Information

Sample name:P4906RXNYH.pdf
renamed because original name is a hash value
Original sample name:5e19535d0167e7df36050902fa59327ea5db83037cdcb25c246d1ac715e089b9.pdf
Analysis ID:1592939
MD5:4964f04f8dc2ec09d71d09b2b617c976
SHA1:53208704319fb320938c63ae32f791d24cdf55a2
SHA256:5e19535d0167e7df36050902fa59327ea5db83037cdcb25c246d1ac715e089b9
Tags:bookingItalianPastapdfuser-JAMESWT_MHT
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
Detected non-DNS traffic on DNS port
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PDF has an OpenAction (likely to launch a dropper script)
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7980 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\P4906RXNYH.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3332 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6912 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2164 --field-trial-handle=1624,i,4524171770093824297,16236314498730192283,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 8588 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://clintonmakes.com/215c/#3sktwhubdghp8fcj6m9trh" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 8780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1832,i,12414227662192143125,735252245074768985,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-16T17:17:20.566545+010028594861A Network Trojan was detected104.21.94.195443192.168.2.1049738TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'view complaint'
AI detected suspicious Javascript
Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://clintonmakes.com/215c/#3sktwhubdghp8fcj6m9... This script demonstrates high-risk behavior, including dynamic code execution and data exfiltration. It attempts to redirect the user to an untrusted domain, which is a strong indicator of malicious intent.
Source: unknownHTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:49726 version: TLS 1.2

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2859486 - Severity 1 - ETPRO MALWARE Observed ClickFix Powershell Delivery Page Inbound : 104.21.94.195:443 -> 192.168.2.10:49738
Source: global trafficTCP traffic: 192.168.2.10:55095 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.10:60472 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 104.21.94.195 104.21.94.195
Source: Joe Sandbox ViewIP Address: 66.63.187.216 66.63.187.216
Source: Joe Sandbox ViewIP Address: 2.23.197.184 2.23.197.184
Source: Joe Sandbox ViewIP Address: 2.23.197.184 2.23.197.184
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.45
Source: global trafficHTTP traffic detected: GET /215c/ HTTP/1.1Host: clintonmakes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bookid82291 HTTP/1.1Host: minedudiser.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://clintonmakes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: fixecondfirbook.infoConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: http://clintonmakes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /languageRevert.js HTTP/1.1Host: fixecondfirbook.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fixecondfirbook.info/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /captchaHandler.js HTTP/1.1Host: fixecondfirbook.infoConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fixecondfirbook.info/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /languageRevert.js HTTP/1.1Host: fixecondfirbook.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /captchaHandler.js HTTP/1.1Host: fixecondfirbook.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficHTTP traffic detected: GET /215c/ HTTP/1.1Host: clintonmakes.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: f5510ad44=0ad448213ea0
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: clintonmakes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://clintonmakes.com/215c/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: clintonmakes.com
Source: global trafficDNS traffic detected: DNS query: minedudiser.com
Source: global trafficDNS traffic detected: DNS query: fixecondfirbook.info
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: unknownHTTP traffic detected: POST /report/v4?s=bKZXpW%2FUHh58WCivxIiJieMyu0LwmmM00ObXSbfD%2Fr8MjP34CHHpR0uwU%2BoVzZkH0TAcUbCOohj%2F20zlgLlhrl7aynZq3km1m562uSSRlz2saEtGPfDW2ArYDDbfkhbd0E9Hx83YZg%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 454Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 16:17:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedserver: Apache/2.4.37 (Rocky Linux)Content-Encoding: gzipData Raw: 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d ce 4d 0f 82 30 0c 06 e0 bf 52 b9 4b d1 70 6c 76 90 8f 48 82 48 cc 38 78 c4 ac 04 12 64 c8 86 c6 7f ef 74 17 2f 4d da f7 c9 9b d2 26 3d 27 f2 5a 67 70 94 a7 12 ea e6 50 16 09 04 5b c4 22 93 39 62 2a 53 9f ec c3 08 31 ab 02 41 bd bd 8f 6e 72 ab 04 d9 c1 8e 2c e2 28 86 4a 5b c8 f5 3a 29 42 7f 24 f4 e4 a6 d5 db f1 9d f8 13 6e a3 59 c8 9e 61 e1 c7 ca c6 b2 82 e6 52 c2 ab 35 30 39 d6 7d 19 e8 09 6c 3f 18 30 bc 3c 79 09 09 67 57 ea eb f0 f7 04 7c 00 b6 fe c5 76 be 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a8MM0RKplvHH8xdt/M&='ZgpP["9b*S1Anr,(J[:)B$nYaR509}l?0<ygW|v0
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: P4906RXNYH.pdfString found in binary or memory: https://clintonmakes.com/215c/#3sktwhubdghp8fcj6m9trh)
Source: ReaderMessages.0.drString found in binary or memory: https://www.adobe.co
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60477
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60475
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 60475 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60477 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:49726 version: TLS 1.2
Source: classification engineClassification label: mal56.winPDF@55/64@15/11
Source: P4906RXNYH.pdfInitial sample: https://clintonmakes.com/215c/#3sktwhubdghp8fcj6m9trh
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-16 11-16-50-593.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\P4906RXNYH.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2164 --field-trial-handle=1624,i,4524171770093824297,16236314498730192283,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://clintonmakes.com/215c/#3sktwhubdghp8fcj6m9trh"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1832,i,12414227662192143125,735252245074768985,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2164 --field-trial-handle=1624,i,4524171770093824297,16236314498730192283,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1832,i,12414227662192143125,735252245074768985,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: P4906RXNYH.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: P4906RXNYH.pdfInitial sample: PDF keyword stream count = 32
Source: P4906RXNYH.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: P4906RXNYH.pdfInitial sample: PDF keyword obj count = 86
Source: P4906RXNYH.pdfInitial sample: PDF keyword /OpenAction
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management Instrumentation2
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
P4906RXNYH.pdf0%VirustotalBrowse
P4906RXNYH.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://clintonmakes.com/215c/#3sktwhubdghp8fcj6m9trh)0%Avira URL Cloudsafe
http://clintonmakes.com/favicon.ico0%Avira URL Cloudsafe
https://fixecondfirbook.info/captchaHandler.js0%Avira URL Cloudsafe
https://clintonmakes.com/215c/0%Avira URL Cloudsafe
https://fixecondfirbook.info/languageRevert.js0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    		high
    e8652.dscx.akamaiedge.net
    		2.23.197.184
    		truefalse
      		high
      edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
      		217.20.57.34
      		truefalse
        		high
        www.google.com
        		142.250.186.100
        		truefalse
          		high
          clintonmakes.com
          		66.63.187.216
          		truefalse
            		high
            fixecondfirbook.info
            		104.21.94.195
            		truefalse
              		high
              minedudiser.com
              		186.64.116.70
              		truefalse
                		high
                x1.i.lencr.org
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://fixecondfirbook.info/languageRevert.jstrue
                  • Avira URL Cloud: safe
                  		unknown
                  https://minedudiser.com/bookid82291false
                    		high
                    http://clintonmakes.com/215c/false
                      		unknown
                      https://clintonmakes.com/215c/true
                      • Avira URL Cloud: safe
                      		unknown
                      https://fixecondfirbook.info/captchaHandler.jstrue
                      • Avira URL Cloud: safe
                      		unknown
                      https://fixecondfirbook.info/false
                        		high
                        http://clintonmakes.com/favicon.icofalse
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
                          		high
                          https://clintonmakes.com/215c/#3sktwhubdghp8fcj6m9trh)P4906RXNYH.pdffalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.adobe.coReaderMessages.0.drfalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            104.21.94.195
                            		fixecondfirbook.infoUnited States
                            		13335CLOUDFLARENETUSfalse
                            66.63.187.216
                            		clintonmakes.comUnited States
                            		8100ASN-QUADRANET-GLOBALUSfalse
                            35.190.80.1
                            		a.nel.cloudflare.comUnited States
                            		15169GOOGLEUSfalse
                            2.23.197.184
                            		e8652.dscx.akamaiedge.netEuropean Union
                            		1273CWVodafoneGroupPLCEUfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            186.64.116.70
                            		minedudiser.comChile
                            		52368ZAMLTDACLfalse
                            142.250.186.100
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse

                            Private

                            IP
                            192.168.2.4
                            192.168.2.5
                            192.168.2.24
                            192.168.2.10

                            General Information

                            Joe Sandbox version:42.0.0 Malachite
                            Analysis ID:1592939
                            Start date and time:2025-01-16 17:15:41 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 6m 3s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowspdfcookbook.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:18
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:P4906RXNYH.pdf
                            renamed because original name is a hash value
                            Original Sample Name:5e19535d0167e7df36050902fa59327ea5db83037cdcb25c246d1ac715e089b9.pdf
                            Detection:MAL
                            Classification:mal56.winPDF@55/64@15/11
                            EGA Information:Failed
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 0
                            • Number of non-executed functions: 0
                            Cookbook Comments:
                            • Found application associated with file extension: .pdf
                            • Found PDF document
                            • Close Viewer

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 184.28.88.176, 172.64.41.3, 162.159.61.3, 217.20.57.34, 2.16.168.105, 2.16.168.107, 142.250.186.131, 142.250.185.206, 142.251.168.84, 142.250.181.238, 172.217.18.14, 142.250.185.202, 142.250.185.138, 142.250.185.74, 142.250.186.42, 142.250.186.170, 172.217.18.106, 142.250.186.74, 142.250.186.106, 142.250.185.170, 142.250.181.234, 142.250.185.234, 172.217.16.202, 142.250.74.202, 216.58.206.74, 216.58.212.170, 142.250.184.234, 142.250.74.195, 142.250.184.195, 216.58.206.78, 142.250.65.174, 74.125.0.74, 172.217.18.110, 142.250.185.131, 142.250.185.78, 2.23.242.162, 3.219.243.226, 172.202.163.200, 23.203.104.175
                            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, www.gstatic.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com, crl.root-x1.letsencrypt.org.edgekey.net, clients1.google.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, r5.sn-t0aedn7e.gvt1.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, r5---sn-t0aedn7e.gvt1.com, clients.l.google.com, geo2.adobe.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            11:16:56API Interceptor2x Sleep call for process: AcroCEF.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            66.63.187.216shJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                            • clintonmakes.com/favicon.ico
                            z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                            • clintonmakes.com/favicon.ico
                            pfK5wqaIhu.pdfGet hashmaliciousUnknownBrowse
                            • clintonmakes.com/favicon.ico
                            9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                            • clintonmakes.com/favicon.ico
                            zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                            • swxpeyou.com/favicon.ico
                            weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                            • edwatsonsmallworks.com/favicon.ico
                            ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                            • leahbdesign.com/favicon.ico
                            cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                            • revelsocialclub.com/favicon.ico
                            iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                            • ritarichards.com/favicon.ico
                            BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                            • burnalong-info.com/favicon.ico
                            2.23.197.184z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                            • x1.i.lencr.org/
                            ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                            • x1.i.lencr.org/
                            JlZU1N9b8M.pdfGet hashmaliciousUnknownBrowse
                            • x1.i.lencr.org/
                            Beweise_f#U00fcr_Handlungen_die_Rechte_am_geistigen_Eigentum_verletzen.exeGet hashmaliciousUnknownBrowse
                            • x1.i.lencr.org/
                            https://form.fillout.com/t/p4CeteWGYsusGet hashmaliciousUnknownBrowse
                            • x1.c.lencr.org/
                            Absa Remittance Advice.docxGet hashmaliciousUnknownBrowse
                            • x1.c.lencr.org/
                            https://versyasist.website/sism.mp3Get hashmaliciousHTMLPhisherBrowse
                            • x1.c.lencr.org/
                            http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCKGet hashmaliciousUnknownBrowse
                            • x1.c.lencr.org/
                            http://usps.com-trackaddn.top/lGet hashmaliciousUnknownBrowse
                            • x1.c.lencr.org/
                            MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                            • x1.c.lencr.org/
                            104.21.94.195shJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                              9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                  BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                    OpoLADYwIE.pdfGet hashmaliciousUnknownBrowse
                                      JlZU1N9b8M.pdfGet hashmaliciousUnknownBrowse
                                        cCVZk5O7GW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                          ilCvGBnBTU.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comzvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                            • 217.20.57.20
                                            ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 217.20.57.34
                                            cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                            • 217.20.57.19
                                            imYD7uep15.exeGet hashmaliciousAsyncRAT, VenomRATBrowse
                                            • 217.20.57.20
                                            xsAOI70.exeGet hashmaliciousUnknownBrowse
                                            • 84.201.210.23
                                            Invoice#T5O2025.xlsGet hashmaliciousUnknownBrowse
                                            • 217.20.57.20
                                            new.batGet hashmaliciousUnknownBrowse
                                            • 217.20.57.20
                                            wmnq39xe8J.dllGet hashmaliciousWannacryBrowse
                                            • 84.201.210.23
                                            Document_31055.pdfGet hashmaliciousUnknownBrowse
                                            • 217.20.57.19
                                            0dsIoO7xjt.docxGet hashmaliciousUnknownBrowse
                                            • 217.20.57.20
                                            e8652.dscx.akamaiedge.netshJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 23.209.209.135
                                            z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                                            • 2.23.197.184
                                            zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                            • 23.209.209.135
                                            weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 23.209.209.135
                                            ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 2.23.197.184
                                            cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                            • 23.209.209.135
                                            iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                                            • 23.209.209.135
                                            BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 23.209.209.135
                                            OpoLADYwIE.pdfGet hashmaliciousUnknownBrowse
                                            • 23.209.209.135
                                            JlZU1N9b8M.pdfGet hashmaliciousUnknownBrowse
                                            • 2.23.197.184
                                            clintonmakes.comshJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 66.63.187.216
                                            z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                                            • 66.63.187.216
                                            pfK5wqaIhu.pdfGet hashmaliciousUnknownBrowse
                                            • 66.63.187.216
                                            9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 66.63.187.216

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            ZAMLTDACLshJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 186.64.116.70
                                            z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                                            • 186.64.116.70
                                            pfK5wqaIhu.pdfGet hashmaliciousUnknownBrowse
                                            • 186.64.116.70
                                            9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 186.64.116.70
                                            zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                            • 186.64.116.70
                                            weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 186.64.116.70
                                            ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 186.64.116.70
                                            cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                            • 186.64.116.70
                                            iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                                            • 186.64.116.70
                                            BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 186.64.116.70
                                            CLOUDFLARENETUShttp://neuroplus.com.br/asset/payroll/portal/qybVCmrZMa/ben.fillowmen@ne.govGet hashmaliciousUnknownBrowse
                                            • 104.17.25.14
                                            shJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 104.21.94.195
                                            z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                                            • 172.67.168.162
                                            https://www.google.com.vn/url?q=KWUZMS42J831JSWOSF4KEIP36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%RANDOM4%wDnNeW8yycT&sa=t&esrc=nNeW8F%RANDOM3%A0xys8Em2FL&source=&cd=tS6T8%RANDOM3%Tiw9XH&cad=XpPkDfJX%RANDOM4%VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fkayik.com.au/glyxzb/e7365d2bd9a2e2c8b5587a6a9eb341aa/YXdpbGxpYW1zQGtmb3JjZS5jb20=Get hashmaliciousUnknownBrowse
                                            • 104.17.25.14
                                            pfK5wqaIhu.pdfGet hashmaliciousUnknownBrowse
                                            • 172.67.168.162
                                            9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 104.21.94.195
                                            https://852u.adj.st/credits-opensea/?sk=288xDmHv&adj_t=wt0ujiy&adj_deep_link=eversheds-sutherlandpago://credits-opensea/?sk=288xDmHv&adj_label=MLM_MP_ML-EMAIL_CC_MARA_AO-UCR_ALL_ACT_X_X_DEFAULT_I-EG-UCR-MUTT-MAR-ABIERTO&adj_fallback=https://iondetox.com.ar/g63c/5617939594/Eversheds-sutherland/?eu=Y2xvemFub0BldmVyc2hlZHMtc3V0aGVybGFuZC5lcw==Get hashmaliciousUnknownBrowse
                                            • 188.114.96.3
                                            Aura.exeGet hashmaliciousLummaC, PureLog Stealer, XmrigBrowse
                                            • 104.21.96.1
                                            Menu.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                            • 104.21.112.1
                                            zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                            • 104.21.94.195
                                            ASN-QUADRANET-GLOBALUSshJGPJRkwH.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 66.63.187.216
                                            z5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                                            • 66.63.187.216
                                            pfK5wqaIhu.pdfGet hashmaliciousUnknownBrowse
                                            • 66.63.187.216
                                            9L6HMvfoLW.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 66.63.187.216
                                            zvIajMhxeH.pdfGet hashmaliciousUnknownBrowse
                                            • 66.63.187.216
                                            weMSnq4Jjv.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 66.63.187.216
                                            ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 66.63.187.216
                                            cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                            • 66.63.187.216
                                            iE77tz35dc.pdfGet hashmaliciousUnknownBrowse
                                            • 66.63.187.216
                                            BIRWrYv55T.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 66.63.187.216
                                            CWVodafoneGroupPLCEUz5z84fR7lS.pdfGet hashmaliciousUnknownBrowse
                                            • 2.23.197.184
                                            ry36jFmHDq.pdfGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                            • 2.23.197.184
                                            JlZU1N9b8M.pdfGet hashmaliciousUnknownBrowse
                                            • 2.23.197.184
                                            Beweise_f#U00fcr_Handlungen_die_Rechte_am_geistigen_Eigentum_verletzen.exeGet hashmaliciousUnknownBrowse
                                            • 2.23.197.184
                                            vXn4pan2US.exeGet hashmaliciousUnknownBrowse
                                            • 2.23.209.19
                                            vXn4pan2US.exeGet hashmaliciousUnknownBrowse
                                            • 2.23.209.35
                                            bot.arm.elfGet hashmaliciousUnknownBrowse
                                            • 193.18.233.128
                                            meth8.elfGet hashmaliciousMiraiBrowse
                                            • 141.1.75.13
                                            possible SPAM## Msig Insurance Europe Complete via-Sign Monday January 2025.msgGet hashmaliciousUnknownBrowse
                                            • 2.23.209.38
                                            3.elfGet hashmaliciousUnknownBrowse
                                            • 194.6.7.63

                                            JA3 Fingerprints

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            28a2c9bd18a11de089ef85a160da29e4cx8VPbdfQI.pdfGet hashmaliciousUnknownBrowse
                                            • 173.222.162.55
                                            OpoLADYwIE.pdfGet hashmaliciousUnknownBrowse
                                            • 173.222.162.55
                                            Recommended Itinerary.jsGet hashmaliciousUnknownBrowse
                                            • 173.222.162.55
                                            https://dev.nflxdualsubtitles.com/Get hashmaliciousUnknownBrowse
                                            • 173.222.162.55
                                            https://hm.ru/XKEkPrGet hashmaliciousUnknownBrowse
                                            • 173.222.162.55
                                            https://6y.tickarmoz.ru/aY57/Get hashmaliciousUnknownBrowse
                                            • 173.222.162.55
                                            https://caringforyousupport.com.au/Receipt536354.phpGet hashmaliciousWinSearchAbuseBrowse
                                            • 173.222.162.55
                                            527.zipGet hashmaliciousUnknownBrowse
                                            • 173.222.162.55
                                            https://forms.office.com/e/xknrfCPQkRGet hashmaliciousHTMLPhisherBrowse
                                            • 173.222.162.55
                                            http://ncn.acemlna.comGet hashmaliciousUnknownBrowse
                                            • 173.222.162.55

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):287
                                            Entropy (8bit):5.225681491301688
                                            Encrypted:false
                                            SSDEEP:6:iO+sDVq2PFi2nKuAl9OmbnIFUtUs7YgZmwqs7YIkwOFi2nKuAl9OmbjLJ:7+shvdZHAahFUtUs7h/qs775wZHAaSJ
                                            MD5:FE8CC373271995A8F2CD38E959C84E25
                                            SHA1:30FA4DDACFCFED571497146C4DCE0DFAB3929C70
                                            SHA-256:6CD32729FCD5E2A00C65D9ACF859F4E777A9285E40CEAF11FAC052DF4595C0EE
                                            SHA-512:8B730548D8AA67F17D505642235AEEB71EDA4E7EA0B7F3A9FE34B430D7B18686C6429D8FE4A1CAEDEAEEDC953041A1B08F746C40468DA30456EA6BD92EF0E792
                                            Malicious:false
                                            Reputation:low
                                            Preview:2025/01/16-11:16:48.925 620 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/16-11:16:48.928 620 Recovering log #3.2025/01/16-11:16:48.928 620 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):287
                                            Entropy (8bit):5.225681491301688
                                            Encrypted:false
                                            SSDEEP:6:iO+sDVq2PFi2nKuAl9OmbnIFUtUs7YgZmwqs7YIkwOFi2nKuAl9OmbjLJ:7+shvdZHAahFUtUs7h/qs775wZHAaSJ
                                            MD5:FE8CC373271995A8F2CD38E959C84E25
                                            SHA1:30FA4DDACFCFED571497146C4DCE0DFAB3929C70
                                            SHA-256:6CD32729FCD5E2A00C65D9ACF859F4E777A9285E40CEAF11FAC052DF4595C0EE
                                            SHA-512:8B730548D8AA67F17D505642235AEEB71EDA4E7EA0B7F3A9FE34B430D7B18686C6429D8FE4A1CAEDEAEEDC953041A1B08F746C40468DA30456EA6BD92EF0E792
                                            Malicious:false
                                            Reputation:low
                                            Preview:2025/01/16-11:16:48.925 620 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/16-11:16:48.928 620 Recovering log #3.2025/01/16-11:16:48.928 620 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):331
                                            Entropy (8bit):5.2175681048643385
                                            Encrypted:false
                                            SSDEEP:6:iO+9S+q2PFi2nKuAl9Ombzo2jMGIFUtUHUbZmwqHUBVkwOFi2nKuAl9Ombzo2jM4:7+VvdZHAa8uFUtU0b/q0P5wZHAa8RJ
                                            MD5:B28A24849CB2D9B3164AD7CBC948F72E
                                            SHA1:F857ADABC902D82FC97E22E11E411B1211CEB05A
                                            SHA-256:28AC12CD5E067606900A076ADD72D359E5F67EE0DFE942ED801787359ADEE47F
                                            SHA-512:B62741F9EA54AC404F99EF204588851305C941D58A615F45DD4DFBBCBACF3BBEDA49EB3757F940D0C9BE9C62FB0D3FA1B605F3AFFE174D0FB7BF322A4DFE2DA3
                                            Malicious:false
                                            Reputation:low
                                            Preview:2025/01/16-11:16:49.061 7b8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/16-11:16:49.113 7b8 Recovering log #3.2025/01/16-11:16:49.119 7b8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):331
                                            Entropy (8bit):5.2175681048643385
                                            Encrypted:false
                                            SSDEEP:6:iO+9S+q2PFi2nKuAl9Ombzo2jMGIFUtUHUbZmwqHUBVkwOFi2nKuAl9Ombzo2jM4:7+VvdZHAa8uFUtU0b/q0P5wZHAa8RJ
                                            MD5:B28A24849CB2D9B3164AD7CBC948F72E
                                            SHA1:F857ADABC902D82FC97E22E11E411B1211CEB05A
                                            SHA-256:28AC12CD5E067606900A076ADD72D359E5F67EE0DFE942ED801787359ADEE47F
                                            SHA-512:B62741F9EA54AC404F99EF204588851305C941D58A615F45DD4DFBBCBACF3BBEDA49EB3757F940D0C9BE9C62FB0D3FA1B605F3AFFE174D0FB7BF322A4DFE2DA3
                                            Malicious:false
                                            Reputation:low
                                            Preview:2025/01/16-11:16:49.061 7b8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/16-11:16:49.113 7b8 Recovering log #3.2025/01/16-11:16:49.119 7b8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5bb5d611-d064-4994-b765-fb9ea6532e5d.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):476
                                            Entropy (8bit):4.962905575204746
                                            Encrypted:false
                                            SSDEEP:12:YH/um3RA8sqUT9ksBdOg2Hh7caq3QYiubpP7E4T3y:Y2sRds5TdMH43QYhbd7nby
                                            MD5:92393B2950B190A8D86D8063E042FF44
                                            SHA1:1CCCB8490A2C6A4B24F8F2FE259B4E8FFD6EE80C
                                            SHA-256:FEF28D76D356DAC81622F3642879C186660531CB94E3C5439CBEB0B7921DD0F0
                                            SHA-512:31919EA08B810DF178F5931E6475237866D2F4038F31B46DDC4E61D0F134C25308185F744F3B40882AFCD927B3D1D91A76F3E0CE5E31DC53107F501BA36B0293
                                            Malicious:false
                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341061835820912","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":149104},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.10","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8fb5536e-e458-457c-a0bb-cb1a267511f1.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:JSON data
                                            Category:modified
                                            Size (bytes):476
                                            Entropy (8bit):4.969039366252107
                                            Encrypted:false
                                            SSDEEP:12:YH/um3RA8sqjesBdOg2Hdd+gcaq3QYiubpP7E4T3y:Y2sRds4DdMHdML3QYhbd7nby
                                            MD5:D7B028185AD81A7030A8C9AEF35355FA
                                            SHA1:D5FF0895427B25CFDA982AF462C9A9032B702418
                                            SHA-256:48CCE86AF5587D3AC277A29B600EE1BE1AB0696F910E85BD4CD05B5685440AB1
                                            SHA-512:F675DD26D433C09F5BAB1A07E7B1CDB5CC08920011117D568E61E156862B8FF12EB53F6612D5943EFBC9F22F8835EB78C2A79E8C4FF1824DA5F06A7326364099
                                            Malicious:false
                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381604220376013","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":141582},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.10","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):476
                                            Entropy (8bit):4.962905575204746
                                            Encrypted:false
                                            SSDEEP:12:YH/um3RA8sqUT9ksBdOg2Hh7caq3QYiubpP7E4T3y:Y2sRds5TdMH43QYhbd7nby
                                            MD5:92393B2950B190A8D86D8063E042FF44
                                            SHA1:1CCCB8490A2C6A4B24F8F2FE259B4E8FFD6EE80C
                                            SHA-256:FEF28D76D356DAC81622F3642879C186660531CB94E3C5439CBEB0B7921DD0F0
                                            SHA-512:31919EA08B810DF178F5931E6475237866D2F4038F31B46DDC4E61D0F134C25308185F744F3B40882AFCD927B3D1D91A76F3E0CE5E31DC53107F501BA36B0293
                                            Malicious:false
                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341061835820912","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":149104},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.10","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6ecaab.TMP (copy)

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):476
                                            Entropy (8bit):4.962905575204746
                                            Encrypted:false
                                            SSDEEP:12:YH/um3RA8sqUT9ksBdOg2Hh7caq3QYiubpP7E4T3y:Y2sRds5TdMH43QYhbd7nby
                                            MD5:92393B2950B190A8D86D8063E042FF44
                                            SHA1:1CCCB8490A2C6A4B24F8F2FE259B4E8FFD6EE80C
                                            SHA-256:FEF28D76D356DAC81622F3642879C186660531CB94E3C5439CBEB0B7921DD0F0
                                            SHA-512:31919EA08B810DF178F5931E6475237866D2F4038F31B46DDC4E61D0F134C25308185F744F3B40882AFCD927B3D1D91A76F3E0CE5E31DC53107F501BA36B0293
                                            Malicious:false
                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341061835820912","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":149104},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.10","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):4288
                                            Entropy (8bit):5.228089621917113
                                            Encrypted:false
                                            SSDEEP:96:wshFT0h7cA4YC2EVPCqY35NEmNOYcGPtqKYSEV7EFGr1FZ:wshFT0h7cZb2EVKZPEANcGIK5EV7cGJv
                                            MD5:8BAFCE14F08E993A24094612D8A8455E
                                            SHA1:6361FE7675D97C5D9E518E510B4BB14164D7E44B
                                            SHA-256:1DEDE18A708A5569C6D06BE90A3B5AA25841060785493AC851FEBC903CE60810
                                            SHA-512:7737B82EB7A9448C5377BB96F3ED8A67A2222FF371D67B9896C7D27E8FDEF3A19BA85B16AD41F1D27F2BC90BEF1D64347A96DFFB271BAB3C2014B14BFA1FB198
                                            Malicious:false
                                            Preview:*...#................version.1..namespace-#..o................next-map-id.1.Pnamespace-03b00fbd_48ad_47b1_8693_0d5562b6d54b-https://rna-resource.acrobat.com/.0..QRr................next-map-id.2.Snamespace-9efb0a2e_bf8a_4008_b12a_325311a763d0-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-493a2582_fd2f_403f_a0b6_bf623eaab337-https://rna-v2-resource.acrobat.com/.2%e.o................next-map-id.4.Pnamespace-285943ad_4ed5_46fb_8713_f1874054bf05-https://rna-resource.acrobat.com/.3nU..^...............Pnamespace-03b00fbd_48ad_47b1_8693_0d5562b6d54b-https://rna-resource.acrobat.com/"..C^...............Pnamespace-285943ad_4ed5_46fb_8713_f1874054bf05-https://rna-resource.acrobat.com/....a...............Snamespace-9efb0a2e_bf8a_4008_b12a_325311a763d0-https://rna-v2-resource.acrobat.com/.+;|a...............Snamespace-493a2582_fd2f_403f_a0b6_bf623eaab337-https://rna-v2-resource.acrobat.com/....o................next-map-id.5.Pnamespace-10b75d2f_11e7_4fa3_ae23_

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):319
                                            Entropy (8bit):5.250477347219152
                                            Encrypted:false
                                            SSDEEP:6:iO+FS7d3+q2PFi2nKuAl9OmbzNMxIFUtUN5ZmwqiVkwOFi2nKuAl9OmbzNMFLJ:7+FSZOvdZHAa8jFUtUN5/qa5wZHAa84J
                                            MD5:6127CF77B6C166E24C6C0634D24AE4DB
                                            SHA1:355324A601696B3DDED457CF146C78EB77C96DBE
                                            SHA-256:1CEDC711E67DF0597389250C401841AE5A8CCB47125B2977DC47A1E108E46A79
                                            SHA-512:31826B29B81F1EA66F9908F545CAB70EA3F84AF761CE6404DBE1EDA1DFC4E1B964E1B9247A7A9B537934ECA18FDCD6E3D21A99CB6C1FEA4889D07F887940E0FF
                                            Malicious:false
                                            Preview:2025/01/16-11:16:49.371 7b8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/16-11:16:49.400 7b8 Recovering log #3.2025/01/16-11:16:49.405 7b8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):319
                                            Entropy (8bit):5.250477347219152
                                            Encrypted:false
                                            SSDEEP:6:iO+FS7d3+q2PFi2nKuAl9OmbzNMxIFUtUN5ZmwqiVkwOFi2nKuAl9OmbzNMFLJ:7+FSZOvdZHAa8jFUtUN5/qa5wZHAa84J
                                            MD5:6127CF77B6C166E24C6C0634D24AE4DB
                                            SHA1:355324A601696B3DDED457CF146C78EB77C96DBE
                                            SHA-256:1CEDC711E67DF0597389250C401841AE5A8CCB47125B2977DC47A1E108E46A79
                                            SHA-512:31826B29B81F1EA66F9908F545CAB70EA3F84AF761CE6404DBE1EDA1DFC4E1B964E1B9247A7A9B537934ECA18FDCD6E3D21A99CB6C1FEA4889D07F887940E0FF
                                            Malicious:false
                                            Preview:2025/01/16-11:16:49.371 7b8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/16-11:16:49.400 7b8 Recovering log #3.2025/01/16-11:16:49.405 7b8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250116161654Z-218.bmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:PC bitmap, Windows 3.x format, 163 x -129 x 32, cbSize 84162, bits offset 54
                                            Category:dropped
                                            Size (bytes):84162
                                            Entropy (8bit):1.7478388353941687
                                            Encrypted:false
                                            SSDEEP:192:P79UVGEPm3Gvy5poVTCUt5CGfXbAp8vK9:IGExc
                                            MD5:A4EB365781F1960A58EC5ED08D699B6B
                                            SHA1:41E77EADDACE365EC62FC95212EE0C943C1E066F
                                            SHA-256:F5470B9C7E95BBAB03A490DC040C5FB81FAAB844E3F1166D6EDBD08EFB122351
                                            SHA-512:96B6A09C35D1B1D7DE3CABBC83B0B59938917B7354B114B9FD56ADA40E9090300AEFE33E3FD9C373B174369559C8FFCD291733DA1870E1AD2DDD381E6B74C7E9
                                            Malicious:false
                                            Preview:BM.H......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                            Category:dropped
                                            Size (bytes):86016
                                            Entropy (8bit):4.43841426400555
                                            Encrypted:false
                                            SSDEEP:384:yejci5GUiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:0YurVgazUpUTTGt
                                            MD5:8A28E7C2AD23F08E35CB1F5C7E91B6B9
                                            SHA1:0A990D2668947421C80004A39851CB3E0EC7FBCD
                                            SHA-256:059F29F9722487C155E79232885D2EAA7CE3B63A6EBE04897E28BF68E4302DC3
                                            SHA-512:C2D08B68ED06C56B5B35CE0F48E26EBCEF73050156107F70B4806C4B9643AB3156C95788C27B0F7D0D9209D3BF9B2C00CDDAAA060A1A07789AD1BE138AC5E1CC
                                            Malicious:false
                                            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:SQLite Rollback Journal
                                            Category:dropped
                                            Size (bytes):8720
                                            Entropy (8bit):3.77297289253643
                                            Encrypted:false
                                            SSDEEP:48:7MkUp/E2ioyV6ioy5oWoy1CUoy1mKOioy1noy1AYoy1Wioy1hioybioysoy1noyL:7pUpju6JFXKQ1hb9IVXEBodRBkv
                                            MD5:FF0CFEED3C90CF8C102BB490F4C1D95E
                                            SHA1:852318CE8E53EE60307A796FC75C203A03AD6D8F
                                            SHA-256:64C01A465BC770DF0269B20262BCFBE5D826EBF669EF4FB705112711FD0FC6F0
                                            SHA-512:A3533BF72E4A94735F1CEAFF6C427A499A4E2241F6E9E7C35650BFC34A2BB2AB9C3DCF84805A6F953005AF5CE23252D3F9FB45F4442BFA48CF54FF48D48E3142
                                            Malicious:false
                                            Preview:.... .c......(v................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:Certificate, Version=3
                                            Category:dropped
                                            Size (bytes):1391
                                            Entropy (8bit):7.705940075877404
                                            Encrypted:false
                                            SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                            Malicious:false
                                            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):192
                                            Entropy (8bit):2.746484906506307
                                            Encrypted:false
                                            SSDEEP:3:kkFklmSlfllXlE/HT8kkqtNNX8RolJuRdxLlGB9lQRYwpDdt:kK/vT8QNMa8RdWBwRd
                                            MD5:7AB388552DF54916C4F9B92C52985E4C
                                            SHA1:33D9FEF8D47FB272F763BB999C39C389885479BE
                                            SHA-256:3DA705C854B9BCCB401B36C94A08A351381C16E1802DA0437964437CC29C8478
                                            SHA-512:18A1AF1A918274FEBED9F45675590EF8DFB6A7D651866AA4A6AAC142A0082F0265835AAD99ACEC6DE04CBA5AB25469A40ABC6CB95B43C7AAFD9021DDC7C263E1
                                            Malicious:false
                                            Preview:p...... ............2h..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):295
                                            Entropy (8bit):5.3416261729070085
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJM3g98kUwPeUkwRe9:YvXKXB7QVCgY2UTbdvnGMbLUkee9
                                            MD5:772411945E2B3AE15C7D2470836867FB
                                            SHA1:38B2D09D9B339B2BCA4479663A6F1C9C92152113
                                            SHA-256:6B467231EB365A460CD02B6E5C65BBB0872D0AB57A06D747055F41BF30EF207D
                                            SHA-512:DD359B6588A5C7CEAE6E2B43F5AB83734615032B87D02886D7BD8EDF032BE7A409DB8893AF84F2BB1714C72CDB17C65A13F30D135C89A07900382C0FECFA0020
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):294
                                            Entropy (8bit):5.277120209280408
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJfBoTfXpnrPeUkwRe9:YvXKXB7QVCgY2UTbdvnGWTfXcUkee9
                                            MD5:5C877D35675AFA96536DB8D7727410FF
                                            SHA1:39009B1A35A9051383FD261495955C7A4245A88D
                                            SHA-256:BB3D1440A443213CF59A12D4AFC4F9523203BCB3B5CED3B98B93C10AE51CB161
                                            SHA-512:BE3E8AA1C6C6A1D378E2C576AC0B6F0E0F1B45283326E5959AC1F141E7DA71FB2BC00814DE59F858B58AE56ADCBF6C6FFE4BFDC44FC5E7CDC617E5720E50290A
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):294
                                            Entropy (8bit):5.257137926096767
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJfBD2G6UpnrPeUkwRe9:YvXKXB7QVCgY2UTbdvnGR22cUkee9
                                            MD5:C61F538965B616A8607AC456D4308AF1
                                            SHA1:1D93F00BE697388AD73CAB4987FBA96D4CC687C4
                                            SHA-256:1A156928C1AB7AE20326C83E08F7FF6A6309BFCDEAD0D4713EBBA4E0C713FC3C
                                            SHA-512:2A82C3F3472524C8DA69A2BC2A9C8AA3324282948395A42DFC38036857D2A64BD7B051BB5A3D495AC3FB9DD4256EECDB32D71F80895CA572A4CBF2544436ED48
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):285
                                            Entropy (8bit):5.315142173553485
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJfPmwrPeUkwRe9:YvXKXB7QVCgY2UTbdvnGH56Ukee9
                                            MD5:33D5724FDC4D84DBEC9FBBFA97710DFB
                                            SHA1:C93F51FCE8EC2DE65277F12F4D5A14B6E7DF00FE
                                            SHA-256:6170A4338E561E928F99AE967A985642CF2D267B2ACBD9B9C425B58FB09A0506
                                            SHA-512:F46CA8D6CF44E907F53F6EF4275337D94F769AE10C1C32653DD7C973E35BB110A79469518BCD1DC2D2463501143FF5F2EDE106497534C0D25B644CD391EE8126
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):1123
                                            Entropy (8bit):5.682846095470587
                                            Encrypted:false
                                            SSDEEP:24:Yv6XB7AC/2UX1spLgE9cQx8LennAvzBvkn0RCmK8czOCCSK:YvEc02w1shgy6SAFv5Ah8cv/K
                                            MD5:B1F2D618510176D698E829E2DCDA56CA
                                            SHA1:9C95CB2BA468418A363E8DB321C1F5BA4A262836
                                            SHA-256:C00E7CA64430EF520127D7F7D3D3F789247B20F43C440C25033A3A8A689A4DDB
                                            SHA-512:AF610947128454301EDCDD048751A3926ADD6516702FB96DB6383BB125826C26A72403BED9B6EB167825241B508681155AEC01E46E1DC4839CE821E659525DDC
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):289
                                            Entropy (8bit):5.251709392087709
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJf8dPeUkwRe9:YvXKXB7QVCgY2UTbdvnGU8Ukee9
                                            MD5:5FE55D37984948C00109BDD51CDA5285
                                            SHA1:32433634963FA753A7F69F0121E3DA1FD27A18B1
                                            SHA-256:D66F5CC745DDE7BA66B71C0EBAB41C756A55B86710CC6B6BC4DD0DBAD4BB4B17
                                            SHA-512:C99DDB36E247A5CE9115432F98443AD33A80D43BE12D3B50672B7DAF19DE43F305AABBD1D9ADC458FB3E95504368855E2E122BC3DB1541C45D2B2FD0314B8E47
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):292
                                            Entropy (8bit):5.254613794331817
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJfQ1rPeUkwRe9:YvXKXB7QVCgY2UTbdvnGY16Ukee9
                                            MD5:8A4F0A515D2FBFA25E2D1A0BBD7F2993
                                            SHA1:89C9040C8382ABDE8AEC0A6A7483F4310C251384
                                            SHA-256:FDA11DD6296D57C6E0EB4016535863A4EB974519C59C37490D66886DC65E060D
                                            SHA-512:C0E358626776A8BA0D1D490B30162B0EE5B359173B517DD67185BC583E117913DA19D0829E15170DBC70E00DC40BF34F4A66E0DC8C213656C800181D33A03442
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):289
                                            Entropy (8bit):5.261642836389705
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJfFldPeUkwRe9:YvXKXB7QVCgY2UTbdvnGz8Ukee9
                                            MD5:7096F3035DEB24A1269DFF1A820E1DCE
                                            SHA1:163F8EEC67059BE141049D7666C4634D450C7125
                                            SHA-256:6D131CFC293D200F488DED2315B2D4018DE82605B625F8845D06AE15004A219A
                                            SHA-512:9830DE0F4A207ABB9F7AAA4889211D9E8736EA8F919B25711AF64ED6FCC503B4226ADFD07D86EEDBE8FD6BB20504A5C38428BDC5452F4AEF885E576A6E6DADCF
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):295
                                            Entropy (8bit):5.276988068988699
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJfzdPeUkwRe9:YvXKXB7QVCgY2UTbdvnGb8Ukee9
                                            MD5:B40E587A90747FD8B722918CD77CEF27
                                            SHA1:A1FD112DF64B216483C89AA45EDD192AC33E5861
                                            SHA-256:1A7FCBA2808708B9782A9D2B64B4B95D8BA78DD04FA5E83FF0056D55F6C620D2
                                            SHA-512:BD1E94762A6E50070EF60D8B86F243919AE2101178D6F65F3821BC4070E19E8F8C94941AA6C1248A5CEBCAE8FAED32397310C9BC4E1613249FC89F94966E4F05
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):289
                                            Entropy (8bit):5.257029520043292
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJfYdPeUkwRe9:YvXKXB7QVCgY2UTbdvnGg8Ukee9
                                            MD5:0BCC8591C824CC54EE3E78C13E966B34
                                            SHA1:BF113DA6C0B2FACB5EFD2BC1402023A8EA8E0AAA
                                            SHA-256:D2360E373525DEAA13172CAE1492EA2B12B77FB7339A0EC161DDE4F4139D97D9
                                            SHA-512:47E5E0DB45EDAD1FD917051959FE224E5A4C1846417426DC12BF64E8117CF69E7D61A62C95EEA50DFE56806CD47741C365C390B413E77C5868729C5EBA563461
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):284
                                            Entropy (8bit):5.243172211321375
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJf+dPeUkwRe9:YvXKXB7QVCgY2UTbdvnG28Ukee9
                                            MD5:99D3E5AA5AA789D5F8C904DC75323848
                                            SHA1:0FB08EAECAB484E90093C970837B4DE5E9C0DC10
                                            SHA-256:A802193BCBBB768306AC6DFB1AE26D873607705F276FFBEF21B63535C4E6F060
                                            SHA-512:FF0021503FF1D9E2ACFF6136B8F7336AF9292116321AA176CBDEF39C2BE5D555A33184C9B55509AD832D25C5115A62571B0273884E7D396A9AE70478576D1A72
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):291
                                            Entropy (8bit):5.2408719474763075
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJfbPtdPeUkwRe9:YvXKXB7QVCgY2UTbdvnGDV8Ukee9
                                            MD5:5951380A4BD605FF24D508641D74B0DB
                                            SHA1:99FD04D37C1CC97125F342C55AFCA2B58BD82EA2
                                            SHA-256:B6272CB8F6C453090BC9CB7F38CDC9151CB5F0A755E43A6DF52AE46E5B2F2855
                                            SHA-512:C56F3A24F10CE816FBD7886C5C1AD35F874000118F1AA75555F6E80875DBD6B3AB6C2738851285C9A465293009D69DD2A497D68A888333B5ABBC20B89E18C4CF
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):287
                                            Entropy (8bit):5.243954357764308
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJf21rPeUkwRe9:YvXKXB7QVCgY2UTbdvnG+16Ukee9
                                            MD5:9804BA93722EBC7126CE2AF3933148F1
                                            SHA1:19B38BB254777CB6D7EEBB52F724FC5012DE30C3
                                            SHA-256:171BBFAB58B31ABFEB9454760A84D32C8B7DE921CF66BCAE6BCD7EEF86DF686E
                                            SHA-512:38E6228D3C98237A6EDB0F79EF50CFBC5A8DBD434278C16E497201F0B6D2AA733C84328C190B6E8B0083A4519D99B5F99B7738B33B21E5AF637E36894F700E8C
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):1090
                                            Entropy (8bit):5.656492555328035
                                            Encrypted:false
                                            SSDEEP:24:Yv6XB7AC/2UX1YamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSK:YvEc02w1eBgkDMUJUAh8cvMK
                                            MD5:12D21B95BE359A361FB8E79473E01DCB
                                            SHA1:1D2B57E7F65192AF2A63F19E65AB2DFD37693912
                                            SHA-256:A483AF03917DE6D83E68322CEC2E6690A703AA95077071EBEE7CD162ED20BDF6
                                            SHA-512:8D7F021A0FF3340CBE8CAE731DBA1BA6DDD85E1665889FA73C27FE9AF9CD984A6BCC114C67C3962D804349577D0A4E42B32E360F32BB9D6054DEF3FD993E96C4
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):286
                                            Entropy (8bit):5.218122342856409
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJfshHHrPeUkwRe9:YvXKXB7QVCgY2UTbdvnGUUUkee9
                                            MD5:E2EF62C03F55C86D4B94680017301668
                                            SHA1:F534648A01B0F37C0E8F153B800D221AF5064C52
                                            SHA-256:834DC9301BD266C1A1661D5479EA8C4DAFCC15EACF39A06BDFC6A060C526AB3C
                                            SHA-512:9181F0D84E07DE2F66F6B04F6DF0E037DA36ECCD734E2E66A6DCF8C06AFF4E2AEC1112F48FBA71D4E736E8026F777473EC3D037485B106400017A1AD9DFAB14E
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):282
                                            Entropy (8bit):5.231171027199548
                                            Encrypted:false
                                            SSDEEP:6:YEQXJ2HXBSyB2VCluY2UXjb24kF0YwUoAvJTqgFCrPeUkwRe9:YvXKXB7QVCgY2UTbdvnGTq16Ukee9
                                            MD5:B0625A3DF612917DB1B5190191705598
                                            SHA1:D4F799D06995F8B81C78CCFFA77DE3779DCACFD5
                                            SHA-256:2A64B06D0B64FB2161D971BE3C28982ABF32B4EFA912ADFF9100D7DDF77FB658
                                            SHA-512:8090F0C01C2D399B177BB26A4623431CAFECCA2A21B8B5CD21E51B0FD014D845078C09FCA5098706653FE58B32492619DDDE4B81039FAD732898CAE0B9FE0E3E
                                            Malicious:false
                                            Preview:{"analyticsData":{"responseGUID":"67e2d7ae-100d-492a-a7d9-e1d7eb84f317","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1737222568917,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):4
                                            Entropy (8bit):0.8112781244591328
                                            Encrypted:false
                                            SSDEEP:3:e:e
                                            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                            Malicious:false
                                            Preview:....

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):2814
                                            Entropy (8bit):5.133307113045778
                                            Encrypted:false
                                            SSDEEP:24:Y92Etauay/Si2AJAwAnwZBLqj0BE0EQnrvjsNj0SJ/2Yi2Of2LSJxCqqMZyQ6BDo:Y9IAlZsADc41pTqiD60S9sTt
                                            MD5:1E16719F490AB911904A2EFA37293E50
                                            SHA1:6C438234F5E20ED22D5F68E668346AB8DA557046
                                            SHA-256:97FC2933C44FACDE20823AF441D1F4C31AFFC43309D03833E136F1210830CD3A
                                            SHA-512:B795635DDC196354E184C77CD94BCB61B002295FB4AFAD29DD230DE7FCF5A43DDFD4AB6818B5E29CF1A4C7F6265A38F5DBCBE3560041CF1FEA9360A562B8EE52
                                            Malicious:false
                                            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"9a0f784d25df82365e7e48332d1a3a32","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1737044218000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"f681673236a8490cdce521d3e95f3719","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1737044218000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"fc0c4ff209ee1dbad461b9cb73ec9ebe","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1737044218000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"55a1cd52c286b67653222e428a2e1089","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1737044218000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"d8d8011de25170d0057747abb7923976","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1737044218000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"5d09da1e8799e53f6c531279a7eb5195","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                            Category:dropped
                                            Size (bytes):12288
                                            Entropy (8bit):1.3182077103848795
                                            Encrypted:false
                                            SSDEEP:24:TLKufx/XYKQvGJF7urs9O3KaiZ3FL63FLesb+sZobF16R6FdpqpQ6YW7+EXSqXlr:TGufl2GL7msUKB0M0+Tb608YlrE
                                            MD5:30B0C9111663DECF3806AD03F6CFC096
                                            SHA1:EF44254B994E2B507A2E63DBF1A7DDE6A72A6209
                                            SHA-256:A25B81FDC2D854143CFB8835168C47A29D15FACB041C7BAC7925B3E04E43EADD
                                            SHA-512:D85696623D86257221C0AB8CCC0083BBA222FF6DA5907BEAC81FACDAB6BDDB1D2BB663BAAE2EDC5462A41F9EA924D42530F74C25FB8189CBA1884004FC8C8873
                                            Malicious:false
                                            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:SQLite Rollback Journal
                                            Category:dropped
                                            Size (bytes):8720
                                            Entropy (8bit):1.7778108951049194
                                            Encrypted:false
                                            SSDEEP:24:7+tml3KaiZ3FL63FLesb+sZobF16R6FdpqpQ6YW7/EXSqXlyGKaiSqLhx/XYKQvB:7MkKB0M0+Tb608YorGKeqFl2GL7msG
                                            MD5:AE999CE3D4A21403E3F9F53D9BBAE3D4
                                            SHA1:AF1B6439643A0EE999D1B7164D6EE8DE4B1CBBD1
                                            SHA-256:AEE647004DEF7D6165904A662584A72A1F27B06FADD485166B7539FC4FA1180B
                                            SHA-512:36F92D72C16AD4565B81CA3DB9E45878C9C834B024479868C1CDE0100828AB1114C2EC65DC865C40C2C1C6E1D29DAAAD97A8CDA9CC4EAD8B122813D61BEDCD60
                                            Malicious:false
                                            Preview:.... .c.......4b..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.p.p.p.p.p.p.p.p.p.p..........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):66726
                                            Entropy (8bit):5.392739213842091
                                            Encrypted:false
                                            SSDEEP:768:RNOpblrU6TBH44ADKZEgLTJAoDh9qrmNQ/AyY5SQhz39lGXSYyu:6a6TZ44ADEL1qm+4yY5zdGSK
                                            MD5:1CE5CCE257A2312040A44A118798E745
                                            SHA1:7F1075E34252733FDEFDF1A68895F0D7633D6D59
                                            SHA-256:B0B2E18ADD7F0B6174F20AC7EA76AB3D17A7489A7FB58124A0BDD7533B7ECA3C
                                            SHA-512:57DADBADAE5AF2F5753934E84F87715B5F4ED3AE57F90E897E19FC0C316805BBEEB89D59DBC51B94D9D1CE7DB0D13676C2661C7F07DD950C3E47ED077A3A1D58
                                            Malicious:false
                                            Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                            C:\Users\user\AppData\Local\Temp\MSIe9822.LOG

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):246
                                            Entropy (8bit):3.5079682350099546
                                            Encrypted:false
                                            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8eebClEb1w:Qw946cPbiOxDlbYnuRKhsDb1w
                                            MD5:F7365AD297D5891D758930A248641A6F
                                            SHA1:491472FF94B45F6B6E24A70D8CB213DF21693875
                                            SHA-256:EBF92489D1649D43A223CED666AFE6251E5049ECE4B3CB7C952426DB8303D688
                                            SHA-512:A678AB37397620CF356D47DEC2596B6FCF8268D47B18B9497702DE81ACFBC1CE30D271C35BCCCF82B59CB8AB0B76FE550999B72E72AFF105A84201E227DA11A7
                                            Malicious:false
                                            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.6./.0.1./.2.0.2.5. . .1.1.:.1.6.:.5.8. .=.=.=.....

                                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-16 11-16-50-593.log

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:ASCII text, with very long lines (393)
                                            Category:dropped
                                            Size (bytes):16525
                                            Entropy (8bit):5.361022727805069
                                            Encrypted:false
                                            SSDEEP:384:cBD67lQV4j1MOuD/btX+wknz+fzTqyorqz3tVFr84AbAYpfFWbWt+Fjwn0z5O+Wf:4M5
                                            MD5:70A2D078BEFD5E910EE035832171B399
                                            SHA1:1AB91914ECD7852E512C73437D30013594A16FB0
                                            SHA-256:2B55DE84E5446FD295128DAD5827122E98AC784F96A1F422B711B14E8F7DB1ED
                                            SHA-512:9FF36D4E320A8791AB0B87F24CAB4CBE777D9E8A3A64D26AF419132CDFDFCCD9A253EE9854032C4C87C546187951077F869CBCBDC9513278C557FC4895C7DBBC
                                            Malicious:false
                                            Preview:SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:158+0200 ThreadID=4884 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:159+0200 ThreadID=4884 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:159+0200 ThreadID=4884 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:159+0200 ThreadID=4884 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:159+0200 ThreadID=4884 Component=ngl-lib_NglAppLib Description="SetConfig:

                                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):15114
                                            Entropy (8bit):5.359830273023574
                                            Encrypted:false
                                            SSDEEP:384:cpYpepJpWpAp7pVupTp2povIA5pqpkpbpipGpIpWp3pLpMplpZtY71m9FZ3a2T3w:wM6bSUdVKVyy/GY9eC8S5tgnS
                                            MD5:A9176A58C2F176A2635848F745AAF468
                                            SHA1:2CAC0DDB0EE02FAEFB2125195A9A369F73049F9F
                                            SHA-256:2364900E83F9470601478DFAF237FBD2B8AF597FD5D5FFEEF48E426572BC927B
                                            SHA-512:2E51058771058C9C5C7AC46A8765D829E9B46E3C5D63FAB8167026E82CDC2A639E7EA511B40DD86CF842EF3A39E76636CCC49A4308940C81A1B4D9C5B105DA62
                                            Malicious:false
                                            Preview:SessionID=23f9dae6-7273-42d1-b9b9-7873d2f6dcf6.1737044210605 Timestamp=2025-01-16T11:16:50:605-0500 ThreadID=6796 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=23f9dae6-7273-42d1-b9b9-7873d2f6dcf6.1737044210605 Timestamp=2025-01-16T11:16:50:606-0500 ThreadID=6796 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=23f9dae6-7273-42d1-b9b9-7873d2f6dcf6.1737044210605 Timestamp=2025-01-16T11:16:50:606-0500 ThreadID=6796 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=23f9dae6-7273-42d1-b9b9-7873d2f6dcf6.1737044210605 Timestamp=2025-01-16T11:16:50:606-0500 ThreadID=6796 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=23f9dae6-7273-42d1-b9b9-7873d2f6dcf6.1737044210605 Timestamp=2025-01-16T11:16:50:606-0500 ThreadID=6796 Component=ngl-lib_NglAppLib Description="SetConf

                                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):29752
                                            Entropy (8bit):5.406574137351125
                                            Encrypted:false
                                            SSDEEP:192:zcbaIGkcbIcbiIICcbBOQQ0fQNCHPaPOhWPOA3mbSAcbsGC9GZPOdIzZMJzV3Zm+:EGvIcNYdUly
                                            MD5:B72C8483C913A7F3F73B48440BDF56C7
                                            SHA1:F512B70D59119244B833FDF7F25C670057FF6B7A
                                            SHA-256:8225A2FDA1B3E3B327FDC42A63DB92820363B5CB4AA7A33E23CFBEC8B2414977
                                            SHA-512:792F08DE66EAC689A34A9F8D96F6572C1F67672E08ACE7A1B7B002792A431007AD814D41C836D95201AA86404E317197DE6E50318F564C86A13ABC725FA8CF8C
                                            Malicious:false
                                            Preview:05-10-2023 11:50:33:.---2---..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 11:50:33:.Closing File..05-10-

                                            C:\Users\user\AppData\Local\Temp\acrocef_low\2268fd77-b932-4797-8855-1a96abb71337.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                            Category:dropped
                                            Size (bytes):386528
                                            Entropy (8bit):7.9736851559892425
                                            Encrypted:false
                                            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                            MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                            Malicious:false
                                            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                            C:\Users\user\AppData\Local\Temp\acrocef_low\2e85651b-eff9-4bdb-b5a9-dc1984d54fb9.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                            Category:dropped
                                            Size (bytes):758601
                                            Entropy (8bit):7.98639316555857
                                            Encrypted:false
                                            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                            MD5:3A49135134665364308390AC398006F1
                                            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                            Malicious:false
                                            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                            C:\Users\user\AppData\Local\Temp\acrocef_low\78b81df5-c897-4a87-b95c-9aa956d953fe.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                            Category:dropped
                                            Size (bytes):1407294
                                            Entropy (8bit):7.97605879016224
                                            Encrypted:false
                                            SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
                                            MD5:716C2C392DCD15C95BBD760EEBABFCD0
                                            SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
                                            SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
                                            SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
                                            Malicious:false
                                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                            C:\Users\user\AppData\Local\Temp\acrocef_low\fd635222-1bd5-4f5d-9080-8e201b1828c1.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                            Category:dropped
                                            Size (bytes):1419751
                                            Entropy (8bit):7.976496077007677
                                            Encrypted:false
                                            SSDEEP:24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru
                                            MD5:95F182500FC92778102336D2D5AADCC8
                                            SHA1:BEC510B6B3D595833AF46B04C5843B95D2A0A6C9
                                            SHA-256:9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9
                                            SHA-512:D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA
                                            Malicious:false
                                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 15:17:16 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2673
                                            Entropy (8bit):3.9819261691863743
                                            Encrypted:false
                                            SSDEEP:48:8HQnbdWjT3U1H8idAKZdA1uehwiZUklqehAy+3:8HQkjbU3/y
                                            MD5:AC06F68ED6B53C422DA97C6959F4D4B7
                                            SHA1:52878EA12381F0227228C86637D6A7299C255739
                                            SHA-256:61C88CD50A8115FC561A1B2A351F3823D13E6E040E3B53690414BE3826842E5B
                                            SHA-512:CDE6B29AAD83240AECB032F7490E79D1971E23CE48436CA5449ED440D4C623A249680C2843F248443A4B91C498E3637AE729260D378546BF79453B810F4C82D1
                                            Malicious:false
                                            Preview:L..................F.@.. ...$+.,.....)..2h......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I0Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Z'.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V0Z'.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V0Z'............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V0Z).....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........B........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 15:17:16 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2675
                                            Entropy (8bit):4.0007443336482265
                                            Encrypted:false
                                            SSDEEP:48:88nbdWjT3U1H8idAKZdA1Heh/iZUkAQkqehvy+2:88kjbUx9Qay
                                            MD5:EA722F5B46A8C9AC6B20C8FEAE58BBD0
                                            SHA1:8EFCEDCD0B6604657DDADFFF3C4A1B6941E3A70A
                                            SHA-256:1938F0CEA91DBC6925E4F16641B86AB29B75B98D5A5332339B2223D5C017AE7C
                                            SHA-512:C607112F0E6A87EC5B0D6AEDB6DC4E1B555A0E20E020FD1D3AF3E8E57E889DFC0DD0CCD39DFABE0F9FB086ED66246BD21E914DDF177976C1763BBB9C48224202
                                            Malicious:false
                                            Preview:L..................F.@.. ...$+.,........2h......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I0Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Z'.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V0Z'.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V0Z'............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V0Z).....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........B........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 08:59:33 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2689
                                            Entropy (8bit):4.0097490936275495
                                            Encrypted:false
                                            SSDEEP:48:8FnbdWjT3UbH8idAKZdA149eh7sFiZUkmgqeh7sZy+BX:8FkjbUnnby
                                            MD5:445298C1A53595529A7FB45C8C1638F7
                                            SHA1:C0B0A0AA0493D7F5FAC3FB9FA377D2EDB2949AFA
                                            SHA-256:318B91628CF4B6BE345789AB618250C38770E2191FE0625F9FBAB51B39060980
                                            SHA-512:3CA2DAB165DAAE7CCA0EA19BCFAB6F8F2622775BEC062218CF5E40B5E2117CD71CD558606845FB6EEB7B1B0D6C9B24E696BB65CF1781D34626DFAE80EB279F25
                                            Malicious:false
                                            Preview:L..................F.@.. ...$+.,....K..r.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I0Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Z'.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V0Z'.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V0Z'............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VEW.L....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........B........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 15:17:16 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2677
                                            Entropy (8bit):3.996610315546257
                                            Encrypted:false
                                            SSDEEP:48:8WLnbdWjT3U1H8idAKZdA14ehDiZUkwqehTy+R:8WLkjbUCRy
                                            MD5:39295D903C892D15D079850716217D70
                                            SHA1:93F3F32E0CC7EA8E5F79C0A41B2B688506897619
                                            SHA-256:4A538CC558B53D401529498E0C59DEFE37EA7AF840542F292ADF96DB55BF394E
                                            SHA-512:E1AF632895F8C66862C1761AF32E1C1C78FBFA918BAA3BC5425AE8448895059504ADF6597B71199995F4072445106CBC8B3C80D155A52DC825F37F099F3B8FDD
                                            Malicious:false
                                            Preview:L..................F.@.. ...$+.,.....k..2h......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I0Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Z'.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V0Z'.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V0Z'............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V0Z).....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........B........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 15:17:16 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2677
                                            Entropy (8bit):3.987033922186052
                                            Encrypted:false
                                            SSDEEP:48:83nbdWjT3U1H8idAKZdA1mehBiZUk1W1qehFy+C:83kjbUi9ly
                                            MD5:9856FEA9EE2854364ED7160D4F5A0401
                                            SHA1:D1A49E05D62C35106F5258E412F12447FC835FDA
                                            SHA-256:BC2CF7269318D373F45DA35719999DDB1597B63DFBAE9295B9DE10DEE1CF64EC
                                            SHA-512:32119DB32DCB414AC83A4721A6E4391C74746FDB4B0245F67C2FB428A1F3CC09A0395AF14775A4D2C39A922956516507BA09DB7A3C5F20395612D4D95B8794F6
                                            Malicious:false
                                            Preview:L..................F.@.. ...$+.,....`...2h......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I0Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Z'.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V0Z'.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V0Z'............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V0Z).....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........B........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 15:17:16 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2679
                                            Entropy (8bit):3.998026019673787
                                            Encrypted:false
                                            SSDEEP:48:8EnbdWjT3U1H8idAKZdA1duT1ehOuTbbiZUk5OjqehOuTbby+yT+:8EkjbUpTyTbxWOvTbby7T
                                            MD5:74ECC740E30D1CF8AE1D125C98F8DF78
                                            SHA1:14003CB44040E493B627E619C086FBAA77A07328
                                            SHA-256:D79E0E7B1DE810B3D13A1779A7309E94AE71D132F05FA4CA39162F094DD2D944
                                            SHA-512:1F9D5453DE7BA85E375410781C0CF280525C4AC57359EB4D2E40E24EE398C75277F903C6A0A5DF5C034F5DDBFC889CCEBB156B9E82DBAB54CCED789EA3654442
                                            Malicious:false
                                            Preview:L..................F.@.. ...$+.,....@...2h......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.I0Z......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Z'.....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.V0Z'.....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.V0Z'............................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V0Z).....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........B........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                            Chrome Cache Entry: 280

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                            Category:downloaded
                                            Size (bytes):2228
                                            Entropy (8bit):7.82817506159911
                                            Encrypted:false
                                            SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                                            MD5:EF9941290C50CD3866E2BA6B793F010D
                                            SHA1:4736508C795667DCEA21F8D864233031223B7832
                                            SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                            SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                            Malicious:false
                                            URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                                            Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                                            Chrome Cache Entry: 281

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                            Category:dropped
                                            Size (bytes):2228
                                            Entropy (8bit):7.82817506159911
                                            Encrypted:false
                                            SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                                            MD5:EF9941290C50CD3866E2BA6B793F010D
                                            SHA1:4736508C795667DCEA21F8D864233031223B7832
                                            SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                            SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                            Malicious:false
                                            Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                                            Chrome Cache Entry: 282

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 190
                                            Category:downloaded
                                            Size (bytes):168
                                            Entropy (8bit):6.7197357652806184
                                            Encrypted:false
                                            SSDEEP:3:FttakNW0v1qHv3HjapKxfD/20PbHykg8TaKRUvKEivzCz4Ecssx2VSREvln:Xt5WaoekNj20P57TaKaHirPF2Vr9n
                                            MD5:3B84FB10F1DF8E1537F04D6C0F8EB5B6
                                            SHA1:E486E09F4BEC13056A3C39C48738C50C0983130B
                                            SHA-256:8675302B63BEDD118BCBB4527599F0FC76E387E96C626776FB7CCB63DA4F498A
                                            SHA-512:6FC2F7B6FE2EB51700421CC92C30137A3820208B3AA75E159D11FE7064FF152680D0D746ABACB5D0E98350ACA8872B2FCFC12B8E32CE0232E343E1FA505C3660
                                            Malicious:false
                                            URL:http://clintonmakes.com/favicon.ico
                                            Preview:..........M.M..0...R.K.plv..H.H.8x...d....t./M....&='.Zgp.....P...[.".9b*S....1..A...nr.....,.(.J[..:)B.$.......n.Y.a......R.509.}...l?.0.<y..gW.....|....v....

                                            Chrome Cache Entry: 283

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:Unicode text, UTF-8 text
                                            Category:downloaded
                                            Size (bytes):586
                                            Entropy (8bit):4.370557641150247
                                            Encrypted:false
                                            SSDEEP:12:uSoUAjPUdbGVL+PSePqfowFGZciFanuacl:1kTibMC1qfNsCmauacl
                                            MD5:ED1D486217F2793D2EF42BE7E3832E34
                                            SHA1:90E1F5CA3AD5B15F83D073983CCC793AA10EC3D3
                                            SHA-256:87BEC5CD283117B0FAA07633479F3E64F476BC65E94EB1B306EDEED381B05DD1
                                            SHA-512:17BC69370C9B0B4FA0D536D6E188770F575CCA8ABCBCE515FE045483787DC01AB5D1F9023F79860ED55B6D6CFC7D54010E538A2299666972D58C6BB8A80EDFBD
                                            Malicious:false
                                            URL:https://fixecondfirbook.info/captchaHandler.js
                                            Preview:document.addEventListener('DOMContentLoaded', function() {. const recaptchaCheckbox = document.querySelector('.recaptcha-checkbox');. if (recaptchaCheckbox) {. recaptchaCheckbox.addEventListener('click', function() {. // ........ IP-...... .. ....... fetch('/send-ip', {. method: 'POST'. }).then(response => {. if (response.ok) {. console.log('');. } else {. console.error('');. }. });. });. }.}); .

                                            Chrome Cache Entry: 284

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):874
                                            Entropy (8bit):4.562777845892514
                                            Encrypted:false
                                            SSDEEP:24:2z34mR0mRFgRmRCL3/mRLC4McHPXkniHqb8iHqmu:aLpfbgLegbM0nhYhmu
                                            MD5:E1B0667740A466F2ADE08864B8AAC4A8
                                            SHA1:3E79FF881EB857A030CDA726CBA4B73FDFEB9664
                                            SHA-256:D688F111F8DF6DADFE5505FDB923A2788311A2D1D70D4FE04688020E1B211A6D
                                            SHA-512:43E9400B5467A7DBFCBD89C9D08CBADE214DE5CC562A9DBF4D6A7F7216E5146C771E8BE90CF1F1C1E0106EA52F0F27CA7698D8190FB34603981CDCE50F26E4AD
                                            Malicious:false
                                            Preview:(function() {. function revertLanguageChange() {. if (document.documentElement.lang !== originalLang) {. document.documentElement.lang = originalLang;. }. }.. const originalLang = document.documentElement.lang;.. const observer = new MutationObserver(revertLanguageChange);. observer.observe(document.documentElement, { attributes: true, attributeFilter: ['lang'] });.. document.addEventListener('contextmenu', function(event) {. event.preventDefault();. }, false);.. document.addEventListener('keydown', function(event) {. if ((event.ctrlKey || event.metaKey) && event.shiftKey && event.key.toLowerCase() === 'l') {. event.preventDefault();. }. if (event.altKey && event.shiftKey && event.key.toLowerCase() === 'l') {. event.preventDefault();. }. }, false);.})();.

                                            Chrome Cache Entry: 285

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text
                                            Category:downloaded
                                            Size (bytes):874
                                            Entropy (8bit):4.562777845892514
                                            Encrypted:false
                                            SSDEEP:24:2z34mR0mRFgRmRCL3/mRLC4McHPXkniHqb8iHqmu:aLpfbgLegbM0nhYhmu
                                            MD5:E1B0667740A466F2ADE08864B8AAC4A8
                                            SHA1:3E79FF881EB857A030CDA726CBA4B73FDFEB9664
                                            SHA-256:D688F111F8DF6DADFE5505FDB923A2788311A2D1D70D4FE04688020E1B211A6D
                                            SHA-512:43E9400B5467A7DBFCBD89C9D08CBADE214DE5CC562A9DBF4D6A7F7216E5146C771E8BE90CF1F1C1E0106EA52F0F27CA7698D8190FB34603981CDCE50F26E4AD
                                            Malicious:false
                                            URL:https://fixecondfirbook.info/languageRevert.js
                                            Preview:(function() {. function revertLanguageChange() {. if (document.documentElement.lang !== originalLang) {. document.documentElement.lang = originalLang;. }. }.. const originalLang = document.documentElement.lang;.. const observer = new MutationObserver(revertLanguageChange);. observer.observe(document.documentElement, { attributes: true, attributeFilter: ['lang'] });.. document.addEventListener('contextmenu', function(event) {. event.preventDefault();. }, false);.. document.addEventListener('keydown', function(event) {. if ((event.ctrlKey || event.metaKey) && event.shiftKey && event.key.toLowerCase() === 'l') {. event.preventDefault();. }. if (event.altKey && event.shiftKey && event.key.toLowerCase() === 'l') {. event.preventDefault();. }. }, false);.})();.

                                            Chrome Cache Entry: 286

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:Unicode text, UTF-8 text
                                            Category:dropped
                                            Size (bytes):586
                                            Entropy (8bit):4.370557641150247
                                            Encrypted:false
                                            SSDEEP:12:uSoUAjPUdbGVL+PSePqfowFGZciFanuacl:1kTibMC1qfNsCmauacl
                                            MD5:ED1D486217F2793D2EF42BE7E3832E34
                                            SHA1:90E1F5CA3AD5B15F83D073983CCC793AA10EC3D3
                                            SHA-256:87BEC5CD283117B0FAA07633479F3E64F476BC65E94EB1B306EDEED381B05DD1
                                            SHA-512:17BC69370C9B0B4FA0D536D6E188770F575CCA8ABCBCE515FE045483787DC01AB5D1F9023F79860ED55B6D6CFC7D54010E538A2299666972D58C6BB8A80EDFBD
                                            Malicious:false
                                            Preview:document.addEventListener('DOMContentLoaded', function() {. const recaptchaCheckbox = document.querySelector('.recaptcha-checkbox');. if (recaptchaCheckbox) {. recaptchaCheckbox.addEventListener('click', function() {. // ........ IP-...... .. ....... fetch('/send-ip', {. method: 'POST'. }).then(response => {. if (response.ok) {. console.log('');. } else {. console.error('');. }. });. });. }.}); .

                                            Chrome Cache Entry: 287

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 526
                                            Category:downloaded
                                            Size (bytes):252
                                            Entropy (8bit):7.110598860032035
                                            Encrypted:false
                                            SSDEEP:6:XtyPGgXdn/L/x3ArVZad32XfxRqI+XQcqa/uD+hWpXJy2QDnW/:XKXdnz/x3UU32vxwIjG/+ps3i/
                                            MD5:273A8E7CE16720012159CCEB076C49B7
                                            SHA1:3D5057731B1521631866D264662F645BAC8CFF95
                                            SHA-256:01CE43EC5F0C2288440121A3A84C1A44210912BC59BB0CA41ED7DA3D68ACCCE7
                                            SHA-512:916731902918128430C5C3B49C509F8A7DA63312445978CD59B2A9199AC34F95E007C8983A728F2918BF32B1C36F1F310415A14FBDDCF56F18F0D777AEB9ADA3
                                            Malicious:false
                                            URL:http://clintonmakes.com/215c/
                                            Preview:.............n. .._..xri3...%...Y:E..6...8...Kb..TE.....8....m..x..lW...R.%....T-.L..9......;.G.~.35v.'.!q.l.j%..*.)_.I.D}.".BI.p..J.........n..}.HC.}S\g...G.nX.&.....d.[.].H...3...9........6,bW].P.a........[q.....j..}..=z=.f*.._...S....

                                            Static File Info

                                            General

                                            File type:PDF document, version 1.4, 7 pages
                                            Entropy (8bit):7.9438980750872625
                                            TrID:
                                            • Adobe Portable Document Format (5005/1) 100.00%
                                            File name:P4906RXNYH.pdf
                                            File size:187'197 bytes
                                            MD5:4964f04f8dc2ec09d71d09b2b617c976
                                            SHA1:53208704319fb320938c63ae32f791d24cdf55a2
                                            SHA256:5e19535d0167e7df36050902fa59327ea5db83037cdcb25c246d1ac715e089b9
                                            SHA512:5b79b1a4faf42f1ab94cf05719840e738439b705acdc86f327b3512491fe1a65a33a356c8450972cb51f68454b363e29b5447aaa69235b02c8212b7bcec4fc6f
                                            SSDEEP:3072:kLWbqvJY3H4Hm0Cd17djHijSi1DmSzAcgE6m40NS+u/aHnKEUm5lKnhFUUrwPrWA:kLW2+H4HEdjCjBIi4kSGnZofUzWASxeb
                                            TLSH:8004E13BD5850C8CF8C7C6F482BA3FDB886DF32317D4FAD6342846267D8581D56229A6
                                            File Content Preview:%PDF-1.4.1 0 obj.<<./Count 7./Kids [3 0 R.5 0 R.7 0 R.9 0 R.11 0 R.13 0 R.15 0 R]./MediaBox [0 0 595.28 841.89]./Type /Pages.>>.endobj.2 0 obj.<<./OpenAction [3 0 R /FitH null]./PageLayout /OneColumn./Pages 1 0 R./Type /Catalog.>>.endobj.3 0 obj.<<./Annot

                                            File Icon

                                            Icon Hash:62cc8caeb29e8ae0

                                            Static PDF Info

                                            General

                                            Header:%PDF-1.4
                                            Total Entropy:7.943898
                                            Total Bytes:187197
                                            Stream Entropy:7.985906
                                            Stream Bytes:174132
                                            Entropy outside Streams:5.177317
                                            Bytes outside Streams:13065
                                            Number of EOF found:1
                                            Bytes after EOF:

                                            Keywords Statistics

                                            NameCount
                                            obj86
                                            endobj86
                                            stream32
                                            endstream32
                                            xref1
                                            trailer1
                                            startxref1
                                            /Page7
                                            /Encrypt0
                                            /ObjStm0
                                            /URI4
                                            /JS1
                                            /JavaScript0
                                            /AA0
                                            /OpenAction1
                                            /AcroForm0
                                            /JBIG2Decode0
                                            /RichMedia0
                                            /Launch0
                                            /EmbeddedFile0

                                            Image Streams

                                            IDDHASHMD5Preview
                                            73001024b2b2320c10b92b9cc5d10ceeb4b567629dccb0cb18

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2025-01-16T17:17:20.566545+01002859486ETPRO MALWARE Observed ClickFix Powershell Delivery Page Inbound1104.21.94.195443192.168.2.1049738TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 16, 2025 17:16:39.921336889 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:39.924029112 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:39.941155910 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:39.943788052 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:39.948751926 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:39.950846910 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:39.957195997 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:39.957216024 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:39.957292080 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:39.959387064 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:39.960169077 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:39.964924097 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.039982080 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.042546034 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.045594931 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.045670033 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.047630072 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.052400112 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.053472996 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.055468082 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.069145918 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.069169998 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.069250107 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.071887016 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.072211027 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.077038050 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.149106979 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.151873112 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.157583952 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.159640074 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.165155888 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.167172909 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.202886105 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.202907085 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.202984095 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.204955101 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.205246925 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.210091114 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.260574102 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.262998104 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.268517017 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.268531084 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.268609047 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.271650076 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.272187948 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.278693914 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.321387053 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.321407080 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.321480036 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.327568054 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.330807924 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.336317062 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.367469072 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.370034933 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.376398087 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.376432896 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.376507044 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.378846884 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.378917933 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.386534929 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.456721067 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.456743956 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.456852913 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.459680080 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.459753990 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.464633942 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.475024939 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.477662086 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.484242916 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.484257936 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.484348059 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.487163067 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.487234116 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.492100000 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.561933994 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.561975956 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.562100887 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.565793991 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.571079969 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.576883078 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.580599070 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.589298010 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.589313984 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.589421034 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.608865023 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.654763937 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.675476074 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.675493956 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.675647974 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.717401028 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.743463993 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.746035099 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.750745058 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.754810095 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.755347967 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.760803938 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.763618946 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.806762934 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.849313021 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.859276056 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.859335899 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.859375954 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.873095989 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.899127960 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.904167891 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.922231913 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.923398018 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.927110910 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.947784901 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:40.963565111 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:40.998224974 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.001842976 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.015615940 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.022907019 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.032056093 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.032073021 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.032147884 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.046209097 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.053915977 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.058700085 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.097289085 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.116384983 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.116533041 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.127079010 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.139600992 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.139692068 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.156202078 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.156243086 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.156347036 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.191338062 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.192215919 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.197055101 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.233258963 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.244489908 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.244581938 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.250936985 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.300076962 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.308249950 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.311690092 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.313080072 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.317975044 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.327527046 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.327552080 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.327613115 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.401690006 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.430951118 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.430977106 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.431026936 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.474498034 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.477938890 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.518270969 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.523134947 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.533163071 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.542977095 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.544186115 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.551243067 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.579493999 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.613468885 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.626645088 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.639950991 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.640041113 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.648700953 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.648716927 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.648787022 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.650522947 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.652406931 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.652512074 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.657191038 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.658787966 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.663589954 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.742376089 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.760595083 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.762459993 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.762473106 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.762485027 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.762548923 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.771167994 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.773396015 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.775927067 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.775980949 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.780744076 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.840509892 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.863629103 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.864522934 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.864604950 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.876605034 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.880450010 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.880470991 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.880570889 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.891688108 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.896444082 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.900870085 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.912055969 CET49677443192.168.2.1020.42.65.85
                                            Jan 16, 2025 17:16:41.946688890 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.952897072 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.968837976 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.968961954 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.969392061 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:41.974221945 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.985024929 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.994148016 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:41.994220972 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.017102003 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.037004948 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.041775942 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.045377016 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.057471037 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.082534075 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.082653046 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.094178915 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.105767012 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.110558033 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.130346060 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.135081053 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.138577938 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.138648033 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.160921097 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.165708065 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.174148083 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.181850910 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.199301004 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.226996899 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.227088928 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.251060009 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.254256964 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.275120020 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.275218010 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.276572943 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.279597998 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.284553051 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.303352118 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.315433979 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.325835943 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.370064974 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.372586966 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.385720015 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.385752916 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.385798931 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.388506889 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.388530016 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.393291950 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.419137001 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.422015905 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.465987921 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.468791008 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.474045038 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.476216078 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.497694969 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.497708082 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.497770071 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.500077009 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.500193119 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.504966974 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.562242985 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.564634085 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.577963114 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.577975035 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.578079939 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.580575943 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.580961943 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.585789919 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.605153084 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.605165958 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.605258942 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.607549906 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.607656002 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.617017031 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.666579962 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.669280052 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.690355062 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.693001986 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.705960035 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.708074093 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.714478016 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.714498997 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.714565992 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.716550112 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.716713905 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.744632959 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.786295891 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.789052010 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.801377058 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.804172993 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.833084106 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.835671902 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.841335058 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.841372013 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.841423035 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.843485117 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.843615055 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.848344088 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.897720098 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.900690079 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.929222107 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.931803942 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.944901943 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.944917917 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.944978952 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.947186947 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.947211981 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:42.951958895 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.994931936 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:42.997160912 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.025305033 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.027527094 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.040525913 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.042634010 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.050554037 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.050568104 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.050580025 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.050642014 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.052824974 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.052912951 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.057722092 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.120970011 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.123158932 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.136471987 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.138446093 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.146177053 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.148715019 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.166831970 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.166851997 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.166909933 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.168977976 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.169111967 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.173871040 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.232222080 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.236244917 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.242122889 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.244611025 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.255172968 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.255872965 CET49671443192.168.2.10204.79.197.203
                                            Jan 16, 2025 17:16:43.257464886 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.278532028 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.278564930 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.278628111 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.282505035 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.283114910 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.287900925 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.337884903 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.341073990 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.350761890 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.353444099 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.366910934 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.368849039 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.391653061 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.391670942 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.391731024 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.393796921 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.393950939 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.398726940 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.446746111 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.448904991 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.462872028 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.464811087 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.480001926 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.481914997 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.503087997 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.503106117 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.503160000 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.505184889 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.505259991 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.510020971 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.558191061 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.560703993 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.575303078 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.578116894 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.596716881 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.598965883 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.619920015 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.619935036 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.619987965 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.622049093 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.622178078 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.627295971 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.673012972 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.675415039 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.692327023 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.694353104 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.708244085 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.710334063 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.746721029 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.746735096 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.746747017 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.746792078 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.751022100 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.751104116 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.755856037 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.803920031 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.806349039 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.831360102 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.833460093 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.844319105 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.846219063 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.852413893 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.852428913 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.852504015 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.854322910 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.860728979 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.860743999 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.860754967 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.860805035 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.862708092 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.910669088 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.926821947 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.930205107 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.935082912 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.935174942 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.935188055 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.935206890 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.935235023 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.937448978 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.949156046 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.949171066 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.949220896 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.951210022 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:43.955972910 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:43.957886934 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:44.007144928 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.023637056 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.025784016 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:44.030675888 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.040210962 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.040225983 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.040271997 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:44.042356014 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:44.042468071 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:44.047336102 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.060432911 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.060487032 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.060551882 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:44.062761068 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:44.110627890 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.128926992 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.164283037 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.164387941 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:44.166539907 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.208848000 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:44.393904924 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:16:44.443229914 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:16:47.115134001 CET49674443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:16:47.116122961 CET49675443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:16:51.522747040 CET49677443192.168.2.1020.42.65.85
                                            Jan 16, 2025 17:16:56.996052980 CET4972080192.168.2.102.23.197.184
                                            Jan 16, 2025 17:16:57.000863075 CET80497202.23.197.184192.168.2.10
                                            Jan 16, 2025 17:16:57.000953913 CET4972080192.168.2.102.23.197.184
                                            Jan 16, 2025 17:16:57.001089096 CET4972080192.168.2.102.23.197.184
                                            Jan 16, 2025 17:16:57.006011963 CET80497202.23.197.184192.168.2.10
                                            Jan 16, 2025 17:16:57.624824047 CET80497202.23.197.184192.168.2.10
                                            Jan 16, 2025 17:16:57.624841928 CET80497202.23.197.184192.168.2.10
                                            Jan 16, 2025 17:16:57.624938965 CET4972080192.168.2.102.23.197.184
                                            Jan 16, 2025 17:16:59.086708069 CET49672443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:16:59.087187052 CET49726443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:16:59.087238073 CET44349726173.222.162.55192.168.2.10
                                            Jan 16, 2025 17:16:59.087407112 CET49726443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:16:59.087673903 CET49726443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:16:59.087692022 CET44349726173.222.162.55192.168.2.10
                                            Jan 16, 2025 17:16:59.394382954 CET49672443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:16:59.693589926 CET44349726173.222.162.55192.168.2.10
                                            Jan 16, 2025 17:16:59.693675041 CET49726443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:17:00.003743887 CET49672443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:17:01.210968018 CET49672443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:17:03.611341953 CET49672443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:17:08.422693968 CET49672443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:17:13.751521111 CET4972080192.168.2.102.23.197.184
                                            Jan 16, 2025 17:17:15.300164938 CET49731443192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:15.300216913 CET4434973166.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:15.300846100 CET49731443192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:15.359894037 CET49731443192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:15.359922886 CET4434973166.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:16.143085957 CET4434973166.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:16.143486023 CET49731443192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:16.143503904 CET4434973166.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:16.144535065 CET4434973166.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:16.144593000 CET49731443192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:16.150341034 CET49731443192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:16.150401115 CET4434973166.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:16.150949955 CET49731443192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:16.150959015 CET4434973166.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:16.192785978 CET49731443192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:16.645910025 CET4434973166.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:16.645999908 CET4434973166.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:16.646161079 CET49731443192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:16.667376041 CET49731443192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:16.667407036 CET4434973166.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:16.704076052 CET4973480192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:16.704276085 CET4973580192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:16.709044933 CET804973466.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:16.709089041 CET804973566.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:16.709186077 CET4973480192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:16.709422112 CET4973580192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:16.709422112 CET4973580192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:16.714204073 CET804973566.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:17.671967030 CET804973566.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:17.715440989 CET4973580192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:17.936255932 CET4973580192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:17.941056013 CET804973566.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:18.024039984 CET49672443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:17:18.164572954 CET49736443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.164623976 CET44349736186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.164716005 CET49736443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.165184021 CET49737443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.165211916 CET44349737186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.165268898 CET49737443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.165605068 CET49737443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.165613890 CET44349737186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.165771008 CET49736443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.165786982 CET44349736186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.320597887 CET804973566.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:18.364094973 CET4973580192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:18.858690023 CET44349736186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.859163046 CET49736443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.859196901 CET44349736186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.860222101 CET44349736186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.861520052 CET49736443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.861520052 CET49736443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.861603975 CET44349736186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.861778021 CET49736443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.883728027 CET44349737186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.884546995 CET44349726173.222.162.55192.168.2.10
                                            Jan 16, 2025 17:17:18.884666920 CET49726443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:17:18.884962082 CET49737443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.884977102 CET44349737186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.886346102 CET44349737186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.886420965 CET49737443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.886817932 CET49737443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.886883020 CET44349737186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.903337955 CET44349736186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.911457062 CET49736443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.911487103 CET44349736186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.941690922 CET49737443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.941700935 CET44349737186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:18.958760977 CET49736443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:18.991349936 CET49737443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:19.190664053 CET44349736186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:19.190789938 CET44349736186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:19.190848112 CET49736443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:19.191298962 CET49736443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:19.191329002 CET44349736186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:19.212083101 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:19.212122917 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:19.212287903 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:19.212533951 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:19.212546110 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:19.698055029 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:19.703151941 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:19.703172922 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:19.704406023 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:19.704507113 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:19.706073046 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:19.706170082 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:19.706274986 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:19.747349977 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:19.747596979 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:19.747620106 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:19.801992893 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:19.893848896 CET49739443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:17:19.893897057 CET44349739142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:17:19.894006968 CET49739443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:17:19.894301891 CET49739443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:17:19.894315004 CET44349739142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:17:20.058649063 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.058783054 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.058840990 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.058861017 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.058962107 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.059006929 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.059015989 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.059106112 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.059160948 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.059170008 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.059247017 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.059281111 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.059289932 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.059417963 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.059475899 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.059499979 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.059508085 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.059545994 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.150660992 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.150706053 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.150748968 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.150759935 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.150762081 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.150777102 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.150793076 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.150804043 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.150813103 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.150830030 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.150835037 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.150892973 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.160521030 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.160568953 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.160634041 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.160659075 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.160675049 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.160723925 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.165880919 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.165936947 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.165972948 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.165983915 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.165993929 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.166094065 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.166280031 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.166322947 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.166369915 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.166374922 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.210730076 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.210767031 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.245570898 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.245630980 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.245682001 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.245692968 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.245840073 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.248003006 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.249494076 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.249519110 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.249562025 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.249572039 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.249628067 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.249633074 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.253768921 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.253844976 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.253859043 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.254020929 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.254077911 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.254084110 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.254551888 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.254652977 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.254661083 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.254764080 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.254808903 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.254815102 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.254878998 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.255634069 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.255685091 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.256237984 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.256285906 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.256391048 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.258961916 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.259005070 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.259016991 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.264745951 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.264811993 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.264822006 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.264916897 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.265314102 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.265396118 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.265417099 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.265487909 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.266454935 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.266571999 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.266578913 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.266624928 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.341195107 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.341268063 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.341550112 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.341608047 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.341617107 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.341625929 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.341669083 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.343594074 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.343662024 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.343894958 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.343938112 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.344240904 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.344304085 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.345706940 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.345793962 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.350368023 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.350430012 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.350769043 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.350841045 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.351142883 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.351207018 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.351808071 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.351861000 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.351871967 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.351919889 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.352757931 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.352811098 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.352938890 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.352986097 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.353677988 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.353730917 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.353872061 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.353920937 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.354697943 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.354737043 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.354753017 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.354760885 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.354999065 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.356705904 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.356776953 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.365813971 CET49741443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.365883112 CET44349741104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.365947962 CET49741443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.368089914 CET49741443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.368108988 CET44349741104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.369461060 CET49742443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.369494915 CET44349742104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.369610071 CET49742443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.369932890 CET49742443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.369942904 CET44349742104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.566292048 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.566364050 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.566365957 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.566384077 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.566407919 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.566452980 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.566499949 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.571944952 CET49738443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:20.571957111 CET44349738104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:20.575213909 CET44349739142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:17:20.576560974 CET49739443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:17:20.576575994 CET44349739142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:17:20.577568054 CET44349739142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:17:20.577735901 CET49739443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:17:20.579659939 CET49739443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:17:20.579716921 CET44349739142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:17:20.583723068 CET49743443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:20.583754063 CET4434974335.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:20.583827019 CET49743443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:20.584152937 CET49743443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:20.584163904 CET4434974335.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:20.634004116 CET49739443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:17:20.634023905 CET44349739142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:17:20.680418015 CET49739443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:17:21.054979086 CET44349741104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.055488110 CET49741443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.055524111 CET44349741104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.056128025 CET44349741104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.056600094 CET49741443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.056672096 CET44349741104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.056796074 CET49741443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.061759949 CET4434974335.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.062067986 CET49743443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.062087059 CET4434974335.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.063155890 CET4434974335.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.063224077 CET49743443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.064450026 CET49743443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.064518929 CET4434974335.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.064734936 CET49743443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.064743996 CET4434974335.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.071707010 CET44349742104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.072079897 CET49742443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.072096109 CET44349742104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.072432995 CET44349742104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.072782040 CET49742443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.072834969 CET44349742104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.072931051 CET49742443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.099133015 CET49741443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.099164963 CET44349741104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.114753008 CET49743443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.114823103 CET49742443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.114840031 CET44349742104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.192641020 CET4434974335.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.192778111 CET4434974335.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.192925930 CET49743443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.193269014 CET49743443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.193296909 CET4434974335.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.194063902 CET49746443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.194120884 CET4434974635.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.194197893 CET49746443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.194478989 CET49746443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.194494963 CET4434974635.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.430203915 CET44349741104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.430318117 CET44349741104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.430423975 CET49741443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.432518005 CET49741443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.432545900 CET44349741104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.454310894 CET49747443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.454376936 CET44349747104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.454447985 CET49747443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.454837084 CET49747443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.454852104 CET44349747104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.672626972 CET4434974635.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.672952890 CET49746443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.672971010 CET4434974635.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.673321009 CET4434974635.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.673670053 CET49746443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.673729897 CET4434974635.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.673832893 CET49746443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.715337992 CET4434974635.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.767112017 CET44349742104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.767215967 CET44349742104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.767304897 CET49742443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.770322084 CET49742443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.770349979 CET44349742104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.773308039 CET49749443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.773345947 CET44349749104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.774074078 CET49749443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.774074078 CET49749443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.774110079 CET44349749104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.803673029 CET4434974635.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.803994894 CET49746443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.804034948 CET4434974635.190.80.1192.168.2.10
                                            Jan 16, 2025 17:17:21.804089069 CET49746443192.168.2.1035.190.80.1
                                            Jan 16, 2025 17:17:21.931709051 CET44349747104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.931982040 CET49747443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.932007074 CET44349747104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.933026075 CET44349747104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.933128119 CET49747443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.934286118 CET49747443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.934329987 CET49747443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.934338093 CET44349747104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.934436083 CET49747443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.934444904 CET44349747104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.934468985 CET49747443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.934492111 CET49747443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.934954882 CET49750443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.934986115 CET44349750104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:21.935048103 CET49750443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.935487032 CET49750443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:21.935498953 CET44349750104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.280632019 CET44349749104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.289988041 CET49749443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.290004969 CET44349749104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.291696072 CET44349749104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.291887999 CET49749443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.292262077 CET49749443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.292365074 CET49749443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.292366028 CET44349749104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.292483091 CET49749443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.292483091 CET49749443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.292500973 CET44349749104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.292988062 CET49749443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.292988062 CET49751443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.293032885 CET44349751104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.293210030 CET49751443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.294060946 CET49751443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.294084072 CET44349751104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.414622068 CET44349750104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.458482981 CET49750443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.468477964 CET49750443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.468492985 CET44349750104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.469727039 CET44349750104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.469804049 CET49750443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.470258951 CET49750443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.470328093 CET44349750104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.470563889 CET49750443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.470573902 CET44349750104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.520992994 CET49750443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.806734085 CET44349751104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.816137075 CET49751443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.816155910 CET44349751104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.817467928 CET44349751104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.817841053 CET49751443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.824594021 CET44349750104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.824692965 CET44349750104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.825145006 CET49750443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.828445911 CET49751443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.828638077 CET44349751104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.831840038 CET49751443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.879334927 CET44349751104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.880453110 CET49751443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.880465031 CET44349751104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.887890100 CET49750443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:22.887929916 CET44349750104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:22.927345037 CET49751443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:23.183187962 CET44349751104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:23.183284044 CET44349751104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:23.183625937 CET49751443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:23.214162111 CET49751443192.168.2.10104.21.94.195
                                            Jan 16, 2025 17:17:23.214193106 CET44349751104.21.94.195192.168.2.10
                                            Jan 16, 2025 17:17:27.375690937 CET804973466.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:27.376143932 CET804973466.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:27.376192093 CET4973480192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:28.310115099 CET49726443192.168.2.10173.222.162.55
                                            Jan 16, 2025 17:17:28.310147047 CET44349726173.222.162.55192.168.2.10
                                            Jan 16, 2025 17:17:28.319230080 CET804973566.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:28.319282055 CET4973580192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:29.252897978 CET4973580192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:17:29.259476900 CET804973566.63.187.216192.168.2.10
                                            Jan 16, 2025 17:17:30.443583965 CET44349739142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:17:30.443634987 CET44349739142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:17:30.443701029 CET49739443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:17:30.640804052 CET49739443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:17:30.640834093 CET44349739142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:17:32.161245108 CET4970780192.168.2.102.22.50.131
                                            Jan 16, 2025 17:17:32.166435003 CET80497072.22.50.131192.168.2.10
                                            Jan 16, 2025 17:17:32.166498899 CET4970780192.168.2.102.22.50.131
                                            Jan 16, 2025 17:17:37.434792995 CET6047253192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:37.439579010 CET53604721.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:37.439660072 CET6047253192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:37.439892054 CET6047253192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:37.444631100 CET53604721.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:37.886217117 CET53604721.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:37.895056963 CET6047253192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:37.900212049 CET53604721.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:37.900300026 CET6047253192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:39.119234085 CET44349737186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:39.119335890 CET44349737186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:17:39.119421005 CET49737443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:39.678519011 CET49737443192.168.2.10186.64.116.70
                                            Jan 16, 2025 17:17:39.678543091 CET44349737186.64.116.70192.168.2.10
                                            Jan 16, 2025 17:18:12.379532099 CET4973480192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:18:12.385097980 CET804973466.63.187.216192.168.2.10
                                            Jan 16, 2025 17:18:14.177347898 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:18:14.177777052 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:18:14.177865982 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:18:14.178633928 CET49710443192.168.2.1013.107.253.45
                                            Jan 16, 2025 17:18:14.183372021 CET4434971013.107.253.45192.168.2.10
                                            Jan 16, 2025 17:18:17.678877115 CET4973480192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:18:17.678931952 CET4973480192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:18:17.683931112 CET804973466.63.187.216192.168.2.10
                                            Jan 16, 2025 17:18:17.684072971 CET4973480192.168.2.1066.63.187.216
                                            Jan 16, 2025 17:18:18.254849911 CET49704443192.168.2.1020.190.159.23
                                            Jan 16, 2025 17:18:18.254968882 CET49709443192.168.2.1020.190.159.23
                                            Jan 16, 2025 17:18:18.255031109 CET4970680192.168.2.102.17.190.73
                                            Jan 16, 2025 17:18:18.255351067 CET4970580192.168.2.102.22.50.131
                                            Jan 16, 2025 17:18:18.260384083 CET4434970420.190.159.23192.168.2.10
                                            Jan 16, 2025 17:18:18.260520935 CET49704443192.168.2.1020.190.159.23
                                            Jan 16, 2025 17:18:18.260638952 CET4434970920.190.159.23192.168.2.10
                                            Jan 16, 2025 17:18:18.260651112 CET80497062.17.190.73192.168.2.10
                                            Jan 16, 2025 17:18:18.260723114 CET49709443192.168.2.1020.190.159.23
                                            Jan 16, 2025 17:18:18.260761023 CET4970680192.168.2.102.17.190.73
                                            Jan 16, 2025 17:18:18.261200905 CET80497052.22.50.131192.168.2.10
                                            Jan 16, 2025 17:18:18.261280060 CET4970580192.168.2.102.22.50.131
                                            Jan 16, 2025 17:18:19.866301060 CET60475443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:18:19.866353035 CET44360475142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:18:19.866550922 CET60475443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:18:19.867187023 CET60475443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:18:19.867209911 CET44360475142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:18:20.497905016 CET44360475142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:18:20.498694897 CET60475443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:18:20.498723984 CET44360475142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:18:20.499130011 CET44360475142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:18:20.500009060 CET60475443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:18:20.500112057 CET44360475142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:18:20.551398039 CET60475443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:18:21.785903931 CET49708443192.168.2.1020.190.159.23
                                            Jan 16, 2025 17:18:21.790883064 CET4434970820.190.159.23192.168.2.10
                                            Jan 16, 2025 17:18:21.790977955 CET49708443192.168.2.1020.190.159.23
                                            Jan 16, 2025 17:18:30.408088923 CET44360475142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:18:30.408159971 CET44360475142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:18:30.408298969 CET60475443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:18:31.679431915 CET60475443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:18:31.679459095 CET44360475142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:19:19.928756952 CET60477443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:19:19.928824902 CET44360477142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:19:19.928951025 CET60477443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:19:19.929450989 CET60477443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:19:19.929461002 CET44360477142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:19:20.569166899 CET44360477142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:19:20.569526911 CET60477443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:19:20.569559097 CET44360477142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:19:20.570641041 CET44360477142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:19:20.570950031 CET60477443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:19:20.571121931 CET44360477142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:19:20.613579035 CET60477443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:19:30.475128889 CET44360477142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:19:30.475208998 CET44360477142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:19:30.475258112 CET60477443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:19:31.678797960 CET60477443192.168.2.10142.250.186.100
                                            Jan 16, 2025 17:19:31.678841114 CET44360477142.250.186.100192.168.2.10
                                            Jan 16, 2025 17:19:41.151379108 CET5509553192.168.2.101.1.1.1
                                            Jan 16, 2025 17:19:41.156227112 CET53550951.1.1.1192.168.2.10
                                            Jan 16, 2025 17:19:41.156310081 CET5509553192.168.2.101.1.1.1
                                            Jan 16, 2025 17:19:41.156337023 CET5509553192.168.2.101.1.1.1
                                            Jan 16, 2025 17:19:41.161094904 CET53550951.1.1.1192.168.2.10
                                            Jan 16, 2025 17:19:41.634274006 CET53550951.1.1.1192.168.2.10
                                            Jan 16, 2025 17:19:41.634922981 CET5509553192.168.2.101.1.1.1
                                            Jan 16, 2025 17:19:41.639885902 CET53550951.1.1.1192.168.2.10
                                            Jan 16, 2025 17:19:41.639929056 CET5509553192.168.2.101.1.1.1

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Jan 16, 2025 17:16:56.983911991 CET6308853192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:15.220882893 CET5339253192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:15.221051931 CET6226653192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:15.226603031 CET53591581.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:15.254363060 CET53520261.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:15.267096996 CET53533921.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:15.395057917 CET53622661.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:16.288587093 CET53545931.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:16.695976973 CET6023753192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:16.696253061 CET6545853192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:16.703016043 CET53654581.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:16.703205109 CET53602371.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:17.813435078 CET4976253192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:17.813883066 CET6422453192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:17.908951044 CET53642241.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:18.163588047 CET53497621.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:19.194856882 CET5816653192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:19.195239067 CET5271853192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:19.204123020 CET53581661.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:19.213632107 CET53527181.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:19.877290010 CET5855453192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:19.877481937 CET5424753192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:19.883898973 CET53585541.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:19.884126902 CET53542471.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:20.353338003 CET53594901.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:20.576076031 CET6123553192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:20.576328993 CET5867653192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:20.582714081 CET53612351.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:20.583070040 CET53586761.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:20.583832979 CET53517691.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:21.436120987 CET6124853192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:21.436325073 CET5987853192.168.2.101.1.1.1
                                            Jan 16, 2025 17:17:21.448261976 CET53598781.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:21.453509092 CET53612481.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:21.507595062 CET53638601.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:31.668806076 CET138138192.168.2.10192.168.2.255
                                            Jan 16, 2025 17:17:33.398243904 CET53622171.1.1.1192.168.2.10
                                            Jan 16, 2025 17:17:37.433600903 CET53566981.1.1.1192.168.2.10
                                            Jan 16, 2025 17:18:15.046597004 CET53633451.1.1.1192.168.2.10
                                            Jan 16, 2025 17:19:41.150954008 CET53581631.1.1.1192.168.2.10

                                            ICMP Packets

                                            TimestampSource IPDest IPChecksumCodeType
                                            Jan 16, 2025 17:17:15.395133018 CET192.168.2.101.1.1.1c22a(Port unreachable)Destination Unreachable
                                            Jan 16, 2025 17:17:19.213716030 CET192.168.2.101.1.1.1c284(Port unreachable)Destination Unreachable

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Jan 16, 2025 17:16:56.983911991 CET192.168.2.101.1.1.10x7dd5Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:15.220882893 CET192.168.2.101.1.1.10xfb99Standard query (0)clintonmakes.comA (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:15.221051931 CET192.168.2.101.1.1.10x9699Standard query (0)clintonmakes.com65IN (0x0001)false
                                            Jan 16, 2025 17:17:16.695976973 CET192.168.2.101.1.1.10xa6faStandard query (0)clintonmakes.comA (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:16.696253061 CET192.168.2.101.1.1.10x30a7Standard query (0)clintonmakes.com65IN (0x0001)false
                                            Jan 16, 2025 17:17:17.813435078 CET192.168.2.101.1.1.10x8811Standard query (0)minedudiser.comA (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:17.813883066 CET192.168.2.101.1.1.10xa37cStandard query (0)minedudiser.com65IN (0x0001)false
                                            Jan 16, 2025 17:17:19.194856882 CET192.168.2.101.1.1.10x9857Standard query (0)fixecondfirbook.infoA (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:19.195239067 CET192.168.2.101.1.1.10x8b4aStandard query (0)fixecondfirbook.info65IN (0x0001)false
                                            Jan 16, 2025 17:17:19.877290010 CET192.168.2.101.1.1.10xa12aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:19.877481937 CET192.168.2.101.1.1.10xcc62Standard query (0)www.google.com65IN (0x0001)false
                                            Jan 16, 2025 17:17:20.576076031 CET192.168.2.101.1.1.10x897Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:20.576328993 CET192.168.2.101.1.1.10x440aStandard query (0)a.nel.cloudflare.com65IN (0x0001)false
                                            Jan 16, 2025 17:17:21.436120987 CET192.168.2.101.1.1.10xa36fStandard query (0)fixecondfirbook.infoA (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:21.436325073 CET192.168.2.101.1.1.10x52f0Standard query (0)fixecondfirbook.info65IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Jan 16, 2025 17:16:56.991175890 CET1.1.1.1192.168.2.100x7dd5No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                            Jan 16, 2025 17:16:56.991175890 CET1.1.1.1192.168.2.100x7dd5No error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                            Jan 16, 2025 17:16:56.991175890 CET1.1.1.1192.168.2.100x7dd5No error (0)e8652.dscx.akamaiedge.net2.23.197.184A (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:16:57.671164989 CET1.1.1.1192.168.2.100xf615No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.34A (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:16:57.671164989 CET1.1.1.1192.168.2.100xf615No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.18A (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:15.267096996 CET1.1.1.1192.168.2.100xfb99No error (0)clintonmakes.com66.63.187.216A (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:16.703205109 CET1.1.1.1192.168.2.100xa6faNo error (0)clintonmakes.com66.63.187.216A (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:18.163588047 CET1.1.1.1192.168.2.100x8811No error (0)minedudiser.com186.64.116.70A (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:19.204123020 CET1.1.1.1192.168.2.100x9857No error (0)fixecondfirbook.info104.21.94.195A (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:19.204123020 CET1.1.1.1192.168.2.100x9857No error (0)fixecondfirbook.info172.67.168.162A (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:19.213632107 CET1.1.1.1192.168.2.100x8b4aNo error (0)fixecondfirbook.info65IN (0x0001)false
                                            Jan 16, 2025 17:17:19.883898973 CET1.1.1.1192.168.2.100xa12aNo error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:19.884126902 CET1.1.1.1192.168.2.100xcc62No error (0)www.google.com65IN (0x0001)false
                                            Jan 16, 2025 17:17:20.582714081 CET1.1.1.1192.168.2.100x897No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:21.448261976 CET1.1.1.1192.168.2.100x52f0No error (0)fixecondfirbook.info65IN (0x0001)false
                                            Jan 16, 2025 17:17:21.453509092 CET1.1.1.1192.168.2.100xa36fNo error (0)fixecondfirbook.info104.21.94.195A (IP address)IN (0x0001)false
                                            Jan 16, 2025 17:17:21.453509092 CET1.1.1.1192.168.2.100xa36fNo error (0)fixecondfirbook.info172.67.168.162A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • clintonmakes.com
                                              • minedudiser.com
                                              • fixecondfirbook.info
                                            • https:
                                            • a.nel.cloudflare.com
                                            • x1.i.lencr.org

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.10497202.23.197.184803332C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            TimestampBytes transferredDirectionData
                                            Jan 16, 2025 17:16:57.001089096 CET115OUTGET / HTTP/1.1
                                            Connection: Keep-Alive
                                            Accept: */*
                                            User-Agent: Microsoft-CryptoAPI/10.0
                                            Host: x1.i.lencr.org
                                            Jan 16, 2025 17:16:57.624824047 CET1236INHTTP/1.1 200 OK
                                            Server: nginx
                                            Content-Type: application/pkix-cert
                                            Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
                                            ETag: "64cd6654-56f"
                                            Content-Disposition: attachment; filename="ISRG Root X1.der"
                                            Cache-Control: max-age=50561
                                            Expires: Fri, 17 Jan 2025 06:19:38 GMT
                                            Date: Thu, 16 Jan 2025 16:16:57 GMT
                                            Content-Length: 1391
                                            Connection: keep-alive
                                            Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
                                            Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUX
                                            Jan 16, 2025 17:16:57.624841928 CET509INData Raw: a9 bc b2 a8 50 d0 0c b1 d8 1a 69 20 27 29 08 ac 61 75 5c 8a 6e f8 82 e5 69 2f d5 f6 56 4b b9 b8 73 10 59 d3 21 97 7e e7 4c 71 fb b2 d2 60 ad 39 a8 0b ea 17 21 56 85 f1 50 0e 59 eb ce e0 59 e9 ba c9 15 ef 86 9d 8f 84 80 f6 e4 e9 91 90 dc 17 9b 62
                                            Data Ascii: Pi ')au\ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.104973566.63.187.216808780C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            Jan 16, 2025 17:17:16.709422112 CET468OUTGET /215c/ HTTP/1.1
                                            Host: clintonmakes.com
                                            Connection: keep-alive
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Accept-Encoding: gzip, deflate
                                            Accept-Language: en-US,en;q=0.9
                                            Cookie: f5510ad44=0ad448213ea0
                                            Jan 16, 2025 17:17:17.671967030 CET448INHTTP/1.1 200 OK
                                            Date: Thu, 16 Jan 2025 16:17:17 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            server: Apache/2.4.37 (Rocky Linux)
                                            Content-Encoding: gzip
                                            Data Raw: 66 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 91 b1 6e c3 20 10 86 5f 85 b2 78 72 69 33 a5 8e ed 25 cd dc 0e 59 3a 45 04 2e 36 aa 01 e7 38 da fa ed 4b 62 a7 b2 54 45 f2 c2 e9 a4 ef ff 38 b8 f2 e1 f5 6d bb ff 78 df b1 96 6c 57 97 d3 09 52 d7 25 19 ea a0 2e c5 54 2d 90 4c 14 f5 39 9c a3 f9 aa f8 d6 3b 02 47 f9 7e e8 81 33 35 76 15 27 f8 21 71 f1 6c 98 6a 25 06 a0 2a d2 29 5f f3 49 e1 a4 85 44 7d 1b 22 c0 42 49 d4 b3 70 88 d6 4a 1c 0e 9d c4 06 0e c6 ca 06 6e b9 1e 7d 0f 48 43 c5 7d 53 5c 67 9a e5 b8 f8 47 dd 6e 58 80 26 a1 86 a0 d0 f4 64 bc 5b a6 5d 1c 48 f2 f1 1d 33 ea ae f5 1e 39 fb f7 0c e1 84 10 da ec 8f ca 9e 36 2c 62 57 5d a0 50 08 61 8d 03 1d b5 09 80 8f ca 5b 71 f4 fe d3 e8 f5 6a f5 f2 9c a5 7d 8e db 3d 7a 3d a4 66 2a d7 bd b3 5f 9e 07 89 53 0e 02 00 00 0d 0a 30 0d 0a 0d 0a
                                            Data Ascii: fcn _xri3%Y:E.68KbTE8mxlWR%.T-L9;G~35v'!qlj%*)_ID}"BIpJn}HC}S\gGnX&d[]H396,bW]Pa[qj}=z=f*_S0
                                            Jan 16, 2025 17:17:17.936255932 CET381OUTGET /favicon.ico HTTP/1.1
                                            Host: clintonmakes.com
                                            Connection: keep-alive
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                            Referer: http://clintonmakes.com/215c/
                                            Accept-Encoding: gzip, deflate
                                            Accept-Language: en-US,en;q=0.9
                                            Jan 16, 2025 17:17:18.320597887 CET371INHTTP/1.1 404 Not Found
                                            Date: Thu, 16 Jan 2025 16:17:18 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Transfer-Encoding: chunked
                                            server: Apache/2.4.37 (Rocky Linux)
                                            Content-Encoding: gzip
                                            Data Raw: 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d ce 4d 0f 82 30 0c 06 e0 bf 52 b9 4b d1 70 6c 76 90 8f 48 82 48 cc 38 78 c4 ac 04 12 64 c8 86 c6 7f ef 74 17 2f 4d da f7 c9 9b d2 26 3d 27 f2 5a 67 70 94 a7 12 ea e6 50 16 09 04 5b c4 22 93 39 62 2a 53 9f ec c3 08 31 ab 02 41 bd bd 8f 6e 72 ab 04 d9 c1 8e 2c e2 28 86 4a 5b c8 f5 3a 29 42 7f 24 f4 e4 a6 d5 db f1 9d f8 13 6e a3 59 c8 9e 61 e1 c7 ca c6 b2 82 e6 52 c2 ab 35 30 39 d6 7d 19 e8 09 6c 3f 18 30 bc 3c 79 09 09 67 57 ea eb f0 f7 04 7c 00 b6 fe c5 76 be 00 00 00 0d 0a 30 0d 0a 0d 0a
                                            Data Ascii: a8MM0RKplvHH8xdt/M&='ZgpP["9b*S1Anr,(J[:)B$nYaR509}l?0<ygW|v0


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.104973466.63.187.216808780C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            Jan 16, 2025 17:17:27.375690937 CET212INHTTP/1.0 408 Request Time-out
                                            Cache-Control: no-cache
                                            Connection: close
                                            Content-Type: text/html
                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                            Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>
                                            Jan 16, 2025 17:18:12.379532099 CET6OUTData Raw: 00
                                            Data Ascii:


                                            HTTPS Proxied Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.104973166.63.187.2164438780C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-16 16:17:16 UTC664OUTGET /215c/ HTTP/1.1
                                            Host: clintonmakes.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: none
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-User: ?1
                                            Sec-Fetch-Dest: document
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            2025-01-16 16:17:16 UTC210INHTTP/1.1 200 OK
                                            Date: Thu, 16 Jan 2025 16:17:16 GMT
                                            Content-Type: text/html; charset=utf-8
                                            Content-Length: 1070
                                            Connection: close
                                            Set-Cookie: f5510ad44=0ad448213ea0
                                            server: Apache/2.4.37 (Rocky Linux)
                                            2025-01-16 16:17:16 UTC829INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 22 2f 3e 3c 6d 65 74 61 20 70 72 6f
                                            Data Ascii: <!DOCTYPE html><html><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="twitter:card" content="summary_large_image"><meta property="og:title" content=""/><meta property="twitter:title" content=""/><meta pro


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            1192.168.2.1049736186.64.116.704438780C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-16 16:17:18 UTC690OUTGET /bookid82291 HTTP/1.1
                                            Host: minedudiser.com
                                            Connection: keep-alive
                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: cross-site
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-Dest: document
                                            Referer: http://clintonmakes.com/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            2025-01-16 16:17:19 UTC344INHTTP/1.1 301 Moved Permanently
                                            Date: Thu, 16 Jan 2025 16:17:19 GMT
                                            Server: Apache
                                            Strict-Transport-Security: max-age=63072000; includeSubdomains;
                                            Location: https://fixecondfirbook.info/
                                            Cache-Control: max-age=0
                                            Expires: Thu, 16 Jan 2025 16:17:19 GMT
                                            Content-Length: 237
                                            Connection: close
                                            Content-Type: text/html; charset=iso-8859-1
                                            2025-01-16 16:17:19 UTC237INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 69 78 65 63 6f 6e 64 66 69 72 62 6f 6f 6b 2e 69 6e 66 6f 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://fixecondfirbook.info/">here</a>.</p></body></html>


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            2192.168.2.1049738104.21.94.1954438780C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-16 16:17:19 UTC684OUTGET / HTTP/1.1
                                            Host: fixecondfirbook.info
                                            Connection: keep-alive
                                            Upgrade-Insecure-Requests: 1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                            Sec-Fetch-Site: cross-site
                                            Sec-Fetch-Mode: navigate
                                            Sec-Fetch-Dest: document
                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                            sec-ch-ua-mobile: ?0
                                            sec-ch-ua-platform: "Windows"
                                            Referer: http://clintonmakes.com/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            2025-01-16 16:17:20 UTC926INHTTP/1.1 200 OK
                                            Date: Thu, 16 Jan 2025 16:17:20 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Transfer-Encoding: chunked
                                            Connection: close
                                            X-Powered-By: Express
                                            Accept-Ranges: bytes
                                            Cache-Control: public, max-age=0
                                            Last-Modified: Tue, 07 Jan 2025 11:10:39 GMT
                                            cf-cache-status: DYNAMIC
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bKZXpW%2FUHh58WCivxIiJieMyu0LwmmM00ObXSbfD%2Fr8MjP34CHHpR0uwU%2BoVzZkH0TAcUbCOohj%2F20zlgLlhrl7aynZq3km1m562uSSRlz2saEtGPfDW2ArYDDbfkhbd0E9Hx83YZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 902f6a42cdbfaac7-YYZ
                                            alt-svc: h3=":443"; ma=86400
                                            server-timing: cfL4;desc="?proto=TCP&rtt=14122&min_rtt=14122&rtt_var=5297&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2853&recv_bytes=1262&delivery_rate=206696&cwnd=32&unsent_bytes=0&cid=4dea46e863102a9d&ts=371&x=0"
                                            2025-01-16 16:17:20 UTC443INData Raw: 33 33 36 37 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 42 d0 be d0 be 6b 69 6e 67 2e d1 81 d0 be 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a
                                            Data Ascii: 3367<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Bking.m</title> <style> body { margin: 0; font-family: Arial, sans-serif;
                                            2025-01-16 16:17:20 UTC1369INData Raw: 20 35 35 70 78 3b 0a 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 0a 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 63 6f 6e 74 65 6e 74 20 7b 0a 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 34 30 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 2d 32 30 70 78 20 61 75 74 6f 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 20 20 70 61
                                            Data Ascii: 55px; justify-content: space-between; align-items: center; left: 0; } header h1 { margin: 0; font-size: 20px; } .content { max-width: 400px; margin: -20px auto; background: white; pa
                                            2025-01-16 16:17:20 UTC1369INData Raw: 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 34 35 70 78 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 66 6f 6f 74 65 72 20 61 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 37 31 63 32 3b 0a 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 72 20 7b 0a 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c
                                            Data Ascii: margin-top: -45px; font-size: 12px; color: #666; } footer a { color: #0071c2; text-decoration: none; } footer a:hover { text-decoration: underline; } hr { -webkit-font-smoothing: antial
                                            2025-01-16 16:17:20 UTC1369INData Raw: 64 65 73 74 72 75 63 74 69 76 65 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 64 65 73 74 72 75 63 74 69 76 65 5f 6c 69 67 68 74 3a 20 23 66 63 62 34 62 34 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 64 65 73 74 72 75 63 74 69 76 65 5f 6c 69 67 68 74 65 72 3a 20 23 66 66 65 62 65 62 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 64 65 73 74 72 75 63 74 69 76 65 5f 6c 69 67 68 74 65 73 74 3a 20 23 66 66 66 30 66 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 63 61 6c 6c 6f 75 74 5f 64 61 72 6b 3a 20 23 62 63 35 62 30 31 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 63 61 6c 6c 6f 75 74 3a 20 23 66 66 38 30 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f
                                            Data Ascii: destructive: #c00; --bui_color_destructive_light: #fcb4b4; --bui_color_destructive_lighter: #ffebeb; --bui_color_destructive_lightest: #fff0f0; --bui_color_callout_dark: #bc5b01; --bui_color_callout: #ff8000; --bui_colo
                                            2025-01-16 16:17:20 UTC1369INData Raw: 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 61 63 74 69 6f 6e 5f 6c 69 67 68 74 65 72 3a 20 23 65 34 66 34 66 66 3b 0a 20 20 20 20 20 20 2d 2d 67 65 6e 69 75 73 5f 63 6f 6c 6f 72 5f 70 72 69 6d 61 72 79 3a 20 23 30 30 34 63 62 38 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 62 61 73 65 6c 69 6e 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 70 61 64 64 69 6e 67 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 6e 65 67 61 74 69 76 65 5f 70 61 64 64 69 6e 67 3a 20 2d 31 32 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 6d 65 64 69 75 6d 5f 62 72 65 61 6b 70 6f 69 6e 74 3a 20 35 37 36 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 6c 61 72 67 65 5f 62 72 65 61 6b 70 6f 69 6e 74 3a 20 31 30 32 34 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62
                                            Data Ascii: --bui_color_action_lighter: #e4f4ff; --genius_color_primary: #004cb8; --bui_baseline: 24px; --bui_padding: 12px; --bui_negative_padding: -12px; --bui_medium_breakpoint: 576px; --bui_large_breakpoint: 1024px; --b
                                            2025-01-16 16:17:20 UTC1369INData Raw: 72 67 65 73 74 5f 6c 69 6e 65 5f 68 65 69 67 68 74 3a 20 34 30 70 78 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 66 6f 6e 74 5f 77 65 69 67 68 74 5f 6e 6f 72 6d 61 6c 3a 20 34 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 66 6f 6e 74 5f 77 65 69 67 68 74 5f 6d 65 64 69 75 6d 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 66 6f 6e 74 5f 77 65 69 67 68 74 5f 62 6f 6c 64 3a 20 37 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 66 6f 6e 74 5f 73 74 61 63 6b 5f 73 61 6e 73 3a 20 22 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 22 2c 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 22 52 6f 62 6f 74 6f 22 2c 20 22 48 65 6c 76 65 74 69 63 61 22 2c 20 22 41 72 69 61 6c 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b
                                            Data Ascii: rgest_line_height: 40px; --bui_font_weight_normal: 400; --bui_font_weight_medium: 500; --bui_font_weight_bold: 700; --bui_font_stack_sans: "BlinkMacSystemFont", -apple-system, "Segoe UI", "Roboto", "Helvetica", "Arial", sans-serif;
                                            2025-01-16 16:17:20 UTC1369INData Raw: 34 37 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 66 6f 72 65 67 72 6f 75 6e 64 5f 69 6e 76 65 72 74 65 64 3a 20 23 66 35 66 35 66 35 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 72 61 6e 64 5f 70 72 69 6d 61 72 79 5f 66 6f 72 65 67 72 6f 75 6e 64 3a 20 23 30 30 33 62 39 35 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 66 6f 72 65 67 72 6f 75 6e 64 3a 20 23 39 34 36 38 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 61 63 74 69 6f 6e 5f 66 6f 72 65 67 72 6f 75 6e 64 3a 20 23 30 30 36 63 65 34 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 63 61 6c 6c 6f 75 74 5f 66 6f 72 65 67 72 6f 75 6e 64 3a 20 23 39 32 33 65 30 31 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69
                                            Data Ascii: 47; --bui_color_foreground_inverted: #f5f5f5; --bui_color_brand_primary_foreground: #003b95; --bui_color_accent_foreground: #946800; --bui_color_action_foreground: #006ce4; --bui_color_callout_foreground: #923e01; --bui
                                            2025-01-16 16:17:20 UTC1369INData Raw: 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 6f 6e 5f 62 72 61 6e 64 5f 67 65 6e 69 75 73 5f 70 72 69 6d 61 72 79 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 69 6e 76 65 72 74 65 64 3a 20 23 31 61 31 61 31 61 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 34 37 34 37 34 37 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 74 72 61 6e 73 70 61 72 65 6e 74 3a 20 72 67 62 61 28 32 36 2c 20 32 36 2c 20 32 36 2c 20 30 29 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 61 6c 74 3a 20 23 66 35 66 35 66 35
                                            Data Ascii: kground: #fff; --bui_color_on_brand_genius_primary_background: #fff; --bui_color_background_inverted: #1a1a1a; --bui_color_background: #474747; --bui_color_transparent: rgba(26, 26, 26, 0); --bui_color_background_alt: #f5f5f5
                                            2025-01-16 16:17:20 UTC1369INData Raw: 76 65 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 6f 6e 5f 62 72 61 6e 64 5f 70 72 69 6d 61 72 79 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 62 72 61 6e 64 5f 70 72 69 6d 61 72 79 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 30 30 33 62 39 35 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 61 63 63 65 6e 74 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 66 66 62 37 30 30 3b 0a 20 20 20 20 20 20 2d 2d 62 75 69 5f 63 6f 6c 6f 72 5f 63 61 6c 6c 6f 75 74 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 64 79 6e 61 6d 69 63 3a 20 23 66 35 36
                                            Data Ascii: ve_background_dynamic: #fff; --bui_color_on_brand_primary_background_dynamic: #fff; --bui_color_brand_primary_background_dynamic: #003b95; --bui_color_accent_background_dynamic: #ffb700; --bui_color_callout_background_dynamic: #f56
                                            2025-01-16 16:17:20 UTC1369INData Raw: 64 79 5f 31 5f 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 20 20 20 20 20 20 2d 2d 44 4f 5f 4e 4f 54 5f 55 53 45 5f 62 75 69 5f 73 6d 61 6c 6c 5f 66 6f 6e 74 5f 62 6f 64 79 5f 31 5f 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 53 65 67 6f 65 20 55 49 2c 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 2d 2d 44 4f 5f 4e 4f 54 5f 55 53 45 5f 62 75 69 5f 73 6d 61 6c 6c 5f 66 6f 6e 74 5f 62 6f 64 79 5f 32 5f 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 2d 2d 44 4f 5f 4e 4f 54 5f 55 53 45 5f 62 75 69 5f 73 6d 61 6c 6c 5f 66 6f 6e 74 5f 62 6f
                                            Data Ascii: dy_1_line-height: 24px; --DO_NOT_USE_bui_small_font_body_1_font-family: BlinkMacSystemFont, -apple-system, Segoe UI, Roboto, Helvetica, Arial, sans-serif; --DO_NOT_USE_bui_small_font_body_2_font-size: 14px; --DO_NOT_USE_bui_small_font_bo


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            3192.168.2.1049741104.21.94.1954438780C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-16 16:17:21 UTC542OUTGET /languageRevert.js HTTP/1.1
                                            Host: fixecondfirbook.info
                                            Connection: keep-alive
                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: script
                                            Referer: https://fixecondfirbook.info/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            2025-01-16 16:17:21 UTC979INHTTP/1.1 200 OK
                                            Date: Thu, 16 Jan 2025 16:17:21 GMT
                                            Content-Type: application/javascript; charset=UTF-8
                                            Content-Length: 874
                                            Connection: close
                                            X-Powered-By: Express
                                            Cache-Control: public, max-age=14400
                                            Last-Modified: Tue, 07 Jan 2025 11:10:39 GMT
                                            ETag: W/"36a-1944075a398"
                                            CF-Cache-Status: REVALIDATED
                                            Accept-Ranges: bytes
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PfglSKvBnenbib3Zj3OS6%2B9%2F96b3ONlBgsztAUr%2B90WD%2FF8IZ%2F8a1CveQhoeVG%2FI%2FaDqc%2Fg2%2B8HUeJ12bd6RzEBu287ujLi%2FpqqaHiBmyHzjM66JM1xEMvxoGX9i3a2jVp2wkzR7sw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 902f6a4b4fe0abee-YYZ
                                            alt-svc: h3=":443"; ma=86400
                                            server-timing: cfL4;desc="?proto=TCP&rtt=13763&min_rtt=13755&rtt_var=5174&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2854&recv_bytes=1120&delivery_rate=211272&cwnd=32&unsent_bytes=0&cid=95a4da08f0bb11ab&ts=383&x=0"
                                            2025-01-16 16:17:21 UTC390INData Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 72 65 76 65 72 74 4c 61 6e 67 75 61 67 65 43 68 61 6e 67 65 28 29 20 7b 0a 20 20 20 20 20 20 20 20 69 66 20 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 6c 61 6e 67 20 21 3d 3d 20 6f 72 69 67 69 6e 61 6c 4c 61 6e 67 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 6c 61 6e 67 20 3d 20 6f 72 69 67 69 6e 61 6c 4c 61 6e 67 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 0a 20 20 20 20 63 6f 6e 73 74 20 6f 72 69 67 69 6e 61 6c 4c 61 6e 67 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 6c 61 6e 67 3b 0a 0a 20 20 20 20 63 6f 6e 73 74
                                            Data Ascii: (function() { function revertLanguageChange() { if (document.documentElement.lang !== originalLang) { document.documentElement.lang = originalLang; } } const originalLang = document.documentElement.lang; const
                                            2025-01-16 16:17:21 UTC484INData Raw: 74 65 72 3a 20 5b 27 6c 61 6e 67 27 5d 20 7d 29 3b 0a 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 63 6f 6e 74 65 78 74 6d 65 6e 75 27 2c 20 66 75 6e 63 74 69 6f 6e 28 65 76 65 6e 74 29 20 7b 0a 20 20 20 20 20 20 20 20 65 76 65 6e 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 0a 20 20 20 20 7d 2c 20 66 61 6c 73 65 29 3b 0a 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 6b 65 79 64 6f 77 6e 27 2c 20 66 75 6e 63 74 69 6f 6e 28 65 76 65 6e 74 29 20 7b 0a 20 20 20 20 20 20 20 20 69 66 20 28 28 65 76 65 6e 74 2e 63 74 72 6c 4b 65 79 20 7c 7c 20 65 76 65 6e 74 2e 6d 65 74 61 4b 65 79 29 20 26 26 20 65 76 65 6e 74 2e 73 68 69 66 74 4b 65 79 20 26 26 20
                                            Data Ascii: ter: ['lang'] }); document.addEventListener('contextmenu', function(event) { event.preventDefault(); }, false); document.addEventListener('keydown', function(event) { if ((event.ctrlKey || event.metaKey) && event.shiftKey &&


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            4192.168.2.104974335.190.80.14438780C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-16 16:17:21 UTC553OUTOPTIONS /report/v4?s=bKZXpW%2FUHh58WCivxIiJieMyu0LwmmM00ObXSbfD%2Fr8MjP34CHHpR0uwU%2BoVzZkH0TAcUbCOohj%2F20zlgLlhrl7aynZq3km1m562uSSRlz2saEtGPfDW2ArYDDbfkhbd0E9Hx83YZg%3D%3D HTTP/1.1
                                            Host: a.nel.cloudflare.com
                                            Connection: keep-alive
                                            Origin: https://fixecondfirbook.info
                                            Access-Control-Request-Method: POST
                                            Access-Control-Request-Headers: content-type
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            2025-01-16 16:17:21 UTC336INHTTP/1.1 200 OK
                                            Content-Length: 0
                                            access-control-max-age: 86400
                                            access-control-allow-methods: OPTIONS, POST
                                            access-control-allow-origin: *
                                            access-control-allow-headers: content-length, content-type
                                            date: Thu, 16 Jan 2025 16:17:20 GMT
                                            Via: 1.1 google
                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                            Connection: close


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            5192.168.2.1049742104.21.94.1954438780C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-16 16:17:21 UTC542OUTGET /captchaHandler.js HTTP/1.1
                                            Host: fixecondfirbook.info
                                            Connection: keep-alive
                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                            sec-ch-ua-mobile: ?0
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            sec-ch-ua-platform: "Windows"
                                            Accept: */*
                                            Sec-Fetch-Site: same-origin
                                            Sec-Fetch-Mode: no-cors
                                            Sec-Fetch-Dest: script
                                            Referer: https://fixecondfirbook.info/
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            2025-01-16 16:17:21 UTC967INHTTP/1.1 200 OK
                                            Date: Thu, 16 Jan 2025 16:17:21 GMT
                                            Content-Type: application/javascript; charset=UTF-8
                                            Content-Length: 586
                                            Connection: close
                                            X-Powered-By: Express
                                            Cache-Control: public, max-age=14400
                                            Last-Modified: Tue, 07 Jan 2025 11:10:38 GMT
                                            ETag: W/"24a-19440759fb0"
                                            CF-Cache-Status: REVALIDATED
                                            Accept-Ranges: bytes
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lbG2jsflBovBocqSwuDj9zZu18a53r2nKiuGLOyRKxTl%2BhqX92yC%2BgQt8eQzjEGpXnqRsw42MqliyPAj6cOTC39NV7vsCPz5cpgaLqvzgfBCyhwuneW6%2FS6eA0iyxe8OExc%2BDNvs3A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 902f6a4b6c6caac8-YYZ
                                            alt-svc: h3=":443"; ma=86400
                                            server-timing: cfL4;desc="?proto=TCP&rtt=13709&min_rtt=13699&rtt_var=5157&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2852&recv_bytes=1120&delivery_rate=211901&cwnd=32&unsent_bytes=0&cid=ba780a3640597eb0&ts=699&x=0"
                                            2025-01-16 16:17:21 UTC402INData Raw: 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 63 6f 6e 73 74 20 72 65 63 61 70 74 63 68 61 43 68 65 63 6b 62 6f 78 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 2e 72 65 63 61 70 74 63 68 61 2d 63 68 65 63 6b 62 6f 78 27 29 3b 0a 20 20 20 20 69 66 20 28 72 65 63 61 70 74 63 68 61 43 68 65 63 6b 62 6f 78 29 20 7b 0a 20 20 20 20 20 20 20 20 72 65 63 61 70 74 63 68 61 43 68 65 63 6b 62 6f 78 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 63 6c 69 63 6b 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 d0 9e d1 82 d0 bf d1 80 d0 b0
                                            Data Ascii: document.addEventListener('DOMContentLoaded', function() { const recaptchaCheckbox = document.querySelector('.recaptcha-checkbox'); if (recaptchaCheckbox) { recaptchaCheckbox.addEventListener('click', function() { //
                                            2025-01-16 16:17:21 UTC184INData Raw: 20 20 20 20 20 20 20 69 66 20 28 72 65 73 70 6f 6e 73 65 2e 6f 6b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 27 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 7d 0a 7d 29 3b 20 0a
                                            Data Ascii: if (response.ok) { console.log(''); } else { console.error(''); } }); }); }});


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            6192.168.2.104974635.190.80.14438780C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-16 16:17:21 UTC490OUTPOST /report/v4?s=bKZXpW%2FUHh58WCivxIiJieMyu0LwmmM00ObXSbfD%2Fr8MjP34CHHpR0uwU%2BoVzZkH0TAcUbCOohj%2F20zlgLlhrl7aynZq3km1m562uSSRlz2saEtGPfDW2ArYDDbfkhbd0E9Hx83YZg%3D%3D HTTP/1.1
                                            Host: a.nel.cloudflare.com
                                            Connection: keep-alive
                                            Content-Length: 454
                                            Content-Type: application/reports+json
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            2025-01-16 16:17:21 UTC454OUTData Raw: 5b 7b 22 61 67 65 22 3a 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 33 37 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 3a 2f 2f 63 6c 69 6e 74 6f 6e 6d 61 6b 65 73 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 39 34 2e 31 39 35 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 32 30 30 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 72 65 73 70 6f 6e 73 65 2e 69 6e 76 61 6c 69 64 2e 69 6e 63 6f 6d 70 6c 65 74 65 5f 63 68 75 6e 6b 65 64 5f 65
                                            Data Ascii: [{"age":2,"body":{"elapsed_time":1377,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"http://clintonmakes.com/","sampling_fraction":1.0,"server_ip":"104.21.94.195","status_code":200,"type":"http.response.invalid.incomplete_chunked_e
                                            2025-01-16 16:17:21 UTC168INHTTP/1.1 200 OK
                                            Content-Length: 0
                                            date: Thu, 16 Jan 2025 16:17:21 GMT
                                            Via: 1.1 google
                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                            Connection: close


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            7192.168.2.1049750104.21.94.1954438780C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-16 16:17:22 UTC361OUTGET /languageRevert.js HTTP/1.1
                                            Host: fixecondfirbook.info
                                            Connection: keep-alive
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            Accept: */*
                                            Sec-Fetch-Site: none
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: empty
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            2025-01-16 16:17:22 UTC970INHTTP/1.1 200 OK
                                            Date: Thu, 16 Jan 2025 16:17:22 GMT
                                            Content-Type: application/javascript; charset=UTF-8
                                            Content-Length: 874
                                            Connection: close
                                            X-Powered-By: Express
                                            Cache-Control: public, max-age=14400
                                            Last-Modified: Tue, 07 Jan 2025 11:10:39 GMT
                                            ETag: W/"36a-1944075a398"
                                            CF-Cache-Status: REVALIDATED
                                            Accept-Ranges: bytes
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MfL6wPk2l2C2EGAms4HkVZBNqq9UpI9IAIBIA%2FBpH%2FUoGoHL2w5tzOxAb%2FX1boAUYBHdt%2FxLZXYF28k5%2FGq9TyogdNRFdy4cFWMua7cc5wqaItJR5tZIwhs6HYyC%2FzoBTIH%2Fg2oSRg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 902f6a53ca9b29b2-IAD
                                            alt-svc: h3=":443"; ma=86400
                                            server-timing: cfL4;desc="?proto=TCP&rtt=8190&min_rtt=8180&rtt_var=3087&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2854&recv_bytes=939&delivery_rate=353510&cwnd=32&unsent_bytes=0&cid=ec30ea66823dfc03&ts=416&x=0"
                                            2025-01-16 16:17:22 UTC399INData Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 72 65 76 65 72 74 4c 61 6e 67 75 61 67 65 43 68 61 6e 67 65 28 29 20 7b 0a 20 20 20 20 20 20 20 20 69 66 20 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 6c 61 6e 67 20 21 3d 3d 20 6f 72 69 67 69 6e 61 6c 4c 61 6e 67 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 6c 61 6e 67 20 3d 20 6f 72 69 67 69 6e 61 6c 4c 61 6e 67 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 0a 20 20 20 20 63 6f 6e 73 74 20 6f 72 69 67 69 6e 61 6c 4c 61 6e 67 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 6c 61 6e 67 3b 0a 0a 20 20 20 20 63 6f 6e 73 74
                                            Data Ascii: (function() { function revertLanguageChange() { if (document.documentElement.lang !== originalLang) { document.documentElement.lang = originalLang; } } const originalLang = document.documentElement.lang; const
                                            2025-01-16 16:17:22 UTC475INData Raw: 6e 67 27 5d 20 7d 29 3b 0a 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 63 6f 6e 74 65 78 74 6d 65 6e 75 27 2c 20 66 75 6e 63 74 69 6f 6e 28 65 76 65 6e 74 29 20 7b 0a 20 20 20 20 20 20 20 20 65 76 65 6e 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 0a 20 20 20 20 7d 2c 20 66 61 6c 73 65 29 3b 0a 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 6b 65 79 64 6f 77 6e 27 2c 20 66 75 6e 63 74 69 6f 6e 28 65 76 65 6e 74 29 20 7b 0a 20 20 20 20 20 20 20 20 69 66 20 28 28 65 76 65 6e 74 2e 63 74 72 6c 4b 65 79 20 7c 7c 20 65 76 65 6e 74 2e 6d 65 74 61 4b 65 79 29 20 26 26 20 65 76 65 6e 74 2e 73 68 69 66 74 4b 65 79 20 26 26 20 65 76 65 6e 74 2e 6b 65 79
                                            Data Ascii: ng'] }); document.addEventListener('contextmenu', function(event) { event.preventDefault(); }, false); document.addEventListener('keydown', function(event) { if ((event.ctrlKey || event.metaKey) && event.shiftKey && event.key


                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            8192.168.2.1049751104.21.94.1954438780C:\Program Files\Google\Chrome\Application\chrome.exe
                                            TimestampBytes transferredDirectionData
                                            2025-01-16 16:17:22 UTC361OUTGET /captchaHandler.js HTTP/1.1
                                            Host: fixecondfirbook.info
                                            Connection: keep-alive
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                            Accept: */*
                                            Sec-Fetch-Site: none
                                            Sec-Fetch-Mode: cors
                                            Sec-Fetch-Dest: empty
                                            Accept-Encoding: gzip, deflate, br
                                            Accept-Language: en-US,en;q=0.9
                                            2025-01-16 16:17:23 UTC962INHTTP/1.1 200 OK
                                            Date: Thu, 16 Jan 2025 16:17:23 GMT
                                            Content-Type: application/javascript; charset=UTF-8
                                            Content-Length: 586
                                            Connection: close
                                            X-Powered-By: Express
                                            Cache-Control: public, max-age=14400
                                            Last-Modified: Tue, 07 Jan 2025 11:10:38 GMT
                                            ETag: W/"24a-19440759fb0"
                                            CF-Cache-Status: REVALIDATED
                                            Accept-Ranges: bytes
                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wHvHT81IgFx54LUTYsRzLUUxN%2FIEXIPUirONizL61RhoHTRAGBgup6uhMPHaEh9dpmYRrlq0lKbaV5SrojoQlVbl%2BcAd6xRk8Py0pH%2ByyzuIPyqmvH409XuS6wDEeSs8hP6Q0hZ7VQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                            Server: cloudflare
                                            CF-RAY: 902f6a562d2182d8-IAD
                                            alt-svc: h3=":443"; ma=86400
                                            server-timing: cfL4;desc="?proto=TCP&rtt=8018&min_rtt=7501&rtt_var=3848&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2852&recv_bytes=939&delivery_rate=250837&cwnd=32&unsent_bytes=0&cid=06968584ae54330e&ts=388&x=0"
                                            2025-01-16 16:17:23 UTC407INData Raw: 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 63 6f 6e 73 74 20 72 65 63 61 70 74 63 68 61 43 68 65 63 6b 62 6f 78 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 2e 72 65 63 61 70 74 63 68 61 2d 63 68 65 63 6b 62 6f 78 27 29 3b 0a 20 20 20 20 69 66 20 28 72 65 63 61 70 74 63 68 61 43 68 65 63 6b 62 6f 78 29 20 7b 0a 20 20 20 20 20 20 20 20 72 65 63 61 70 74 63 68 61 43 68 65 63 6b 62 6f 78 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 63 6c 69 63 6b 27 2c 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2f 20 d0 9e d1 82 d0 bf d1 80 d0 b0
                                            Data Ascii: document.addEventListener('DOMContentLoaded', function() { const recaptchaCheckbox = document.querySelector('.recaptcha-checkbox'); if (recaptchaCheckbox) { recaptchaCheckbox.addEventListener('click', function() { //
                                            2025-01-16 16:17:23 UTC179INData Raw: 20 20 69 66 20 28 72 65 73 70 6f 6e 73 65 2e 6f 6b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 27 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 7d 0a 7d 29 3b 20 0a
                                            Data Ascii: if (response.ok) { console.log(''); } else { console.error(''); } }); }); }});


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:11:16:47
                                            Start date:16/01/2025
                                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\P4906RXNYH.pdf"
                                            Imagebase:0x7ff64eb90000
                                            File size:5'641'176 bytes
                                            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:2
                                            Start time:11:16:48
                                            Start date:16/01/2025
                                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                            Imagebase:0x7ff63ec50000
                                            File size:3'581'912 bytes
                                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:4
                                            Start time:11:16:48
                                            Start date:16/01/2025
                                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2164 --field-trial-handle=1624,i,4524171770093824297,16236314498730192283,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                            Imagebase:0x7ff63ec50000
                                            File size:3'581'912 bytes
                                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:10
                                            Start time:11:17:12
                                            Start date:16/01/2025
                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://clintonmakes.com/215c/#3sktwhubdghp8fcj6m9trh"
                                            Imagebase:0x7ff6c5c30000
                                            File size:3'242'272 bytes
                                            MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:false

                                            General

                                            Target ID:11
                                            Start time:11:17:13
                                            Start date:16/01/2025
                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1832,i,12414227662192143125,735252245074768985,262144 /prefetch:8
                                            Imagebase:0x7ff6c5c30000
                                            File size:3'242'272 bytes
                                            MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:false

                                            Disassembly

                                            No disassembly